• Reviewing and approving control descriptions: Financial Reporting Compliance allows you to define business processes, identify risks, and create controls to counter those risks. Part of this process involves reviewing and ensuring the accuracy and completeness of control descriptions1.
• Reviewing control assessment results: The platform enables you to assess the validity of the controls over time. This includes reviewing the results of control assessments and any issues related to their effectiveness1.

References:

• Overview of Oracle Financial Reporting Compliance1.
• Oracle Fusion Financial Reporting Compliance Cloud Service2.

To change the participant who completes the assessment, the assessment manager should:

• Navigate to the assessment record.
• Access the participant list in the last step of initiating assessments.
• Modify the participant list to select a different user as the assessor.

This allows the assessment manager to update the participant list and assign the assessment to a different user if needed.

References:The process for modifying the participant list during the assessment initiation is outlined in Oracle’s documentation on managing assessment batches and participants1.

In Oracle Risk Management, a transaction model includes filters that define aspects of risk, then select transactions exhibiting the defined risk. These models, known as “transaction models” in Oracle Advanced Financial Controls, return temporary results. The suspect records identified by a model are replaced each time the model is evaluated. This feature is particularly useful for testing a risk-logic definition before applying it in a control or for auditors assessing the risk inherent in a system at a given moment.

References:

• Overview of Oracle Advanced Controls1.

• Identify Responsible Users for Perspectives: Determine the individuals or teams who will have the authority and responsibility to create and manage perspectives. This includes setting up the perspectives and ensuring they are aligned with the organization’s reporting and security requirements1.
• Identify Responsible Users for Controls/Risks: Establish who will be responsible for the creation and ongoing management of controls and risks within the system. This ensures that there is accountability and that these elements are kept up-to-date with the organization’s needs2.

References: For the official and verified answer, please refer to the Oracle Risk Management documentation on their website, specifically the sections discussing post go-live activities and the management of perspectives and security3142.

To define a transaction model for identifying duplicate invoices based on Invoice Numbers and Invoice Amounts, the following standard filters can be combined:

• Invoice Amount is equal to itself: This filter will identify records where the invoice amount matches exactly in more than one invoice, suggesting a potential duplicate1.
• Invoice Number is equal to itself: This filter will select records where the invoice number is the same across different invoices, which is a direct indicator of duplication1.

By combining these two filters, the transaction model can effectively pinpoint duplicate invoices by matching both the invoice number and the amount, which are the key identifiers for such duplicates.

References:

• Oracle’s documentation on interpreting transaction model results explains how filters can be used to identify duplicate records, such as invoices, by setting an attribute of a business object equal to itself1.
• The overview of transaction models provided by Oracle outlines how a combination of filters defines a complete risk, with each filter evaluating records returned by filters that precede it2.

• Navigate to the Issues tab in the Issues work area.
• In the Issues page, select the row for the issue you want to close.
• Ensure that the issue status is In Edit.
• From the Actions menu, select Close Issue.
• A Close Issue dialog will open.
• Select a reason for closing the issue in a Specify Reason for Action list.
• Optionally, add a comment that supports the action you selected.
• Click OK.

Once you close an issue, it can no longer be edited.

References:

• Oracle documentation on closing an issue1.

• Functional Security Policy: This selects a set of functional privileges, each permitting the use of a field or other user-interface feature. It defines a policy for a duty role, selecting functional privileges to be inherited by other roles the duty role belongs to1.
• Data Security Policy: These policies apply to Oracle Cloud applications and can be assigned to duty roles. They grant access to work areas, dashboards, task flows, application pages, reports, batch programs, etc2.

References: For the official and verified answer, please refer to the Oracle Risk Management documentation on their website, specifically the sections discussing the creation of roles and the assignment of function security policies and data security policies to duty roles132.

To meet the customer’s requirements for conducting Operational Effectiveness assessments with restricted access and specific review processes, you should design perspectives using the Region hierarchy for security purposes and the Business Process hierarchy for reporting. This approach allows you to:

• Assign perspective values to controls and assessments based on the Region hierarchy to ensure that assessment results are accessible only to users within the respective regions (North America and EMEA).
• Utilize the Business Process hierarchy for organizing and reporting control assessments, enabling the Chief Risk Officer to review the results by Business Process on a weekly basis.

By separating the security and reporting functions into two distinct hierarchies, you can effectively manage user access and provide structured reporting that aligns with the customer’s organizational and operational needs.

References:The solution is derived from Oracle’s documentation on perspectives, which explains how perspective values can be assigned to object records for sorting and filtering, as well as for security and reporting purposes in risk management and compliance processes12. It is essential to consult the latest Oracle Risk Management documentation to ensure the perspectives are designed correctly for the specific use case345.

• Validate New Lookup Values: Before importing data, it’s crucial to ensure that any custom list of values, such as Control Frequency, has new lookup values created. This is necessary because the import process relies on these values to correctly map the imported data to the corresponding fields in the Oracle Risk Management system.
• Validate Worksheet IDs: It’s important to check that there are no duplicate worksheet IDs within the same worksheet. Duplicate IDs can cause conflicts and errors during the import process, leading to data corruption or loss.
• Validate System ID Column: The System ID column must be populated correctly to maintain data integrity. This column typically contains unique identifiers for records, which are used to track and manage data throughout the import process.

References:

• For the validation of new lookup values and ensuring the correct population of the System ID column, refer to the best practices outlined in the Oracle documentation on import and export management1.
• The importance of unique worksheet IDs and their validation is discussed in the Oracle Risk Management User Guide, which provides instructions on preparing data for import2.

To secure controls based on the company organization using the Oracle Risk Management import template, the following worksheets are essential:

• Perspective Items: This worksheet is used to define values for all perspectives. Each value must have a type code that matches the type code for the perspective it belongs to, which is set in the Perspective worksheet1.
• Controls: The Controls worksheet supplies data that defines the controls themselves. This is crucial for establishing the specific controls that will be secured1.
• Perspective-Control: This worksheet defines how perspective values relate to controls. It is necessary to associate specific controls with the relevant organizational perspectives1.

References:The information is based on the Oracle Risk Management documentation, which details the use of the Data Migration template and its worksheets for importing various types of data, including object data, transaction data, and association data1.

To create an impromptu assessment in Oracle Risk Management, the following steps are outlined:

• Navigate to the record of an individual process, risk, or control.
• Initiate the creation of an impromptu assessment.
• In the General region of the Create Impromptu Assessment page, you are required to:
• An Assessment Record Security Assignment region becomes active, where you can authorize users as viewers, assessors, reviewers, or approvers. Here, you would select a Reviewer for the assessment.

It’s important to note that an impromptu assessment does not require a template or a plan, and perspectives or activity are not mentioned as required fields in the documentation.

References:The information for creating an impromptu assessment is detailed in the Oracle documentation1. Further overview of assessments can be found in related Oracle documentation2.

• Identify the organizations or business units: This involves determining the specific parts of the organization where the new controls will be applied. It is crucial to understand the scope of the controls within the organizational structure to ensure that the appropriate levels of review and approval are established.
• Identify users who will perform control review and approval: After defining the scope, the next step is to specify the individuals who will be responsible for reviewingand approving the controls. This includes assigning users to the roles that will have the authority to review and approve the controls at each required level.

References:The information provided is based on the Oracle Risk Management documentation, which outlines the processes for setting up approvals within the system123. These references detail the necessary steps and considerations for managing approvals and ensuring proper control within the Oracle Risk Management framework.

• Filter A is used to select payments from the specified business units (BU1, BU2, BU3, and BU4), excluding BU5.
• Filter B groups the payments by each supplier and sums the payment amounts. This filter is then used to identify suppliers who have been paid more than $100,000 USD across the selected business units.

References:The information is based on the Oracle Risk Management Cloud documentation and resources that discuss transaction models and filtering criteria for identifying specific conditions such as payment amounts to suppliers1.

• Identify the number of access points in each entitlement.
• Since the entitlements do not share access points, each access point in one entitlement can be paired with each access point in the other entitlement.
• Multiply the number of access points in the first entitlement by the number of access points in the second entitlement to find the total number of combinations.

• On the Manage Issues page within Oracle Risk Management, users have the ability to link various related objects to an issue.
• The objects that can be associated with an issue include Assessments, Risks, and Controls.
• This association is crucial for maintaining a comprehensive view of the risk landscape and ensuring that all relevant factors are considered during the issue management process.

References:The information is based on the Oracle Risk Management Cloud documentation which details enhancements to reporting issues, remediation plans, and related objects1. Additionally, discussions on the Oracle community forums confirm that related objects such as processes can be viewed but are not directly related on the Risk Definition Page, indicating that the primary related objects are indeed Assessments, Risks, and Controls2.

• Perform Impromptu Assessments: The Control Owner can perform impromptu assessments for the two P2P controls. This allows for immediate assessment without the need for a scheduled plan and is useful for ad-hoc analysis.
• Initiate a Planned Assessment for Both Controls Together: The Control Owner can initiate a planned assessment and include both controls in the same assessment. This is a more structured approach where the controls are assessed as part of a predefined schedule.
• Initiate Separate Planned Assessments: Alternatively, the Control Owner can initiate two separate planned assessments, one for each control. This allows for individual attention to each control but requires managing two separate assessment processes.

References:The information provided is based on the Oracle Risk Management Cloud documentation, which outlines the processes for control assessments, including impromptu and planned assessments12. The references detail how Control Owners can manage and execute control assessments within the Oracle Risk Management framework.

To identify key stakeholders for Financial Reporting Compliance Cloud, focus on individuals involved in certifying internal controls for regulatory mandates like SOX. These stakeholders are typically executives responsible for ensuring that the company’s financial reporting processes are compliant and reliable.

References:

• Oracle Financial Reporting Compliance Cloud Data Sheet1.
• Overview of Oracle Financial Reporting Compliance2.

• Access Control Manager - This duty role typically includes permissions for system configuration duties, which are not intended for the “Application Access Auditor” role. Removing this duty ensures the user cannot perform system configurations.
• Advanced Control System Administrator - This duty role also encompasses system configuration responsibilities and administrative privileges over the Advanced Controls setup. Removing this duty prevents the user from having system-wide configuration access, aligning with the client’s requirement for a role focused solely on monitoring.

References:

• The information is based on the Oracle Risk Management documentation, which outlines the responsibilities associated with various duty roles within the Advanced Access Controls framework1.
• Additional details regarding the segregation of duties and the configuration of job roles can be found in the Oracle Advanced Access Controls Cloud Data Sheet2.
• For a comprehensive understanding of the duty roles and their functions, refer to the Overview of Oracle Advanced Controls3.