SEARCH
Disclaimer: Authors have full rights over their works. Reproduction of any part of the content is prohibited without prior authorization.
BOOK GOVERNANCE RISK AND COMPLIANCE HANDBOOK FOR ORACLE APPLICATIONS
SUMMARY
-
Items Found: 364
- Chapter 1: Introduction 7
- How this book is organized 8
- Definitions 8
- Governance 9
- Risk 9
- Compliance 9
- Oracle's Governance Risk and Compliance Footprint 10
- Balanced Scorecard 10
- Business Intelligence 10
- Financial Planning and Analysis 11
- Consolidations and Financial Reporting 11
- Learning 11
- Risk Management Applications 11
- Sub Certification 12
- Process Management Applications 12
- Content Management Applications 12
- Identity and Authorization Management Applications 12
- Our case study 12
- Roles involved in GRC activities 13
- Audit Committee member 13
- Signing Officers 14
- Chief Audit Executive 14
- Chief Financial Officer 15
- Chief Information Officer 15
- Chief Operating Officer 16
- The Audit and Compliance process 16
- Risk Assessment phase 17
- Documentation phase 17
- Testing phase 17
- Reporting phase 18
- Relationships between entities,accounts,process,risk controls,and tests 18
- GRC Capability Maturity Model 19
- Chapter 2: Corporate Governance 21
- Developing and Communicating Corporate Strategy
- with Balanced Scorecard 22
- Balanced Scorecard Theory 22
- The four perspectives 22
- Measures 23
- Strategy Maps 24
- Infission's strategic initiative 25
- Oracle's Balanced Scorecard 25
- Accessing Oracle Hyperion's Balanced Scorecard 25
- The main components and how they are related 26
- Setting up measures 27
- Setting up an Accountability Hierarchy 28
- Assembling the Scorecard 28
- Breaking down Measures and Scorecards into lower-level objectives 29
- Authorizing Managers to Scorecards 30
- Loading data 31
- Developing the Strategy Map for Infission and reviewing it with the Board 32
- Assigning objectives to Managers and creating goals in HCM 34
- Communicating and confirming Corporate Strategy with iLearning 35
- Developing Learning Assets Flow 35
- The major components of the Learning System 36
- Responsibilities 37
- Adding an Entry in the Course Catalog 37
- Uploading Course Content 38
- Developing a question bank to confirm understanding 39
- Monitoring employee's understanding 40
- The Infission Strategic Objectives Classes 41
- Managing Records Retention Policies with Content Management Server 41
- Records Governance Process 42
- Records Governance Components and how they are related 43
- Roles for accessing Universal Content Manager (UCM) 44
- Standard Sensitivity Classifications 45
- Typical Security Groups that reflect Security
- Boundaries and Sensitivity Classifications 47
- Illustrative Retention Policies 48
- Running the Document Disposition Check 52
- Financial planning and analysis with Hyperion FR 55
- Financial Planning and Analysis Flow 55
- Accessing the Financial Planning and Analysis tools 56
- Constructing Account Balance Data Cube 56
- Developing the Financial Model 57
- Developing planning assumptions 58
- Constructing the Financial plan 59
- Publishing the Financial plan 61
- Analyzing the results 61
- Publishing the results 62
- Financial Planning and Analysis Components and how they are related 63
- Monitoring Execution with Oracle Business Intelligence 65
- Oracle Financial Analytics 65
- Other dashboards in Financial Analytics 67
- Oracle Sales Analytics 67
- Other dashboards in Sales Analytics 69
- Oracle Procurement Analytics 70
- Other dashboards in Procurement Analytics 73
- Oracle Human Resources Analytics 73
- Other Dashboards in Human Resources Analytics 75
- Enterprise Risk Management 76
- Conducting a Risk Assessment 77
- Scope Controls to be Tested 78
- Develop Audit Plan 78
- Briefing the Board 79
- Whistle-blower protections 79
- Setting up iSupport for anonymous access 81
- Configuring for recording whistle-blower complaints 81
- Creating a template for whistle-blower complaints 82
- Chapter 3: Information Technology Governance 85
- Developing and communicating IT strategy with balanced scorecards 87
- IT project portfolio planning 89
- Roles for accessing portfolio analysis 91
- Decide investment criteria 91
- Create portfolio 92
- Initiate planning cycle 93
- Submit new projects for inclusion in portfolio 94
- Score projects 94
- Create and compare the scenarios 95
- Recommend and approve the scenario 96
- Close planning cycle and implement scenario recommendations 96
- Maintaining a valid configuration 98
- Managing the configuration using Applications Manager 98
- Maintaining a valid configuration using Enterprise Manager
- Application Management Pack for E-Business Suite 99
- Service desk administration through Oracle Enterprise Manager 100
- Support workbench 102
- Problem details 103
- Packaging problem details 104
- Chapter 4: Security Governance 107
- Security balanced scorecard 108
- Relationships between the objectives 109
- Metrics for the objectives 111
- Perspectives from standard bodies and professional institutions 111
- IT Governance Institute 111
- ISO 17799 111
- Quotes from prominent Security managers 113
- Account provisioning and identity management 114
- Designing roles 114
- Function Security 115
- Data security 116
- Aggregating responsibilities into roles 118
- Role provisioning 119
- Identity management 120
- Limiting access to administrative pages 121
- Segregation of Duties Policies 121
- Server,applications,and network hardening 123
- System wide advice 124
- Database tier 125
- Oracle TNS listener security 126
- Oracle database security 126
- Application tier 126
- Protect administrative web pages 127
- E-Business Suite security 127
- Desktop security 129
- Operating environment security 129
- Firewall configuration and filtering of IP packets 130
- Security incident response through Oracle service 130
- Chapter 5: Risk Assessment and Control Verification 133
- InFission approach for Risk Assessment and Control Verification 135
- Establishing Program Office 136
- Selecting controls framework 137
- The COSO framework 137
- The COBIT framework 139
- Survey and interview management 140
- Reviewing prior year documentation 140
- Rating current year risk 141
- Verifying controls 142
- Oracle's GRC Manager and Intelligence—risk assessment
- and control verification system 143
- Assessment workflow in Oracle GRC Manager 144
- Initiating assessment 144
- Assessing risks 149
- Reviewing risks 151
- Verifying Controls 151
- Certifying assessment 154
- Evaluating assessment 154
- Assessing quantitative risks in Oracle GRC Intelligence 155
- Conduct quantitative risk assessment 156
- Chapter 6: Documenting Your Controls 161
- Process and procedure documents 161
- InFission approach for managing process and procedure documents 162
- Managing process documents in Oracle GRC Manager 163
- Creating a Business Process in Oracle GRC Manager 165
- Document process narrative in Oracle Tutor 166
- Risks and controls documents 170
- InFission approach to risk and controls documentation 171
- Managing risks in Oracle GRC Manager 172
- Managing controls in Oracle GRC Manager 174
- Managing control documentation lifecycle in GRC Manager 176
- Use Data collection workflow to update documents 178
- Contributing to a process 180
- Reviewing data for a process 181
- Chapter 7: Managing Your Testing Phase:
- Management Testing and Certifying Controls 185
- Management testing for internal audit program 185
- Management testing for Regulatory Compliance Audits 186
- Management testing for Enterprise Risk Management 187
- InFission's approach to management testing 188
- Management testing using Oracle GRC Manager 189
- Using GRC Survey tool to determine the scope of audit plan 189
- Managing survey questions 190
- Managing survey choice sets 191
- Managing survey templates 192
- Creating and initiating a survey 196
- GRC Manager assessments 197
- Creating the assessment templates 198
- Creating an assessment plan 199
- Assigning the delegate 200
- Initiating/completing the assessment 200
- Reviewing the assessment results 202
- Closing an assessment 203
- Chapter 8: Managing Your Audit Function 205
- Audit planning 205
- InFission audit planning approach 206
- Managing audit plan using Oracle GRC Manager 207
- Creating the audit template 208
- Creating the audit plan 209
- Internal controls assessment 213
- InFission internal controls assessment approach 214
- Assessing internal controls using Oracle GRC Manager 215
- Initiating the assessment 216
- Selecting criteria 216
- Selecting the components 217
- Selecting the participants 217
- Controls assessment 218
- Managing issues 222
- Closing an assessment 227
- Audit report 228
- InFission's approach to audit report 228
- Obtain audit report in Oracle GRC Manager 229
- Chapter 9: IT Audit 233
- InFission IT Audit approach 234
- IT Audit scope management 234
- IT Audit plan management 236
- Automated application controls using Oracle GRC Controls Suite 237
- Oracle Application Access Controls Governor 238
- Identifying objectives 238
- Selecting controls 240
- Model walk-through 241
- Analyzing controls 245
- Remediation 245
- Assigning incidents to business owners 251
- Managing access approval 256
- Oracle Transaction Controls Governor 257
- Create model 258
- Testing the controls 260
- Configuration Controls Governor 266
- Creating definitions 266
- Creating a snapshot definition 266
- Testing a snapshot definition 269
- Locking the definition 271
- Sharing the definition 271
- Comparing snapshots 272
- Defining change tracker 274
- Deploying change tracker 275
- Viewing change tracker results 276
- Setting up queries and alerts 277
- Preventive Controls Governor 280
- Creating rules 280
- Creating a Rule Element 283
- Capturing Events with Event Tracker 283
- Updating Element definition 285
- Configuring element details 287
- Creating SQL procedures 300
- Chapter 10: Cross Industry Cross Compliance 305
- Sarbanes-Oxley 305
- Important sections of the act and the technologies that apply 306
- Title 1: Establishment and Operation of the Public Company Accounting Oversight Board 306
- Title 2: Auditor Independence 306
- Title 4: Financial Disclosures 307
- Title 8: Legal Ramifications for Corporate Fraud 307
- ISO 27001 – Information Security Management System (ISMS) 308
- The components of an Information Security Management System 308
- The risk assessment process 309
- The Risk Treatment Plan 309
- The Statement of Applicability 309
- Oracle's products and ISO 27000 312
- Control Objectives for IT (COBIT) 315
- Managing IT processes in Oracle GRC
- applications to support COBIT Framework 315
- InFission COBIT Framework setup in Oracle GRC Manager 315
- InFission IT Controls Management Approach 317
- California Breach Law 325
- PII Columns: Trading Community Architecture 325
- PII Columns: Procurement 328
- PII Columns: Financials 329
- Oracle's products and California Breach Law 330
- Transparent data encryption 330
- Healthcare Information Portability and Protection Act (HIPPA) 332
- Oracle's products and HIPPA 333
- Scrambling and data masking 333
- Data vault 336
- Payment Card Industry (PCI) 340
- Oracle's products and PCI 341
- Oracle Payments 341
- Federal Sentencing Guidelines 345
- Standards for an effective compliance and ethics program 346
- Oracle's products and Federal Sentencing Guidelines 347
- Creating the ethics program in iLearning 347
- Monitoring the ethics program in iLearning 348
- Chapter 11: Industry-focused Compliance 351
- Hi-tech manufacturing 351
- ISO 9000 351
- Oracle Tutor 352
- Oracle Quality 354
- Oracle Quality components and how they are related 355
- Responsibilities for accessing Oracle Quality 357
- Environmental compliance and ISO 14000 364
- Requirements of ISO 14001 365
- ISO 14000 compliance auditing 366
- Organization certification 367
- How ISO 14000 fits into GRC Manager 367
- Example environmental risk portfolio 370
- RoHS WEEE 372
- RoHS WEEE and hazardous substance compliance 372
- Who needs to comply? 372
- Oracle Agile Product Governance and Compliance 373
- Major components of PG&C and how they relate to each other 374
- Life sciences and medical instrument manufacturing 382
- Title 21: Code of Federal Regulations 382
- The requirements of electronic records 383
- Oracle's E-records Management Solution 384
- E-records management features 384
- E-records management components 385
- Responsibilities in E-records management 385
- Functions in the E-records process 386
- Banking and financial services 391
- Basel 391
- Requirements of Basel 391
- The three pillars 391
- The second pillar—Supervisory review process 394
- The third pillar—Market discipline 394
- Oracle's solutions in the banking sector 394
- Comply with pillar one—Capital adequacy 395
- Comply with pillar two—Management review 396
- Comply with pillar three—Disclosure 398
- Patriot Act 398
- Oracle's solution for Patriot Act – Oracle Mantas 398
- Chapter 12: Regional-focused Compliance 403
- Regulatory compliance in major economic regions 404
- The Sarbanes-Oxley Act of 2002 (USA) 405
- Public Company Accounting Oversight Board (PCAOB) 405
- Auditor Independence 405
- Corporate Responsibility 406
- Enhanced Financial Disclosures 406
- Analyst Conflicts of Interest 406
- Commission Resources and Authority 406
- Studies and Reports 406
- Corporate and Criminal Fraud Accountability 407
- White Collar Crime Penalty Enhancement 407
- Corporate Tax Returns 407
- Corporate Fraud Accountability 407
- Canada Bill 198 (Canadian Sarbanes-Oxley) 407
- UK Corporate Governance Code 2010 408
- European Union's 8th Directive 409
- Financial Instruments and Exchange Law (Japan SOX) 409
- Corporate Law Economic Reform Program (CLERP – Australia) 410
- InFission approach to Regional Compliance 410
- Managing regional compliance using Oracle GRC Manager 412
- Setting up Financial Governance module 412
- Regionalizing your Financial Governance Framework 413
- Setting up Content Type for Regulatory Documentation 415
- Updating Lookup tables 417
- Creating user-defined attributes (UDA) for regional compliance 419
- Setting up Regional Compliance Framework using perspectives 422
- InFission Organization Structure perspective 423
- InFission Regulatory Compliance perspective 423
- InFission Standard and Framework perspective 424
- Loading data 428
- Setting up user profile for regional roles 430
- Assessing Regional Compliance using Oracle GRC Manager 433
- Monitoring Regional Compliance in Oracle GRC Intelligence 435
- Regional Compliance Dashboards 435
- Regional Compliance reports 437
