Oracle Risk Management Cloud
New Feature Summary
  1. SEPTEMBER MAINTENANCE PACK FOR 19C
  1. Revision History
  2. Overview
    1. Advanced Financial Controls
        1. Changes Are Made to HCM Business Objects and Models That Use Them
  1. Update 19C
  1. Revision History
  2. Overview
  3. Risk Management
    1. Common Risk Management
        1. Two Security Jobs Are Consolidated
        2. Jobs That Use ESS Require Rescheduling
        3. Two Jobs Have New Names
        4. More Details Link Is Removed from Monitor Jobs
        5. New Statuses Apply to Jobs
        6. Page Headers Are Enhanced
        7. New Job Role Supports Auditing
    2. Advanced Access Controls
        1. Two Supply Chain Management Models Are Replaced
        2. Limit to Access Point and Entitlement Filters Is Enforced in Models and Controls
        3. Colors Are Updated in Visualizations
        4. Procurement-Related Controls Exclude False Positives
        5. New Error Message Applies to Global User Synchronization
        6. Files Can Be Added During Advanced Control Mass Edit
        7. Advanced Controls Can Be Deleted
        8. Delivered Models Are Available Within Advanced Controls Management
        9. Source Language Is Applied to Objects
        10. Notifications Page Is Removed for Advanced Controls
        11. Records Are Expanded in Page to Resolve Duplicate-Name Conflicts During Imports
    3. Advanced Financial Controls
        1. Language-Related Changes Improve Synchronization Performance
        2. Changes Are Made to Business Objects
        3. Strings for Patterns Are Translated
        4. Inactive Objects Are Not Synchronized
        5. Files Can Be Added During Advanced Control Mass Edit
        6. Advanced Controls Can Be Deleted
        7. Delivered Models Are Available Within Advanced Controls Management
        8. Imported Objects Accompany Delivered Models
        9. Source Language Is Applied to Objects
        10. Notifications Page Is Removed for Advanced Controls
        11. Records Are Expanded in Page to Resolve Duplicate-Name Conflicts During Imports
    4. Financial Reporting Compliance
        1. Survey Activities Are Integrated with Fusion Notifications
        2. Survey Instructions Support Rich HTML
        3. Assessment Survey Results Can Be Updated
        4. Assessment Completion Is Enhanced
        5. Hide Option Is Removed from Risk Treatment Configuration
        6. Workflow Comments Are Enhanced
    5. Access Certification
        1. Inactive Users Can't Be Added to Certifications
        2. Certification Records Include User Attributes
        3. All Assignable Roles are Now Included in Access Certifications
    6. Transactional Business Intelligence for Risk Management
        1. Assessment Results Subject Area Has Changes
        2. OTBI Analyses Provide Links to Pages in Financial Reporting Compliance
        3. Advanced Access Controls Subject Area Has Changes
        4. Advanced Financial Controls Subject Area Has Changes
        5. New Dashboard Report on Related Records

September Maintenance Pack for 19C

Revision History

This document will continue to evolve as existing sections change and new information is added. All updates appear in the following table:

Date Feature Notes
30 AUG 2019   Created initial document.

Overview

This guide outlines the information you need to know about new or improved functionality in this update.

DISCLAIMER

The information contained in this document may include statements about Oracle’s product development plans. Many factors can materially affect Oracle’s product development plans and the nature and timing of future product releases. Accordingly, this Information is provided to you solely for information only, is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described remains at the sole discretion of Oracle.

This information may not be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. Oracle specifically disclaims any liability with respect to this information. Refer to the Legal Notices and Terms of Use for further information.

Advanced Financial Controls

Changes Are Made to HCM Business Objects and Models That Use Them

There are changes to HCM business objects and to the delivered models that use them. The Payroll Definition business object remains, but some of its attributes were moved to a new object called Payroll Time Definition. These business object changes impact HCM models 50001, 50002, 50006, as well as the user-defined object for 50006.

Update 19C

Revision History

This document will continue to evolve as existing sections change and new information is added. All updates appear in the following table:

Date Feature Notes
07 JUN 2019   Created initial document.

Overview

This guide outlines the information you need to know about new or improved functionality in this update.

DISCLAIMER

The information contained in this document may include statements about Oracle’s product development plans. Many factors can materially affect Oracle’s product development plans and the nature and timing of future product releases. Accordingly, this Information is provided to you solely for information only, is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described remains at the sole discretion of Oracle.

This information may not be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. Oracle specifically disclaims any liability with respect to this information. Refer to the Legal Notices and Terms of Use for further information.

Risk Management

Oracle Risk Management consists of three products: Oracle Fusion Financial Reporting Compliance documents your policies for identifying and resolving risk in your financial processes. Oracle Advanced Access Controls detects risk inherent in the access granted to users of business applications. Oracle Advanced Financial Controls uncovers risk exhibited by transactions completed on business applications. Advanced Financial Controls and Advanced Access Controls belong to a module called Advanced Controls Management.

Advanced Access Controls includes an Access Certification set of features. It enables an organization to perform periodic reviews to determine whether job roles are assigned appropriately to users.

Common Risk Management

Two Security Jobs Are Consolidated

Two predefined jobs, Worklist Security Synchronization and User and Role Security Synchronization, have been consolidated into a single job named Security Synchronization. This ensures that tasks formerly divided between the two jobs are run together and in the correct order.

Jobs That Use ESS Require Rescheduling

Two jobs, Security Synchronization and Notification, now use Enterprise Scheduler Services (ESS). You won't notice any difference in how either job is scheduled or runs, but the change does require you to reschedule these jobs.

Two Jobs Have New Names

In Risk Management Tools, under Scheduling, two jobs have been renamed. The jobs relate to email notifications and data source synchronizations.

More Details Link Is Removed from Monitor Jobs

In Advanced Controls, many events trigger jobs. You navigate to a Monitor Jobs screen to see details about a job, including the status. For some jobs, a link called More Details provided technical information useful for support analysts. This information has been moved into logs, as the data was not intended for business users.

New Statuses Apply to Jobs

Two new statuses apply to jobs: Job completed with warnings, and Job completed with errors. You can view job status in the Monitor Jobs page.

Page Headers Are Enhanced

Page headers are moving toward a common style called the universal panel. For example, depending on theme settings, this style may be a black background with the page header in white text. You'll also find the Done button is replaced with a back arrow for navigation.

New Job Role Supports Auditing

A new seeded job role is available in Risk Management. It's called Risk Management Auditor, and it grants access to audit advanced controls, financial compliance controls, and corresponding OTBI analysis reporting.

Advanced Access Controls

Two Supply Chain Management Models Are Replaced

Segregation-of-duties models should be easy to understand and prioritize. So Oracle has simplified two of the models it delivers, breaking each up into multiple models that accomplish the same results. The models to be replaced are 8180: Item Costing or Manage Receipt Accounting Activities and Create Purchase Orders, and 8225: Item Costing or Manage Cost Accounting Activities and Create Items.

Limit to Access Point and Entitlement Filters Is Enforced in Models and Controls

Filters that cite the Access Point and Access Entitlement business objects can exist at no more than two vertical levels in an access model or control. You can no longer arrange these filters at three or more vertical levels.

Colors Are Updated in Visualizations

In Advanced Access Controls, a Visualization tool presents graphic depictions of paths that lead from users to the roles they're assigned and ultimately to access points involved in segregation of duties conflicts. This tool has undergone a makeover, so that its color scheme matches that of the Security Console.

Procurement-Related Controls Exclude False Positives

Procurement-related advanced access controls automatically exclude false positives when a user isn't set up as a procurement agent, or hasn't been allowed access to an action as a procurement agent.

New Error Message Applies to Global User Synchronization

In Advanced Access Controls, a global user synchronization job identifies unique users in the business system based on configured identifying attributes. You can't modify these attributes while a model or control analysis is running. If you try to, a new message informs you of your error.

Files Can Be Added During Advanced Control Mass Edit

When performing a mass edit of advanced controls or incident results, you can now attach an actual file instead of being limited to a URL.

Advanced Controls Can Be Deleted

When an access control becomes invalid or is no longer required, you can now delete it. For the control to be deleted, its status must be inactive. The action also purges any related incident results.

Delivered Models Are Available Within Advanced Controls Management

"Delivered content" (a set of models developed by Oracle) is now available within Advanced Controls Management, rather than from separate import files. To select among these models, you still use the Import option in the Actions menu of the page to manage models, but it now includes an Import from Content Library region.

Source Language Is Applied to Objects

In advanced controls, each object has a source language applied by the system. A model you create or import applies your source language, and any control and related results inherit this source language. You can expose the source-language assignment via column-view options on the pages to manage models and manage controls.

Notifications Page Is Removed for Advanced Controls

The Notifications landing page for the Advanced Controls work area no longer exists. Users can now read notifications by clicking a bell-shaped icon in the global header. The landing page for the Advanced Controls work area is now the Controls page.

Records Are Expanded in Page to Resolve Duplicate-Name Conflicts During Imports

You can't import a model or control if your target instance contains an item of the same type with a matching name. So the import procedure includes a page to resolve duplicate-name conflicts. Records in this page are now expanded by default.

Advanced Financial Controls

Language-Related Changes Improve Synchronization Performance

There has been a change to how language-related data is captured and stored during the synchronization of transaction data. The impact is a significant performance improvement during the synchronization process for customers who use Advanced Financial Controls and have multiple languages configured.

Changes Are Made to Business Objects

New attributes have been added to General Ledger Accounts business object, and an obsolete audit business object called Audit - Childbirth or Placement Details is removed. In addition, incremental data synchronization is supported for the Expense Setup: General object.

Strings for Patterns Are Translated

You will now find strings related to patterns in Advanced Financial Controls are translated in the supported languages. Specifically, this applies to the following patterns: Absolute Deviation, Anomaly Detection, Benford, Clustering, Mean, Normalize, Pareto, and Lexical Tokenization.

Inactive Objects Are Not Synchronized

During an upgrade, the state of models and controls changes to Invalid if business-object modifications have introduced faults in their risk logic. The status of these objects should also change to Inactive, and now it consistently does. Any model or control whose status is Inactive is not recognized during data synchronization.

Files Can Be Added During Advanced Control Mass Edit

When performing a mass edit of advanced controls or incident results, you can now attach an actual file instead of being limited to a URL.

Advanced Controls Can Be Deleted

When an incident or data set transaction control becomes invalid or is no longer required, you can now delete it. For the control to be deleted, its status must be inactive. The action also purges any related incident results.

Delivered Models Are Available Within Advanced Controls Management

"Delivered content" (a set of models developed by Oracle) is now available within Advanced Controls Management, rather than from separate import files. To select among these models, you still use the Import option in the Actions menu of the page to manage models, but it now includes an Import from Content Library region.

Imported Objects Accompany Delivered Models

Delivered-content models may be associated with imported business objects. When you select one of these models for import, you automatically import the associated object with it.

Source Language Is Applied to Objects

In advanced controls, each object has a source language to facilitate logic analysis and return results with names that correspond to this language. A model you create or import applies your source language, and any control and related results inherit this source language. You can expose the source-language assignment via column-view options on the pages to manage models and manage controls.

Notifications Page Is Removed for Advanced Controls

The Notifications landing page for the Advanced Controls work area no longer exists. Users can now read notifications by clicking a bell-shaped icon in the global header. The landing page for the Advanced Controls work area is now the Controls page.

Records Are Expanded in Page to Resolve Duplicate-Name Conflicts During Imports

You can't import a model, control, or user-defined object if your target instance contains an item of the same type with a matching name. So the import procedure includes a page to resolve duplicate-name conflicts. Records in this page are now expanded by default.

Financial Reporting Compliance

Survey Activities Are Integrated with Fusion Notifications

In prior releases, an initial set of Risk Management integrations with Fusion notifications and email was completed. This enabled users to read notifications by clicking a bell-shaped icon in the global header. This integration has been extended to include the Financial Reporting Compliance Survey object.

Survey Instructions Support Rich HTML

You can now add rich text to your survey instructions and have attachments for additional information pertaining to the survey.

Assessment Survey Results Can Be Updated

When an assessment includes a survey, you can update survey results even after the assessment has been rejected.

Assessment Completion Is Enhanced

You can now enter test-step results directly in the Enter Test Results page as you complete a control assessment. You no longer enter results in a popup for each step. Also, the appearance of the Complete Assessments page is simplified: the Test Plan and Assessment Details sections are collapsed.

Hide Option Is Removed from Risk Treatment Configuration

You can select among treatment options to determine the tools available to mitigate risks in Financial Reporting Compliance. One of these options, Hide, is now disabled. Two others, a Hide and Default option and a Show option, remain available for selection.

Workflow Comments Are Enhanced

During review and approval of a record, you can now view who wrote a comment and when the comment was added.

Access Certification

Inactive Users Can't Be Added to Certifications

A user-role record may be added to a certification if the role is assigned to an active user, but not if it is assigned to an inactive user.

Certification Records Include User Attributes

You can now include up to five additional attributes pertaining to the user being certified.

All Assignable Roles are Now Included in Access Certifications

When new certification scoping jobs are run, all roles that are assignable to a user are now included, versus only those roles labeled as job roles.

Transactional Business Intelligence for Risk Management

Assessment Results Subject Area Has Changes

In the Assessment Results subject area, a few changes have been made. Here's a sneak peek at new attributes: Approver Comments, Approver Comment Created By, Approver Comment Creation Date, Enforcement Type, Test Step Result Summary, Last Updated Date, and Enforcement Type. Also take note of these changes: the Assessment Result label has become Response, the Test Step Result label has become Test Step Response, the Response Summary label has become Result Summary, and Response Name is removed.

OTBI Analyses Provide Links to Pages in Financial Reporting Compliance

You can now drill down from an OTBI analysis directly to a page in Financial Reporting Compliance. Available links include Process, Risk, Control, Remediation Plans, Issues, and Assessments.

Advanced Access Controls Subject Area Has Changes

Check out the new attributes in the Advanced Access Controls subject area: Control ID, Control Logic, Conflicting Roles, Role ID, Incident Information Codes, and several related to access global conditions. You'll find in the Related Control Records folders two new attributes from the Financial Reporting Compliance subject area: Enforcement Type and Last Updated Date. And finally, a couple of attributes are removed: Default Data Source and Enforcement Type (related to Advanced Controls).

Advanced Financial Controls Subject Area Has Changes

Check out the new attributes to the Advanced Control Details dimension in the Advanced Financial Controls subject area. These include Control ID, Control Logic, and Run Dependent Analyses. You'll find in the Related Control Records folders two new attributes from the Financial Reporting Compliance subject area: Enforcement Type and Last Updated Date. And finally, a couple of attributes are removed: Default Data Source and Enforcement Type (related to Advanced Controls).

New Dashboard Report on Related Records

In Financial Reporting Compliance, objects such as Processes, Risks, and Controls can be related to one another. For example, you might relate several controls to a risk to indicate that each control plays some part in reducing the risk. You can use the delivered Related Records dashboard to view these relationships.