Cloud Readiness / Oracle Risk Management Cloud
New Feature Summary
Expand All


  1. Update 20A
  1. Revision History
  2. Overview
  3. Risk Management
    1. Common
        1. Change to Direct Assignment Security Model
        2. Security Configuration Tab Is Read-Only
    2. REST APIs for Risk Management
      1. Advanced Controls
        1. Additional Attributes for Advanced Controls REST API
        2. Ability to Initiate a Global User Sync Using REST API
        3. Change to REST API Task Name
    3. Financial Reporting Compliance
        1. Enhancements to Managing Assessment Batches
        2. Remove the Abilitiy to Create Records While Relating Records
        3. Update to Survey Notifications
        4. Universal Panel Applied to Risk Context
    4. Advanced Financial Controls
        1. New Models in Content Library
        2. Changes Are Made to Business Objects
        3. Upgrade Validation When Business Objects Are Removed
        4. Direct Link to Worklist from Email
        5. Drill from Advanced Control or Result to Related Records
    5. Advanced Access Controls
        1. Procurement Agent Buyer Attribute Is Removed
        2. Restrict Visualization Record Selection
        3. Audit Is Enabled for User-Defined Access Points
        4. Provisioning Rules Integration with Security Console
        5. Direct Link to Worklist from Email
        6. Drill from Advanced Control or Result to Related Records
    6. Access Certification
        1. Initating an Access Certification and the Finalize Roles Scoreboard Enhanced
    7. Transactional Business Intelligence for Risk Management
        1. Updated Inaccessible Records Report
        2. Risk Management Cloud - Assessment Results Real Time and Compliance Real Time Subject Areas Enhanced
        3. Additional Employee Attributes Added

Update 20A

Revision History

This document will continue to evolve as existing sections change and new information is added. All updates appear in the following table:

Date Feature Notes
06 DEC 2019   Created initial document.

Overview

This guide outlines the information you need to know about new or improved functionality in this update.

DISCLAIMER

The information contained in this document may include statements about Oracle’s product development plans. Many factors can materially affect Oracle’s product development plans and the nature and timing of future product releases. Accordingly, this Information is provided to you solely for information only, is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described remains at the sole discretion of Oracle.

This information may not be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. Oracle specifically disclaims any liability with respect to this information. Refer to the Legal Notices and Terms of Use for further information.

Risk Management

Oracle Risk Management consists of three products: Oracle Fusion Financial Reporting Compliance documents your policies for identifying and resolving risk in your financial processes. Oracle Advanced Access Controls detects risk inherent in the access granted to users of business applications. Oracle Advanced Financial Controls uncovers risk exhibited by transactions completed on business applications. Advanced Financial Controls and Advanced Access Controls belong to a module called Advanced Controls Management.

Advanced Access Controls includes an Access Certification set of features. It enables an organization to perform periodic reviews to determine whether job roles are assigned appropriately to users.

Common

Change to Direct Assignment Security Model

To simplify the implementation of granular access, the entire security model for Risk Management has been converted to a direct-assignment approach. General eligibility to access records or perform activities will continue to be determined based on functional, privilege-based security. However, the access to the specific record or activity will be determined at the individual record level.

Security Configuration Tab Is Read-Only

Because of the change to the security model, the Risk Management implementation of data security policies is no longer utilized. There is no longer a need to define data security policies and to map them to related Risk Management job or duty roles. However, they have not been removed; instead, the Security Configuration tab has been retained as a read-only resource to provide reference information to customers who defined data security policies.

REST APIs for Risk Management

Advanced Controls

Additional Attributes for Advanced Controls REST API

New attributes were added to the advancedControls REST API. They relate to the incident results of Advanced Access Controls and Advanced Financial Controls.

Ability to Initiate a Global User Sync Using REST API

Customers who initiate an Advanced Control job via REST Services will now also be able to use the advancedControlsRuns REST API to initiate the related Global User Sync.

Change to REST API Task Name

Although no technical changes were made, please take note of some task name changes on the REST API Oracle Help Center page. Provisioning Rules was previously called Advanced Controls Role Segregations. Under that, you'll find Create an intrarole rules check which used to be called Perform post operation on runIntraRoleCheck and Create a rules check for role assignments which used to be called Perform post operation on runUserRoleCheck.

Financial Reporting Compliance

Enhancements to Managing Assessment Batches

Multiple enhancements have been made to the assessment management work area. Specifically, the management and initiation of assessment batches have been streamlined. In addition, impromptu assessments are now managed within the Assessment Batches tab.

Remove the Abilitiy to Create Records While Relating Records

While editing a risk or process record, you can no longer create a new record within the related records section.

Update to Survey Notifications

Once a survey has been initiated, the application sends an email message to each survey responder. Now the responder can simply click the embedded survey link within the message, and be redirected to the complete-survey pages.

Universal Panel Applied to Risk Context

The universal panel has been applied to the page in which users define criteria and details for risk context models.

Advanced Financial Controls

New Models in Content Library

Two new models for Advanced Financial Controls are available for import. These include 33002: Receivable Invoice Credit Memos Created by the Same User and 33003: Receivables Invoice Balance Exceeds Customer Credit Limit.

Changes Are Made to Business Objects

This release includes additions and updates to business objects. New business objects include Receivables Invoice and Receivables Payment Schedule. For existing business objects, new attributes were added to Audit - Item and Audit - Supplier, and attributes were removed from Asset Workbench, Payment Process Request, and Audit - Item. Additionally, various attributes names were updated.

Upgrade Validation When Business Objects Are Removed

In the event a business object is removed, upgrade validation is now in place to set transaction models and controls to Invalid state, and Inactive status, when it contains an obsolete object.  This upgrade validation is the same as an attribute that has been removed from a business object.  No business objects have been made obsolete in release 20A.

Direct Link to Worklist from Email

If you are a result investigator for a control, you're notified via email when new incidents are generated for that control. Previously, the link in the email message brought you to the springboard. Now, it brings you to the worklist page.

Drill from Advanced Control or Result to Related Records

You've always been able to relate advanced controls and results to Financial Reporting Compliance records such as processes, risks and controls. What's new is you can click on the related record and open the related record definition.

Advanced Access Controls

Procurement Agent Buyer Attribute Is Removed

Beginning in 19C, procurement-related advanced access controls automatically exclude false positives when a user isn't set up as a procurement agent, or hasn't been allowed access to an action as a procurement agent. There is no longer a need to manually define the exclusion condition. So the attribute you would use to do so, Procurement Agent Buyer, is removed from the Access Conditions business object.

Restrict Visualization Record Selection

As an aid in resolving access incidents, you may create visualizations. These are graphic depictions of paths that lead from users to the roles they're assigned and ultimately to conflicting access points. The graph can be unwieldy when too many records are visualized at once. Therefore the number of records that can be selected is now limited to twenty-five.

Audit Is Enabled for User-Defined Access Points

Using audit, you can now track changes made to user-defined access points.

Provisioning Rules Integration with Security Console

You can now quickly assess segregation of duties (SoD) risk before provisioning new roles or editing existing roles within Security Console. To do this, create provisioning rules that define conflicts between roles. Then, while editing or creating roles in Security Console, analyze the role structure for segregation-of-duties conflicts determined by the provisioning rules, and make changes to the role structure as needed until your role is conflict-free.

Direct Link to Worklist from Email

If you are a result investigator for a control, you're notified via email when new incidents are generated for that control. Previously, the link in the email message brought you to the springboard. Now, it brings you to the worklist page.

Drill from Advanced Control or Result to Related Records

You've always been able to relate advanced controls and results to Financial Reporting Compliance records such as processes, risks, and controls. What's new is you can click on the related record and open the related record definition.

Access Certification

Initating an Access Certification and the Finalize Roles Scoreboard Enhanced

The process to initiate an access certification has been enhanced to a guided process flow. The Finalize Roles page now displays the number of users per role you have selected for a certification. The number of users is based on the number of roles returned by the scoping filters and the number of roles you have chosen to exclude.

Transactional Business Intelligence for Risk Management

Updated Inaccessible Records Report

The existing Inaccessible Records report identifies records no one has access to. Since security used to be based on perspectives, but is now based on user authorization, this report is updated to show inaccessible records based on the new security.

Risk Management Cloud - Assessment Results Real Time and Compliance Real Time Subject Areas Enhanced

The dimensions in the Risk Management Cloud - Assessment Results Real Time and Compliance Real Time subject areas have been enhanced. You can now report on the survey responder for a survey question and additional attributes.

Additional Employee Attributes Added

Additional attributes are now available in the Access Certification Details dimension of the Risk Management Cloud - Access Certification Real Time subject area.