22B Office Hour

Oracle Fusion Cloud Risk Management

May 11, 2022

Cloud Customer Connect Event
Agenda

▷ Get acquainted

▷ Quarterly news

▷ Shop talk

▷ AMA

2 Copyright © 2022, Oracle and/or its affiliates

 https://community.oracle.com/customerconnect/categories/erp-risk-management

3 Copyright © 2022, Oracle and/or its affiliates

Learn more https://community.oracle.com/customerconnect/discussion/542146/get-acquainted-with-risk-management

4 Copyright © 2021 Oracle

Learn more https://community.oracle.com/customerconnect/discussion/551384/solution-blueprints

5 Copyright © 2021 Oracle

Learn more https://community.oracle.com/customerconnect/discussion/542146/get-acquainted-with-risk-management

6 Copyright © 2021 Oracle

https://community.oracle.com/customerconnect/discussion/31659/your-path-to-success-with-risk-management

7 Copyright © 2022, Oracle and/or its affiliates

Agenda

▷ Get acquainted

▷ Quarterly news

▷ Shop talk

▷ AMA

8 Copyright © 2022, Oracle and/or its affiliates

 https://community.oracle.com/customerconnect/discussion/490940/keeping-up-with-risk-management

9 Copyright © 2022, Oracle and/or its affiliates

 https://community.oracle.com/customerconnect/discussion/490940/keeping-up-with-risk-management

10 Copyright © 2022, Oracle and/or its affiliates

What’s New in 22B

Step-by-step instructions:
https://www.oracle.com/webfolder/technetwork/tutorials
/tutorial/cloud/r13/wn/risk/releases/22B/22B-risk-wn.htm

Product managers’ walk-through and tips:

https://community.oracle.com/customerconnect/events/603876-
erp-release-highlights-for-oracle-fusion-cloud-risk-management-
in-22b

11 Copyright © 2022, Oracle and/or its affiliates

As seen in our 22A Office Hour…

12 Copyright © 2022, Oracle and/or its affiliates

 https://docs.oracle.com/en/cloud/saas/applications-common/22b/faser/overview-of-erp-security-implementation.html#s20047772

13 Copyright © 2022, Oracle and/or its affiliates

Events page NEW!

https://community.oracle.com/customerconnect/discussion/626937/risk-management-events

14 Copyright © 2022, Oracle and/or its affiliates

 Recent events

https://community.oracle.com/customerconnect/events/603817-hcm- https://community.oracle.com/customerconnect/events/603815-erp-must-
how-texas-childrens-is-automating-hr-security-privacy-process-integrity haves-for-demonstrating-sod-access-compliance-in-oracle-cloud-erp

15 Copyright © 2022, Oracle and/or its affiliates

Agenda

▷ Get acquainted

▷ Quarterly news

▷ Shop talk

▷ AMA

16 Copyright © 2022, Oracle and/or its affiliates

 https://community.oracle.com/customerconnect/discussion/551384/solution-blueprints

17 Copyright © 2021 Oracle

 https://community.oracle.com/customerconnect/discussion/551381/automate-separation-of-duties-compliance-reporting

18 Copyright © 2022, Oracle and/or its affiliates

https://download.oracle.com/ocomdocs/global/apps_21B/risk/Automate_SOD_Reporting_for_Compliance/Automate_SOD_Reporting_for_Compliance.mp4

Want more
videos like
this?

19 Copyright © 2022, Oracle and/or its affiliates

Simple risk heat map

20 Copyright © 2022, Oracle and/or its affiliates

Simple risk heat map

21 Copyright © 2022, Oracle and/or its affiliates

Simple risk heat map

22 Copyright © 2022, Oracle and/or its affiliates

Simple risk heat map

23 Copyright © 2022, Oracle and/or its affiliates

Simple risk heat map
To make each count a link to a report that shows the risks, build the report:

24 Copyright © 2022, Oracle and/or its affiliates

Simple risk heat map
…then return to the heat map design:

25 Copyright © 2022, Oracle and/or its affiliates

Simple risk heat map
…and link Count of Risks to the report:

26 Copyright © 2022, Oracle and/or its affiliates

Simple access history

Why: There’s a setup or transaction you can’t monitor (yet), so in the meantime, you’d like to track users who
had access to it.

How:
1. In Customer Connect, tell Oracle you want to monitor the setup or transaction.
2. In the meantime, track user access:
• An access control incident record’s status shows whether it currently represents an issue:
• Assigned: an issue might exist
• Accepted or Remediate: an issue exists
• Resolved or Closed: the issue has ceased to exist
• Control Inactive: the issue has ceased to be of interest
• In this discussion, statuses indicate either:
• Is currently an issue or could be an issue: Assigned, Accepted, Remediate
• Is not currently an issue: Resolved, Closed, Control Inactive
• …and incidents represent issues that existed during a date range if they:
• Now have the status Assigned, Accepted, or Remediate; and were created before the end of the date range
• Now have the status Resolved, Closed, or Control Inactive; and were last updated during the date range
• Tip: A violation could come and go, then return; so generate a report shortly after each date range.

27 Copyright © 2022, Oracle and/or its affiliates

Even simpler access history

…and when you can’t monitor access either:

1. In Customer Connect, tell Oracle you want to monitor it.
2. In the meantime, track sign-ins and sign-outs:
• Use Security Console to get the past seven days’ history:
https://docs.oracle.com/en/cloud/saas/applications-common/22a/facsa/get-user-sign-in-sign-
out-information.html
• …or use this API (which also yields seven days):
https://docs.oracle.com/en/cloud/saas/applications-common/22a/farca/api-sign-and-sign-
audit.html
… like this:
https://support.oracle.com/epmos/faces/DocContentDisplay?id=2661308.1

28 Copyright © 2022, Oracle and/or its affiliates

Deploy models as controls

Fewer incidents: Faster initial deployment:

1. Import pre-built models
2. Run analyses
3. If needed, fine-tune model results
4. Plan incident assignments, prep investigators
5. Deploy models as controls
1. Import pre-built models
2. Deploy models as controls
3. If needed, plan incident reassignments, prep
investigators, reassign incidents
4. If needed, fine-tune model results and
redeploy

29 Copyright © 2022, Oracle and/or its affiliates

30 Copyright © 2022, Oracle and/or its affiliates
31 Copyright © 2022, Oracle and/or its affiliates
32 Copyright © 2022, Oracle and/or its affiliates
Up next…

What if you could...

• Import issue records?
• Update an assessment and survey’s participants at the same time?
• See users’ HR details in the Results by Control and User page (e.g., manager, location, …)?
• Enable/disable an object’s notifications (e.g., access controls, access certifications, …)?
• Create reports that show Advanced Controls jobs?

33 Copyright © 2022, Oracle and/or its affiliates

On-premises GRC

• Severity 1 fixes through May 2025

https://support.oracle.com/epmos/faces/DocumentDisplay?id=2143036.1

34 Copyright © 2022, Oracle and/or its affiliates

Agenda

▷ Get acquainted

▷ Quarterly news

▷ Shop talk

▷ AMA

35 Copyright © 2022, Oracle and/or its affiliates

AMA anytime

How can we help you succeed?

Post a new topic

or
Send a Message to Barry Greenhut
in Customer Connect

36 Copyright © 2022, Oracle and/or its affiliates

Thank you!

37 Copyright © 2022, Oracle and/or its affiliates