This document will continue to evolve as existing sections change and new information is added. All updates appear in the following table:
| Date | Product | Feature | Notes |
|---|---|---|---|
| 05 JUN 2020 | Created initial document. |
This guide outlines the information you need to know about new or improved functionality in this update.
DISCLAIMER
The information contained in this document may include statements about Oracle’s product development plans. Many factors can materially affect Oracle’s product development plans and the nature and timing of future product releases. Accordingly, this Information is provided to you solely for information only, is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described remains at the sole discretion of Oracle.
This information may not be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. Oracle specifically disclaims any liability with respect to this information. Refer to the Legal Notices and Terms of Use for further information.
Oracle Risk Management consists of the following key solution areas:
- Financial Reporting Compliance to automate audit assessments and certifications.
- Advanced Access Controls to manage user access and segregation-of-duty risk.
- Advanced Financial Controls to continuously monitor configuration changes and business transactions.
- Access Certifications to streamline reviews by process owners to ensure that employees have been granted appropriate access based on their current job.
- Enterprise Risk Management to streamline the analysis, evaluation, and treatment of documented risks.
Mass Edit Security by Record Owners
You can now mass-update data-security assignments for records you're authorized to own. These records include models, controls, and incident results in Advanced Controls; processes, risks, controls, assessments, issues, and remediation plans in Financial Reporting Compliance; and certifications in Access Certification.
Security Synchronization Is Optimized
Worklist synchronization used to run as part of the Security Synchronization job. In 20C, the Security Synchronization job has been optimized. It will spawn two separate jobs, which you can view in the Monitor Jobs page: Result Worklist Synchronization (related to Advanced Controls) and Financial Reporting Compliance Worklist Synchronization.
Financial Reporting Compliance
Assessment Records Security Now Supports Adding Assessors
After you initiate an assessment batch that includes a survey, you can add new assessors. New assessors have access to submit the survey responses.
Assessment Batch Start Date is Now Read Only
The assessment batch start date is now a read only value. The application will automatically set the current date and time as the batch start date.
Enhanced Assessment In-Scope Values
As you create an assessment plan for the Process or Control object, one of the two in-scope values is now selected by default. That selection is determined by the assessment activity inherited from the template on which a plan is based. For the Audit Test activity, the Audit Test in-scope value is selected; for any other activity, the Assessment in-scope value is selected. The plan returns processes or controls assigned the selected in-scope value.
Due Date is No Longer a Required Field for Risk Analysis or Evaluation
The due date for a risk analysis or risk evaluation is no longer mandatory.
Changes Made to Context Model Name
You can now create a risk context model name with a maximum of 150 characters.
Data Access Requirement with Messaging
To view or edit a transaction model or control, you must not only be authorized as its owner, editor, or viewer, but also be assigned all the business objects from which it draws data for analysis. If you are missing business-object security, a Missing Business Objects Access icon appears at the beginning of the object or control name. If you click the name, an error message identifies the missing objects.
Character Length Increased on System-Generated Column
Results returned by transaction models and controls may include system-generated columns, such as those created by the Similar and Equals conditions. The character limit for system-generated columns has been increased from 50 to 250.
System-Generated Date Values Use Object Locale
A value in a system-generated column is of the string type, even if it comprises attributes of other data types. Formatting preferences you may configure for date attributes have no bearing on dates in system-generated columns. Instead, the Source Language (locale) of a model or control that produces system-generated values determines the date format for those values.
Data Synchronization Job Runs Across All Objects
Data synchronization, which is run from the Advanced Controls Configuration page, refreshes data in business objects used by transaction models and controls. Previously, the job recognized only business objects assigned to the person who ran the job. Now, the job updates all business objects used in all models and controls, regardless of who runs it.
Mass Edit More Than 25 Incidents
Previously, you could select up to 25 incident results to mass edit. Now, you can mass edit any number of incidents that match your search criteria.
New and Updated Delivered Model Content
Oracle delivers three new models to detect segregation-of-duties conflicts and sensitive access. These models include 4085: HDL Import Data into Stage Tables and HDL Import Data into Application Tables, 4096: HDL Sensitive Data Loader Privileges, and 4097: HDL Sensitive Data Exchange Work Area. In addition, three existing models were updated to reference entitlements that will reduce false positives. The affected models are 7551: Post Journal Entry and Manage Accounting Period Statuses, 6918: Enter Journals and Manage Accounting Period Statuses, and 10014: Maintain Project Accounting Periods and Manage Accounting Period Statuses.
Mass Edit More Than 25 Incidents
Previously, you could select up to 25 incident results to mass edit. Now, you can mass edit any number of incidents that match your search criteria.
Transactional Business Intelligence for Risk Management
Created By, Reviewed By, Approved By and Comments Are Added
The dimensions in the Risk Management Cloud - Assessment Results Real Time and Compliance Real Time subject areas have been enhanced. Within the Risk Management Cloud - Assessment Results Real Time you can now report on the user who reviewed the assessment record, in addition to the comments the reviewer submitted. Within Risk Management Cloud - Compliance Real Time subject areas you can also report on additional attributes for the issue record.
Relabeled User Authorization Attribute
In some Risk Management subject areas, you will find objects with a user security assignment folder. Within this folder, the User Authorization attribute has been relabeled to Assigned Authorization.
Reporting On User Assignment Security Is Added for Process and Risk
To secure Risk Management records, you authorize individual users or user groups as owners, editors, or viewers. You can now report on which users and groups are authorized, and at what levels, for these objects: process and risk in Financial Reporting Compliance.