oracle governance, risk and compliance (grc) solutions training using real business cases and live...

Oracle Governance, Risk and Compliance (GRC) Solutions

Training Using Real Business Cases and Live Oracle GRC Controls Suite

During this webinar, I will describe: My Motivation for Oracle GRC Live Our Objectives for Oracle GRC Live Our Training Schedule and Format Business Case for our Real World Scenario Client’s Objectives Our Proposed Oracle GRC Solution OIC Oracle GRC Implementation Method (GRCIM) Links to Oracle GRC Resources Q&A Session

Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.04/19/23 2

OIC cannot grow without a network of highly talented Oracle GRC, Security and Internal Controls Professionals. We need: Oracle GRC Functional Professionals to Implement and Configure GRC

Controls Suite on OIC and 3RD Party Projects Risk Management Professionals to assume leadership positions with

the OIC to develop Risk Assessment and Risk Management Solutions, and help companies improve their Financial Closing and Financial Reporting Processes using the Oracle GRC Controls Suite of Applications, Oracle GRC Manager and Hyperion Financial Management.

Director of Sales and Marketing / Business Development (Commission) Director of Oracle GRC Internships OIC is a global virtual Oracle Governance, Risk and Compliance (GRC),

Security and Internal Controls Practice where Oracle GRC Professionals earn, at least, $80 per hour plus expenses and have an opportunity to share profits and equity.


Place Highly Talented Oracle GRC Professionals on Oracle GRC Projects

Find highly motivated and talented Accounting, Auditing, Compliance, GRC, Risk Management and Oracle Financial Professionals

Provide opportunity to discuss real world business cases and design Oracle GRC solutions to satisfy requirements for client Business Processes

Implement Solution in Oracle GRC Controls Suite using OIC GRC Sandbox, thus gaining valuable hands on experience implementing and using the most current releases of the applications in the Oracle GRC Controls Suite

Develop TOP Team of Oracle GRC, Security and Internal Control Professional Contractors that represent the best talent in the industry


Find the Best, Train the Best, Be the Best

Meet Tuesday evenings from 6:30 to 7:30 pm CST to: Review progress on exercises assigned during the

Saturday afternoon session Provide Q&A Session Provide Status Update of OIC

Meet Saturday afternoons from 1:30 to 3:30 pm CST to: Review your lab exercises that you completed. Provide an Overview of a New Topic Review lab questions Review and demo how to complete lab exercises


Oracle GRC Live – Our Training Schedule

Your client is a US public company with annual revenues of approximately $2.5 Billion Dollars. They operate four different US Legal Entities CORP, CO01, CO02, and CO03. Companies 01, 02 and 03 each operate several processing plants. Each Company (i.e. Legal Entity) uses the same calendar, currency and chart of accounts.

Each Company will also be defined as an Operating Unit Client is currently using Oracle Release 11.5.10.2 for Oracle

Financials, Oracle Supply Chain, Oracle HR and PR and other Oracle Applications.

Client is also currently implementing Oracle Release 12.1.3 for one or more Organizations.

Client will have three (3) production instances: US for R 11.5.10.2, US for R 12.1.3 and Brazil for R11.5.10.2


Business Case Scenario for Oracle GRC Live

Comply with Sarbanes-Oxley Act of 2002 (SOX)

Remove Material Deficiency for Inadequate SOD

Ensure New Implementation Complies with SOX

Implement Continuous Controls Monitoring Monitor Differences in Configuration

Parameters

Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.

Ensure Adequate Compliance, Security and Internal Controls

04/19/23 7


Implement Configuration, SOD, Transaction and Preventive Controls

04/19/23 8

Control Oracle GRC Solution

Comments

Configuration Management

CCG 5.5.1

• Take Snapshot of Baseline Configuration•Compare Snapshots between Occurrences, Ledgers, Operating Units, and Instances

Change Management

CCG 5.5.1

•Define Change Tracking Definitions to track changes for one or more objects defined in the schema for a specific Oracle Application and Instance•Define Change Tracking Queries to track changes for one or more objects defined in the schema for one or more Oracle Applications, Instances, Users, and Time Period. Send Notifications to Specific Users when someone changes a parameter.



04/19/23 9


Comments

Application Access Controls

AACG 8.6

•Monitor User Access to one or more specific Functions in an Oracle EBS Instance

Segregation of Duties

AACG 8.6

• Import Oracle Predefined Best Practices Library of Segregation of Duties (SOD) Controls, Templates, and Models.



04/19/23 10


Comments

Transaction Controls

TCG 8.6

•Monitor Transactions (as opposed to Configuration Parameters) to mitigate the risk of fraud and material misstatement in Company’s Financial Statements.

Preventive Controls

PCG 7.3.2

• Integrate PCG with AACG 8.6 to implement preventive controls for User Provisioning• Limit access to fields, buttons, list of values and other objects on JAVA forms (not HTML forms)

GRCIM leverages Oracle Unified Method (OUM) 5.3 to develop a predefined set of deliverables to support the implementation of Oracle GRC Controls Suite including: Oracle GRC Controls (GRCC) 8.6▪ Oracle Application Access Controls Governor

(AACG) 8.6▪ Oracle Transaction Controls Governor (TCG) 8.6

Oracle Configuration Controls Governor (CCG) 5.5.1 Oracle Preventive Controls Governor (PCG) 7.3.2

GRCIM also leverages OUM to implement: Oracle GRC Intelligence (GRCI) 3.01 Oracle GRC Manager (GRCM) 8.0

04/19/23Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 11


Step Description Results1 OIC GRC Express Portal System displays the OIC GRC Express

Portal, which provides Access to GRC Sandbox, GRC Training Platform, OIC University.

2 OIC Oracle GRC Sandbox You can access the individual Oracle GRC applications.

3 OIC Oracle GRC Training Platform

You can access Oracle GRC Manuals and OIC Oracle GRC Training Documents.

4 OIC Requirements for Oracle GRC, Security and Controls Professional

You can review our requirements for Oracle GRC, Security and Controls Professionals

5 Oracle GRC Resources I urge you to review the OIC website and links to Oracle GRC Resources

6 OIC Oracle GRC Express Blog I urge you to participant by adding posts, comments, etc.

7 OIC Global Oracle GRC Contractors Network

I thought we could use this portal for e-Learning and Chat.

8 OIC YouTube Review the short videos that I have uploaded.04/19/23 12


# Question Type of Internal Control Provided

1 What are the GRC applications included in the Oracle GRC Controls Suite?

1. AACG2. GRCI3. GRCM4. CCG5. PCG6. TCG

04/19/23 13


# Question Type of Internal Control Provided

1 Map the following Oracle GRC Applications to the Controls Listed•TCG•GRCI•GRCM•AACG•PCG•CCG

1. Segregation of Duties2. Configuration Management3. Transaction Controls4. Change Management5. Preventive Controls6. Application Access Controls

04/19/23 14


# Question Answer

2 Can you install Oracle CCG 5.5.1 on a Virtual Server?

3 Can you Configure CCG 5.5.1 with an EBS Instance that uses RAC?

4 What is the GRC Support Matrix?

5 What triggers the generation of the baseline snapshot and baseline change tracking definitions?

04/19/23 15


Step

Description Results

1 Log into Oracle CCG 5.5.1.

2 Log into Oracle GRCC 8.6

3 Log into Oracle R12.1.1 and select GRC Controls Responsibility

4 Log into OracleElearning.com/Moodle

5 Log into all other links provided

04/19/23 16


Questions and Answers Session

During this lesson, you learned: CCG Provides Internal Controls for:

Configuration Management Change Management Controls

Prerequisites for an Oracle GRC Solution Supported by Oracle

Generate Baseline Snapshot and Change Tracking Definitions

Edit, Test and Schedule Snapshot Definitions Log into CCG 5.5.1

Display Your Welcome Page Change Your User Profile

Appendices include: Appendix I: Course Outline Using CCG 5.5.1 Appendix II: Links to Oracle CCG Manuals


This concludes this lesson. You are now ready to begin your adventure with Oracle GRC Live with Real World Business Cases and Real World Solutions Using the Oracle GRC Controls Suite of Applications.


OIC (Oracle Independent Consultants LLC) is an Oracle Gold Partner and focuses solely on providing risk and advisory services, installation, implementation and configuration services, training and resources for Oracle Governance, Risk and Compliance (GRC) solutions, which includes Oracle Security and Control solutions.

Contact Us to learn more. You can also call me directly at 214-783-0751 or send an email to [email protected].

Roger Drolet, CPA, MBA, CISA, CITPwww.theoicllc.comwww.oraclegrcexpress.com


oracle governance, risk and compliance (grc) solutions training using real business cases and live...

Documents

oracle grc manager

team of oracle grc

oracle grc liveour objectives

design oracle grc solutions

oic grc sandbox

internal controls practice

risk management solutions

real business cases