Cloud Readiness / Oracle Risk Management Cloud
What's New
Expand All


  1. Update 20B
  1. Revision History
  2. Overview
  3. Feature Summary
  4. Risk Management
    1. Common
        1. Filtered List of Users in Security Assignment
        2. Security Synchronization Job Summary Is Updated
        3. Security Artifacts Are Renamed
        4. Risk Management Auditor Job Updated
    2. Financial Reporting Compliance
        1. Changes Made to View Approval History
        2. Assessment Batches Support Duplicate Assessment Records
    3. Advanced Financial Controls
        1. Advanced Options Filter Applied as Default
        2. Additional Users in Business Object Security
        3. Message In Business Object Security Is Updated
        4. Update to Advanced Control Import Job Details
        5. Rebuild Graph Now Unique Job
        6. Result Summary Extract Report Is Removed
        7. Unnecessary Synchronization Parameter Removed
    4. Advanced Access Controls
        1. Result Summary Extract Report Is Removed
        2. Entitlement and Conditions Reports Are Removed
    5. Transactional Business Intelligence for Risk Management
        1. User Assignment Security Is Added
        2. Currency Code Is Removed from Issue Details and Remediation Plan Details
        3. Enhancement to Reporting Issues, Remediation Plans and Related Objects
        4. OTBI Analyses Provide Links to Pages
        5. Report on Controls with Zero Results
  5. IMPORTANT Actions and Considerations

Update 20B

Revision History

This document will continue to evolve as existing sections change and new information is added. All updates appear in the following table:

Date Feature Notes
20 MAR 2020   Created initial document.

Overview

This guide outlines the information you need to know about new or improved functionality in this update, and describes any tasks you might need to perform for the update. Each section includes a brief description of the feature, the steps you need to take to enable or begin using the feature, any tips or considerations that you should keep in mind, and the resources available to help you.

Give Us Feedback

We welcome your comments and suggestions to improve the content. Please send us your feedback at oracle_fusion_applications_help_ww_grp@oracle.com.

Feature Summary

Column Definitions:

Features Delivered Enabled

Report = New or modified, Oracle-delivered, ready to run reports.

UI or Process-Based: Small Scale = These UI or process-based features are typically comprised of minor field, validation, or program changes. Therefore, the potential impact to users is minimal.

UI or Process-Based: Larger Scale* = These UI or process-based features have more complex designs. Therefore, the potential impact to users is higher.

Features Delivered Disabled = Action is needed BEFORE these features can be used by END USERS. These features are delivered disabled and you choose if and when to enable them. For example, a) new or expanded BI subject areas need to first be incorporated into reports, b) Integration is required to utilize new web services, or c) features must be assigned to user roles before they can be accessed.

Ready for Use by End Users
(Features Delivered Enabled)

Reports plus Small Scale UI or Process-Based new features will have minimal user impact after an update. Therefore, customer acceptance testing should focus on the Larger Scale UI or Process-Based* new features.

Action is Needed BEFORE Use by End Users
(Features Delivered Disabled)

Not disruptive as action is required to make these features ready to use. As you selectively choose to leverage, you set your test and roll out timing.

Feature

Report

UI or
Process-Based:
Small Scale

UI or
Process-Based:
Larger Scale*

Risk Management

Common

Filtered List of Users in Security Assignment

Security Synchronization Job Summary Is Updated

Security Artifacts Are Renamed

Risk Management Auditor Job Updated

Financial Reporting Compliance

Changes Made to View Approval History

Assessment Batches Support Duplicate Assessment Records

Advanced Financial Controls

Advanced Options Filter Applied as Default

Additional Users in Business Object Security

Message In Business Object Security Is Updated

Update to Advanced Control Import Job Details

Rebuild Graph Now Unique Job

Result Summary Extract Report Is Removed

Unnecessary Synchronization Parameter Removed

Advanced Access Controls

Result Summary Extract Report Is Removed

Entitlement and Conditions Reports Are Removed

Transactional Business Intelligence for Risk Management

User Assignment Security Is Added

Currency Code Is Removed from Issue Details and Remediation Plan Details

Enhancement to Reporting Issues, Remediation Plans and Related Objects

OTBI Analyses Provide Links to Pages

Report on Controls with Zero Results

>>Click for IMPORTANT Actions and Considerations

Risk Management

Oracle Risk Management consists of the following key solution areas:

  • Financial Reporting Compliance to automate audit assessments and certifications.
  • Advanced Access Controls to manage user access and segregation-of-duty risk.
  • Advanced Financial Controls to continuously monitor configuration changes and business transactions.
  • Access Certifications to streamline reviews by process owners to ensure that employees have been granted appropriate access based on their current jobs.
  • Enterprise Risk Management to streamline the analysis, evaluation, and treatment of documented risks.

Common

Filtered List of Users in Security Assignment

To designate owners, editors, or viewers of a record, an owner may select individual users from a list of values. The list is now filtered to show only users who are eligible to be assigned to the record, but have not yet been assigned.

This simplifies the process of securing records, as ineligible users can't be selected.

Steps to Enable

You don't need to do anything to enable this feature.

Security Synchronization Job Summary Is Updated

The security synchronization job determines whether users assigned to records have the proper privileges to be eligible for their authorizations. Previously, the job summary showed a record count of users and roles affected by the job. This summary is replaced with record counts of ineligible users by object. With this information you can use the mass edit security assignment page to find and update object records where there are missing or ineligible users.

Security Synchronization Job Summary

Steps to Enable

You don't need to do anything to enable this feature.

Tips And Considerations

If the security synchronization job summary has identified ineligible users, navigate to Risk Management Data Security and use the Mass Edit Security Assignment page to update missing or ineligible users. Below is an example of Access Controls where Owner is missing or ineligible:

Security Artifacts Are Renamed

Security artifacts like job roles, duty roles, and privileges have been renamed. This is to support the new direct-assignment security model introduced in 20A.

RENAMED JOB ROLES

This table provides information on the job role names that have been updated. Technical names are unchanged.

New Job Role Name Previous Job Role Name Technical Name

Access Certification Administrator

User Access Certification Manager ORA_GTR_USER_ACCESS_CERTIFICATION_MANAGER
Advanced Access Controls Analyst Application Access Auditor ORA_GTG_APPLICATION_ACCESS_AUDITOR
Advanced Transaction Controls Analyst Application Control Manager ORA_GTG_APPLICATION_CONTROL_MANAGER

RENAMED DUTY ROLES

The table provides information on the duty role names that have been updated. Technical names are unchanged.

New Duty Role Name Previous Duty Role Name Technical Name
Access Certification Manager Duty Access Certification Owner Duty ORA_GTR_ACCESS_CERTIFICATION_OWNER_DUTY
Access Certification Owner Duty Access Certification Administrator Duty ORA_GTR_ACCESS_CERTIFICATION_ADMINISTRATOR_DUTY

RENAMED PRIVILEGES

The table in Renamed Privileges in 20B document provides information on the privilege names that have been updated. Technical names are unchanged.

Steps to Enable

You don't need to do anything to enable this feature.

Key Resources

  • For more information about security, see Securing Risk Management at Oracle Help Center > Cloud Applications > Risk Management > Books. 
  • You can also refer to the 20A topic around Change to Direct Assignment Security Model
  • Make sure to consult the Security Reference for Risk Management for much more information. It's found at Oracle Help Center > Cloud Applications > Risk Management > Books.

Risk Management Auditor Job Updated

The Risk Management Auditor job role, which was introduced in 19C, has been updated. It now grants view privileges to Access Certification and to the OTBI subject area that concerns reporting on Access Certification. The new privileges do not introduce any new features across Risk Management applications. In summary, the updates include:

  • Four privileges added to the Auditor Advanced Control Analysis Duty to support Access Certification.
  • Access Certification Transaction Analysis Duty for subject area access to OTBI reporting.

Steps to Enable

The update involves the addition of four privileges to a duty role called Auditor Advanced Control Analysis. (The privileges are listed in the Role section, below.) If you are updating to 20B and use a copy of this role in your 20A instance, then after you update you must add the privileges to the copy. Use the Security Console to do this. If you are updating but use the predefined role in your 20A release, or if you are using release 20B as a new implementation, the additions occur automatically and you don't need to do anything.

Key Resources

You can refer to 19C topic on "New Job Role Supports Auditing" when the job role was originally introduced.

Role Information

This Risk Management Auditor (ORA_GTG_RISK_MANAGEMENT_AUDITOR) job role had one seeded duty updated to include view access certification privileges. The name of the updated duty is Auditor Advanced Control Analysis Duty (ORA_GTG_AUDITOR_ADVANCED_CONTROL_ANALYSIS_DUTY), where these four privileges are added:

Privilege Name Privilege Technical Name

View Access Certification Manager Overview

GTR_VIEW_ACCESS_CERTIFICATION_OWNER_OVERVIEW_PRIV

View Access Certification Owner Overview

GTR_VIEW_ACCESS_CERTIFICATION_ADMINISTRATOR_OVERVIEW_PRIV
View Access Certification Worksheet GTR_VIEW_ACCESS_CERTIFICATION_AUDITOR_WORKSHEET_PRIV
View Access Certifications GTR_VIEW_ACCESS_CERTIFICATIONS_PRIV

Finally, the existing OTBI role for Access Certification is now associated to the Risk Management Auditor job:

  • Access Certification Transaction Analysis Duty (FBI_ACCESS_CERTIFICATION_TRANSACTION_ANALYSIS_DUTY)

Financial Reporting Compliance

Changes Made to View Approval History

If you have appropriate permissions, you can view the history of approvals for records. Navigate to a record, click Actions, and click View Approvals in the Actions dropdown. The application then displays historical approvals. The comment text box has been removed, because you can't add comments while viewing the approval history.

Steps to Enable

You don't need to do anything to enable this feature.

Tips And Considerations

An example of the appropriate privileges would be:

  • View Control Approval History
  • View Control Assessment Approval History
  • View Issue Approval History
  • View Remediation Plan Approval History

Assessment Batches Support Duplicate Assessment Records

As you initiate an assessment batch, you can select perspective values for it. The batch would include records of processes, risks, or controls assigned matching perspective values. You can then opt to create duplicate assessment records for each object, one for each perspective value assigned to it. For each of the duplicates, you can then select a distinct set of assessors, reviewers, approvers, and viewers. Each set would assess the object from the point of view of whatever interest its perspective value represents. 

You can select among these options:

  • No Perspectives. The assessment batch includes records that have no associations to perspective values.
  • Add perspective values. The assessment batch includes records that are assigned matching perspective values. To be included in a batch, an object must be associated with at least one value from each hierarchy selected for the batch.
  • Include Duplicate Records. This option is available only if you select perspective values for the batch. For each process, risk, or control assigned more than one perspective value, the batch includes multiple assessment records, one for each perspective value.

Steps to Enable

You may choose to assess objects that are not associated to any perspectives value. Select No Perspective in the Perspective Selection panel during assessment initiation. In a separate Criteria Selection panel, you can also create filters that use other parameters to select objects for the batch.

Scoping an Assessment Batch with No Perspectives Selected

You may instead choose to assess objects that are associated with perspective values. If you want to create only a single assessment record for each of those objects, clear both the No Perspective and Include Duplicate Records check boxes. Then select values from perspective hierarchies; for performance reasons, it's recommended that you select from no more than four hierarchies. Your batch then includes objects assigned matching perspective values. (See the Tips & Considerations section for examples of how this matching works.) Again, in the separate Criteria Selection panel, you can create filters that further refine the selection of objects available for assessment. 

Using Perspectives to Scope an Assessment Batch with One Assessment Record Per Object

Finally, you may choose to assess objects associated with perspective values, but for each object, create an assessment record for each perspective value assigned to the object. Clear the No Perspectives check box and select values from perspective hierarchies. In this case, however, select the Include Duplicate Records check box. Again, in the separate Criteria Selection panel, you can create filters that further refine the selection of objects available for assessment.

Using Perspectives to Scope an Assessment Batch with Multiple Assessment Records Per Object

Records Include a Separate Assessment for Each Object-Perspective Combination

Tips And Considerations

As you select perspective values for an assessment batch, consider how they must match values assigned to processes, risks, or controls for those objects to be included in the batch.

When you select perspective values that belong to any one hierarchy, the application applies an OR condition. For example:

  • Control Records 1 and 2 are associated to the New York and Boston values of a perspective hierarchy called Locations.
  • Control Record 3 is associated to the Boston value of the Locations hierarchy.
  • Control Record 4 is associated to the Chicago value of the Locations hierarchy.
  • As you initiate an assessment batch, you select the New York and Boston values. The application returns Control Records 1, 2, and 3, but not Control Record 4.
  • If you select the Include Duplicate Records option, the application creates one assessment record for Control 3, but two each for Control Records 1 and 2, one for each of the New York and Boston values. If you clear the Include Duplicate Records option, the application creates only one assessment record for each of the controls.

When you select perspective values that belong to more than one hierarchy, the application applies an AND condition to the hierarchies. To be included in the batch, an object must have at least one value for each of the perspective hierarchies. For example:

  • Control Records 1 and 2 are associated with New York and Boston values from the Locations hierarchy, as well as an Accounts Payable value from a hierarchy called Organization.
  • Control Record 3 is associated with the Boston value of the Locations hierarchy and the Human Resources value of the Organization hierarchy.
  • As you initiate an assessment batch, you select the New York and Boston values from the Locations hierarchy and the Accounts Payable value from the Organization hierarchy. The application returns Control Records 1 and 2, but not Control Record 3.
  • If you select the include Duplicate Records option, the application creates three assessment records for each of Control Records 1 and 2, one for each of the New York, Boston, and Accounts Payable perspective values. If you clear the Include Duplicate Records option, the application creates only one assessment record for each of the controls.

Advanced Financial Controls

Advanced Options Filter Applied as Default

Model filters that search for text strings now return records containing matching strings regardless of whether they are preceded or followed by spaces. Therefore, an Ignore Leading and Trailing Spaces advanced option is removed.

Advanced Options - Ignore Leading and Trailing Spaces Removed

Steps to Enable

You don't need to do anything to enable this feature.

Additional Users in Business Object Security

Previously you could assign business object access only to users who could view transaction models (GTG_VIEW_TRANSACTION_MODEL_PRIV) or controls (GTG_VIEW_TRANSACTION_CONTROLS_PRIV). Now you can also assign business objects to users who can create and edit transaction models and controls.

Which means, any users who have at least one of the following privileges will be shown in the Business Object Security page:

  • Create Transaction Model and Assign Users (GTG_CREATE_TRANSACTION_MODEL_AND_ASSIGN_USERS_PRIV)
  • Create Transaction Control and Assign Result and Control Users (GTG_CREATE_TRANSACTION_CONTROL_AND_ASSIGN_RESULT_AND_CONTROL_USERS_PRIV)
  • Edit Transaction Controls (GTG_EDIT_TRANSACTION_CONTROLS_PRIV)
  • Edit Transaction Model (GTG_EDIT_TRANSACTION_MODEL_PRIV)

Steps to Enable

You don't need to do anything to enable this feature.

Message In Business Object Security Is Updated

In the Business Object Security page, there is an option to "Grant access to all business objects." Previously when this was unchecked it gave an improper message. Below is the corrected warning message:

Steps to Enable

You don't need to do anything to enable this feature.

Update to Advanced Control Import Job Details

In Advanced Financial Controls, a model or control may reference an imported business object. You can import the model or control from a file only if the imported object already exists in your target instance. If not, the import job now provides more information regarding which object is missing and so preventing the import.

Open the import job details under Monitor Jobs to identify the imported object that is missing. You must import this object before performing the model or control import job.

Message for Missing Imported Object

Steps to Enable

You don't need to do anything to enable this feature.

Rebuild Graph Now Unique Job

A graph rebuild deletes all data for your data source and replaces it with current data for existing models and controls. It used to be that when this job was run, the job name read Transaction Synchronization. Now it reads Rebuild Graph.

Steps to Enable

You don't need to do anything to enable this feature.

Result Summary Extract Report Is Removed

The Result Summary Extract report for Advanced Financial Controls has been discontinued because OTBI enables the same capability but with a far richer user experience.

Steps to Enable

You don't need to do anything to enable this feature.

Tips And Considerations

To create the result summary extract report, navigate to Advanced Financial Controls subject area. Select attributes from the Advanced Control Details folder and the Incident Result Details folder to create a result summary report that fits your needs.

Key Resources

A sample of this report is found on Customer Connect. Just click the report and follow the instructions to use it in your environment.

Unnecessary Synchronization Parameter Removed

In Advanced Controls Configurations, you can create a schedule for the synchronization of transaction data. A Transaction check box has been removed from the parameters you can set to create this schedule. The synchronization job applies to transaction data only, so the check box is unnecessary.

Transaction Checkbox Removed

Steps to Enable

You don't need to do anything to enable this feature.

Advanced Access Controls

Result Summary Extract Report Is Removed

The Result Summary Extract report for Advanced Access Controls has been discontinued because OTBI enables the same capability but with a far richer user experience.

Steps to Enable

You don't need to do anything to enable this feature.

Tips And Considerations

To create the result summary extract report, navigate to Advanced Access Controls subject area. Select attributes from the Advanced Control Details folder and the Incident Result Details folder to create a result summary report that fits your needs.

Key Resources

A sample of this report is found on Customer Connect. Just click the report and follow the instructions to use it in your environment.

Entitlement and Conditions Reports Are Removed

The Entitlement Report and the Conditions Report have been removed from the Advanced Controls Reports work area.  They’ve been discontinued because OTBI enables the same capability but with a far richer user experience.  Since no reports continue to be associated with this link, it's removed as well.

Advanced Controls Reports Link Removed

Advanced Controls Reports Link Removed

Steps to Enable

You don't need to do anything to enable this feature.

Tips And Considerations

To create the reports in OTBI, navigate to Advanced Access Controls subject area. There you find relevant folders, Global Conditions and Entitlement Details, with the attributes needed to create the reports.

Access Global Conditions

Entitlement Details

Key Resources

Samples of these reports are found on Customer Connect. Just click the desired report and follow the instructions to use it in your environment.

Transactional Business Intelligence for Risk Management

User Assignment Security Is Added

To secure Risk Management records, you authorize individual users or user groups as owners, editors, or viewers. You can now report on which users and groups are authorized, and at what levels, for these objects: controls and issues in Financial Reporting Compliance, and controls and incidents in Advanced Controls. Reports also display whether the user is eligible, meaning that the user also has the functional access.

Example of User Assignment Security Dimensions

Example of User Assignment Security Report for Advanced Control

Steps to Enable

Leverage new subject area(s) by adding to existing reports or using in new reports. For details about creating and editing reports, see the Creating and Administering Analytics and Reports book (available from the Oracle Help Center > your apps service area of interest > Books > Administration).

Currency Code Is Removed from Issue Details and Remediation Plan Details

In a previous release, currency code was removed from Financial Reporting Compliance. To reflect that change, the currency code is removed from the Issue Details and Remediation Plan Details folders of Risk Management Cloud - Compliance Real Time subject area.

Steps to Enable

You don't need to do anything to enable this feature.

Tips And Considerations

Don't worry, if you have existing reports that use the removed attribute, they will continue to work.

Enhancement to Reporting Issues, Remediation Plans and Related Objects

The dimensions have been enhanced in the Risk Management Cloud - Compliance Real Time subject area. You can now report on issues, remediation plans, and their related objects.

Steps to Enable

Leverage new subject area(s) by adding to existing reports or using in new reports. For details about creating and editing reports, see the Creating and Administering Analytics and Reports book (available from the Oracle Help Center > your apps service area of interest > Books > Administration).

Tips And Considerations

By using Risk Management Cloud - Compliance Real Time subject area, you can create reports to view the issues associated to your defined controls, risks, and process. In addition, view the remediation plans and tasks that have been associated to the defined issue records.

Example values selected from multiple dimensions: Control Details, Issues Details, Remediation Plan Details, and Remediation Task Details

OTBI Analyses Provide Links to Pages

You can now drill down from an OTBI analysis directly to pages in Advanced Controls and Access Certification. For Advanced Controls, available links include the manage controls page, results for a control, a control definition, and the result detail page. For Access Certification, available links include owner overview, manager overview, certifier worksheet, and access certifications.

Steps to Enable

Leverage new subject area(s) by adding to existing reports or using in new reports. For details about creating and editing reports, see the Creating and Administering Analytics and Reports book (available from the Oracle Help Center > your apps service area of interest > Books > Administration).

Tips And Considerations

For Advanced Controls, here's an idea of what you can do:

  1. Create a simple analysis with Control ID, Control Name, and Global User.
  2. Select the gear icon for Control ID and change the data format of Control ID to a number with no commas or decimal places.

Change Data Format

  1. On the Global User Name, click the gear and select column properties, then Interaction. Select Action Links under Primary Interaction. Then click plus icon. Enter a Link Text, then create new action.
  2. Select Navigate to a Web Page.

Create Action Link to Web Page

  1. Enter a URL. An example link looks like this (swap out <server_url> with your server url):

https://<server_url>/fscmUI/faces/deeplink?objType=GRC_AC_RESULTS&action=VIEW&objKey=controlId%3D<control id>%3BNavigation%3DdeepLink%3BGlobalUser%3D<global user name>

  1. Click Define Parameters
  2. The last parameter needs to be split up because it has two parameters in it. Copy the value to your clipboard (in this example it will contain: controlId=<control id>;Navigation=deepLink;GlobalUser=<global user name>  

Select Define Parameters

  1. Rename parameter 3 to control ID and select the drop down and pick control ID.
  2. Add another parameter by clicking the plus sign. Name this one Global User Name. Select the drop down and pick global user name.
  3. Highlight the @{3} value in the URL. This needs to be replaced with what you copied to the clipboard earlier.

Select Dynamic Values

  1. After pasting the text, update the placeholder values with @{3} and @{4} to correspond to the parameters you created and are passing dynamic values into. Notice how it now reads: objKey=controlId=@{3};Navigation=deepLink;GlobalUser=@{4}

Update URL

  1. Mark all the parameters as hidden, and click Options and select to open in a new window. Click OK to all the pop up windows and then run your report.

Example Report

Drills to Results Filtered by Control and Global User

For Access Certification, here's an idea of what you can do:

  1. Create a simple analysis with Certification ID, Certification Name, and Manager Name.
  2. Change data format of Certification ID to Number (just like the example for Advanced Controls above).
  3. On the Certification Name, click the gear and select column properties, then Interaction. Select Action Links under Primary Interaction. Then click plus icon. Enter a Link Text, then create new action.

  1. Select Navigate to a Web Page. Then, enter a URL. An example link looks like this (swap out <server_url> with your server url):
  • https://<server_url>/fscmUI/faces/deeplink?objType=ACCESS_CERTIFICATION&action=MANAGER_OVERVIEW&objKey=certificationId=Value

Paste URL

  1. Click Define Parameters. Expected parameters are:
  • {1} objType = ACCESS_CERTIFICATION
  • {2} action = MANAGER_OVERVIEW
  • {3} objKey = certificationId

Define Parameters

Select Column Value

Select Certification ID

  1. Add 'certificationId=' to the URL. Beware, it is case sensitive.

Add CertificationId= to the URL

  1. Select the hidden check box for all parameters so user is not prompted to enter the values.
  2. Select Options and check to open in a new window.
  3. Select OK on all screens and run the report.

Check out an example analysis below, notice the Certification Name is a link:

Drill to Manager Overview

After clicking the link the manager overview is opened for the selected certification:

Manager Overview

Report on Controls with Zero Results

Previously in OTBI you were not able to report on controls that didn't have any results. Now you can.

Steps to Enable

Leverage new subject area(s) by adding to existing reports or using in new reports. For details about creating and editing reports, see the Creating and Administering Analytics and Reports book (available from the Oracle Help Center > your apps service area of interest > Books > Administration).

Tips And Considerations

As an example, here are some controls with incidents, some with zero incidents and some that have never been run.

Controls with Zero Incidents

Now, create a report to show 'Count of Incidents'. Below you can see the same controls are displayed.

Report Showing Controls with Zero Incidents

IMPORTANT Actions and Considerations

This section includes details about additional changes in this update that might change the way your products work.

REPLACED OR REMOVED FEATURES

From time to time, Oracle replaces existing Cloud service features with new features, or removes existing features. Replaced features may be put on a path to removal. As a best practice, you should use the newer version of a replaced feature as soon as the newer version is available.

This section identifies the features in this Cloud service that have been replaced or will be removed.

Product Removed Feature Target Removal Replacement Feature Replaced In Additional Information
Risk Management - Common

User Assignment Security Update job

20B

Change to Direct Assignment Security Model

20A

Release 20A introduced a direct-assignment data security model. Release 20B removes security features that are no longer required.

The User Assignment Security Update job to upgrade from 19D to 20A is removed from the Scheduling tab under Setup and Administration.

Risk Management - Common

Manage Security tab

20B

Change to Direct Assignment Security Model

20A

Release 20A introduced a direct-assignment data security model. Release 20B removes security features that are no longer required.

The Manage Security tab under Setup and Administration is removed since it has been replaced by Risk Management Data Security pages introduced in 20A.

These screenshots illustrate the features removed.

User Assignment Security Update Job Removed

Manage Security Tab Removed

COMMON

Security

Due to the new features introduced in 20A around Change to Direct Assignment Security Model, security artifacts will be removed in future releases. Those to be removed include:

  • The Enterprise Risk and Controls Manager job role, and its nested primary and composite duties.
  • The Compliance Manager job role, and its nested primary and composite duties.
  • Privileges that will no longer be required, because new ones for the direct-assignment security model will replace them.  You can identify the privileges planned for removal: In the 20B version of the Security Reference for Risk Management, the name of each contains the suffix "To Be Deprecated."  You can search for this suffix.

The Security Reference for Risk Management is available at Oracle Help Center > Cloud Applications > Risk Manager > Books.

REST API

In the FRC Risk REST API for 20C, unsupported actions relating to treatment plans are to be removed. These include POST, PATCH, and DELETE. Only the GET action is to remain as a supported action for treatment plans.