Implementation Overview

Oracle Fusion Cloud Risk Management is a set of complementary applications that document and assess your company's risk-control matrix; run models and controls that detect policy violations in transactions and in access grants to users; and certify role assignments.

To begin using these applications, opt in to the Risk Management offering in Oracle Fusion Functional Setup Manager. Then set up and manage the following.

Jobs and Scheduling

You can schedule background tasks and monitor their results. Tasks include, for example, evaluating models or advanced controls; synchronizing transaction, user, or role data; purging records; or exporting or importing operational data. As an implementation task, you may import your existing risk and control framework. Or you may import access and transaction models created by Oracle to ensure best practices.

Predefined jobs perform key background tasks related to security, notifications, and reporting. They run, however, only after you schedule them to run. As a setup task, determine and implement the schedules appropriate for your environment.

Perspectives

A perspective is a set of related values. Users can associate individual perspective values with records of individual objects, such as risks or controls. Perspectives can serve as filtering values in reports or in the pages in which users manage objects.

Security

You grant access to functionality by assigning job roles (and through them, duty roles and privileges). You grant access to data by appointing users who can work with individual records at owner, editor, and viewer levels. For more on security configuration, see Oracle Fusion Cloud Risk Management: Securing Risk Management.

Configuration and Administration

You can set features that configure Oracle Risk Management for use and routine maintenance.

Some features apply generally. You can determine whether users receive notifications, email alerts, or both when tasks require their attention. You can edit the values available for selection in list-of-values fields. You can configure flexfield segments. Each is, in effect, a field that captures information unique to your organization's requirements. And, if you've created a Risk Management dashboard in Oracle Transactional Business Intelligence, you can set up an icon that opens the dashboard from the Risk Management springboard.

Other features apply specifically to Oracle Fusion Cloud Advanced Controls, the application that runs models and controls to detect policy violations. You can set performance options, establish a uniform currency for amount attributes in transaction analysis, and purge old control-analysis results. You can synchronize data and manage global users; these operations refresh transaction and user data analyzed by models and controls. For access analysis only, you can establish connections to data sources that provide information about access granted to users of applications outside of Oracle Fusion Cloud.

Still other features apply specifically to Oracle Fusion Cloud Financial Reporting Compliance, the application that documents your risk-control matrix. You can select assessment activities available for each of the Process, Risk, and Control objects. (For each object, you can't change these selections after you create or import object records.) You can review assessment-response definitions. You can also use a data-migration utility to upload operational and perspective data.

In Oracle Fusion Cloud Access Certifications, the application for certifying role assignments, you can activate an enhanced version of the certifier worksheet, the page in which certifiers record their judgments of whether role assignments are justified.

Audit

You can use the Oracle Cloud audit framework to track changes to records your organization creates in Oracle Risk Management. Most, but not all, auditable records apply to Oracle Advanced Controls.