As your organization grows in size, some precautions are necessary to keep certain elements of your work secure. This is true for almost any organization large enough to have a business hierarchy, and it only becomes more important as your organization takes on bigger projects and creates more roles for employees. Two people running a coffee shop as a partnership do not need to concern themselves with who has what authorization, but a 40-person business strategy service should never grant full data access to every intern who walks through the door.
Fortunately, Oracle Risk Management Cloud provides a variety of tools to help avoid risk and risky situations involving potential fraud or errors. These tools, located within Oracle Advanced Access Controls and Oracle Advanced Financial Controls, do require some set up, but this effort and the security it brings to your organization are worth it in the long run. The following article will teach you how these tools function and how they can be configured to fit the specific needs of your organization.
Within Oracle Risk Management, Advanced Access Controls assists organizations with locating user-role assignments that provide certain users with too much access through their application roles and privileges. This includes situations where a user may be in charge of both creating and approving a product or report. By placing a user in charge of both roles, an organization’s review process serves no purpose, and their operation takes on unnecessary risk. This same logic can apply to various privilege assignments and role-and-privilege combinations.
Oracle Advanced Financial Controls helps organizations identify a different sort of risk in the form of fraud or errors relating to transactions carried out using Oracle Cloud applications or by tracking changes in the Oracle Cloud audit framework. This is done using models designed by users with filters that define what an organization considers to be risky or fraudulent. In this way, Oracle Advanced Financial Controls lets organizations who know their structure best identify situations where they are at risk. If your organization has an individual in the Audit role, they might build a transaction model to determine the level of risk your organization’s systems are exhibiting at the time when the model is evaluated based on the auditors’ experience and familiarity with financial risk. Taking the time to identify and remove these instances of risk can make or break a company, especially when it comes to external auditing and other inspections.
To locate problematic user-role assignments you must first create Advanced Access Controls access models. These models house controls your organization design to counter risk by enforcing user-created risk logic built to detect scenarios that are considered risky.
Access models perform the following key functions:
Access models are created from access points. To work with access models, users must first obtain permission to work with these access points. This is done by providing users with certain privileges like Promote Worker or roles like Line Manager that give users access to different data in your organization’s system. These users then apply filters to these access points, and they can also group related filters together into entitlements. For example, you can create a Manage Employee entitlement containing several privileges related to how Human Resources personnel hire employees, such as Add Direct Report or Rehire Employee.
You also apply entitlements or access points to model logic, and you have the option to exclude certain data if necessary using global conditions. Global conditions exclude data in an access model by removing records that you do not want your access model to analyze. This might be a permission that is universally granted to all employees and not necessary to analyze or certain admin users who are purposefully granted full access to a system.
Advanced Financial Controls also uses models with filters designed to define what your organization considers to be risky. These transaction models help users locate transactions meeting this risk criteria. Advanced Financial Controls models allow users to do the following:
If your organization is large and its organizational hierarchy complex, it can be difficult to keep track of every case and evaluation of potential risk. To make this process more manageable, Oracle Advanced Controls and Oracle Financial Compliance generate a series of reports with different, related purposes. For tracking and reporting potentially risky user-role assignments, Advanced Controls provides the following reports that you should run and keep an eye on:
In addition to these reports, you also have access to predefined dashboards that provide additional or recontextualized Risk Management data. These dashboards are accessed through the Oracle Business Intelligence Catalog.
Oracle Financial Compliance reports are focused on documenting how your organization plans to avoid risk and meet regulatory requirements. This information is also collected into reports and alternatively in Oracle Business Intelligence Catalog dashboards. The following reports help you track your organization’s response to risk:
Financial Reporting Compliance and Advanced Controls reports are scheduled and run from their respective models pages. From these pages, you can open the Related Links page to choose a report to run from a selection of reports categories. Scheduling a report to run at a specific time requires naming the schedule, setting a start date and time, and end date and time, and how frequently the report should run while active.
Risk management might seem overwhelming at first. There is a lot of data to process and many considerations to make regarding roles, privileges, and other points of access that can leave your entire organization at risk. Instead of getting overwhelmed, take the advice found in this article and develop a strategy built on access models and risk logic that best works for your business.
More information on configuring Risk Management features to suite your organization’s needs are available with Engage, Maverick Solutions’ comprehensive, subscription-based Oracle training model. Speak with one of our customer service representatives today to learn more or request a demo.
Healthcare systems are increasingly becoming prime targets for cyberattacks which introduces compliance risk. Learn how…
Artificial Intelligence (AI) has the potential to revolutionize the healthcare industry, from diagnosing diseases to…
The healthcare industry is facing a crisis: a critical shortage of qualified workers. Alleviate the…
For healthcare organizations, interoperability means massive changes to systems and processes. A DAP can help…
Great leaders know that the first few weeks at a new company are crucial. Here's…
As 2024 is well underway, here are 7 L&D trends that your organization needs to…