Governance, Risk, and Compliance Handbook for Oracle Applications.

Cover -- Copyright -- Credits -- Foreword -- About the Authors -- Acknowledgement -- About the Authors -- Acknowledgement -- About the Reviewers -- www.PacktPub.com -- Table of Contents -- Preface -- Chapter 1: Introduction -- How this book is organized -- Definitions -- Governance -- Risk -- Compliance -- Oracle's Governance Risk and Compliance Footprint -- Balanced Scorecard -- Business Intelligence -- Financial Planning and Analysis -- Consolidations and Financial Reporting -- Learning -- Risk Management Applications -- Sub Certification -- Process Management Applications -- Content Management Applications -- Identity and Authorization Management Applications -- Our case study -- Roles involved in GRC activities -- Audit Committee member -- Signing Officers -- Chief Audit Executive -- Chief Financial Officer -- Chief Information Officer -- Chief Operating Officer -- The Audit and Compliance process -- Risk Assessment phase -- Documentation phase -- Testing phase -- Reporting phase -- Relationships between entities, accounts, process, risk controls, and tests -- GRC Capability Maturity Model -- Summary -- Chapter 2: Corporate Governance -- Developing and Communicating Corporate Strategy with Balanced Scorecard -- Balanced Scorecard Theory -- The four perspectives -- Measures -- Strategy Maps -- Infission's strategic initiative -- Oracle's Balanced Scorecard -- Accessing Oracle Hyperion's Balanced Scorecard -- The main components and how they are related -- Setting up measures -- Setting up an Accountability Hierarchy -- Assembling the Scorecard -- Breaking down Measures and Scorecards into lower-level objectives -- Authorizing Managers to Scorecards -- Loading data -- Developing the Strategy Map for Infission and reviewing it with the Board -- Assigning objectives to Managers and creating goals in HCM.

Communicating and confirming Corporate Strategy with iLearning -- Developing Learning Assets Flow -- The major components of the Learning System -- Responsibilities -- Adding an Entry in the Course Catalog -- Uploading Course Content -- Developing a question bank to confirm understanding -- Monitoring employee's understanding -- The Infission Strategic Objectives Classes -- Managing Records Retention Policies with Content Management Server -- Records Governance Process -- Records Governance Components and how they are related -- Roles for accessing Universal Content Manager (UCM) -- Standard Sensitivity Classifications -- Typical Security Groups that reflect Security Boundaries and Sensitivity Classifications -- Illustrative Retention Policies -- Running the Document Disposition Check -- Financial planning and analysis with Hyperion FR -- Financial Planning and Analysis Flow -- Accessing the Financial Planning and Analysis tools -- Constructing Account Balance Data Cube -- Developing the Financial Model -- Developing planning assumptions -- Constructing the Financial plan -- Publishing the Financial plan -- Analyzing the results -- Publishing the results -- Financial Planning and Analysis Components and how they are related -- Monitoring Execution with Oracle Business Intelligence -- Oracle Financial Analytics -- Other dashboards in Financial Analytics -- Oracle Sales Analytics -- Other dashboards in Sales Analytics -- Oracle Procurement Analytics -- Other dashboards in Procurement Analytics -- Oracle Human Resources Analytics -- Other Dashboards in Human Resources Analytics -- Enterprise Risk Management -- Conducting a Risk Assessment -- Scope Controls to be Tested -- Develop Audit Plan -- Briefing the Board -- Whistle-blower protections -- Setting up iSupport for anonymous access -- Configuring for recording whistle-blower complaints.

Creating a template for whistle-blower complaints -- Summary -- Chapter 3: Information Technology Governance -- Developing and communicating IT strategy with balanced scorecards -- IT project portfolio planning -- Roles for accessing portfolio analysis -- Decide investment criteria -- Create portfolio -- Initiate planning cycle -- Submit new projects for inclusion in portfolio -- Score projects -- Create and compare the scenarios -- Recommend and approve the scenario -- Close planning cycle and implement scenario recommendations -- Maintaining a valid configuration -- Managing the configuration using Applications Manager -- Maintaining a valid configuration using Enterprise Manager Application Management Pack for E-Business Suite -- Service desk administration through Oracle Enterprise Manager -- Support workbench -- Problem details -- Packaging problem details -- Summary -- Chapter 4: Security Governance -- Security balanced scorecard -- Relationships between the objectives -- Metrics for the objectives -- Perspectives from standard bodies and professional institutions -- IT Governance Institute -- ISO 17799 -- Quotes from prominent Security managers -- Account provisioning and identity management -- Designing roles -- Function Security -- Data security -- Aggregating responsibilities into roles -- Role provisioning -- Identity management -- Limiting access to administrative pages -- Segregation of Duties Policies -- Server, applications, and network hardening -- System wide advice -- Database tier -- Oracle TNS listener security -- Oracle database security -- Application tier -- Protect administrative web pages -- E-Business Suite security -- Desktop security -- Operating environment security -- Firewall configuration and filtering of IP packets -- Security incident response through Oracle service -- Summary.

Chapter 5: Risk Assessment and Control Verification -- InFission approach for Risk Assessment and Control Verification -- Establishing Program Office -- Selecting controls framework -- The COSO framework -- The COBIT framework -- Survey and interview management -- Reviewing prior year documentation -- Rating current year risk -- Verifying controls -- Oracle's GRC Manager and Intelligence-risk assessment and control verification system -- Assessment workflow in Oracle GRC Manager -- Initiating assessment -- Assessing risks -- Reviewing risks -- Verifying Controls -- Certifying assessment -- Evaluating assessment -- Assessing quantitative risks in Oracle GRC Intelligence -- Conduct quantitative risk assessment -- Summary -- Chapter 6: Documenting Your Controls -- Process and procedure documents -- InFission approach for managing process and procedure documents -- Managing process documents in Oracle GRC Manager -- Creating a Business Process in Oracle GRC Manager -- Document process narrative in Oracle Tutor -- Risks and controls documents -- InFission approach to risk and controls documentation -- Managing risks in Oracle GRC Manager -- Managing controls in Oracle GRC Manager -- Managing control documentation lifecycle in GRC Manager -- Use Data collection workflow to update documents -- Contributing to a process -- Reviewing data for a process -- Summary -- Chapter 7: Managing Your Testing Phase: Management Testing and Certifying Controls -- Management testing for internal audit program -- Management testing for Regulatory Compliance Audits -- Management testing for Enterprise Risk Management -- InFission's approach to management testing -- Management testing using Oracle GRC Manager -- Using GRC Survey tool to determine the scope of audit plan -- Managing survey questions -- Managing survey choice sets -- Managing survey templates.

Creating and initiating a survey -- GRC Manager assessments -- Creating the assessment templates -- Creating an assessment plan -- Assigning the delegate -- Initiating/completing the assessment -- Reviewing the assessment results -- Closing an assessment -- Summary -- Chapter 8: Managing Your Audit Function -- Audit planning -- InFission audit planning approach -- Managing audit plan using Oracle GRC Manager -- Creating the audit template -- Creating the audit plan -- Internal controls assessment -- InFission internal controls assessment approach -- Assessing internal controls using Oracle GRC Manager -- Initiating the assessment -- Selecting criteria -- Selecting the components -- Selecting the participants -- Controls assessment -- Managing issues -- Closing an assessment -- Audit report -- InFission's approach to audit report -- Obtain audit report in Oracle GRC Manager -- Summary -- Chapter 9: IT Audit -- InFission IT Audit approach -- IT Audit scope management -- IT Audit plan management -- Automated application controls using Oracle GRC Controls Suite -- Oracle Application Access Controls Governor -- Identifying objectives -- Selecting controls -- Model walk-through -- Analyzing controls -- Remediation -- Assigning incidents to business owners -- Managing access approval -- Oracle Transaction Controls Governor -- Create model -- Testing the controls -- Configuration Controls Governor -- Creating definitions -- Creating a snapshot definition -- Testing a snapshot definition -- Locking the definition -- Sharing the definition -- Comparing snapshots -- Defining change tracker -- Deploying change tracker -- Viewing change tracker results -- Setting up queries and alerts -- Preventive Controls Governor -- Creating rules -- Creating a Rule Element -- Capturing Events with Event Tracker -- Updating Element definition -- Configuring element details.

Creating SQL procedures.