Cloud Readiness / Oracle Risk Management Cloud
New Feature Summary
Expand All


  1. Update 21C
  1. Revision History
  2. Overview
    1. Common
        1. Ability to Use REST API to Mass-Edit Advanced Controls
        2. Security for User Groups
        3. Default Sorting Implemented Across Risk Management
    2. Financial Reporting Compliance
        1. Risk Analysis and Evaluations Tables Are Now Sortable
        2. Security Applied to Surveys
        3. Initiate Standalone Surveys
        4. View Approval History Panel within the Assessment Record
        5. Flexfield Values Are Copied
        6. Enhancements to Import Error Messages
    3. Advanced Access Controls
        1. Select from Multiple Searches During Model Import
    4. Access Certification
        1. Access Certifications Certifier Worksheet Contains Additional Data Access Information
        2. Each User Who Performs a Certification for a Specific User-Role Within a Shared Worksheet Is Retained
    5. Advanced Financial Controls
        1. New Read-Audit Models in Content Library
        2. Changes Are Made to Business Objects
        3. Data Available for Secured Audit Business Objects
        4. Improved Error Messaging When Environment Resource Capacity Is Reached
        5. Use "Related to" Condition Between Unrelated Business Objects
        6. Select from Multiple Searches During Model Import
    6. Transactional Business Intelligence for Risk Management
        1. Perspective Values Are Delimited in the Related Records Dashboard
        2. Reports Now Cover User Assignment Security for Assessments
        3. New Risk Related Dimensions
        4. Ability to Report on Incident Information Codes
        5. Added Global User ID Attribute to Advanced Access Controls Subject Area
        6. State and Status Code Attributes Are Added to Advanced Access Controls Subject Area
        7. Deep Drill to Results by Control, User, and Role
        8. Pass State and Status to Override Default Search

Update 21C

Revision History

This document will continue to evolve as existing sections change and new information is added. All updates appear in the following table:

Date Product Feature Notes
04 JUN 2021     Created initial document.

Overview

This guide outlines the information you need to know about new or improved functionality in this update.

DISCLAIMER

The information contained in this document may include statements about Oracle’s product development plans. Many factors can materially affect Oracle’s product development plans and the nature and timing of future product releases. Accordingly, this Information is provided to you solely for information only, is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described remains at the sole discretion of Oracle.

This information may not be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. Oracle specifically disclaims any liability with respect to this information. Refer to the Legal Notices and Terms of Use for further information.

Common

Ability to Use REST API to Mass-Edit Advanced Controls

An update to the existing advancedControls REST API feature enables you to perform mass edit on advanced controls.

Security for User Groups

New security has been implemented for the user assignment groups, which enables the protection of membership within each group.

Default Sorting Implemented Across Risk Management

The new default sorting for records on Risk Management pages is alpha-numerical, case sensitive, on the record name.

Financial Reporting Compliance

Risk Analysis and Evaluations Tables Are Now Sortable

You can now sort analyses and evaluations. By default, the records are sorted by most recent completion date.

Security Applied to Surveys

Surveys and their results are now secured to be consistent with the User Assignment application security framework. Each survey requires at least one owner. Owners can authorize additional owners, editors, and viewers for their surveys. Owners can also leverage user assignment groups to authorize owners, editors, or viewers for a survey. Authorized users can update users' authorization within Mass Edit Security Assignment feature.

Initiate Standalone Surveys

You can now initiate surveys that are not associated to an FRC object.

View Approval History Panel within the Assessment Record

Assessors, reviewers, approvers, and viewers can now view the assessment Approval History panel in the last train stop of an assessment record.

Flexfield Values Are Copied

The application supported the ability to copy records of processes, risks, and controls. Now the application copies the flexfield values as well.

Enhancements to Import Error Messages

Numerous import error messages have been implemented to further streamline the import process of legacy data.

Advanced Access Controls

Select from Multiple Searches During Model Import

In the Models page under Actions > Import, you can select from various libraries of models to import. After you select a library you can search and select models you'd like to import. Often you'll want to import several models that require multiple searches. It used to be that after each search the selected models weren't remembered. Now they are.

Access Certification

Access Certifications Certifier Worksheet Contains Additional Data Access Information

The Access Certifications certifier worksheet has new attributes to display the data access associated to the user-role combination.

Each User Who Performs a Certification for a Specific User-Role Within a Shared Worksheet Is Retained

When performing a certification, multiple users can work within a single worksheet. Each user who performs a certification for a specific user-role is now retained as the user who last updated the record.

Advanced Financial Controls

New Read-Audit Models in Content Library

Six new models for Advanced Financial Controls are available for import. These include:

  • 70001: Users Who View Sensitive Pages on the Weekend
  • 70002: Users Who View Sensitive Person Records on the Weekend
  • 70003: Users Who View Sensitive Pages Prior to Termination
  • 70004: Users Who View Sensitive Person Records prior to Termination
  • 70005: Users Who View Sensitive Pages Prior to Position Change
  • 70006: Users Who View Sensitive Person Records Prior to Position Change

Changes Are Made to Business Objects

This release includes additions, changes, and removal of attributes from business objects. Additionally, two new business objects are introduced, called Audit Policies for Application Configurations and Sensitive Data Access Audit. The latter is used in six new models that can be imported through the delivered content library.

Data Available for Secured Audit Business Objects

Previously, secured audit business objects became available but the required security to bring over the data from Manage Audit Policies was missing. Now the Transaction Data Source Synchronization job has the access to return data for these business objects, for example those related to customer, assets, and others.

Improved Error Messaging When Environment Resource Capacity Is Reached

A new message appears when the Risk Management application reaches capacity due to transaction synchronization, the generation of Advanced Control incident results, or those tasks in combination. The new message includes options to resolve the issue.

Use "Related to" Condition Between Unrelated Business Objects

The "Related to" condition in the past has been used to associate a user-defined business object to another business object. Now you can use the "Related to" condition with a delivered business object that has no other relationship, and associate it to another other object. Previously, the unrelated business object had to be defined as a user-defined object.

Select from Multiple Searches During Model Import

In the Models page under Actions > Import you can select from various libraries of models to import. After you select a library you can search and select models you'd like to import. Often you'll want to import several models that require multiple searches. It used to be that after each search the selected models weren't remembered. Now they are.

Transactional Business Intelligence for Risk Management

Perspective Values Are Delimited in the Related Records Dashboard

The Related Records dashboard lists processes, risks, or controls, and for each it lists related controls. Previously, perspectives assigned to the related controls were listed in the Control Perspective Value column as a continuous string, without any delimiter between the perspective values. Now a comma separates each value.

Reports Now Cover User Assignment Security for Assessments

To secure Risk Management assessment batches, you authorize users as owners, editors, or viewers, or you assign user groups that grant these authorizations. To secure assessment records within a batch, you assign assessors, reviewers, approvers, and viewers to each. You can now report on the users and groups selected for assessment batches and records, and their levels of authorization. Reports also display whether each user is eligible, meaning that the user also has the functional access.

New Risk Related Dimensions

The Risk Management Cloud - Compliance Real Time subject area has been enhanced to purposely organize the risk analysis and evaluation values within the Risk dimension. The Risk dimension has been enhanced to include four dimensions: Facts-Risks, Risk Analysis, Risk Evaluation, and Treatment Plans. Each dimension includes the values that are applicable to those Financial Reporting Compliance features. In addition, new values have been added to the Risk Analysis and Risk Evaluation dimensions.

Ability to Report on Incident Information Codes

A new attribute, Incident Information Codes, uses role and privilege codes to report the path to an access point involved in a control or model violation. A previously existing attribute, Incident Information, continues to use role and privilege display names to report the same path. Role and privilege codes are unique; role and privilege names may not be. These attributes are available in the Incident Result Details dimension of the Risk Management Cloud - Advanced Access Controls Real Time subject area, and in the Result Details dimension of the Risk Management Cloud - Advanced Access Models Real Time subject area.

Added Global User ID Attribute to Advanced Access Controls Subject Area

In the Risk Management Cloud - Advanced Access Controls Real Time subject area, in the Incident Result Details dimension there is a new Global User ID attribute. This attribute is needed as a unique identifier when the Results by Control, User, and Role deep drill is used.

State and Status Code Attributes Are Added to Advanced Access Controls Subject Area

In the Risk Management Cloud - Advanced Access Controls Real Time subject area, the Incident Result Details dimension contains State and Status attributes. The State value was actually a state code, so that attribute has been renamed to State Code. A new attribute called State with business-friendly values is now available. Also a new attribute called Status Code is available that has the corresponding status code. These code attribute values can be used in the updated results deep links to override the default saved search for pending results.

Deep Drill to Results by Control, User, and Role

The Risk Management Cloud - Advanced Access Controls Real Time Subject area offers deep link URLs to the Results by Control and User page as well as to the Results by Control, User, and Role page. These deep links allow you to view specific results by passing parameters.

Pass State and Status to Override Default Search

The Risk Management Cloud - Advanced Access Controls Real Time subject area and the Risk Management Cloud - Advanced Financial Controls Real Time subject area offer deep link URLs to the Results page. These deep links allow you to view specific results by passing parameters. You can now pass two new parameters for state and status to override the default Pending Results saved search.