1. Using Risk and Security Snapshot Report
  2. Overview of Risk and Security Snapshot Report

Overview of Risk and Security Snapshot Report

Oracle Risk and Security Snapshot Report performs comprehensive analysis of risk in your business processes.

It's designed to be easy for you to use: First, select a "content pack," which is a set of Oracle-developed objects appropriate for analyzing risk in a specified business process. Next, select a time period. Then run an analysis job.

The analysis may involve a large amount of data, so the job typically runs for hours, up to a maximum of twenty-four. Upon completion, the analysis returns a report. It provides summary and detailed information about risk in the business process represented by the content pack you selected, over the period you specified.

Each content pack can perform two types of analysis:

  • Access analysis identifies users with separation-of-duties conflicts: each user is assigned roles granting privileges that combine to create the potential for fraud or significant error. The analysis also identifies roles that provide sensitive access: each role on its own grants elevated access, and so can't be assigned without risk.

  • Transaction analysis returns records of actual transactions in Oracle Cloud applications that display evidence of fraud, error, separation-of-duties violations, or other risk.

To perform these analyses, Risk and Security Snapshot Report uses objects called "algorithms." Each consists of filters that form a processing logic to select records exhibiting a risk. An access algorithm may, for example, filter for users who have the privileges both to create a payables invoice and approve payment on that invoice. For another example, a transaction algorithm may find occasions when individual users have completed both of those actions.

Each content pack is a set of algorithms developed by Oracle to implement best practices in risk management. Because the application uses algorithms created by Oracle, you don't have to wrestle with algorithm development or risk-logic definitions.

You can use Risk and Security Snapshot Report on its own, or to provide an initial "health check" for Advanced Controls, a more robust risk-management application. Advanced Controls enables you both to use Oracle-developed access and transaction algorithms, and to create your own; to deploy those algorithms as controls that provide continuous monitoring; and to track and resolve findings uncovered by those controls. As an implementation tool, Risk and Security Snapshot Report can identify key areas to focus on in each business process as you use Advanced Controls.