1. Using Risk and Security Snapshot Report
  2. Overview of Risk and Security Snapshot Report

Overview of Risk and Security Snapshot Report

Oracle Risk and Security Snapshot Report performs comprehensive analysis of risk in your business processes.

It's designed to be easy for you to use: First, select a "content pack," which is a set of Oracle-developed objects appropriate for analyzing risk in a specified business process. Next, select a time period. Then run an analysis job.

The analysis may involve a large amount of data, so the job typically runs for hours, up to a maximum of twenty-four. Upon completion, the analysis returns a report. It provides summary and detailed information about risk in the business process represented by the content pack you selected, over the period you specified.

Each content pack can perform two types of analysis:

  • Access analysis identifies users with separation-of-duties conflicts: each user is assigned roles granting privileges that combine to create the potential for fraud or significant error. The analysis also identifies roles that provide sensitive access: each role on its own grants elevated access, and so can't be assigned without risk.

  • Transaction analysis returns records of actual transactions in Oracle Cloud applications that display evidence of fraud, error, separation-of-duties violations, or other risk.

To perform these analyses, Risk and Security Snapshot Report uses objects called "models." Each model consists of filters that form a processing logic to select records exhibiting a risk. An access model may, for example, filter for users who have the privileges both to create a payables invoice and approve payment on that invoice. For another example, a transaction model may find occasions when individual users have completed both of those actions.

Each content pack is a set of models developed by Oracle to implement best practices in risk management. Because the application uses models created by Oracle, you don't have to wrestle with model development or risk-logic definitions.

You can use Risk and Security Snapshot Report on its own, or to provide an initial "health check" for Advanced Controls, a more robust risk-management application. Advanced Controls enables you both to use Oracle-developed access and transaction models, and to create your own; to deploy those models as controls that provide continuous monitoring; and to track and resolve findings uncovered by those controls. As an implementation tool, Risk and Security Snapshot Report can identify key areas to focus on in each business process as you use Advanced Controls.