External Auditor

Code Name

ORA_GTG_RISK_MANAGEMENT_AUDITOR_JOB

Duty Roles

This job role is related to the following duty roles:

• Access Certification Transaction Analysis Duty

• Advanced Access Control Model Transaction Analysis Duty

• Advanced Access Control Transaction Analysis Duty

• Advanced Financial Control Transaction Analysis Duty

• Financial Reporting Compliance Transaction Analysis Duty

Subject Areas

This job role secures access to the following subject areas:

• Risk Management Cloud - Access Certification Real Time

• Risk Management Cloud - Advanced Access Controls Real Time

• Risk Management Cloud - Advanced Access Models Real Time

• Risk Management Cloud - Advanced Financial Controls Real Time

• Risk Management Cloud - Assessment Results Real Time

• Risk Management Cloud - Compliance Real Time

Business Questions

This job role secures access to data that can answer the following business questions:

• What survey questions and responses are related to assessments?

• What are the severity and status of issues?

• What is the status for remediating issues?

• When were assessments initiated?

• What advanced controls have been defined?

• What Financial Reporting Compliance objects have the incidents been related to?

• For a specific transaction control, what is the total transaction amount?

• What advanced controls have been defined?

• What user name and job role combinations require investigation?

• How many user name and job role combinations are being certified?

• What is the employment information for a user whose direct manager recommends that access be revoked?

• Which groups are authorized to view and edit a record (such as control or result), and are they eligible?

• Which controls have not been tested for the current fiscal year?

• What two perspective hierarchies are related to documented risks?

• What is the order of the questions presented to the survey participant?

• Who are the owners, editors, and viewers assigned to an assessment batch?

• Who is authorized to access, view, review, and approve assessment results?

• What is the business unit for the user being certified?

• When did the certifier last update the certification?

• What is the name of the role code for user role combinations being certified?

• What date was the remediation plan approved or reviewed?

• What are the specific comments for the remediation plan during the approval workflow?

• What assessment batches have been defined?

• Which assessments are overdue?

• What controls are in scope for testing?

• What comments have been posted against the incidents?

• How many access certifications did the owner complete?

• What new user-role combinations have been certified this year versus last?

• What is the model name?

• Which users have conflicting access?

• How many results were returned for the model?

• What is the document ID of the attachment?

• What are the assessment results for those controls that have been tested?

• Which groups are authorized to access, view, review, and approve assessment results?

• What are the defined active key controls?

• How many assessment transactions are not completed?

• What Financial Reporting Compliance records have been defined?

• How many incidents are assigned or in remediation with 0-30 days age?

• How many access certifications did the certifier complete?

• What is the file name or URL of the attachment?

• What is the overall compliance status for the current fiscal year and/or quarter?

• What two perspective hierarchies are related to documented controls?

• What three perspective hierarchies are related to documented controls?

• What risk evaluations have been completed for a risk record?

• What is the survey participant's email address?

• What is the first and last name of the certifier who last updated the certification?

• Who associated the attachments?

• When were assessments completed and closed?

• What is the risk and control matrix?

• What SOD conflicts have been identified for users and roles?

• What is the status of one or multiple access certifications?

• What user name and job role combinations are pending?

• Who is authorized to review and approve a record (such as process or risk), and are they eligible?

• Which groups of owners, editors, and viewers are assigned to a record (such as control or issue), and are they eligible?

• What three perspective hierarchies are related to documented risks?

• What is the order of the questions as defined in the survey template?

• What events and consequences are associated to a risk?

• What treatment plans are associated to the risk record?

• What unique codes correspond to the role and privilege display names?

• Which groups of owners, editors, and viewers are assigned to an assessment batch?

• What is the asset book for the person being certified?

• What is the actual timestamp when the certification event took place?

• What is the control stratification for each control as it relates to the associated risk record?

• How many attachments have been applied to assessment records?

• What is the attachment type?

• What issues are defined, and what are their relationships to process, risk, and control records?

• When was the last time the control was run?

• What job roles need to be removed per user name?

• What is the employment information for the user being certified, such as business unit, manager, or job name?

• Which groups are authorized to review and approve a record (such as process or risk), and are they eligible?

• Who are the owners, editors, and viewers assigned to records (such as control or result), and are they eligible?

• What is the timestamp when the attachment was associated?

• Which perspectives will be defaulted on results when a control is run?

• What risk analyses have been completed for a risk record?

• Which groups are authorized as an issue validator/owner for the assessment result record?

• What questions and responses are related to a particular survey?

• What is the name of the survey template used for a specific survey?

• What is the approval history of the remediation plan?

• What are the results for batch and impromptu assessments?

• What are the results of the control test plans?

• How many incidents have been closed?

• How many incidents were found in the last control run?

• What access points are included in the entitlements?

• Who is authorized to view and edit a record (such as control or result), and are they eligible?

• How many controls have and have not been tested for the current fiscal year?

• What two perspective hierarchies are related to documented processes?

• What survey questions and responses are related to objects?

• What is the timestamp the survey participant submitted responses?

• Who approved and reviewed the remediation plan?

• What are the summary result counts for models in the North America perspective?

• Which controls are in the North America perspective?

• What consequences are associated to the event?

• Who is the issue validator/owner for the assessment result record?

• What is the control stratification for control records associated to a risk record?

• What assessments have been defined?

• When were key controls tested?

• What incidents have been identified for a specified transaction control?

• Since the same incident path is often found across users, what is the unique incident path count?

• What certifications were performed in the last two quarters?

• Did the approver accept the assessment result, reject it, or return it for information?

• Who are the owners, editors, and viewers assigned to records (such as process and control), and are they eligible?

• Which groups of owners, editors, and viewers are assigned to a record (such as control or result), and are they eligible?

• Which roles have conflicting access?

• What three perspective hierarchies are related to documented processes?

• What is the ledger for the user being certified?