Oracle Risk Management Cloud
New Feature Summary
  1. Update 19A
  1. Revision History
  2. Overview
  3. Risk Management
    1. Common Risk Management
        1. Monitor Jobs – Page Enhancements
        2. Searching on User-Related Values
        3. Updates to Managing Lookup Values
        4. Record Sort Modifications
    2. REST APIs for Risk Management
      1. Financial Reporting Compliance
        1. REST APIs for Controls
        2. REST APIs for Control Assessments
        3. REST APIs for Issues
      2. Advanced Controls
        1. REST APIs for Controls
        2. REST APIs for Advanced Control Jobs
    3. Financial Reporting Compliance
        1. Update to Object Record Assessment Tab
        2. Control Currency Removed
    4. Advanced Financial Controls
        1. Delivered Model Content for Enterprise Resource Planning
        2. Delivered Model Content for Oracle Fusion Applications Audit
        3. Changes to Business Objects
        4. Upgrade Impact to Models with Obsolete Attributes
        5. Resolve Duplicate Name During Model and Control Import
        6. Auto Suggest on Filter Attribute
        7. Name Changes to Filter Conditions
        8. Result Attribute Search During Model Definition
        9. Decimal Placement for Calculated Column Results
        10. Display Timestamp Checkbox for Viewing Results
        11. Alias Name for System-Generated Objects
    5. Advanced Access Controls
        1. Delivered Model Content for Enterprise Resource Planning
        2. Delivered Model Content for Human Capital Management
        3. Attributes Removed from the Access Conditions Business Object
        4. Upgrade Impact to Models with Obsolete Attributes
        5. Resolve Duplicate Name During Model and Control Import
        6. Auto Suggest on Filter Attribute
        7. Name Changes to Filter Conditions
        8. Faster Search Rendering
        9. Automatically Reduce Incidents
        10. Global User Unknown Value
        11. Inactive Users Excluded from Access Analysis
    6. Access Certification
        1. Scope Not Impacted by Advanced Access Global Conditions
    7. Transactional Business Intelligence for Risk Management
      1. Access Certification
        1. Access Certification Detail Dashboard
      2. Financial Reporting Compliance
        1. Updated Subject Areas

Update 19A

Revision History

This document will continue to evolve as existing sections change and new information is added. All updates appear in the following table:

Date Feature Notes
22 FEB 2019

Advanced Access Controls: Inactive Users Excluded from Access Analysis

Updated document. Delivered feature in update 19A.

22 FEB 2019

Advanced Financial Controls: Alias Name for System-Generated Objects

Updated document. Delivered feature in update 19A.

22 FEB 2019

Advanced Access Controls: Delivered Model Content for Human Capital Management

Updated document. Revised feature information.

07 DEC 2018

 

Created initial document.

Overview

This guide outlines the information you need to know about new or improved functionality in this update.

DISCLAIMER

The information contained in this document may include statements about Oracle’s product development plans. Many factors can materially affect Oracle’s product development plans and the nature and timing of future product releases. Accordingly, this Information is provided to you solely for information only, is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described remains at the sole discretion of Oracle.

This information may not be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. Oracle specifically disclaims any liability with respect to this information. Refer to the Legal Notices and Terms of Use for further information.

Risk Management

Oracle Risk Management consists of three products: Oracle Fusion Financial Reporting Compliance documents your policies for identifying and resolving risk in your financial processes. Oracle Advanced Access Controls detects risk inherent in the access granted to users of business applications. Oracle Advanced Financial Controls uncovers risk exhibited by transactions completed on business applications. Advanced Financial Controls and Advanced Access Controls belong to a module called Advanced Controls Management.

Advanced Access Controls includes an Access Certification set of features. It enables an organization to perform periodic reviews to determine whether job roles are assigned appropriately to users.

Common Risk Management

Monitor Jobs – Page Enhancements

The Monitor Jobs page tracks the status of all jobs submitted across Risk Management applications. A couple of enhancements have been made to this page:

  • Better messaging when jobs fail due to incomplete or incorrect directory setups or due to insufficient storage space.
  • When a transaction synchronization job ends, the user can drill in to see counts pertaining to the relationships and paths processed during that synchronization.

Searching on User-Related Values

Searching on user-related values, such as Created By and Last Updated By, is now consistent across pages. The list of values shows users in alphabetical order, in Last Name, First Name format. This information is derived from the person record associated to a user record. If no person record exists, the list of values shows the user name.

Updates to Managing Lookup Values

List-of-values fields in Risk Management are populated by values stored in lookup tables. You can no longer modify predefined values in lookup tables. However, you can still create new values. To do so, use the Setup and Administration work area of Risk Management Tools.

Record Sort Modifications

The ability to sort on description attributes has been removed, as it causes performance issues within the application.

REST APIs for Risk Management

Financial Reporting Compliance

REST APIs for Controls

This feature allows for the use of APIs to view, create, and edit Financial Reporting Compliance controls.

REST APIs for Control Assessments

This feature allows for the use of APIs to view and edit control assessments in Financial Reporting Compliance.

REST APIs for Issues

This feature allows for the use of APIs to view, create, and edit issues in Financial Reporting Compliance.

Advanced Controls

REST APIs for Controls

This feature allows for the use of APIs to view and edit controls and related incident results in Advanced Financial Controls and Advanced Access Controls.

REST APIs for Advanced Control Jobs

This feature allows for the use of APIs to view jobs involving controls and related incident results in Advanced Financial Controls and Advanced Access Controls.

Financial Reporting Compliance

Update to Object Record Assessment Tab

In each of the Process, Risk, and Control work areas, an Assessment tab opens a page listing assessments for its object type. The row for each assessment now provides only summary details: the name of the item being assessed, and the activity, due date, and state of the assessment. This improves performance, simplifies the user experience, and removes duplicate information. An Introduction page in the train to complete or review an assessment now includes a Participant region, which displays information about users who have acted on the assessment.

Control Currency Removed

You can no longer select a currency value as you create or edit a control.

Advanced Financial Controls

Delivered Model Content for Enterprise Resource Planning

Oracle delivers new models for financial application areas.  These models are supported by new business objects.

Delivered Model Content for Oracle Fusion Applications Audit

Advanced Financial Controls introduces new business objects that correspond to audit-level information you configure under Manage Audit Policies in Oracle Fusion Applications.  New models are delivered that use these business objects from various application audit areas.

Changes to Business Objects

New business object attributes, and business objects, have been added for use in Advanced Financial Controls.  Additionally, some obsolete attributes have been removed from objects.

Upgrade Impact to Models with Obsolete Attributes

After an upgrade, search for transaction models that may have been impacted by obsolete business object attributes. Find these models by filtering on the Inactive status. Open each inactive model and follow the inline guidance to update it.

Resolve Duplicate Name During Model and Control Import

During the import of Advanced Controls models and controls, the application enforces the renaming of duplicate names, including those of user-defined business objects and data set controls on which the objects are based.

Auto Suggest on Filter Attribute

When creating a filter in your transaction model, first select the business object, then start typing a key word in the attribute field to auto-suggest matching values.

Name Changes to Filter Conditions

Among the conditions you can select as you create filters for transaction models, two have changed names. The old names are Matches one of and Does not match one of. The new names are Matches any of and Matches none of, respectively.

Result Attribute Search During Model Definition

As you select attributes that supply result values for a transaction model, a new search box enables you to find attributes across the business objects selected for the model.

Decimal Placement for Calculated Column Results

For consistency, all calculated results returned by models and controls, such as averages, now extend to two decimal places.

Display Timestamp Checkbox for Viewing Results

When reviewing transaction model and control results, select the Display Timestamp option to show applicable time values with date attributes.

Alias Name for System-Generated Objects

A filter that defines model logic in Advanced Financial Controls may use an Equals, Similar, or Similar To condition, or may incorporate a function. If so, the filter returns a grouping object, also known as a system-generated object. That is, it returns records sorted into groups, which a subsequent filter may use as a business object. The name of the filter that defines a grouping object now serves as an alias for the object itself as you select it for a subsequent filter. If multiple filters define a grouping object, the name of the last of these filters is the alias for the grouping object.

Advanced Access Controls

Delivered Model Content for Enterprise Resource Planning

Oracle delivers no new models that detect segregation-of-duties conflicts in Enterprise Resource Planning applications. However, Oracle has revised entitlements used by models delivered with earlier updates.

Delivered Model Content for Human Capital Management

Oracle delivers new models that identify users who have access to privileges with potentially sensitive data in Human Capital Management applications.

Attributes Removed from the Access Conditions Business Object

Unused attributes were removed from the Access Conditions business object. These include Within Same Country, Within Same Department, Within Same Legal Employer, and Within Same Location.

Upgrade Impact to Models with Obsolete Attributes

After an upgrade, search for access models that may have been impacted by obsolete business object attributes. Find these models by filtering on the Inactive status. Open each inactive model and follow the inline guidance to update it.

You can find the list of obsolete attributes in the Attributes Removed from the Access Conditions Business Object topic.

Resolve Duplicate Name During Model and Control Import

During the import of Advanced Controls models and controls, the application enforces the renaming of duplicate names.

Auto Suggest on Filter Attribute

When creating a filter in your access model, first select the business object, then start typing a key word in the attribute field to auto-suggest matching values.

Name Changes to Filter Conditions

Among the conditions you can select as you create filters for access models, two have changed names. The old names are Matches one of and Does not match one of. The new names are Matches any of and Matches none of, respectively.

Faster Search Rendering

Searches on manage pages return results much faster, as each search returns a maximum of 500 records. If a search would exceed this limit, a message guides the user to specify more restrictive search criteria.

Automatically Reduce Incidents

The Access Condition business object includes a new attribute called Access Entitlement Name. You can use it in a condition filter that specifies an entitlement, and so excludes its access points from analysis by a model or control. Typically, the entitlement would include user-defined access points. These might, for example, identify customer-specific page composer configurations that limit the access a user actually has. Using this new feature, you can automatically avoid having a model return results, or a control return incidents, that are already mitigated because compensating controls are in place.

Global User Unknown Value

A global user synchronization job derives first name, last name, and email address from the Oracle person record. We now provide helpful information for synchronized users whose person records do not have this information.

Inactive Users Excluded from Access Analysis

Prior to 19A, access models and controls evaluated both active and inactive users for access conflicts. To enhance performance and the quality of results, models and controls now evaluate only active users.

Access Certification

Scope Not Impacted by Advanced Access Global Conditions

When global conditions are defined for Advanced Access Controls, they do not impact the scoping process for Access Certification.

Transactional Business Intelligence for Risk Management

Access Certification

Access Certification Detail Dashboard

An Access Certification Detail report provides a list of active and closed certifications. You can use this report to find out who is working on what, when a certification is due, what jobs are included in the certification, and any actions taken thus far.

Financial Reporting Compliance

Updated Subject Areas

The following changes apply to the Risk Management Cloud - Assessment Results Real Time subject area:

  • You can select dimension values from this subject area to create analyses and reports that identify the perspective values assigned to the assessments of individual processes, risks, or controls.
  • Control test plans no longer include test instructions. Therefore the Control Details dimension of this subject area no longer provides information about test instructions.