Oracle Governance Risk and Compliance GRC Solutions Training

  • Slides: 20
Download presentation
Oracle Governance, Risk and Compliance (GRC) Solutions Training Using Real Business Cases and Live

Oracle Governance, Risk and Compliance (GRC) Solutions Training Using Real Business Cases and Live Oracle GRC Controls Suite Oracle GRC Live Kick Off

Agenda During this webinar, I will describe: My Motivation for Oracle GRC Live Our

Agenda During this webinar, I will describe: My Motivation for Oracle GRC Live Our Objectives for Oracle GRC Live Our Training Schedule and Format Business Case for our Real World Scenario Client’s Objectives Our Proposed Oracle GRC Solution OIC Oracle GRC Implementation Method (GRCIM) Links to Oracle GRC Resources Q&A Session 5/21/2021 Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 2

My Motivation Place Highly Talented Oracle GRC Professionals on Oracle GRC Projects OIC cannot

My Motivation Place Highly Talented Oracle GRC Professionals on Oracle GRC Projects OIC cannot grow without a network of highly talented Oracle GRC, Security and Internal Controls Professionals. We need: Oracle GRC Functional Professionals to Implement and Configure GRC Controls Suite on OIC and 3 RD Party Projects Risk Management Professionals to assume leadership positions with the OIC to develop Risk Assessment and Risk Management Solutions, and help companies improve their Financial Closing and Financial Reporting Processes using the Oracle GRC Controls Suite of Applications, Oracle GRC Manager and Hyperion Financial Management. Director of Sales and Marketing / Business Development (Commission) Director of Oracle GRC Internships OIC is a global virtual Oracle Governance, Risk and Compliance (GRC), Security and Internal Controls Practice where Oracle GRC Professionals earn, at least, $80 per hour plus expenses and have an opportunity to share profits and equity. 5/21/2021 Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 3

Objectives Find the Best, Train the Best, Be the Best Find highly motivated and

Objectives Find the Best, Train the Best, Be the Best Find highly motivated and talented Accounting, Auditing, Compliance, GRC, Risk Management and Oracle Financial Professionals Provide opportunity to discuss real world business cases and design Oracle GRC solutions to satisfy requirements for client Business Processes Implement Solution in Oracle GRC Controls Suite using OIC GRC Sandbox, thus gaining valuable hands on experience implementing and using the most current releases of the applications in the Oracle GRC Controls Suite Develop TOP Team of Oracle GRC, Security and Internal Control Professional Contractors that represent the best talent in the industry 5/21/2021 Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 4

Training Schedule and Format Oracle GRC Live – Our Training Schedule Meet Tuesday evenings

Training Schedule and Format Oracle GRC Live – Our Training Schedule Meet Tuesday evenings from 6: 30 to 7: 30 pm CST to: Review progress on exercises assigned during the Saturday afternoon session Provide Q&A Session Provide Status Update of OIC Meet Saturday afternoons from 1: 30 to 3: 30 pm CST to: Review your lab exercises that you completed. Provide an Overview of a New Topic Review lab questions Review and demo how to complete lab exercises 5/21/2021 Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 5

Business Case Scenario for Oracle GRC Live Your client is a US public company

Business Case Scenario for Oracle GRC Live Your client is a US public company with annual revenues of approximately $2. 5 Billion Dollars. They operate four different US Legal Entities CORP, CO 01, CO 02, and CO 03. Companies 01, 02 and 03 each operate several processing plants. Each Company (i. e. Legal Entity) uses the same calendar, currency and chart of accounts. Each Company will also be defined as an Operating Unit Client is currently using Oracle Release 11. 5. 10. 2 for Oracle Financials, Oracle Supply Chain, Oracle HR and PR and other Oracle Applications. Client is also currently implementing Oracle Release 12. 1. 3 for one or more Organizations. Client will have three (3) production instances: US for R 11. 5. 10. 2, US for R 12. 1. 3 and Brazil for R 11. 5. 10. 2 5/21/2021 Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 6

Client’s Objectives Ensure Adequate Compliance, Security and Internal Controls Comply with Sarbanes-Oxley Act of

Client’s Objectives Ensure Adequate Compliance, Security and Internal Controls Comply with Sarbanes-Oxley Act of 2002 (SOX) Remove Material Deficiency for Inadequate SOD Ensure New Implementation Complies with SOX Implement Continuous Controls Monitoring Monitor Differences in Configuration Parameters 5/21/2021 Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 7

Proposed Oracle GRC Solution Implement Configuration, SOD, Transaction and Preventive Controls Control Oracle GRC

Proposed Oracle GRC Solution Implement Configuration, SOD, Transaction and Preventive Controls Control Oracle GRC Solution Comments Configuration Management CCG 5. 5. 1 • Take Snapshot of Baseline Configuration • Compare Snapshots between Occurrences, Ledgers, Operating Units, and Instances Change Management CCG 5. 5. 1 • Define Change Tracking Definitions to track changes for one or more objects defined in the schema for a specific Oracle Application and Instance • Define Change Tracking Queries to track changes for one or more objects defined in the schema for one or more Oracle Applications, Instances, Users, and Time Period. Send Notifications to Specific Users when someone changes a parameter. 5/21/2021 Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 8

Proposed Oracle GRC Solution Implement Configuration, SOD, Transaction and Preventive Controls Control Oracle GRC

Proposed Oracle GRC Solution Implement Configuration, SOD, Transaction and Preventive Controls Control Oracle GRC Solution Comments Application Access Controls AACG 8. 6 • Monitor User Access to one or more specific Functions in an Oracle EBS Instance Segregation of Duties AACG 8. 6 • Import Oracle Predefined Best Practices Library of Segregation of Duties (SOD) Controls, Templates, and Models. 5/21/2021 Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 9

Proposed Oracle GRC Solution Implement Configuration, SOD, Transaction and Preventive Controls Control Oracle GRC

Proposed Oracle GRC Solution Implement Configuration, SOD, Transaction and Preventive Controls Control Oracle GRC Solution Comments Transaction Controls TCG 8. 6 • Monitor Transactions (as opposed to Configuration Parameters) to mitigate the risk of fraud and material misstatement in Company’s Financial Statements. Preventive Controls PCG 7. 3. 2 • Integrate PCG with AACG 8. 6 to implement preventive controls for User Provisioning • Limit access to fields, buttons, list of values and other objects on JAVA forms (not HTML forms) 5/21/2021 Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 10

OIC Oracle GRC Implementation Method (GRCIM) GRCIM leverages Oracle Unified Method (OUM) 5. 3

OIC Oracle GRC Implementation Method (GRCIM) GRCIM leverages Oracle Unified Method (OUM) 5. 3 to develop a predefined set of deliverables to support the implementation of Oracle GRC Controls Suite including: Oracle GRC Controls (GRCC) 8. 6 ▪ Oracle Application Access Controls Governor (AACG) 8. 6 ▪ Oracle Transaction Controls Governor (TCG) 8. 6 Oracle Configuration Controls Governor (CCG) 5. 5. 1 Oracle Preventive Controls Governor (PCG) 7. 3. 2 GRCIM also leverages OUM to implement: Oracle GRC Intelligence (GRCI) 3. 01 Oracle GRC Manager (GRCM) 8. 0 5/21/2021 Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 11

Links to Oracle GRC Resources Step Description Results 1 OIC GRC Express Portal System

Links to Oracle GRC Resources Step Description Results 1 OIC GRC Express Portal System displays the OIC GRC Express Portal, which provides Access to GRC Sandbox, GRC Training Platform, OIC University. 2 OIC Oracle GRC Sandbox You can access the individual Oracle GRC applications. 3 OIC Oracle GRC Training Platform You can access Oracle GRC Manuals and OIC Oracle GRC Training Documents. 4 OIC Requirements for Oracle GRC, Security and Controls Professional You can review our requirements for Oracle GRC, Security and Controls Professionals 5 Oracle GRC Resources I urge you to review the OIC website and links to Oracle GRC Resources 6 OIC Oracle GRC Express Blog I urge you to participant by adding posts, comments, etc. 7 OIC Global Oracle GRC Contractors Network I thought we could use this portal for e-Learning and Chat. 8 OIC You. Tube Review the short videos that I have uploaded. 5/21/2021 Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 12

Lab Questions # Question Type of Internal Control Provided 1 What are the GRC

Lab Questions # Question Type of Internal Control Provided 1 What are the GRC applications included in the Oracle GRC Controls Suite? 1. 2. 3. 4. 5. 6. 5/21/2021 AACG GRCI GRCM CCG PCG TCG Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 13

Lab Questions # Question Type of Internal Control Provided 1 Map the following Oracle

Lab Questions # Question Type of Internal Control Provided 1 Map the following Oracle GRC Applications to the Controls Listed • TCG • GRCI • GRCM • AACG • PCG • CCG 1. 2. 3. 4. 5. 6. 5/21/2021 Segregation of Duties Configuration Management Transaction Controls Change Management Preventive Controls Application Access Controls Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 14

Lab Questions # Question 2 Can you install Oracle CCG 5. 5. 1 on

Lab Questions # Question 2 Can you install Oracle CCG 5. 5. 1 on a Virtual Server? 3 Can you Configure CCG 5. 5. 1 with an EBS Instance that uses RAC? 4 What is the GRC Support Matrix? 5 What triggers the generation of the baseline snapshot and baseline change tracking definitions? 5/21/2021 Answer Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 15

Lab Exercise Step Description Results 1 Log into Oracle CCG 5. 5. 1. 2

Lab Exercise Step Description Results 1 Log into Oracle CCG 5. 5. 1. 2 Log into Oracle GRCC 8. 6 3 Log into Oracle R 12. 1. 1 and select GRC Controls Responsibility 4 Log into Oracle. Elearning. com/Moodle 5 Log into all other links provided 5/21/2021 Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 16

Q&A Questions and Answers Session 5/21/2021 Copyright © Oracle Independent Consultants (OIC) LLC, 2011.

Q&A Questions and Answers Session 5/21/2021 Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 17

Summary During this lesson, you learned: CCG Provides Internal Controls for: Configuration Management Change

Summary During this lesson, you learned: CCG Provides Internal Controls for: Configuration Management Change Management Controls Prerequisites for an Oracle GRC Solution Supported by Oracle Generate Baseline Snapshot and Change Tracking Definitions Edit, Test and Schedule Snapshot Definitions Log into CCG 5. 5. 1 Display Your Welcome Page Change Your User Profile Appendices include: Appendix I: Course Outline Using CCG 5. 5. 1 Appendix II: Links to Oracle CCG Manuals 5/21/2021 Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 18

Conclusion This concludes this lesson. You are now ready to begin your adventure with

Conclusion This concludes this lesson. You are now ready to begin your adventure with Oracle GRC Live with Real World Business Cases and Real World Solutions Using the Oracle GRC Controls Suite of Applications. 5/21/2021 Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 19

About OIC (Oracle Independent Consultants LLC) is an Oracle Gold Partner and focuses solely

About OIC (Oracle Independent Consultants LLC) is an Oracle Gold Partner and focuses solely on providing risk and advisory services, installation, implementation and configuration services, training and resources for Oracle Governance, Risk and Compliance (GRC) solutions, which includes Oracle Security and Control solutions. Contact Us to learn more. You can also call me directly at 214 -783 -0751 or send an email to roger. drolet@theoicllc. com. Roger Drolet, CPA, MBA, CISA, CITP www. theoicllc. com www. oraclegrcexpress. com 5/21/2021 Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved. 20