Oracle Risk Management Cloud
New Feature Summary
  1. Update 19B
  1. Revision History
  2. Overview
  3. Risk Management
    1. Common Risk Management
        1. Integration with Fusion Notifications
        2. New Default Search for Monitor Jobs Page
        3. Allow New Lookup Codes
        4. Change History Reports Removed from Report Management Area
    2. REST APIs for Risk Management
      1. Financial Reporting Compliance
        1. Updated REST API for Controls
        2. Updated REST API for Control Assessments
        3. Updated REST API for Issues
        4. REST API for Risks
        5. REST API for Risk Assessments
        6. REST API for Processes
        7. REST API for Process Assessments
      2. Advanced Controls
        1. Updated REST API for Advanced Controls
        2. REST API for Advanced Control Job Runs
    3. Advanced Access Controls
        1. Delivered Model Content for Enterprise Resource Planning
        2. Ability to Add Attachments to Advanced Controls
        3. New Attachment Column on Result Page
        4. Disable Actions for Inactive Controls
        5. Allow Only Active Models to Be Deployed as Controls
        6. New Category Column in Select Business Object Page
        7. Import Model and Control Validation
        8. Active-Model Search Replaces My-Model Search
        9. Search Parameters Support Multiple Creators or Updaters
    4. Advanced Financial Controls
        1. Delivered Model Content for Enterprise Resource Planning
        2. Delivered Model Content for Oracle Fusion Applications Audit
        3. Changes to Business Objects
        4. Pre-Upgrade Impact to Controls with Obsolete Attributes
        5. Ability to Add Attachments to Advanced Controls
        6. New Attachment Column on Result Page
        7. Disable Actions for Inactive Controls
        8. Allow Only Active Models to Be Deployed as Controls
        9. New Category Column in Select Business Object Page
        10. Import Model and Control Validation
        11. Add State to User-Defined Objects Page
        12. Active-Model Search Replaces My-Model Search
        13. Search Parameters Support Multiple Creators or Updaters
    5. Financial Reporting Compliance
        1. Survey Instructions Support Attachments
        2. One Survey Response per Assessment
        3. Updated Assessment Train Stop
        4. Security Change
        5. Import and Export Flexfield Values
        6. Assessment Plans Sorted Alphabetically
    6. Transactional Business Intelligence for Risk Management
        1. Created By and Last Updated By Are Populated
        2. Updated Subject Area Descriptions
        3. Survey ID and Risk ID Attributes Are Added
        4. Risk Currency and Currency Code Are Removed
        5. Attributes Added to Advanced Access Controls Subject Area
        6. New Entitlement Details Dimension in Advanced Access Controls Subject Area
    7. Access Certification
        1. Continuous Certification
        2. Update to Condition Operator Labels
        3. Limit Standard Certification to 500 Job Roles
        4. Select Multiple Job Roles for Inclusion or Exclusion
        5. Security Changes

Update 19B

Revision History

This document will continue to evolve as existing sections change and new information is added. All updates appear in the following table:

Date Feature Notes

21 JUN 2019

Advanced Access Controls: Active-Model Search Replaces My-Model Search

Updated document. Delivered feature in update 19B.

21 JUN 2019

Advanced Access Controls: Search Parameters Support Multiple Creators or Updaters

Updated document. Delivered feature in update 19B.

21 JUN 2019

Advanced Financial Controls: Active-Model Search Replaces My-Model Search

Updated documents. Delivered feature in update 19B.

21 JUN 2019

Advanced Financial Controls: Search Parameters Support Multiple Creators or Updaters

Updated document. Delivered feature in update 19B.

26 APR 2019 Assessment Plans Sorted Alphabetically Updated document. Delivered feature in update 19B.
26 APR 2019 Import and Export Flexfield Values Updated document. Delivered feature in update 19B.
08 MAR 2019   Created initial document.

Overview

This guide outlines the information you need to know about new or improved functionality in this update.

DISCLAIMER

The information contained in this document may include statements about Oracle’s product development plans. Many factors can materially affect Oracle’s product development plans and the nature and timing of future product releases. Accordingly, this Information is provided to you solely for information only, is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described remains at the sole discretion of Oracle.

This information may not be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. Oracle specifically disclaims any liability with respect to this information. Refer to the Legal Notices and Terms of Use for further information.

Risk Management

Oracle Risk Management consists of three products: Oracle Fusion Financial Reporting Compliance documents your policies for identifying and resolving risk in your financial processes. Oracle Advanced Access Controls detects risk inherent in the access granted to users of business applications. Oracle Advanced Financial Controls uncovers risk exhibited by transactions completed on business applications. Advanced Financial Controls and Advanced Access Controls belong to a module called Advanced Controls Management.

Advanced Access Controls includes an Access Certification set of features. It enables an organization to perform periodic reviews to determine whether job roles are assigned appropriately to users.

Common Risk Management

Integration with Fusion Notifications

The initial set of Risk Management integrations with Fusion notifications and email is complete. For the following objects, users can read notifications by clicking a bell-shaped icon in the global header:

  • Financial Reporting Compliance Processes
  • Financial Reporting Compliance Risks
  • Financial Reporting Compliance Controls
  • Advanced Controls
  • Advanced Control Incident Results
  • Access Certification

New Default Search for Monitor Jobs Page

In Monitor Jobs, the default is to show all jobs run in the last 24 hours.

Allow New Lookup Codes

The GRC_TEST_PLAN_FREQUENCY lookup type is predefined with multiple lookup codes and meanings. You can't modify predefined values, but you can create new lookup codes and meanings.

Change History Reports Removed from Report Management Area

Ability to report on change history data is available in OTBI and has therefore been removed from the Report Management area.

REST APIs for Risk Management

Financial Reporting Compliance

Updated REST API for Controls

Attributes were added to the REST API for Financial Reporting Compliance controls.

Updated REST API for Control Assessments

Attributes were added to the REST API for Financial Reporting Compliance control assessments.

Updated REST API for Issues

Attributes were added to the REST API for Financial Reporting Compliance issues.

REST API for Risks

This feature allows for the use of REST APIs to view Financial Reporting Compliance risks.

REST API for Risk Assessments

This feature allows for the use of REST APIs to view Financial Reporting Compliance risk assessments.

REST API for Processes

This feature allows for the use of REST APIs to view Financial Reporting Compliance processes.

REST API for Process Assessments

This feature allows for the use of REST APIs to view Financial Reporting Compliance process assessments.

Advanced Controls

Updated REST API for Advanced Controls

Attributes were added to the REST API for advanced controls, and incident results were added as a child resource.

REST API for Advanced Control Job Runs

This feature allows for the use of REST APIs to initiate the running of advanced controls.

Advanced Access Controls

Delivered Model Content for Enterprise Resource Planning

Oracle delivers three new models that detect segregation-of-duties conflicts in Enterprise Resource Planning applications.

Ability to Add Attachments to Advanced Controls

Users can add attachments to controls created in Advanced Access Controls.

New Attachment Column on Result Page

Attachments can now be accessed from the Results page.

Disable Actions for Inactive Controls

The Copy, Run, Schedule, and Export actions are now disabled for inactive controls.

Allow Only Active Models to Be Deployed as Controls

You can now select only active models to be deployed as controls. Previously, inactive models were also available.

New Category Column in Select Business Object Page

In the page to select business objects for a model, a new Category column identifies the categories to which business objects belong. For Advanced Access Controls, this category displays Access.

Import Model and Control Validation

When you export models or controls, Advanced Controls applies a release ID to the xml file. The ID is used for validation when you import the file to another environment. You can import files from one release only in the same release or one greater.

Active-Model Search Replaces My-Model Search

It used to be that when you first navigate to models you would see only models you created due to the My Models saved search that is run by default. A new default saved search called Active Models replaces the My Models saved search so that you will see all active models you have access to, not just yours.

Search Parameters Support Multiple Creators or Updaters

Various screens allow you to search for records created or most recently updated by a particular person. You can now search for records created or updated by multiple people, instead of just one.

Advanced Financial Controls

Delivered Model Content for Enterprise Resource Planning

Oracle delivers one new model for financial application area. This model is supported by a new business object.

Delivered Model Content for Oracle Fusion Applications Audit

Advanced Financial Controls introduces new business objects that correspond to audit-level information you configure under Manage Audit Policies in Oracle Fusion Applications.  One new model is delivered that uses business objects from the application audit areas.

Changes to Business Objects

Obsolete attributes have been removed from business objects used in Advanced Financial Controls. Additionally, the data type of an attribute has been modified.

Pre-Upgrade Impact to Controls with Obsolete Attributes

Before you upgrade to 19B you must:

  • Determine whether any of your controls use language-related attributes across business objects, in particular Business Operating Unit.
  • If so, export those controls.
  • Using your 19A instance, import those controls as models.
  • That's because language attributes are deprecated from 19B and your existing controls will become invalid. You can edit the models you have imported to rebuild the controls.

Ability to Add Attachments to Advanced Controls

Users can add attachments to controls created in Advanced Financial Controls.

New Attachment Column on Result Page

Attachments can now be accessed from the Results page.

Disable Actions for Inactive Controls

The Copy, Run, Schedule, and Export actions are now disabled for inactive controls.

Allow Only Active Models to Be Deployed as Controls

You can now select only active models to be deployed as controls. Previously, inactive models were also available.

New Category Column in Select Business Object Page

In the page to select business objects for a model, a new Category column identifies the categories to which business objects belong. For Advanced Financial Controls, these categories include Transaction, Access, Configuration (Setup), Operational (Master Data), and Audit.

Import Model and Control Validation

When you export models or controls, Advanced Controls applies a release ID to the xml file. The ID is used for validation when you import the file to another environment. You can import files from one release only in the same release or one greater.

Add State to User-Defined Objects Page

The User-Defined Objects page includes a new field called State. The state value is either Approved or Invalid.

Active-Model Search Replaces My-Model Search

It used to be that when you navigated to the Models page, a saved search called My Models would present only models you created. A new default saved search called Active Models replaces the My Models search. You will now see all active models you have access to, not just yours.

Search Parameters Support Multiple Creators or Updaters

Various screens allow you to search for records created or most recently updated by a particular person. You can now search for records created or updated by multiple people, instead of just one.

Financial Reporting Compliance

Survey Instructions Support Attachments

The creator of a survey can add attachments while composing survey instructions. Responders can view the attachments as they complete the survey.

One Survey Response per Assessment

When you initiate a batch of assessments, you may associate a survey with them. In that case, each assessment in the batch can accept only one response to the survey.

Updated Assessment Train Stop

Review Prior Results, a train stop in the process of completing an assessment, is updated for enhanced performance. The application now presents the details of a prior assessment in an in-focus UX page.

Security Change

A privilege has been removed from the predefined Review Remediation Plan Primary duty role. The removal prevents an issue created by an assessor from being sent to an unwanted review state.

Import and Export Flexfield Values

You can use the Risk Management Data Migration utility to import flexfield values that apply to Financial Reporting Compliance objects.

Assessment Plans Sorted Alphabetically

The Plan field in the Initiate Assessment: General page now sorts assessment plans alphabetically.

Transactional Business Intelligence for Risk Management

Created By and Last Updated By Are Populated

Previously in the Advanced Controls and Financial Reporting Compliance subject areas, the Created By and Last Updated By attributes were blank. Now these are populated with the user names of users who create or update records.

Updated Subject Area Descriptions

Subject area descriptions have been updated to be more succinct.

Survey ID and Risk ID Attributes Are Added

Survey ID is added to the Risk Management Cloud Assessment Results Real Time subject area. Risk ID is added to the Risk Management Cloud Assessment Results Real Time subject area and the Risk Management Cloud Compliance Real Time subject area.

Risk Currency and Currency Code Are Removed

References to Risk Currency and Currency Code have been removed from Advanced Controls and Financial Reporting Compliance subject areas to coincide with their being removed from the application.

Attributes Added to Advanced Access Controls Subject Area

Attributes have been added to the Incident Result Details dimension in the Advanced Access Controls subject area.

New Entitlement Details Dimension in Advanced Access Controls Subject Area

The Advanced Access Control subject area includes a new dimension that includes entitlement details.

Access Certification

Continuous Certification

A new certification type, named Continuous, enables your organization to poll daily for new assignments of scoped roles to users. With each new assignment, it reopens the appropriate certifier's worksheet automatically so that person take action. It's intended to focus on the assignments of roles that provide access to sensitive data. IT managers can monitor activity through OTBI reporting, and each day remove user-role assignments that certifiers have newly marked for removal.

Update to Condition Operator Labels

Among the conditions you can select as you create scoping filters, two have changed names:

  • Matches one of has been updated to Matches any of.
  • Does not match one of has been updated to Matches none of.

Limit Standard Certification to 500 Job Roles

A standard certification can encompass a maximum of 500 job roles. Its scoping filters may return more, but if so, the application reduces the number to 500 as you complete the finalize-roles step. You have no control over which job roles are removed. To ensure the certification includes the roles you want, add scoping filters until the scoping job returns 500 job roles or fewer.

Select Multiple Job Roles for Inclusion or Exclusion

The last step in the initiation of a certification is to finalize the job roles whose assignments to users are to be evaluated. As part of this process, you review roles returned by scoping filters and determine which are to be included. You can now select multiple roles at once to be either included or excluded.

Security Changes

Privileges have been removed from the predefined Access Certification Configuration and Maintenance duty role. The removal prevents access to data security changes because they do not apply.