Subject Areas for Transactional Business Intelligence in Risk Management

Title and Copyright Information
Get Help

1 Introduction

About This Guide

2 Subject Areas

Overview
OTBI Performance Real Time
OTBI Usage Real Time
Risk Management Cloud - Access Certification Real Time
Risk Management Cloud - Advanced Access Controls Real Time
Risk Management Cloud - Advanced Access Models Real Time
Risk Management Cloud - Advanced Financial Controls Real Time
Risk Management Cloud - Advanced Financial Models Real Time
Risk Management Cloud - Assessment Results Real Time
Risk Management Cloud - Compliance Real Time
Security - Audit Real Time
Security - Roles and Privileges Real Time

3 Business Questions

Overview
How many assessment transactions are not completed?
What are the results for batch and impromptu assessments?
What are the results of the control test plans?
What survey questions and responses are related to assessments?
What assessment batches have been defined?
When were assessments completed and closed?
Which assessments are overdue?
What assessments have been defined?
What controls are in scope for testing?
What Financial Reporting Compliance records have been defined?
What is the risk and control matrix?
What are the severity and status of issues?
What is the status for remediating issues?
What issues are defined, and what are their relationships to process, risk, and control records?
When were assessments initiated?
When were key controls tested?
When was the last time the control was run?
What advanced controls have been defined?
How many incidents have been closed?
How many incidents were found in the last control run?
What Financial Reporting Compliance objects have the incidents been related to?
For a specific transaction control, what is the total transaction amount?
How many incidents are assigned or in remediation with 0-30 days age?
What incidents have been identified for a specified transaction control?
What advanced controls have been defined?
What SOD conflicts have been identified for users and roles?
What comments have been posted against the incidents?
What access points are included in the entitlements?
Since the same incident path is often found across users, what is the unique incident path count?
What is the status of one or multiple access certifications?
What job roles need to be removed per user name?
What user name and job role combinations require investigation?
What user name and job role combinations are pending?
How many access certifications did the certifier complete?
How many access certifications did the owner complete?
How many user name and job role combinations are being certified?
What certifications were performed in the last two quarters?
What new user-role combinations have been certified this year versus last?
What is the employment information for the user being certified, such as business unit, manager, or job name?
What is the employment information for a user whose direct manager recommends that access be revoked?
Did the approver accept the assessment result, reject it, or return it for information?
Who are the owners, editors, and viewers assigned to records (such as process and control), and are they eligible?
Who is authorized to review and approve a record (such as process or risk), and are they eligible?
Which groups of owners, editors, and viewers are assigned to a record (such as control or issue), and are they eligible?
Which groups are authorized to review and approve a record (such as process or risk), and are they eligible?
Who are the owners, editors, and viewers assigned to records (such as control or result), and are they eligible?
Who is authorized to view and edit a record (such as control or result), and are they eligible?
Which groups of owners, editors, and viewers are assigned to a record (such as control or result), and are they eligible?
Which groups are authorized to view and edit a record (such as control or result), and are they eligible?
What is the model name?
Which users have conflicting access?
Which roles have conflicting access?
How many results were returned for the model?
What are the summary result counts for models in the North America perspective?
How many users run OTBI analyses?
Who are the top OTBI users?
What is the weekly OTBI analysis usage trend?
What are the top most frequently run OTBI analyses?
How many predefined OTBI analyses have been run in the past month?
How many custom OTBI analyses have been run in the past month?
How many ad-hoc OTBI analyses have been run in the past month?
What is the execution history of dashboard X in the past month?
Which analyses have low usage in the past month?
How many OTBI SOAP web services have been run in the past month?
What are the long-running analyses in the past month?
What is the OTBI execution time histogram in the past month?
Which analyses have the longest response time?
Which analyses have high data row count?
Which analyses reached OTBI max row limit?
What are the common execution errors in the past month?
How many analyses and dashboards failed in the past month?
What are the most commonly used OTBI subject areas?
What are the least-used OTBI subject areas?
Which subject areas have slow performance?
Which subject areas have large data volume?
Which analyses have low usage because of poor performance?
What is the database SQL execution time and row count?
Why am I not able to view certain subject areas with my login credentials?
Which data security policy would provide access to the data I need to see?
Can I view and edit a particular page? If yes, which functional security policy do I need to provide to a user who needs similar access?
I have not added a specific role to a user, but the user seems to have this job role. Can I trace how has this been inherited by the user?
What data security privileges has a specific user added?
Which roles were added with a specific functional security policy, and who added them?
What events and consequences are associated to a risk?
What consequences are associated to the event?
What risk analyses have been completed for a risk record?
What risk evaluations have been completed for a risk record?
What treatment plans are associated to the risk record?
What unique codes correspond to the role and privilege display names?
Who are the owners, editors, and viewers assigned to an assessment batch?
Which groups of owners, editors, and viewers are assigned to an assessment batch?
Who is authorized to access, view, review, and approve assessment results?
Who is the issue validator/owner for the assessment result record?
Which groups are authorized to access, view, review, and approve assessment results?
Which groups are authorized as an issue validator/owner for the assessment result record?
What questions and responses are related to a particular survey?
What survey questions and responses are related to objects?
What is the survey participant's email address?
What is the timestamp the survey participant submitted responses?
What is the control stratification for control records associated to a risk record?
What are the defined active key controls?
What is the asset book for the person being certified?
What is the business unit for the user being certified?
What is the ledger for the user being certified?
When did the certifier last update the certification?
What is the first and last name of the certifier who last updated the certification?
What is the name of the survey template used for a specific survey?
What is the name of the role code for user role combinations being certified?
What is the actual timestamp when the certification event took place?
What advanced financial models have been defined?
Will the model results help to analyze exceptions, or does model logic need to be adjusted?
Is the model ready to be deployed as a control? (Does the model return only the expected exception-based results?)
Who approved and reviewed the remediation plan?
What date was the remediation plan approved or reviewed?
What is the approval history of the remediation plan?
What are the specific comments for the remediation plan during the approval workflow?
What is the control stratification for each control as it relates to the associated risk record?
How many attachments have been applied to assessment records?
Who associated the attachments?
What is the attachment type?
What is the file name or URL of the attachment?
What is the document ID of the attachment?
What is the timestamp when the attachment was associated?
Which controls have not been tested for the current fiscal year?
How many controls have and have not been tested for the current fiscal year?
What is the overall compliance status for the current fiscal year and/or quarter?
What are the assessment results for those controls that have been tested?
Which perspectives will be defaulted on results when a control is run?
Which controls are in the North America perspective?
What two perspective hierarchies are related to documented controls?
What three perspective hierarchies are related to documented controls?
What three perspective hierarchies are related to documented risks?
What two perspective hierarchies are related to documented risks?
What three perspective hierarchies are related to documented processes?
What two perspective hierarchies are related to documented processes?
What is the order of the questions as defined in the survey template?
What is the order of the questions presented to the survey participant?

4 Job Roles

Overview
Access Certification Administrator
Advanced Access Controls Analyst
Advanced Transaction Controls Analyst
Application Implementation Consultant
External Auditor
IT Security Manager
Risk Activities Manager
Risk Administrator

5 Duty Roles

Overview
Access Certification Transaction Analysis Duty
Advanced Access Control Model Transaction Analysis Duty
Advanced Access Control Transaction Analysis Duty
Advanced Financial Control Models Transaction Analysis Duty
Advanced Financial Control Transaction Analysis Duty
Financial Reporting Compliance Transaction Analysis Duty
OTBI Report Performance Transactional Analysis Duty
OTBI Report Usage Transactional Analysis Duty
Security Transaction Analysis Duty