1z0-1058-23 Oracle Risk Management Cloud 2023 Implementation Professional Questions and Answers

Oracle Advanced Access Controls is designed to enforce segregation of duties within your applications. It identifies users with sensitive access and separation-of-duties conflicts by analyzing their assigned roles and privileges. When these authorizations, individually or in combination, create the potential for fraud or significant error, Oracle Advanced Access Controls flags them, helping to prevent such risks.

References:

• Overview of Oracle Advanced Controls1.
• Oracle Advanced Access Controls identifies users with sensitive-access and separation-of-duties conflicts2.

To meet the customer’s requirements for conducting Operational Effectiveness assessments with restricted access and specific review processes, you should design perspectives using the Region hierarchy for security purposes and the Business Process hierarchy for reporting. This approach allows you to:

• Assign perspective values to controls and assessments based on the Region hierarchy to ensure that assessment results are accessible only to users within the respective regions (North America and EMEA).
• Utilize the Business Process hierarchy for organizing and reporting control assessments, enabling the Chief Risk Officer to review the results by Business Process on a weekly basis.

By separating the security and reporting functions into two distinct hierarchies, you can effectively manage user access and provide structured reporting that aligns with the customer’s organizational and operational needs.

References:The solution is derived from Oracle’s documentation on perspectives, which explains how perspective values can be assigned to object records for sorting and filtering, as well as for security and reporting purposes in risk management and compliance processes12. It is essential to consult the latest Oracle Risk Management documentation to ensure the perspectives are designed correctly for the specific use case345.

• Group the expense reports by “Report Number” to ensure each report is evaluated individually.
• Apply an inclusive filter to select reports where the “Expense Type” includes any of the specified suspicious combinations.
• The “In” condition allows the filter to match any of the listed expense types within a single report.

References For specific instructions and verified procedures, please refer to the Oracle Risk Management documentation available on the Oracle website or contact Oracle support directly for assistance.

Please note that the actual implementation details and available features may vary based on the version of the Oracle Risk Management system you are using and any customizations that have been applied. It’s always best to consult the official documentation or a qualified Oracle consultant for the most accurate information.

• Navigate to Risk Management Tools > Setup and Administration > Data Migration, and select Advanced Controls: This step initiates the process by accessing the Data Migration tool within the Advanced Controls module.
• Generate Template as Without Data – Perspectives Only: This step involves generating a template that is specifically tailored for perspective data without including any pre-existing data. This is suitable when the data to be uploaded has no relationships to data already existing in the target environment.
• Click the Create Import Template button: This final step creates the import template which can then be updated with the new perspective items before running the import process.

References:The information has been verified and is based on the Oracle Risk Management documentation, which provides detailed instructions on using the Data Migration tool12.

In Oracle Risk Management, a transaction model includes filters that define aspects of risk, then select transactions exhibiting the defined risk. These models, known as “transaction models” in Oracle Advanced Financial Controls, return temporary results. The suspect records identified by a model are replaced each time the model is evaluated. This feature is particularly useful for testing a risk-logic definition before applying it in a control or for auditors assessing the risk inherent in a system at a given moment.

References:

• Overview of Oracle Advanced Controls1.

To verify that all controls are set up for the Audit Test assessment type in the import template, you would:

• Open the import template and navigate to the relevant worksheet for controls.
• Look for the columns that correspond to the Assessment Flag and the Audit Testing Flag.
• Ensure that both flags are set to “Y” for each control that is to be used for the Audit Test assessment type.

This verification process confirms that the controls are correctly flagged to be included in the Audit Test assessments.

References:The guidelines for setting up controls in the import template, including the use of flags for assessment types, are provided in the Oracle Risk Management documentation1. Additionally, the import template data requirements specify the use of flags to represent selections in the user interface1.

• When you synchronize transaction data, the system uploads new and modified records from your Oracle Cloud data source for the business objects used by all current transaction models and controls1.
• The synchronization job updates all business objects used by all current transaction models and controls, and it does so based on the transactions dated after the Transaction Created As of Date1.
• This ensures that the transaction models (and controls) evaluate current data, which is crucial for maintaining the accuracy and relevance of the controls1.

References:

• For more information on the synchronization process and its impact on transaction models, you can refer to the Oracle documentation on Synchronizing Transaction Data1.
• Additional details regarding the scheduling and running of data synchronization jobs can be found in the Oracle documentation on Scheduling or Running Data Synchronization2.
• The Oracle Fusion Cloud Risk Management 23D What’s New document provides insights into the necessity of running the Transaction Data Source Synchronization job when there are new attributes or attribute changes in business objects3.

• Remove Control Certification Assessor Composite: This action will address Problem 1 by removing the duty composite that is likely causing the user to receive notifications for control assessments1.
• Set Perspective Value to EMEA Including All Child Nodes: Adjusting the data security policy to include all child nodes of the EMEA region will solve Problem 2, granting the user access to controls created for individual regions within EMEA1.

References: For the official and verified answer, please refer to the Oracle Risk Management documentation on their website, specifically the sections discussing role configuration and data security policies123.

• Create an Imported Business Object: Import the file containing the list of companies into Oracle Risk Management as an imported business object1.
• Select the ‘Payment’ Business Object: Choose Oracle’s delivered “Payment” business object, which includes attributes related to payment transactions2.
• Combine Objects in a Model: Use the transaction model to combine the imported business object with the “Payment” business object1.
• Add a Standard Filter: Implement a standard filter to compare the “Remit to Supplier Name” from the “Payment” object with the “Company Name” from the imported business object. Set the similarity condition to 95% to identify payments made to companies on the list1.

References:

• Oracle’s documentation on Overview of Transaction Models provides insights into how transaction models can uncover transactions that might involve risk, such as payments to unwanted companies.
• The Overview of Business Objects explains how to work with imported objects and combine them with delivered objects for analysis.
• Detailed instructions on Selecting Business Objects for a Transaction Model guide through the process of creating and using filters within a model.

• Access the Oracle Risk Management application.
• Navigate to the Security Console.
• Review the role configuration for ‘Control Manager’ to understand the permissions and controls associated with the role.
• Identify the controls that are associated with the perspectives that User A has access to.
• Determine which controls User A can manage based on their role configuration and the control-perspective association.

References:

• Oracle Risk Management and Compliance documentation1.
• Oracle documentation on creating Risk Management roles in the Security Console2.
• Oracle University’s course materials on Oracle Risk Management Cloud3.

To define an IT Compliance Manager job role with the required privileges to manage risks and controls, as well as issues related to them, the following duty roles must be included:

• Seeded Risk Manager Composite: This duty role includes privileges necessary for managing risks.
• Control Manager Composite: This duty role encompasses privileges for managing controls.
• Issue Manager Composite: This duty role contains privileges for managing issues related to risks and controls.

These duty roles collectively provide a comprehensive set of privileges that cover all aspects of risk and control management, as well as issue resolution, which are essential for an IT Compliance Manager job role.

References:

• Oracle documentation on creating risk management roles in the Security Console provides insights into the role creation process and the types of roles that can be created, including job roles and duty roles1.
• The IT Security Manager job role documentation lists the duties and privileges that are inherited by the job role, which is similar to what would be required for an IT Compliance Manager role2.
• The Roles Overview documentation from Oracle outlines various roles available within Oracle Fusion Cloud Financial Reporting Compliance, including the Risk Activities Manager and Risk Administrator, which are related to the management of risks and controls3.

• In Oracle Risk Management Cloud, risks need to be in an “approved” state before you can associate controls with them. This ensures that only vetted and acknowledged risks are managed with corresponding controls.
• While the Data Migration tool is typically used for importing data from external sources, it is not designed for mapping controls to risks. Instead, controls are usually added manually within the system.
• After controls are defined, they can be related to the approved risks manually, ensuring that each risk is paired with appropriate control measures.

• Identify the organizations or business units: This involves determining the specific parts of the organization where the new controls will be applied. It is crucial to understand the scope of the controls within the organizational structure to ensure that the appropriate levels of review and approval are established.
• Identify users who will perform control review and approval: After defining the scope, the next step is to specify the individuals who will be responsible for reviewingand approving the controls. This includes assigning users to the roles that will have the authority to review and approve the controls at each required level.

References:The information provided is based on the Oracle Risk Management documentation, which outlines the processes for setting up approvals within the system123. These references detail the necessary steps and considerations for managing approvals and ensuring proper control within the Oracle Risk Management framework.

• Navigate to the Issues tab in the Issues work area.
• In the Issues page, select the row for the issue you want to close.
• Ensure that the issue status is In Edit.
• From the Actions menu, select Close Issue.
• A Close Issue dialog will open.
• Select a reason for closing the issue in a Specify Reason for Action list.
• Optionally, add a comment that supports the action you selected.
• Click OK.

Once you close an issue, it can no longer be edited.

References:

• Oracle documentation on closing an issue1.

• Design Review - This activity type is used to determine if a control or process is designed effectively and meets its guidelines.
• Certify - This activity type is for the assessment of whether the information in an assessment of an object (process, risk, control) is accurate and complete.
• Audit - The audit test activity type checks if a risk, control, or process meets audit guidelines.

References:The information is verified and compiled from the Oracle Risk Management documentation, specifically from the section on Assessment Activity Types1.

Please note that while ‘Assess Risk’ is a valid activity type, it is not among the three options to choose from for this specific question according to the Oracle documentation.

To populate the Control Method field with a new custom value, such as a third-party application, you would use the Lookup Code of the new lookup value. This process involves navigating to the Lookups page in the Setup and Administration work area, where you can manage the lookup codes and their meanings. Here’s a step-by-step guide:

• Open the Lookups page by selecting the Lookups tab in the Setup and Administration work area.
• Click on ‘Show Filters’.
• In the Meaning field of the Filters panel, enter the value you noted.
• Click ‘Search’ to find the specific lookup code.
• Once you have located the lookup code, you can use it to populate the Control Method field with the new custom value1.

References:

• Oracle Help Center documentation on adding a risk field2.
• Oracle documentation on managing lookups1.

• Validate New Lookup Values: Before importing data, it’s crucial to ensure that any custom list of values, such as Control Frequency, has new lookup values created. This is necessary because the import process relies on these values to correctly map the imported data to the corresponding fields in the Oracle Risk Management system.
• Validate Worksheet IDs: It’s important to check that there are no duplicate worksheet IDs within the same worksheet. Duplicate IDs can cause conflicts and errors during the import process, leading to data corruption or loss.
• Validate System ID Column: The System ID column must be populated correctly to maintain data integrity. This column typically contains unique identifiers for records, which are used to track and manage data throughout the import process.

References:

• For the validation of new lookup values and ensuring the correct population of the System ID column, refer to the best practices outlined in the Oracle documentation on import and export management1.
• The importance of unique worksheet IDs and their validation is discussed in the Oracle Risk Management User Guide, which provides instructions on preparing data for import2.

When an access incident in Advanced Access Controls (AAC) that has been previously remediated and closed is found to pose a conflict again during a subsequent evaluation, a new incident is created based on the original incident. This ensures that the incident is tracked and managed appropriately while maintaining the record of the original incident’s closure.

References:The information is based on Oracle’s documentation which states that if the status of an incident is “Closed” or “Control Inactive,” its state is “Closed.” However, it does not explicitly detail the process for incidents that reoccur after being closed. The answer provided is inferred from the standard practices of incident management where new occurrences of previously resolved issues are tracked as new incidents1.