Transcription
Oracle Governance, Risk and ComplianceIntelligenceUser's GuideRelease 3.0.1Part No. E17594-01May 2010
Oracle Governance, Risk and Compliance Intelligence User's Guide, Release 3.0.1Part No. E17594-01Copyright 2007, 2010, Oracle and/or its affiliates. All rights reserved.Primary Author:Douglas J. MyersContributing Author: Denise Fairbanks Simpson, Ashwin Sadanandan, Reza B'far, ChandramohamSubbiah, Khalid Kazi, Hugh Mason, Kim Wilmot, Madhavi Gopaladasu, Mark Stebelton, Mohamed Hussain,Mumu Pande, Pamela Rietz, Pournima Patil, Prasanna Chimata, Sinha Siddharth, Tim Beltz, Sangeeth Lal,Smrithy Abraham, Love Ojha, Pramod Kalady, Radhika Kanumuru, Srinivasa SamudralaOracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarksof their respective owners.This software and related documentation are provided under a license agreement containing restrictions onuse and disclosure and are protected by intellectual property laws. Except as expressly permitted in yourlicense agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license,transmit, distribute, exhibit, perform, publish or display any part, in any form, or by any means. Reverseengineering, disassembly, or decompilation of this software, unless required by law for interoperability, isprohibited.The information contained herein is subject to change without notice and is not warranted to be error-free. Ifyou find any errors, please report them to us in writing.If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalfof the U.S. Government, the following notice is applicable:U.S. GOVERNMENT RIGHTSPrograms, software, databases, and related documentation and technical data delivered to U.S. Governmentcustomers are "commercial computer software" or "commercial technical data" pursuant to the applicableFederal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication,disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in theapplicable Government contract, and, to the extent applicable by the terms of the Government contract, theadditional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). OracleUSA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.This software is developed for general use in a variety of information management applications. It is notdeveloped or intended for use in any inherently dangerous applications, including applications which maycreate a risk of personal injury. If you use this software in dangerous applications, then you shall beresponsible to take all appropriate fail-safe, backup, redundancy and other measures to ensure the safe use ofthis software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of thissoftware in dangerous applications.This software and documentation may provide access to or information on content, products and servicesfrom third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim allwarranties of any kind with respect to third party content, products and services. Oracle Corporation and itsaffiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of thirdparty content, products or services.
ContentsSend Us Your CommentsPreface1About Governance, Risk, and Compliance IntelligenceWhat is Governance, Risk, and Compliance?. 1-1Governance, Risk, and Compliance Intelligence Explained. 1-1GRCI 3.0.1 Solution Overview. 1-2What are the User Roles for the Business Processes?. 1-2About Languages. 1-2Related Oracle Publications. 1-32DashboardsAbout Dashboards. 2-1Dashboard Options. 2-13Enterprise Governance, Risk and Compliance DashboardsFinancial Governance Dashboard. 3-1Certifications Tab . 3-1Issues Tab . 3-5Analysis Tab . 3-9Audit Scoping Dashboard . 3-13Scope Coverage Tab . 3-14Scope Analysis Tab . 3-16iii
4Enterprise GRC Manager ReportingIntroduction. 4-1Assessments Report Folder. 4-1Audit Scoping Reports Folder. 4-2Compliance Reports Folder. 4-3Components Report Folder. 4-3Controls Report Folder. 4-4Issues Reports Folder. 4-4Perspectives Report Folder. 4-5Risk Report Folder.4-6Ad hoc Report Folder. 4-65Subject Areas for EGRCMAnswers Start Page Overview. 5-1Financial Governance Module Overview. 5-2Subject Area – Financial Governance Module. 5-3EGRC Details Overview.5-74Subject Area – EGRC Details. 5-756Application Access Control DashboardsSOD Policy Dashboard. 6-1Overview Tab. 6-1Details Tab. 6-5SOD Policy - Auditor Dashboard. 6-9Overview Tab. 6-9Details Tab. 6-14SOD User Review Tab . 6-20SOD Policy - Owner Dashboard. 6-20Overview Tab. 6-21Details Tab. 6-28SOD Policy Conflicts Dashboard. 6-32Overview Tab. 6-33Detail Tab. 6-397Application Access Controls Governor ReportingIntroduction. 7-1Conflict Report Folder. 7-1Exclusions Report Folder. 7-4iv
Policy Reports Folder. 7-5SOD User Review Reports Folder.7-78Subject Areas for AACGIntroduction. 8-1Subject Area – SOD Policy. 8-2Subject Area – SOD Policy Conditions. 8-8Subject Area – SOD User Review. 8-14Subject Area – SOD Conflicts. 8-19Subject Area – SOD Detail. 8-30Common Dimensions Explained. 8-33Using Common Dimensions. 8-33Conditions Explained. 8-34Using Start and End Dates for Conditions. 8-35Conditions Metrics. 8-36Path Conditions Explained. 8-36AModifying Reports and DashboardsModifying Report Titles. A-1Tips on Modifying Report Titles. A-2Creating Report Prompts. A-4Tips on Creating Report Prompts. A-6Modifying Charts. A-6Tips on Modifying a Chart. A-7Creating Formulas within Reports. A-9Modifying Tables. A-9Tips on Modifying Tables. A-10Modifying Pivot Tables. A-11Tips on Modifying Pivot Tables.A-12Conditional Formatting. A-12Tips on Conditional Formatting. A-13Modifying Data Formats. A-14Using Filters. A-15Tips on Using Filters . A-16Printer Friendly Reporting. A-18Modifying Dashboards. A-19Indexv
Send Us Your CommentsOracle Governance, Risk and Compliance Intelligence User's Guide, Release 3.0.1Part No. E17594-01Oracle welcomes customers' comments and suggestions on the quality and usefulness of this document.Your feedback is important, and helps us to best meet your needs as a user of our products. For example: Are the implementation steps correct and complete?Did you understand the context of the procedures?Did you find any errors in the information?Does the structure of the information help you with your tasks?Do you need different information or graphics? If so, where, and in what format?Are the examples correct? Do you need more examples?If you find any errors or have any other suggestions for improvement, then please tell us your name, thename of the company who has licensed our products, the title and part number of the documentation andthe chapter, section, and page number (if available).Note: Before sending us your comments, you might like to check that you have the latest version of thedocument and if any concerns are already addressed. To do this, access the new Oracle E-Business SuiteRelease Online Documentation CD available on My Oracle Support and www.oracle.com. It contains themost current Documentation Library plus all documents revised or released recently.Send your comments to us using the electronic mail address: appsdoc us@oracle.comPlease give your name, address, electronic mail address, and telephone number (optional).If you need assistance with Oracle software, then please contact your support representative or OracleSupport Services.If you require training or instruction in using Oracle software, then please contact your Oracle local officeand inquire about our Oracle University offerings. A list of Oracle offices is available on our Web site atwww.oracle.com.vii
PrefaceIntended AudienceWelcome to Release 3.0.1 of the Oracle Governance, Risk and Compliance Intelligence User'sGuide.This guide is intended for information technology personnel and privileged usersresponsible for using and configuring the GRC Intelligence application. It assumes thereader is familiar with Oracle applications.See Related Information Sources on page x for more Oracle E-Business Suite productinformation.Deaf/Hard of Hearing Access to Oracle Support ServicesTo reach Oracle Support Services, use a telecommunications relay service (TRS) to callOracle Support at 1.800.223.1711. An Oracle Support Services engineer will handletechnical issues and provide customer support according to the Oracle service requestprocess. Information about TRS is available athttp://www.fcc.gov/cgb/consumerfacts/trs.html, and a list of phone numbers isavailable at tation AccessibilityOur goal is to make Oracle products, services, and supporting documentation accessibleto all users, including users that are disabled. To that end, our documentation includesfeatures that make information available to users of assistive technology. Thisdocumentation is available in HTML format, and contains markup to facilitate access bythe disabled community. Accessibility standards will continue to evolve over time, andOracle is actively engaged with other market-leading technology vendors to addresstechnical obstacles so that our documentation can be accessible to all of our customers.For more information, visit the Oracle Accessibility Program Web site atix
http://www.oracle.com/accessibility/.Accessibility of Code Examples in DocumentationScreen readers may not always correctly read the code examples in this document. Theconventions for writing code require that closing braces should appear on an otherwiseempty line; however, some screen readers may not always read a line of text thatconsists solely of a bracket or brace.Accessibility of Links to External Web Sites in DocumentationThis documentation may contain links to Web sites of other companies or organizationsthat Oracle does not own or control. Oracle neither evaluates nor makes anyrepresentations regarding the accessibility of these Web sites.Structure12345678AAbout Governance, Risk, and Compliance IntelligenceDashboardsEnterprise Governance, Risk and Compliance DashboardsEnterprise GRC Manager ReportingSubject Areas for EGRCMApplication Access Control DashboardsApplication Access Controls Governor ReportingSubject Areas for AACGModifying Reports and DashboardsRelated Information SourcesOracle Governance, Risk and Compliance Intelligence, Implementation Guide, Release3.0.1 Part No. E17594-01Do Not Use Database Tools to Modify Oracle E-Business Suite DataOracle STRONGLY RECOMMENDS that you never use SQL*Plus, Oracle DataBrowser, database triggers, or any other tool to modify Oracle E-Business Suite dataunless otherwise instructed.Oracle provides powerful tools you can use to create, store, change, retrieve, andmaintain information in an Oracle database. But if you use Oracle tools such asSQL*Plus to modify Oracle E-Business Suite data, you risk destroying the integrity ofyour data and you lose the ability to audit changes to your data.Because Oracle E-Business Suite tables are interrelated, any change you make using anOracle E-Business Suite form can update many tables at once. But when you modifyOracle E-Business Suite data using anything other than Oracle E-Business Suite, youmay change a row in one table without making corresponding changes in related tables.x
If your tables get out of synchronization with each other, you risk retrieving erroneousinformation and you risk unpredictable results throughout Oracle E-Business Suite.When you use Oracle E-Business Suite to modify your data, Oracle E-Business Suiteautomatically checks that your changes are valid. Oracle E-Business Suite also keepstrack of who changes information. If you enter information into database tables usingdatabase tools, you may store invalid information. You al
123A, and Japanese SOX (J-SOX), are forcing organizations to adopt rigorous approaches to documenting and testing internal processes and controls. Oracle's Governance, Risk and Compliance Intelligence solution is designed to enhance your visibility into the organization's comp
