Oracle GRC Overview

Why Oracle GRC

Only Oracle Fusion Governance, Risk, and Compliance (GRC), a component of the Oracle Fusion Applications suite, provides a complete enterprise GRC platform that gives you:

The Power to Discover—unified intelligence for insight into the status of all GRC activities across the enterprise The Power to Manage—end-to-end support for cross-industry and industry-specific GRC processes The Power to Enforce—best-in-class automated controls that work across multiple business applications

GRC Intelligence:

For most organizations, GRC activities are handled independently by different functions, lines of business, or regions. As a result, it is often very difficult for chief compliance officers, chief audit officers, and chief risk officers to gain a true enterprise understanding of the status of GRC programs and be confident that risks are being correctly identified and handled Fusion Governance, Risk, and Compliance Intelligence. combines qualitative and quantitative information and presents this information in integrated dashboards and reports, thereby allowing executives and managers to confidently identify and focus efforts on key risks and control issues including access policy conflicts. The solution delivers both out-of-the-box dashboards as well as hundreds of pre-delivered metrics so that business users can quickly construct their own reports for on-the-spot analysis

BENEFITS::

Acts as an integration hub to overcome the challenges of fragmented information Presents in-context information to GRC stakeholders Provides self-service reporting to end-users .

GRC Manager: :

For many organizations, the greatest GRC challenge is creating a consolidated view of compliance, risk and internal controls. GRC work is typically performed by different operating teams managing separate requirements. By providing a common process and content foundation, Oracle Enterprise Governance, Risk, and Compliance Manager (Enterprise GRC Manager) facilitates the holistic management of GRC programs while still addressing individual requirements with natively-built modules. This unified approach promotes overall insight, shared practices, re-use of work, efficiency, and cost savings and tackles the problem of siloed GRC responses without imposing a one-size-fits-all solution.

Features: :

Reduces overlapping policies, risks, and controls and streamlines the GRC process with a consolidated platform. Supports enterprise risk management in addition to regulatory compliance and controls. Presents unique capabilities from its underlying Fusion Middleware 11g technology.

Application Access Controls:

Real-Time Enforcement of Segregation of Duties and Access Policies The ability to fine-tune user access—and to track that access—is key to complying with regulatory requirements and ensuring corporate security. Oracle Application Access Controls Governor provides real-time monitoring and proactive enforcement of crucial access policies, such as those that support segregation of duties (SOD). The system anticipates potential SOD conflicts before they arise, and even prevents any assignment of roles or responsibilities within an application that would compromise proper segregation of duties. Application Access Controls Governor also extends key access controls to "super-users" and temporary or contract workers.

Features:

Real-time monitoring and enforcement of SOD controls, including prevention of access provisioning that would jeopardize SOD Graphical simulation to look into access points, detects SOD conflicts, and evaluates treatment options Comprehensive library of best practice SOD controls.

Configuration Controls Governor:

Powerful, Flexible Control over Application Integrity and Functionality Ensuring data and application integrity is a fundamental business requirement to implement an effective IT governance strategy. Oracle Configuration Controls Governor is an automated solution that controls and tracks changes to key application setup data, using notifications and detailed reports to facilitate change management without burdening core business operations. The solution enables tracking of all changes, providing a detailed audit history, and records designated setup values, permitting quick comparison of values from different points in time or environments. With Oracle Configuration Controls Governor, you can ensure application integrity, audit changes, and continuously monitor setups. As a result, you can reduce financial loss, regulatory cost, audit effort, and the risks associated with them. Adding Preventive Controls Governor enhances these benefits by blocking unwanted changes, requiring third-party approval and/or reason codes for sensitive changes, and logging change attempts.

Features:

Monitor key setups for any change, track "Who, What, Where and When," and receive notification of critical setup changes Document application setup with point-in-time snapshots Identify changes and discrepancies with snapshot comparisons, to manage changes that can have significant financial or regulatory impact

Transaction Controls:

Enterprise Transaction Controls Governor Continuous Monitoring of Business Transactions Economic stresses on companies have forced many to undertake cost cutting measures. While necessary, these measures have weakened organizations' internal controls, leaving them vulnerable to wastage and fraud. Oracle Enterprise Transaction Controls Governor continuously monitors transactions against policies to detect suspicious transactions or redundant business practices that get in the way of performance. By spotting anomalies in everyday transactions, the system prevents cash leakage. Escalation of risk, fraud, and costly remediation are avoided—Oracle Enterprise Transaction Controls Governor tracks events that indicate: Potential violation of internal controls - for example, an employee raises multiple requisitions for a single purchase totaling an amount greater than her approval level Heightened levels of risk - for instance, an unexpected delay in anticipated cash receipts which would result in a shortfall in projected cash flow Reportable events - for example, a foreign subsidiary writes off a significant bad debt

Features:

Continuous monitoring of transactions across processes including Procure-to-Pay, Order-to-Cash, Hire-to-Retire, and Record-to-Report Statistical logic to systematically uncover inappropriate or suspicious transactions and control violations Intuitive authoring of access, master data, and transaction controls

Preventive Controls Governor:

Ensure Data Quality and Privacy with Granular Control Control over the quality of applications data starts at the user level. Without such control, your company is left open to mistakes, loss of data, and fraud. The Oracle Preventive Controls Governor provides fine-grained control over user viewing and editing of key data, while tracking changes (or attempted changes) by users. With it, you can limit or control which data fields applications users can change or see, define the types of data users can input in various fields, and limit the values of transactions to enforce regulatory or corporate guidelines. The Oracle Preventive Controls Governor provides not only assured regulatory compliance and protection against fraud, but also the prevention of many common data-entry errors.

Features:

Enforcement of data quality policies such as mandatory fields, customizable LOVs (Lists of Values) and insertion of default values Enforcement of tolerance limits, such as maximum values for transactions required to meet regulatory or corporate requirements Restriction of user views, allowing users to view only the fields needed to complete a legitimate transaction