New and Revised Models in Content Library

Nine new Advanced Financial Controls models are added to the content library, and seven existing models have been revised. When you have access, you will be able to select the Import action on the Models tab and select them from the Content Library.

NEW MODELS

Nine new models are available in the release that identify accounts payable or general ledger related records created or updated by an IT superuser. Each of these new models requires a corresponding user-defined object (UDO); the UDO is listed in the last Business Objects column. The Security Administrators UDO is an Access type, and its definition uses an entitlement called Sensitive IT Security Access. This entitlement was also updated in this same release; review those changes under feature Revised Models in Content Library under Advanced Access Controls

Content Library and Type Model Name and Description Business Objects

Enterprise Resource Planning Library > Advanced Transaction Controls

41001: Approved Payable Invoices by IT Superusers

Description: Identify payable invoices approved by IT superusers

Supplier

Payables Invoice

Payables Invoice Approvals

Business Operating Unit

UDO: Security Administrators

Enterprise Resource Planning Library > Advanced Transaction Controls

41002: Created or Updated Payable Invoices by IT Superusers

Description: Identify payable invoices created or updated by IT superusers

Supplier

Payables Invoice

Business Operating Unit

UDO: Security Administrators

Enterprise Resource Planning Library > Advanced Transaction Controls

41003: Created or Updated Payments by IT Superusers

Description: Identify payments created or updated by IT superusers

Supplier

Payment

Business Operating Unit

UDO: Security Administrators

Enterprise Resource Planning Library > Advanced Transaction Controls

41004: Created or Updated Suppliers by IT Superusers

Description: Identify suppliers created or updated by IT superusers

Supplier

UDO: Security Administrators

Enterprise Resource Planning Library > Advanced Audit Controls

41005: Approval Workflow Rules for Financials by IT Superusers

Description: Identify payment, journal, and payable invoice workflow approval rules modified by IT superusers

Audit - Workflow (SOA Suite)

UDO: Security Administrators

Enterprise Resource Planning Library > Advanced Transaction Controls

41006: Approved or Posted Journals by IT Superusers

Description: Identify journal entries approved or posted by IT superusers

Journal Entry

Journal Entry Action Log

Ledger Setup: General

UDO: Security Administrators

Enterprise Resource Planning Library > Advanced Transaction Controls

41007: Created or Updated Journals by IT Superusers

Description: Identify journal entries created or updated by IT superusers

Journal Entry

Ledger Setup: General

UDO: Security Administrators

Enterprise Resource Planning Library > Advanced Audit Controls

41008: Created or Updated General Ledger Account Combinations by IT Superusers

Description: Identify general ledger account combinations created or updated by IT superusers

Audit - Account Combinations Setup

UDO: Security Administrators

Enterprise Resource Planning Library > Advanced Audit Controls

41009: Created or Updated General Ledger Options by IT Superusers

Description: Identify general ledger setup options created or updated by IT superusers

Audit - Ledgers Setup

UDO: Security Administrators

UPDATED MODELS

Updates were made to two transaction models, found in the Enterprise Resource Planning Library, and five sensitive-data access models in the Common Setup Library.

Enterprise Resource Planning Library

31003: Employees Missing Expense Receipts

  • The model was primarily updated to fit within the 25-attribute-guidelines feature introduced in this release (see Limit to the Number of Incident Attributes). The model and UDO attribute results no longer exceed 25.
  • A few filter changes were made to the UDO Missing Expense Receipt Counts, and include:
    • A new filter to exclude zero-amount expense lines.
    • Two effective date filters on person name were replaced with a single filter to return person's current record.
    • The three count function filters labels were updated to be shorter; their logic was not changed.
  • In the final model 31003, some filter labels were also updated to be shorter. The logic itself did not change.

40017: Payments and Requisitions Managed by the Same User

  • The model has been redesigned to use a new UDO called Payments with Invoices and Orders, where the purchase order enables us to create a relationship to the requisitions. Here is an overview of what is defined in the UDO:
    • A date filter for the last three months of updated payments.
    • Two equals filters on related attributes of business unit and supplier on the payment.
    • Two OR filters on payables invoice objects to return records that have an available purchase order.
  • The final model 40017 design is updated to use this new UDO and adds two new filters to create a relationship to requisition using the purchase order ID.
  • Another filter will only return requisition records that have a purchase order.
  • In the results, the Requisition.Line: Order ID attribute was added as a reference, since the design requires the information to ultimately determine if there is a related payment.

Common Setup Library

Under the Common Setup Library is the Advanced Sensitive Data Access Audit Controls; five models were updated, along with their related UDOs.

The following are the three UDOs that are referenced by the changed models. Most of the changes occurred in the UDOs, and therefore impacting the five models that use them.

  1. Sensitive Pages Viewed by User
    • No updates were made to this UDO.
  2. Sensitive Person Records Viewed by User
    • A new filter was added to return the person’s current record.
    • Added the Viewed Person: Full Name attribute in the results.
  3. Users with Employment Change
    • Description updated to: Identifies users viewing sensitive information when they have had a position or job change, or have been terminated
    • Two filters were added on the employee job assignment, one where it only returns the last three months of data, the other for valid assignment types.
    • Filters are also added to return the person’s current record, and their current job assignment type.
    • The filter for termination or position changes was broken into two and placed in an OR condition. More action values are included for each one, with termination also identifying those job assignments with termination dates.
      • You can create your own action values in your Fusion application. Because of this, only those seeded by Oracle can be considered in a delivered model in the library.
    • Result Display attribute additions were made to include contextual information on the person’s job assignment.

70002: Users Who View Sensitive Person Records on the Weekend

  • The model did not change, it was just impacted because it is dependent on the revised UDO number 2.

70003: Users Who View Sensitive Pages Prior to Termination

  • The filter on termination actions was updated to include additional seeded values, those identified in revised UDO number 3.
  • Attribute results were updated to add the person's number.

70004: Users Who View Sensitive Person Records Prior to Termination

  • The filter-on-termination actions were updated to include additional seeded values, those identified in revised UDO number 3.
  • Attribute results were updated to add the person's number.

70005: Users Who View Sensitive Pages Prior to Position Change

  • The filter-on-position and job-change actions were updated to include additional seeded values, those identified in revised UDO number 3.
  • Attribute results were updated to add the person's number.

70006: Users Who View Sensitive Person Records Prior to Position Change

  • The filter-on-position and job-change actions were updated to include additional seeded values, those identified in revised UDO number 3.
  • Attribute results were updated to add the person's number.

Business Benefit

For the first time, we are introducing new IT superuser models that can identify users with elevated access who have executed create or update actions on transactions or configurations across various areas. Model-content updates are conducted regularly, incorporating changes, expert insights, and recommendations to ensure accuracy and relevance.

Steps to Enable

No advance setup is required for you to import models in Advanced Controls. However, a Risk Management administrator must set the Transaction and Audit Performance Configuration date options under the Advanced Controls Configuration tab under Risk Management > Setup and Administration. The two created-as-of-date options are required, one for transactions and the other for audit events. These settings improve performance by eliminating older data from data-synchronization jobs. When these created-as-of-date options already exist, you should periodically review and change them to return only current data.

Tips And Considerations

Before using new model content, evaluate available models that match requirements for your organization under the Import action for models. The Import from Content Library page is organized by product area and model types. Once you identify models appropriate for you, import, review, and modify them in your test environment. Importing all available models is not recommended. In some cases, you may have already imported the model in a previous update. Or, some may source data from products or audit configurations you have not enabled. Moreover, models may contain user-defined or imported business objects that create data set controls or objects, respectively.

NOTE: There is no way to revise an existing control with new business objects, filters, or the attributes displayed.  Uptake of any delivered-model revisions starts by importing and reviewing them as a model. If an existing model uses the same name as the model you import, you will need to rename the revised model during import.

Key Resources

  • For more information about importing models, see a set of five topics beginning with "Import Models, Controls, or Conditions." These topics appear in Oracle Fusion Cloud Risk Management: Using Advanced Controls at Oracle Help Center > Cloud Applications > Risk Management and Compliance > All Books.