Cloud Readiness / Oracle Risk Management Cloud
New Feature Summary
Expand All


  1. Update 21A
  1. Revision History
  2. Overview
  3. Risk Management
    1. Common
        1. New Quick Actions
        2. Ability to Delete Owner from an Object Record
        3. Enable User to Search and Add Multiple Users Via Mass Edit
        4. Control Parameter Is Filtered in Purges of Advanced Control Results
        5. Administration Reports Link Is Removed
    2. Financial Reporting Compliance
        1. Ineligible Assessment Users Display
        2. Authors of Approval Comments Are Identified
    3. Advanced Access Controls
        1. New Delivered Model Content
        2. Run Status Column Is Added to Access Simulations Page
        3. Added Exclusions for Procurement Agent Actions
        4. Updates to Export File for Control Results
        5. Show Key Columns by Default in Results
        6. Status Improvements for the Mass-Edit-Incident Job
        7. Use Mass Edit to Remove Users from Controls
        8. Column Headings in Results Frozen
    4. Advanced Financial Controls
        1. New Models in Content Library
        2. Changes Are Made to Business Objects
        3. New Message Warns When a Model Has More Than 25 Result Attributes
        4. Attribute Rate Values Can Display Up to Ten Decimal Places
        5. New Modifier for Configurable Attribute with Date
        6. Show Key Columns by Default in Results
        7. Status Improvements for the Mass-Edit-Incident Job
        8. Use Mass Edit to Remove Users from Controls
        9. Column Headings in Results Frozen
    5. Transactional Business Intelligence for Risk Management
        1. Ability to Report on Members in a Security Assignment Group
        2. Inaccessible Records Dashboard Renamed
        3. Deep Link Parameters Updated for Assessments
        4. Deep Link Parameter Values Passed to Result Records
        5. Deep Links Provided for Survey Pages

Update 21A

Revision History

This document will continue to evolve as existing sections change and new information is added. All updates appear in the following table:

Date Product Feature Notes
04 DEC 2020     Created initial document.

Overview

This guide outlines the information you need to know about new or improved functionality in this update.

DISCLAIMER

The information contained in this document may include statements about Oracle’s product development plans. Many factors can materially affect Oracle’s product development plans and the nature and timing of future product releases. Accordingly, this Information is provided to you solely for information only, is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described remains at the sole discretion of Oracle.

This information may not be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. Oracle specifically disclaims any liability with respect to this information. Refer to the Legal Notices and Terms of Use for further information.

Risk Management

Oracle Risk Management consists of the following key solution areas:

  • Financial Reporting Compliance to automate audit assessments and certifications.
  • Advanced Access Controls to manage user access and separation-of-duty risk.
  • Advanced Financial Controls to continuously monitor configuration changes and business transactions.
  • Access Certifications to streamline reviews by process owners to ensure that employees have been granted appropriate access based on their current jobs.
  • Enterprise Risk Management to streamline the analysis, evaluation, and treatment of documented risks.

Common

New Quick Actions

Users now have the ability to quickly access functionality in a single click. In this release, two new Quick Actions are added:

  • Manage User Group Assignments
  • Run Transaction Synchronization

Ability to Delete Owner from an Object Record

A user authorized as an owner of an object record can delete him or herself from the record, providing it retains at least one eligible owner. This can be a user authorized individually as an owner or a member of an owner group. Previously this functionality wasn’t available in some cases, such as when a control is deployed.

Enable User to Search and Add Multiple Users Via Mass Edit

In the Mass Edit Security Assignment page, you can now add or remove multiple users for an object type and authorization.

Control Parameter Is Filtered in Purges of Advanced Control Results

In the Purge Results page in Setup and Administration, the list of controls is now filtered based on the selected control type (Access or Transaction) and result type (Data set or Incident).

Administration Reports Link Is Removed

Navigate to Risk Management Advanced Controls Reports or Financial Compliance Reports to view embedded reports. Previously in the related links tab, an Administration Reports link was available. This link and the underlying reports are removed since the reports are now in OTBI, or can be easily created in OTBI.

Financial Reporting Compliance

Ineligible Assessment Users Display

In the Assessment Record Security Assignment page for assessment batch, you can manage and view the users who are assessors, reviewers, approvers, or viewers. Users who are not eligible to act in these capacities are identified by an ineligible icon.

Authors of Approval Comments Are Identified

Comments made during the approval workflow cycle now identify the object submitters, reviewers, and approvers who made them.

Advanced Access Controls

New Delivered Model Content

Oracle delivers 4 new models to detect separation-of-duties conflicts and sensitive access. These models include

  • 10100: Associate Customer to Invoicing Partners and Create Joint Venture Accounts Receivable Invoice
  • 10101: Create Customer and Associate Customer to Invoicing Partners
  • 10102: Sensitive Joint Venture Invoicing Partner Privileges
  • 10103: Sensitive Joint Venture Stakeholder Privileges

Run Status Column Is Added to Access Simulations Page

A new column, called Run Status, is available in the Access Simulations page. It reports the status of simulation jobs.

Added Exclusions for Procurement Agent Actions

For certain privileges to grant functional access, a user must be granted both the privilege and a corresponding "action" as a "procurement agent" for a business unit. For example, a person may be set up as a procurement agent, but unless granted the privilege to "Create Purchase Order Line from Catalog" and the action to "Manage Purchase Orders," that person will not be able to transact for that privilege. Advanced Access Controls automatically excludes privileges related to actions a procurement agent has not been granted access to perform. Two additional privileges are now excluded during analysis if not granted via a procurement agent: Generate Purchase Order and Retroactively Price Purchase Order.

Updates to Export File for Control Results

In the export file for control results, column headers used to take up three rows. Beginning in release 21A, they occupy a single row. Also, beginning in release 20D the user column was removed because it was redundant with the global user, and the last-run-by field was populated.

Show Key Columns by Default in Results

By default, Results pages sort records by global user and display the most commonly used columns, in the following order: Global User, First Name, Last Name, Role, Access Entitlement, Access Point, Incident Information, Conflicting Roles, Group, Investigator, Comments and Attachments.

Status Improvements for the Mass-Edit-Incident Job

The job to mass-edit incidents may not update all incident records selected by the user who runs it. If not, it returns one of two new status values, Completed with Warnings or Completed with Errors.

Use Mass Edit to Remove Users from Controls

If a person is both directly authorized as the owner of a control, and a member of an owner group assigned to the control, you can now use the Mass Edit Security Assignments page to remove the direct authorization. Previously, you could edit the individual control record to remove the direct assignment (and you still can), but you couldn't use the mass-edit functionality.

Column Headings in Results Frozen

When you work with model results and control incident results, the headers in the Results pages remain frozen as you scroll through a large amount of data.

Advanced Financial Controls

New Models in Content Library

Three new models for Advanced Financial Controls are available for import. These include:

  • 40007: Receivables Invoices and Receivables Standard Receipts Managed by the Same User
  • 40008: External Bank Accounts and Payments Managed by the Same User
  • 40009: Purchase Orders and Procurement Approval Routing Rules Managed by the Same User

Changes Are Made to Business Objects

This release includes additions and updates to business objects. New business objects include Procurement Approval Routing Rules and Legal Entity. For existing business objects, new attributes were added to Expense Report Details, Purchasing Setup: General, Journal Entry, Ledger Setup: General, Audit - Ledgers Setup, Audit - Item, and Audit - Salary.

New Message Warns When a Model Has More Than 25 Result Attributes

When you create or update a model in Advanced Financial Controls, a new warning message lets you know if you have selected more than 25 attributes in the Result Display region. You can select more than 25, but a good design uses fewer, especially since OTBI reports only use the first 25.

Attribute Rate Values Can Display Up to Ten Decimal Places

In Advanced Financial Controls, when an attribute in a business object represents a rate value, you can now see up to ten decimal places of the value in your model or control results.

New Modifier for Configurable Attribute with Date

In an Advanced Financial Control model a user can add a configurable attribute in a business object.  Previously, when you used a date attribute you could not use the plus (+) modifier.  Now you can in conjunction with a value you enter.

Show Key Columns by Default in Results

By default, Results pages display the most commonly used columns, in the following order: Result ID, Status, Grouping Value, all the business object attributes based on the order defined in the control, followed by any system-generated columns.

Status Improvements for the Mass-Edit-Incident Job

The job to mass-edit incidents may not update all incident records selected by the user who runs it. If not, it returns one of two new status values, Completed with Warnings or Completed with Errors.

Use Mass Edit to Remove Users from Controls

If a person is both directly authorized as the owner of a control, and a member of an owner group assigned to the control, you can now use the Mass Edit Security Assignments page to remove the direct authorization. Previously, you could edit the individual control record to remove the direct assignment (and you still can), but you couldn't use the mass-edit functionality.

Column Headings in Results Frozen

When you work with model results and control incident results, the headers in the Results pages remain frozen as you scroll through a large amount of data.

Transactional Business Intelligence for Risk Management

Ability to Report on Members in a Security Assignment Group

A new dimension has been added in OTBI for secured objects that allows reporting on security assignment groups and their members.

Inaccessible Records Dashboard Renamed

In the Custom > Risk Management catalog folder in OTBI, there are administration dashboards. One of those dashboards was called Inaccessible Records and Worklists Dashboard and has been renamed to Inaccessible Records Dashboard. Worklists can't be inaccessible (since the security synchronization job will be sure only accessible worklists are shown), and so the relevant dashboards have been updated.

Deep Link Parameters Updated for Assessments

Two deep links have been streamlined such that fewer parameters need to be passed. The deep links affected are View Assessment Results and Complete Assessment Results.

Deep Link Parameter Values Passed to Result Records

A common use of deep links is to navigate from an OTBI dashboard, say an incident report, directly to the corresponding records. For deep links related to incident results, the filter criteria passed in the deep link are now visible in the results page under the show filters area.

Deep Links Provided for Survey Pages

You can now drill down from an OTBI analysis directly to survey pages in Financial Reporting and Compliance.