Oracle Risk Management Cloud
What's New
  1. Update 19A
  1. Revision History
  2. Overview
  3. Feature Summary
  4. Risk Management
    1. Common Risk Management
        1. Monitor Jobs – Page Enhancements
        2. Searching on User-Related Values
        3. Updates to Managing Lookup Values
        4. Record Sort Modifications
    2. REST APIs for Risk Management
      1. Financial Reporting Compliance
        1. REST APIs for Controls
        2. REST APIs for Control Assessments
        3. REST APIs for Issues
      2. Advanced Controls
        1. REST APIs for Controls
        2. REST APIs for Advanced Control Jobs
    3. Financial Reporting Compliance
        1. Update to Object Record Assessment Tab
        2. Control Currency Removed
    4. Advanced Financial Controls
        1. Delivered Model Content for Enterprise Resource Planning
        2. Delivered Model Content for Oracle Fusion Applications Audit
        3. Changes to Business Objects
        4. Upgrade Impact to Models with Obsolete Attributes
        5. Resolve Duplicate Name During Model and Control Import
        6. Auto Suggest on Filter Attribute
        7. Name Changes to Filter Conditions
        8. Result Attribute Search During Model Definition
        9. Decimal Placement for Calculated Column Results
        10. Display Timestamp Checkbox for Viewing Results
        11. Alias Name for System-Generated Objects
    5. Advanced Access Controls
        1. Delivered Model Content for Enterprise Resource Planning
        2. Delivered Model Content for Human Capital Management
        3. Attributes Removed from the Access Conditions Business Object
        4. Upgrade Impact to Models with Obsolete Attributes
        5. Resolve Duplicate Name During Model and Control Import
        6. Auto Suggest on Filter Attribute
        7. Name Changes to Filter Conditions
        8. Faster Search Rendering
        9. Automatically Reduce Incidents
        10. Global User Unknown Value
        11. Inactive Users Excluded from Access Analysis
    6. Access Certification
        1. Scope Not Impacted by Advanced Access Global Conditions
    7. Transactional Business Intelligence for Risk Management
      1. Access Certification
        1. Access Certification Detail Dashboard
      2. Financial Reporting Compliance
        1. Updated Subject Areas

Update 19A

Revision History

This document will continue to evolve as existing sections change and new information is added. All updates appear in the following table:

Date Feature Notes
22 FEB 2019

Advanced Access Controls: Inactive Users Excluded from Access Analysis

Updated document. Delivered feature in update 19A.

22 FEB 2019

Advanced Financial Controls: Alias Name for System-Generated Objects

Updated document. Delivered feature in update 19A.

22 FEB 2019

Advanced Access Controls: Delivered Model Content for Human Capital Management

Updated document. Revised feature information.

21 DEC 2018   Created initial document.

Overview

This guide outlines the information you need to know about new or improved functionality in this update, and describes any tasks you might need to perform for the update. Each section includes a brief description of the feature, the steps you need to take to enable or begin using the feature, any tips or considerations that you should keep in mind, and the resources available to help you.

Give Us Feedback

We welcome your comments and suggestions to improve the content. Please send us your feedback at oracle_fusion_applications_help_ww_grp@oracle.com.

Feature Summary

Column Definitions:

Report = New or modified, Oracle-delivered, ready to run reports.

UI or Process-Based: Small Scale = These UI or process-based features are typically comprised of minor field, validation, or program changes. Therefore, the potential impact to users is minimal.

UI or Process-Based: Larger Scale* = These UI or process-based features have more complex designs. Therefore, the potential impact to users is higher.


Customer Action Required = You MUST take action before these features can be used. These features are delivered disabled and you choose if and when to enable them. For example, a) new or expanded BI subject areas need to first be incorporated into reports, b) Integration is required to utilize new web services, or c) features must be assigned to user roles before they can be accessed.

New Features Delivered Ready to Use
(Delivered Enabled)

Reports plus Small Scale UI or Process-Based new features will have minimal user impact after an update. Therefore, customer acceptance testing should focus on the Larger Scale UI or Process-Based* new features.

New Features That Customer Must Take Action to Use (Delivered Disabled)

Not disruptive as action is required to make these features ready to use. As you selectively choose to leverage, you set your test and roll out timing.

Feature

Report

UI or
Process-Based:
Small Scale

UI or
Process-Based:
Larger Scale*

Customer Action Required

Risk Management

Common Risk Management

Monitor Jobs – Page Enhancements

Searching on User-Related Values

Updates to Managing Lookup Values

Record Sort Modifications

REST APIs for Risk Management

Financial Reporting Compliance

REST APIs for Controls

REST APIs for Control Assessments

REST APIs for Issues

Advanced Controls

REST APIs for Controls

REST APIs for Advanced Control Jobs

Financial Reporting Compliance

Update to Object Record Assessment Tab

Control Currency Removed

Advanced Financial Controls

Delivered Model Content for Enterprise Resource Planning

Delivered Model Content for Oracle Fusion Applications Audit

Changes to Business Objects

Upgrade Impact to Models with Obsolete Attributes

Resolve Duplicate Name During Model and Control Import

Auto Suggest on Filter Attribute

Name Changes to Filter Conditions

Result Attribute Search During Model Definition

Decimal Placement for Calculated Column Results

Display Timestamp Checkbox for Viewing Results

Alias Name for System-Generated Objects

Advanced Access Controls

Delivered Model Content for Enterprise Resource Planning

Delivered Model Content for Human Capital Management

Attributes Removed from the Access Conditions Business Object

Upgrade Impact to Models with Obsolete Attributes

Resolve Duplicate Name During Model and Control Import

Auto Suggest on Filter Attribute

Name Changes to Filter Conditions

Faster Search Rendering

Automatically Reduce Incidents

Global User Unknown Value

Inactive Users Excluded from Access Analysis

Access Certification

Scope Not Impacted by Advanced Access Global Conditions

Transactional Business Intelligence for Risk Management

Access Certification

Access Certification Detail Dashboard

Financial Reporting Compliance

Updated Subject Areas

Risk Management

Oracle Risk Management consists of three products: Oracle Fusion Financial Reporting Compliance documents your policies for identifying and resolving risk in your financial processes. Oracle Advanced Access Controls detects risk inherent in the access granted to users of business applications. Oracle Advanced Financial Controls uncovers risk exhibited by transactions completed on business applications. Advanced Financial Controls and Advanced Access Controls belong to a module called Advanced Controls Management.

Advanced Access Controls includes an Access Certification set of features. It enables an organization to perform periodic reviews to determine whether job roles are assigned appropriately to users.

Common Risk Management

Monitor Jobs – Page Enhancements

The Monitor Jobs page tracks the status of all jobs submitted across Risk Management applications. A couple of enhancements have been made to this page:

  • Better messaging when jobs fail due to incomplete or incorrect directory setups or due to insufficient storage space.
  • When a transaction synchronization job ends, the user can drill in to see counts pertaining to the relationships and paths processed during that synchronization.

Steps to Enable

No steps are required to enable this feature.

Searching on User-Related Values

Searching on user-related values, such as Created By and Last Updated By, is now consistent across pages. The list of values shows users in alphabetical order, in Last Name, First Name format. This information is derived from the person record associated to a user record. If no person record exists, the list of values shows the user name.

Steps to Enable

No steps are required to enable this feature.

Updates to Managing Lookup Values

List-of-values fields in Risk Management are populated by values stored in lookup tables. You can no longer modify predefined values in lookup tables However, you can still create new values. To do so, use the Setup and Administration work area of Risk Management tools.

Steps to Enable

No steps are required to enable this feature.

Record Sort Modifications

Throughout Risk Management, the ability to sort on description attributes has been removed, as it caused performance issues. Users can still search on the description attribute, and use that to derive more manageable subsets of data.

Steps to Enable

No steps are required to enable this feature.

Tips And Considerations

If certain key values were included in the description with the intent to be able to sort by them, it would be recommended that these were either set up as descriptive flexfield attributes and/or as perspective values as these are both sortable as well as available as search criteria.

Key Resources

  • For more information regarding setting up flexfields, please see Configuring and Extending Applications.
  • For more information about perspectives, see "Perspective Management" chapter of Risk Management Cloud Implementing Risk Management.

REST APIs for Risk Management

Financial Reporting Compliance

REST APIs for Controls

This feature allows for the use of REST APIs to view, create, and edit Financial Reporting Compliance controls.

Steps to Enable

To uptake these services, review the Quick Start documentation for REST API for Oracle Risk Management Cloud.

Role Information

  • You must include the Manage Financial Reporting Compliance REST Services Duty role to access this functionality.

REST APIs for Control Assessments

This feature allows for the use of REST APIs to view and edit control assessments in Financial Reporting Compliance.

Steps to Enable

To uptake these services, review the Quick Start documentation for REST API for Oracle Risk Management Cloud.

Role Information

  • You must include the Manage Financial Reporting Compliance REST Services Duty role to access this functionality.

REST APIs for Issues

This feature allows for the use of REST APIs to view, create, and edit issues in Financial Reporting Compliance.

Steps to Enable

To uptake these services, review the Quick Start documentation for REST API for Oracle Risk Management Cloud.

Role Information

  • You must include the Manage Financial Reporting Compliance REST Services Duty role to access this functionality.

Advanced Controls

REST APIs for Controls

This feature allows for the use of REST APIs to view and edit controls and related incident results in Advanced Financial Controls and Advanced Access Controls.

Steps to Enable

To uptake these services, review the Quick Start documentation for REST API for Oracle Risk Management Cloud.

Role Information

  • You must include the Manage Advanced Controls REST Services Duty role to access this functionality.

REST APIs for Advanced Control Jobs

This feature allows for the use of REST APIs to view jobs involving controls and related incident results in Advanced Financial Controls and Advanced Access Controls.

Steps to Enable

To uptake these services, review the Quick Start documentation for REST API for Oracle Risk Management Cloud.

Role Information

  • You must include the Manage Advanced Controls REST Services Duty role in order to access this functionality.

Financial Reporting Compliance

Update to Object Record Assessment Tab

For enhanced performance, the search pages that list process, risk, and control assessments now provide only summary information. To view details, you select an assessment record, then click a View Assessments button. (That button is active only if you have the correct privileges.) In the Introduction page of the assessment detail view, a Participants section is added. In it, you can see the people eligible to work on the assessment, and which of them have completed assessment tasks.

Steps to Enable

In each of the Process, Risk, and Control work areas, an Assessment tab opens a page listing assessments for its object type. To view a specific assessment's details, you must highlight the assessment row you wish to view.

Specific Record (Process, Risk, or Control) Assessment Tab View

At this point, you can click the View Assessment button. The application renders the assessment. A new Participant section appears in the first train stop, Introduction. This section enables you to view the assessment actors: Assessor, Reviewer, and Approver.

View of the New Participants Section

Control Currency Removed

You can no longer select a currency value as you create or edit a control.

Steps to Enable

No steps are required to enable this feature.

Advanced Financial Controls

Delivered Model Content for Enterprise Resource Planning

Oracle delivers new models for financial application areas.  These models are supported by new business objects.

Steps to Enable

No advance setup is required for you to create transaction models. However, you must run a data-synchronization process, which refreshes the data analyzed by models and controls. Moreover, an administrator must set the Transaction Performance Configuration date option. It improves performance by eliminating older data from data-synchronization jobs. This date is required, and the data-synchronization jobs fail if no date is set.

Tips And Considerations

Before using new delivered model content, review the readme to identify models that match requirements for your organization.  The readme also provides information on new business objects introduced to support new model content. The readme is available with the new cumulative model import file. Once you identify models appropriate for you, import, review, and modify them in your test environment. Importing all available models is not recommended. In some cases, you may have already imported available models in a previous update. Or, some may source data from products you have not enabled. Moreover, models may contain user-defined objects that create data set controls that cannot be deleted, only inactivated.

Key Resources

  • To download Oracle’s delivered model content files for import into your instance, refer to My Oracle Support, Oracle Delivered Content for Advanced Financial Controls (MOS ID 2350138.1). Locate and download the available Patch ID for Advanced Financial Controls content for 19A.
  • For more information about importing models, see the "Importing Transaction Models and Controls: Procedure" chapter of Using Advanced Financial Controls.

Delivered Model Content for Oracle Fusion Applications Audit

Advanced Financial Controls introduces new business objects that correspond to audit-level information you configure under Manage Audit Policies in Oracle Fusion Applications.  New models are delivered that use these business objects from various application audit areas.

Steps to Enable

No advance setup is required for you to create transaction audit models. However:

  • You must review audit-level information configured under Manage Audit Policies in Oracle Fusion Applications. Create models that use audit business objects in Advanced Financial Controls only after the corresponding information is enabled and configured under Manage Audit Policies.  
  • A Risk Management administrator must set the Audit Performance Configuration date option under Application Configurations in Risk Management Tools. This option improves performance by eliminating older data from data-synchronization jobs. This date is required and the data-synchronization jobs fail if no date is set.
  • Finally, you must run data synchronization, which refreshes the data analyzed by models and controls.

Tips And Considerations

Before using new delivered model content, review the readme to identify models that match requirements for your organization.  The readme also provides information on new business objects introduced to support new model content. The readme is available with the new cumulative model import file. Once you identify models appropriate for you, import, review, and modify them in your test environment. Importing all available models is not recommended. In some cases, you may have already imported available models in a previous update. Or, some may source audit data from products you have not enabled. Moreover, models may contain user-defined objects that create data set controls that cannot be deleted, only inactivated.

Key Resources

  • To download Oracle’s delivered model content files for import into your instance, refer to My Oracle Support, Oracle Delivered Content for Advanced Financial Controls (MOS ID 2350138.1). Locate and download the available Patch ID for Advanced Financial Controls content for 19A.
  • For more information about importing models, see the "Importing Transaction Models and Controls: Procedure" chapter of Using Advanced Financial Controls.

Changes to Business Objects

A new business object, and new attributes of a business object, have been added for use in Advanced Financial Controls. Additionally, some obsolete attributes have been removed from objects.

NEW BUSINESS OBJECT AND ATTRIBUTES 

  • A new business object, called Common Lookups, is available for use in models.
  • The Expense Report Credit Card Transaction business object includes new attributes that add merchant criteria. The name of each new attribute begins with the word "Merchant."

OBSOLETE ATTRIBUTES 

In the Purchase Order business object, a Line Locations: Receipt Close Tolerance Percent attribute appeared twice. The attribute remains in the business object, but its duplicate is removed. The following attributes, organized by business object, are removed because they are obsolete.

Business Object Name Attribute Name

Payables Invoice Details

Line: Tax Jurisdiction

Purchasing Line Type

Receipt Required

Payables Invoice

Accounting Status

Retainage Amount

Purchase Order

Dispatch Transmission Method

Distribution: Code Combination ID

Line: Closed Code

On Hold

Tax Applicable

Tax Name

Steps to Enable

No steps are required to enable this feature.

Tips And Considerations

If you are upgrading from 18C, refer to the topic "Upgrade Impact to Models with Obsolete Attributes." When you have used an obsolete attribute in your model, additional actions may be required.

Upgrade Impact to Models with Obsolete Attributes

Transaction models use business objects from various sources. In some cases, attributes from a source no longer apply after an upgrade. If you are upgrading to 19A, and you created transaction models in an earlier release, those models may be impacted and require update. If a model is impacted, its status is set to Inactive and its state is set to Invalid. These values are applied by the system during the upgrade.

Steps to Enable

After an upgrade, follow these steps:

  1. Search for models that may have been impacted by obsolete business object attributes. To find these models, filter on the Inactive status or the Invalid state.

  1. Open each inactive model and follow the inline guidance to update it. For example, any model-logic filter indicates an error if it uses an obsolete attribute and requires update.

  1. Any obsolete attributes previously selected in model results are automatically removed. Consider replacing these result attributes with attributes that remain valid.  
  2. Save your model after addressing the obsolete attributes used in filters. The act of saving the model resets its status and state to Active and Approved, respectively.

Tips And Considerations

Obsolete attributes impact only environments upgraded from 18C; they do not impact new implementations of 19A.

If you are upgrading from 18C, refer to the topic "Changes to Business Objects." The topic provides details on attributes that have been removed.

Resolve Duplicate Name During Model and Control Import

As you import models and controls, Advanced Controls enforces the removal of duplicate names. You can reuse existing values that reside in the application. Or, you can rename the records you are importing. These include the names of user-defined business objects and data set controls on which the objects are based. This enhancement simplifies and streamlines the import process.

Key Elements:

  • An import job may include not only items you select directly, but also items upon which your selections depend. If you select a transaction control or model in which any filter specifies a user-defined object, that object and its data set control are also selected automatically. (A control that generates data for a user-defined object is known as a data set control.)
  • You cannot import an item if its name matches the name of an item already existing in your target instance. This applies not only to the items you select directly, but also to any items selected automatically along with them.
  • Use the Resolve Duplicate Name Violations page to address naming conflicts that an import job may involve. The page may individually list models or controls that call user-defined objects, or may list user-defined objects and their data set controls as paired items.

Resolve Duplicate Name Import Violations

Steps to Enable

No steps are required to enable this feature.

Key Resources

  • For more information, refer to the "Importing Transaction Models and Controls: Procedure" chapter of the Using Advanced Financial Controls guide

Auto Suggest on Filter Attribute

When creating a filter in your transaction model, first select the business object, then start typing a key word in the attribute field to auto-suggest matching values.

Auto Suggest on Filter

Steps to Enable

No steps are required to enable this feature.

Name Changes to Filter Conditions

Among the conditions you can select as you create filters for transaction models, two have changed names. The old names are Matches one of and Does not match one of. The new names are Matches any of and Matches none of, respectively.

Condition Options

Steps to Enable

No steps are required to enable this feature.

Result Attribute Search During Model Definition

As you select attributes that supply result values for a transaction model, a new search box enables you to find attributes across the business objects selected for the model.

New Search Box

Steps to Enable

No steps are required to enable this feature.

Decimal Placement for Calculated Column Results

For consistency, all calculated results returned by models and controls, such as averages, now extend to two decimal places.

Example of Calculated Results

Steps to Enable

No steps are required to enable this feature.

Display Timestamp Checkbox for Viewing Results

When reviewing transaction model and control results, select the Display Timestamp option to show applicable time values with date attributes.

Display Timestamp with Dates

Steps to Enable

No steps are required to enable this feature.

Alias Name for System-Generated Objects

A filter that defines model logic in Advanced Financial Controls may use an Equals, Similar, or Similar To condition, or may incorporate a function. If so, the filter returns a grouping object, also known as a system-generated object. That is, it returns records sorted into groups, which a subsequent filter may use as a business object.

As you create any filter, you give it a name. The name of a filter that defines a grouping object now serves as an alias for that object as you select it in a subsequent filter. For example, a filter may set the Supplier ID attribute of the Payables Invoice business object equal to itself. It would return an object that groups records by supplier. You may name the filter Payables Invoice Supplier ID is the same, and that would also serve as the name of the grouping object.

You may create more than one of these filters, each citing attributes of a single business object. Typically, you would create one after another, so that they produce one object with records sorted into multidimensional groups. In that case, the alias for the group object is the name of the last of the filters that define the group object. 

For example, one filter may set the Supplier ID attribute of the Payables Invoice business object equal to itself, and a second filter may set the Amount attribute equal to itself. The result would be an object in which each group contains records with the same supplier and amount. If the second filter were named Payables Invoice Amount is the same, that would also be the name of the grouping object defined by the two filters.

Select the Alias for a Group Object as You Create a New Filter

Steps to Enable

No steps are required to enable this feature.

Tips And Considerations

When you add filters that create a system-generated object, create filter names that make sense when you build filters that use the object.

Existing models that cite system-generated objects are updated automatically with the aliases for those objects. No action is necessary unless you want to update the names of the filters that generate the objects.

Advanced Access Controls

Delivered Model Content for Enterprise Resource Planning

Oracle delivers no new models that detect segregation-of-duties conflicts in Enterprise Resource Planning applications. However, Oracle has revised entitlements used by models delivered with earlier updates.

Advance Access Controls 19A includes the following entitlement revisions:

  • The Create Payables Invoices entitlement now includes these privileges:

    • Edit Payables Invoice
    • Import Payables Invoice
    • Create Payables Invoice by Web Service
    • Release Hold on Payables Invoice

The following models use this entitlement: 5750, 5800, 5890, 5891, 5895, 6120, 6390, 6800, 7600, 9011, 9350, and 9371.

  • The Create Role entitlement now includes the Edit Role privilege. Model 9360 uses this entitlement.

  • The Maintain Supplier Bank Accounts entitlement now includes the Import Supplier Bank Accounts privilege. The following models use this entitlement: 5891 and 5985.

Steps to Enable

As a rule, when you import a model that uses entitlements, you import the entitlements automatically. But if an earlier version of an entitlement exists in your target environment, the content-import job cannot replace it with a newer version. So:

  • If an entitlement has been revised, but you have not yet imported any of the models that use it, you can import one of these models now. The import operation includes the new entitlement along with the model.
  • If an entitlement has been revised, and you imported a model that uses it during an earlier update, you also imported the earlier version of that entitlement. To use the new version, your only option is to edit your existing entitlement to incorporate its revisions.

Tips And Considerations

Before using new delivered model content, review the readme to identify models that match requirements for your organization. The readme also provides information on new or updated entitlements used in models. The readme is available with the new cumulative model import file. Once you identify models appropriate for you, import, review, and modify them in your test environment. Importing all available models is not recommended. In some cases, you may have already imported available models in a previous update.

Key Resources

  • To download Oracle’s delivered model content files for import into your instance, refer to My Oracle Support, Oracle Delivered Content for Advanced Access Controls (MOS ID 2350139.1). Locate and download the available Patch ID for Advanced Access Controls content for 19A.
  • For more information about importing models, see the "Importing Access Models, Controls, and Conditions: Procedure" topic in Using Advanced Access Controls.

Delivered Model Content for Human Capital Management

Oracle delivers new models that identify users who have access to privileges with potentially sensitive data in Human Capital Management applications.

Steps to Enable

No advance setup is required for you to create access models. However, you must run a global user synchronization job, which refreshes the global users analyzed by models and controls. Moreover, an administrator must set the Access Performance Configuration option to set the number of records an access model can run. It improves performance by reducing the number of records involved.

Tips And Considerations

Before using new delivered model content, review the readme to identify models that match requirements for your organization. The readme also provides information on new or updated entitlements used in models. The readme is available with the new cumulative model import file. Once you identify models appropriate for you, import, review, and modify them in your test environment. Importing all available models is not recommended. In some cases, you may have already imported available models in a previous update.

Key Resources

  • To download Oracle’s delivered model content files for import into your instance, refer to My Oracle Support, Oracle Delivered Content for Advanced Access Controls (MOS ID 2350139.1). Locate and download the available Patch ID for Advanced Access Controls content for 19A.
  • For more information about importing models, see the "Importing Access Models, Controls, and Conditions: Procedure" topic in Using Advanced Access Controls.

Attributes Removed from the Access Conditions Business Object

Unused attributes were removed from the Access Conditions business object. These include Within Same Country, Within Same Department, Within Same Legal Employer, and Within Same Location.

Steps to Enable

No steps are required to enable this feature.

Upgrade Impact to Models with Obsolete Attributes

After an upgrade, search for access models that may have been impacted by obsolete business object attributes. Find these models by filtering on the Inactive status. Open each inactive model and follow the inline guidance to update it.

You can find the list of obsolete attributes in the Attributes Removed from the Access Conditions Business Object topic.

Steps to Enable

No steps are required to enable this feature.

Resolve Duplicate Name During Model and Control Import

As you import models and controls, Advanced Controls enforces the removal of duplicate names. You can reuse existing values that reside in the application. Or, you can rename the records you are importing. This does not include entitlements on which models or controls may be based. This enhancement simplifies and streamlines the import process.

Key Elements:

  • You cannot import a model or control if its name matches the name of a model or control already existing in your target environment. Use the Resolve Duplicate Name Violations page to address naming conflicts that an import job may involve.
  • When you import access models that call entitlements, you also import the entitlements automatically if they do not already exist in your target instance. But if an entitlement with a matching name does exist in your target instance, the entitlement from the import file is not imported, and you continue to use the already-existing entitlement. The Resolve Duplicate Name Violations page offers no functionality to address duplicate entitlement names.

Resolve Duplicate Name Import Violations

Steps to Enable

No steps are required to enable this feature.

Key Resources

  • For more information, refer to the "Importing Access Models, Controls, and Conditions: Procedure" chapter of the Using Advanced Access Controls guide

Auto Suggest on Filter Attribute

When creating a filter in your access model, first select the business object, then start typing a key word in the attribute field to auto-suggest matching values.

Auto Suggest

Steps to Enable

No steps are required to enable this feature.

Name Changes to Filter Conditions

Among the conditions you can select as you create filters for access models, two have changed names. The old names are Matches one of and Does not match one of. The new names are Matches any of and Matches none of, respectively.

Condition Options

Steps to Enable

No steps are required to enable this feature.

Faster Search Rendering

Searches return results much faster, as each search returns a maximum of 500 records. If a search would exceed this limit, a message guides the user to specify more restrictive search criteria.

Below is an example of the inline message.

Search Exceeds Limit

Steps to Enable

No steps are required to enable this feature.

Automatically Reduce Incidents

The Access Condition business object includes a new attribute called Access Entitlement Name. When compensating controls are already in place to mitigate access conflicts, you can use this attribute to exclude those conflicts automatically from the results returned by models and controls you create in Advanced Access Controls. For example, you may want to exclude customer-specific page composer configurations that limit the access users actually have.

To use this feature, start by creating one or more user-defined access points and then adding them to an entitlement. Next, as you create an access model, include a filter that selects Access Condition as its business object, Access Entitlement Name as its attribute, Does not equal as its condition, and your entitlement as its value. (A condition filter actually selects among records returned by other filters. You use the Does not equal condition so that the filter selects access points that are not in your entitlement, and so are not those you want to exclude.) Here is an example of such a filter:

Access Entitlement Condition Filter

To get a better idea of what this condition does, let's walk through an example. Say a Manage Employee & Manage Payroll model returns the following incident paths:

Result ID

User

Incident Information

100:1

User1

Payroll Manager View All > Payroll Manager > Payroll Administrator > Payroll Calculation, Validation, and Balancing Administration > Calculate QuickPay > Calculate Payroll QuickPay

100:2

User1

Payroll Administrator View All > Payroll Calculation, Validation, and Balancing Administration > Calculate QuickPay > Calculate Payroll QuickPay

100:3

User2

Payroll Administrator View All > Payroll Calculation, Validation, and Balancing Administration > Calculate QuickPay > Calculate Payroll QuickPay

Let's now assume your company has created a page composer configuration to hide the Calculate Payroll QuickPay privilege when it is granted by the Payroll Manager View All role.

With this enhancement, we can create a user-defined access point and add it to an entitlement. We can then add a condition filter to our model to exclude that entitlement, thus removing all incident information paths that match, leaving only the paths that actually grant access to users.

Let's say the user-defined access point is Payroll Manager View All > Payroll Manager > Payroll Administrator > Payroll Calculation, Validation, and Balancing Administration > Calculate QuickPay > Calculate Payroll QuickPay. With the condition in place, the next time we run the model we would no longer see result ID 100:1.

Result ID

User

Incident Information

100:2

User1

Payroll Administrator View All > Payroll Calculation, Validation, and Balancing Administration > Calculate QuickPay > Calculate Payroll QuickPay

1003:3

User2

Payroll Administrator View All > Payroll Calculation, Validation, and Balancing Administration > Calculate QuickPay > Calculate Payroll QuickPay

Steps to Enable

No steps are required to enable this feature.

Global User Unknown Value

A global user synchronization job typically gets data from the Oracle person record for first name, last name, and email address. Result records for access models and controls also display the first and last name values.

If the person record does not exist, or if the values are not populated, Advanced Access Controls derives values from the user record instead. In earlier releases, values derived from the user record were inconsistent: first name was blank, last name was "unknown-[USERNAME]," and email address was "unknown-[USERID]."

Now, all three values use the format “unknown-[USERNAME]” when they are derived from the user record.

For example, here are user-record-derived values as displayed in the Global User Configuration page:

Unknown Displayed in Global User Configuration

The first name and last name are also displayed in the access model and control results, as shown below:

Unknown Displayed in Results

This contrasts with the way these values were rendered in earlier releases, as shown below:

Unknown Values Before Change

Steps to Enable

Navigate to Risk Management Tools > Setup and Administration > Application Configuration > Global User Configuration page. Select Actions > Run to run the global user synchronization job. This will update first name and e-mail to reflect the new format in the global user configuration page, as well as the Advanced Control results page.

Inactive Users Excluded from Access Analysis

Prior to 19A, access models and controls evaluated both active and inactive users for access conflicts. To enhance performance and the quality of results, models and controls now evaluate only active users.

Steps to Enable

For this change to take effect, you must rerun global user synchronization after upgrading to 19A.

Tips And Considerations

You may find that after you run global user synchronization and rerun controls, the result count goes down. This is because the conflicts associated to inactive users have been closed.

Access Certification

Scope Not Impacted by Advanced Access Global Conditions

When global conditions are defined for Advanced Access Controls, they do not impact the roles that are identified based on the filters during an Access Certification scoping job. In prior releases, these global conditions would be considered, which would reduce the roles returned more than expected or desired.

Access Certification Scoping

Steps to Enable

No steps are required to enable this feature.

Role Information

  • This feature is accessible only to the Access Certification Administrator.

Transactional Business Intelligence for Risk Management

Access Certification

Access Certification Detail Dashboard

An Access Certification Detail report provides a list of active and closed certifications. You can use this report to view your overall progress regarding your access certification.

Navigate in the catalog to Shared Folders > Risk Management > Access Certification > Access Certification Detail Dashboard and click open. An example of the report is shown below.

Access Certification Detail Report

Steps to Enable

No steps are required to enable this feature.

Tips And Considerations

The Administrator, Submitted By Certifier, Submitted by Owner, Acted on By and Comment Created By are populated with the first and last names of a user's person record. If a user has been created in the Security Console, and no person record is associated, then these values are blank.

Financial Reporting Compliance

Updated Subject Areas

Two changes are made to the Risk Management Cloud - Assessment Results Real Time subject area, which provides data for reports.

First, a Perspective dimension identifies the perspective values assigned to assessments. So that data security for assessments can be independent of data security for the objects they assess, assessments no longer inherit perspective values from objects. Instead, you determine which perspective values are to be assigned to assessment records as you create assessment plans. The new dimension stores these values.

Perspective Dimension

Second, control test plans no longer include test instructions. Therefore the subject area no longer provides information about test instructions.

Test Instruction Dimensions No Longer Available

Steps to Enable

A synchronization program must be run to gather real-time information pertaining to the Assessment perspectives. By default, this job is scheduled to run every Sunday. To change the scheduled frequency or to run the program on demand, navigate to Risk Management Tools > Setup and Administration > Scheduling.

Key Resources

  • For more information see Oracle Risk Management Cloud Creating Analytics and Reports in the Risk Management library of the Oracle Help Center.