Cloud Readiness / Oracle Risk Management Cloud
New Feature Summary
Expand All


  1. Update 20C
  1. Revision History
  2. Overview
  3. Risk Management
    1. Common
        1. Mass Edit Security by Record Owners
        2. Security Synchronization Is Optimized
    2. Financial Reporting Compliance
        1. Assessment Records Security Now Supports Adding Assessors
        2. Assessment Batch Start Date is Now Read Only
        3. Enhanced Assessment In-Scope Values
        4. Due Date is No Longer a Required Field for Risk Analysis or Evaluation
        5. Changes Made to Context Model Name
    3. Advanced Financial Controls
        1. Data Access Requirement with Messaging
        2. Character Length Increased on System-Generated Column
        3. System-Generated Date Values Use Object Locale
        4. Data Synchronization Job Runs Across All Objects
        5. Mass Edit More Than 25 Incidents
    4. Advanced Access Controls
        1. New and Updated Delivered Model Content
        2. Mass Edit More Than 25 Incidents
    5. Transactional Business Intelligence for Risk Management
        1. Created By, Reviewed By, Approved By and Comments Are Added
        2. Relabeled User Authorization Attribute
        3. Reporting On User Assignment Security Is Added for Process and Risk

Update 20C

Revision History

This document will continue to evolve as existing sections change and new information is added. All updates appear in the following table:

Date Product Feature Notes
05 JUN 2020     Created initial document.

Overview

This guide outlines the information you need to know about new or improved functionality in this update.

DISCLAIMER

The information contained in this document may include statements about Oracle’s product development plans. Many factors can materially affect Oracle’s product development plans and the nature and timing of future product releases. Accordingly, this Information is provided to you solely for information only, is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described remains at the sole discretion of Oracle.

This information may not be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. Oracle specifically disclaims any liability with respect to this information. Refer to the Legal Notices and Terms of Use for further information.

Risk Management

Oracle Risk Management consists of the following key solution areas:

  • Financial Reporting Compliance to automate audit assessments and certifications.
  • Advanced Access Controls to manage user access and segregation-of-duty risk.
  • Advanced Financial Controls to continuously monitor configuration changes and business transactions.
  • Access Certifications to streamline reviews by process owners to ensure that employees have been granted appropriate access based on their current job.
  • Enterprise Risk Management to streamline the analysis, evaluation, and treatment of documented risks.

Common

Mass Edit Security by Record Owners

You can now mass-update data-security assignments for records you're authorized to own. These records include models, controls, and incident results in Advanced Controls; processes, risks, controls, assessments, issues, and remediation plans in Financial Reporting Compliance; and certifications in Access Certification.

Security Synchronization Is Optimized

Worklist synchronization used to run as part of the Security Synchronization job. In 20C, the Security Synchronization job has been optimized. It will spawn two separate jobs, which you can view in the Monitor Jobs page: Result Worklist Synchronization (related to Advanced Controls) and Financial Reporting Compliance Worklist Synchronization.

Financial Reporting Compliance

Assessment Records Security Now Supports Adding Assessors

After you initiate an assessment batch that includes a survey, you can add new assessors. New assessors have access to submit the survey responses.

Assessment Batch Start Date is Now Read Only

The assessment batch start date is now a read only value. The application will automatically set the current date and time as the batch start date.

Enhanced Assessment In-Scope Values

As you create an assessment plan for the Process or Control object, one of the two in-scope values is now selected by default. That selection is determined by the assessment activity inherited from the template on which a plan is based. For the Audit Test activity, the Audit Test in-scope value is selected; for any other activity, the Assessment in-scope value is selected. The plan returns processes or controls assigned the selected in-scope value.

Due Date is No Longer a Required Field for Risk Analysis or Evaluation

The due date for a risk analysis or risk evaluation is no longer mandatory.

Changes Made to Context Model Name

You can now create a risk context model name with a maximum of 150 characters.

Advanced Financial Controls

Data Access Requirement with Messaging

To view or edit a transaction model or control, you must not only be authorized as its owner, editor, or viewer, but also be assigned all the business objects from which it draws data for analysis. If you are missing business-object security, a Missing Business Objects Access icon appears at the beginning of the object or control name. If you click the name, an error message identifies the missing objects.

Character Length Increased on System-Generated Column

Results returned by transaction models and controls may include system-generated columns, such as those created by the Similar and Equals conditions. The character limit for system-generated columns has been increased from 50 to 250.

System-Generated Date Values Use Object Locale

A value in a system-generated column is of the string type, even if it comprises attributes of other data types. Formatting preferences you may configure for date attributes have no bearing on dates in system-generated columns. Instead, the Source Language (locale) of a model or control that produces system-generated values determines the date format for those values.

Data Synchronization Job Runs Across All Objects

Data synchronization, which is run from the Advanced Controls Configuration page, refreshes data in business objects used by transaction models and controls. Previously, the job recognized only business objects assigned to the person who ran the job. Now, the job updates all business objects used in all models and controls, regardless of who runs it.

Mass Edit More Than 25 Incidents

Previously, you could select up to 25 incident results to mass edit. Now, you can mass edit any number of incidents that match your search criteria.

Advanced Access Controls

New and Updated Delivered Model Content

Oracle delivers three new models to detect segregation-of-duties conflicts and sensitive access. These models include 4085: HDL Import Data into Stage Tables and HDL Import Data into Application Tables, 4096: HDL Sensitive Data Loader Privileges, and 4097: HDL Sensitive Data Exchange Work Area. In addition, three existing models were updated to reference entitlements that will reduce false positives. The affected models are 7551: Post Journal Entry and Manage Accounting Period Statuses, 6918: Enter Journals and Manage Accounting Period Statuses, and 10014: Maintain Project Accounting Periods and Manage Accounting Period Statuses.

Mass Edit More Than 25 Incidents

Previously, you could select up to 25 incident results to mass edit. Now, you can mass edit any number of incidents that match your search criteria.

Transactional Business Intelligence for Risk Management

Created By, Reviewed By, Approved By and Comments Are Added

The dimensions in the Risk Management Cloud - Assessment Results Real Time and Compliance Real Time subject areas have been enhanced. Within the Risk Management Cloud - Assessment Results Real Time you can now report on the user who reviewed the assessment record, in addition to the comments the reviewer submitted.  Within Risk Management Cloud - Compliance Real Time subject areas you can also report on additional attributes for the issue record.

Relabeled User Authorization Attribute

In some Risk Management subject areas, you will find objects with a user security assignment folder. Within this folder, the User Authorization attribute has been relabeled to Assigned Authorization.

Reporting On User Assignment Security Is Added for Process and Risk

To secure Risk Management records, you authorize individual users or user groups as owners, editors, or viewers. You can now report on which users and groups are authorized, and at what levels, for these objects: process and risk in Financial Reporting Compliance.