Thank you for taking the time to learn more about the OIC and
Oracle Governance, Risk and Compliance (GRC) Technology Products
and Applications.*We Implement GRC Solutions Using Oracle GRC
Applications
We Implement GRC Solutions Using Oracle GRC Applications
Welcome to the OIC Presentation, Introduction to the Oracle GRC
Platform. I spend most of my time working on activities to improve
and grow the OIC GRC Practice. Sometimes, I forget just how hard it
was in the beginning just to be able to identify the applications,
which are currently included in the Oracle GRC Platform.
I developed this presentation to provide you with an overview of
the Oracle Technology Products and Applications, which are included
in the Oracle GRC Platform. You will learn that you simply cant use
the generic word GRC when you discuss GRC Requirements and/or
Oracle GRC Solutions. The Oracle GRC Platform includes several
suites of Oracle GRC Technology Products and Applications. You need
to be able to map the companys GRC requirements to a specific
Oracle Technology Product or Application (e.g. Identity Management
(IdM) and Configuration Controls Governor (CCG).**Story Board
In this short presentation, I will simply have time to identify
and the Oracle Governance, Risk and Compliance (GRC) Technology
Products and Applications that are included in the Oracle GRC
Platform.
I will only have time to review a couple of slides with you;
however, you can download the PowerPoint presentation, Introduction
to the Oracle GRC Platform, which includes more detail including my
slide notes. I have also provided you with links to resources such
as additional information, fact sheets, whitepapers, and
videos.
Oracle GRC is a fast growing discipline with scarce resources.
If you have a background in Database Security, Auditing,
Accounting, Oracle Financials, Non-Oracle GRC or Oracle GRC, then
you may want to consider leveraging your current skills to learn
how to implement GRC solutions using the Oracle GRC Technology
Products and/or Applications.
******Oracle GRC PlatformThe Oracle GRC Platform currently
includes Oracle GRC Technology Products and Applications that fail
into one of the following Oracle GRC Core Capabilities:
Oracle GRC InsightOracle GRC Process ManagementOracle GRC
Application ControlsOracle GRC Technology Controls
Oracle GRC Insight
Fusion Governance, Risk, and Compliance Intelligence combines
qualitative and quantitative information and presents this
information in integrated dashboards and reports, thereby allowing
executives and managers to confidently identify and focus efforts
on key risks and control issues including access policy conflicts.
The solution delivers both out-of-the-box dashboards as well as
hundreds of pre-delivered metrics so that business users can
quickly construct their own reports for on-the-spot analysis.
Oracle GRC Process ManagementOracle Enterprise Governance, Risk,
and Compliance Manager - Fusion Edition, reduces overlapping and
redundant policies, risks, and controls associated with overlapping
GRC mandates and standards. With a central content repository,
dynamic workflows for compliance and risk management processes, and
pre-built integration to automated application controls, Oracle
Enterprise GRC Manager solves the immediate requirements associated
with current regulatory or industry mandates, while also providing
a robust foundation to satisfy future needs.
Oracle GRC Application ControlsMinimize Reliance on Manual
Controls. Reduce Risk of Fraud. Control User Access.Undetected
changes to application and access controls can impact the
reliability and integrity of financial reporting and flow of
business activities. Given increased scrutiny from customers,
regulators, auditors, investors, and partners, organizations need
to monitor critical application access, configurations, and
transactions to ensure that operations adhere to company or
regulatory policy and that breaches are identified and attended to
as early as possible.
Oracle GRC Technology ControlsOracle GRC Technology Controls
deliver robust access and security controls for all levels of the
IT infrastructure - from applications, middleware, and the database
- and across heterogeneous environments.**Oracle GRC Intelligence
(GRCI) 3.0Oracle GRC Intelligence (GRCI) 3.0 is also referred to as
Oracle Fusion Governance, Risk, and Compliance Intelligence (Fusion
GRC Intelligence). The OIC has installed Oracle GRCI on our server
hosted by The Planet.
Contact Us at http://www.theoicllc.com/contact_us to learn more
about GRCI and how you can gain access to our instance of Oracle
GRC Intelligence 3.0, which is integrated with Application Access
Controls Governor (AACG) 8.0. We will also integrate GRCI 3.0 with
GRC Manager (GRCM) 3.0. **Centralize GRC Content. Automate Risk and
Compliance Processes. Monitor Control Status.Oracle Enterprise
Governance, Risk, and Compliance Manager - Fusion Edition, reduces
overlapping and redundant policies, risks, and controls associated
with overlapping GRC mandates and standards. With a central content
repository, dynamic workflows for compliance and risk management
processes, and pre-built integration to automated application
controls, Oracle Enterprise GRC Manager solves the immediate
requirements associated with current regulatory or industry
mandates, while also providing a robust foundation to satisfy
future needs.
BenefitsSingle central repository for policies, risks, and
controlsMap regulations to policies, objectives, risks, and
controls to provide evidence of compliance;Reduce redundant
information silos and overlapping tasks, while allowing separate
lines of business to address the distinct risk and compliance
requirements of their organization; andUtilize date-effective audit
trails that track the "who, what, and when" of changes made to
risk-control matrices, work papers, and other evidence
Automation of compliance and risk management workflowsEstablish
an enterprise understanding of risk with a disciplined process to
identify, assess, and treat risks;Streamline the full compliance
lifecycle from documentation and assessment to remediation,
certification, and reporting; andProvide a common workspace to
enable a cross-enterprise team approach to compliance and risk
management
Oversight of automated and manual control activitiesIdentify
emerging risk exposures by monitoring results from both automated
and manual controls;Shorten remediation and certification cycles
with closed-loop integration to controls monitoring solutions;
andIntegrate with business applications such as Enterprise
Performance Management (EPM) and Enterprise Resource Planning (ERP)
to support Finance, IT, and industry-focused GRC requirements
**Oracle GRC Application ControlsOracle GRC Application Controls
is a suite of four (4) Governors, which provide Oracle Application
Controls. Oracle recently released Oracle GRC Controls (GRCC) 8.5,
which includes both Application Access Controls Governor (AACG) 8.5
and Transaction Controls Governor (TCG) 8.5. I believe that the
most current release is patched to 8.5.1.243.
Hands On ExperienceThe OIC is looking for Talented Oracle
Professionals who are Oracle GRC Contract Professionals who have
hands on experience using the most current release of the Oracle
GRC Application Controls Suite of Applications.
Need Oracle GRC Application Controls Training?The OIC provides
training for the Oracle GRC Application Controls Suite of
Applications. All of our Oracle GRC Training includes FREE access
for ninety (90) days to Release 12.1.1 of the Oracle Vision
Instance and one or more of the following Oracle GRC Applications:
AACG 8.5, TCG 8.5, CCG 5.5.1 and PCG 7.3.1.
In addition, all students are able to access our Oracle GRC
Tutor Author Courseware. We convert all Oracle GRC Training
Documentation to both pdf and html formats. Students are given read
only access to our GRC Courseware. At some point in the near
future, we will also provide the OIC Oracle GRC Courseware in UPK
format.
Non OIC Member Contractors can register for one or more of our
Oracle GRC Courses at http://www.oracleelearning.com/moodle/.
OIC Member Contractors receive a 25% discount off the retail
price of all OIC Training Tools and Services and they can register
for our courses at http://www.theoicllc.com/membership.
Access Oracle GRC Application ControlsYou can simply become an
OIC Member Contractor by registering for 90 Days Access to Oracle
GRC Controls at http://www.theoicllc.com/membership. You will be
given access to the Oracle Documentation as well as physical access
to our dedicated Release 12.1.1 Oracle Vision Instance AND to the
entire Oracle GRC Application Controls Suite of Applications for
ninety (90) days. This provides you with sufficient time to gain
the hands on experience you need working with the Oracle GRC
Application Controls Suite of Applications to work on projects to
implement these applications.
**Real-Time Enforcement of Segregation of Duties and Access
PoliciesThe ability to fine-tune user accessand to track that
accessis key to complying with regulatory requirements and ensuring
corporate security. Oracle Application Access Controls Governor
provides real-time monitoring and proactive enforcement of crucial
access policies, such as those that support segregation of duties
(SOD). The system anticipates potential SOD conflicts before they
arise, and even prevents any assignment of roles or
responsibilities within an application that would compromise proper
segregation of duties. Application Access Controls Governor also
extends key access controls to "super-users" and temporary or
contract workers.
Benefits
Real-time monitoring and enforcement of SOD controls, including
prevention of access provisioning that would jeopardize SOD
Simplifiy SOD maintenance through automated simulation and
remediation
Graphical simulation to look into access points, detect SOD
conflicts, and evaluate treatment options Preview the effects of
clean up and sensibly advise on the best remediation
Comprehensive library of best practice SOD controls Rapid
deployment and time to value using pre-delivered, best-practice
controls library
**Continuous Monitoring of Business Transactions Oracle
Enterprise Transaction Controls Governor continuously monitors
transactions against policies to detect suspicious transactions or
redundant business practices that get in the way of performance. By
spotting anomalies in everyday transactions, the system prevents
cash leakage. Escalation of risk, fraud, and costly remediation are
avoidedOracle Enterprise Transaction Controls Governor tracks
events that indicate:Potential violation of internal controls - for
example, an employee raises multiple requisitions for a single
purchase totaling an amount greater than her approval
level;Heightened levels of risk - for instance, an unexpected delay
in anticipated cash receipts which would result in a shortfall in
projected cash flow; andReportable events - for example, a foreign
subsidiary writes off a significant bad debt
Benefits
Continuous monitoring of transactions across processes including
Procure-to-Pay, Order-to-Cash, Hire-to-Retire, and Record-to-Report
Increase visibility into the actual operations of the controls
environment
Statistical logic to systematically uncover inappropriate or
suspicious transactions and control violations Mitigate exposure to
error, misuse, and fraud from out-of-policy business
transactions
Intuitive authoring of access, master data, and transaction
controls Create policies and analyze controls using an intelligent
and interactive interface
**Powerful, Flexible Control over Application Integrity and
FunctionalityOracle Configuration Controls Governor is an automated
solution that controls and tracks changes to key application setup
data, using notifications and detailed reports to facilitate change
management without burdening core business operations. The solution
enables tracking of all changes, providing a detailed audit
history, and records designated setup values, permitting quick
comparison of values from different points in time or environments.
With Oracle Configuration Controls Governor, you can ensure
application integrity, audit changes, and continuously monitor
setups. As a result, you can reduce financial loss, regulatory
cost, audit effort, and the risks associated with them. Adding
Preventive Controls Governor enhances these benefits by blocking
unwanted changes, requiring third-party approval and/or reason
codes for sensitive changes, and logging change attempts.
Benefits
Monitor key setups for any change, track "Who, What, Where and
When," and receive notification of critical setup changes Complete
audit trail for changes to key configurations
Document application setup with point-in-time snapshots
Accelerated analysis and audit
Identify changes and discrepancies with snapshot comparisons, to
manage changes that can have significant financial or regulatory
impact Consistent setup and operating standards across multiple
environments
**Ensure Data Quality and Privacy with Granular ControlControl
over the quality of applications data starts at the user level.
Without such control, your company is left open to mistakes, loss
of data, and fraud. The Oracle Preventive Controls Governor
provides fine-grained control over user viewing and editing of key
data, while tracking changes (or attempted changes) by users. With
it, you can limit or control which data fields applications users
can change or see, define the types of data users can input in
various fields, and limit the values of transactions to enforce
regulatory or corporate guidelines. The Oracle Preventive Controls
Governor provides not only assured regulatory compliance and
protection against fraud, but also the prevention of many common
data-entry errors.
Benefits
Enforcement of data quality policies such as mandatory fields,
customizable LOVs (Lists of Values) and insertion of default values
Monitor and prevent unauthorized changes to critical application
setup and data
Enforcement of tolerance limits, such as maximum values for
transactions required to meet regulatory or corporate requirements
Enforce data integrity with field, block, and form change
control
Restriction of user views, allowing users to view only the
fields needed to complete a legitimate transaction Protect
sensitive information from unauthorized viewers**Oracle GRC
Technology ControlsUnlike Oracle GRC Applications, you must have an
Oracle technical background including experience as an Oracle
Database Administrator (DBA) to effectively and efficiently install
and implement Oracle GRC Solutions as the Server and Database
Levels. The GRC Applications provide GRC solutions at the
Application level.**Reduce the Cost of Protecting DataRegulations
such as Sarbanes-Oxley, Payment Card Industry (PCI) Data Security
Standard (DSS), Health Insurance Portability and Accountability Act
(HIPAA), Gramm-Leach-Bliley Act (GLBA) and similar global
directives call for separation-of-duties and other preventive
controls to ensure data integrity and data privacy. With Oracle
Database Vault, organizations can pro-actively safeguard
application data stored in the Oracle database from being accessed
by privileged database users. Application data can be further
protected using Oracle Database Vault's multi-factor policies that
control access based on built-in factors such as time of day, IP
address, application name, and authentication method, preventing
unauthorized ad-hoc access and application by-pass.
Pro-actively safeguard application data stored in the Oracle
database-Restrict access by unauthorized database users - even
privileged users - by using powerful access controls built into the
Oracle database.
Address regulatory requirementsImplement separation-of-duty and
other real-time preventive controls.
Restrict ad-hoc access to application data Prevent
application-bypass with multi-factor policies that are enforced in
the database for high security and performance.
Deploy with confidenceUse certified default policies for Oracle
E-Business Suite, Oracle PeopleSoft, and Oracle Siebel CRM
applications.
Resources-Download this PowerPoint so that you can utilize the
links for Resources.
**Reduce the Cost of Compliance Reporting and Database
Monitoring Oracle Audit Vault provides a secure and highly scalable
audit warehouse, enabling simplified reporting, analysis, and
threat detection on audit data. In addition, database audit
settings are centrally managed and monitored from within Audit
Vault, reducing IT security cost. With Oracle Audit Vault,
organizations are in a much better position to enforce privacy
policies, guard against insider threats, and address regulatory
requirements such as Sarbanes-Oxley and PCI.
BenefitsSimplify compliance reportingEasily analyze audit data
and take action in a timely fashion with out-of-the-box reports or
custom reporting via the industry's only open warehouse schema for
audit information
Detect threats quicklyQuickly and automatically detect
unauthorized activities that violate security and governance
policies; thwart perpetrators from covering their tracks
Lower IT costs with audit policiesCentrally manage audit
settings across all databases from a single console
Transparently collect and consolidate audit dataCollect audit
data in a timely fashion across disparate systems
Provide a secure and scalable repositoryLeverage Oracle's
industry-leading security and data warehousing technology to
provide a secure and scalable audit warehouse
**Core Technology for User Provisioning and Cost-Efficient
Compliance Oracle Audit Vault provides a secure and highly scalable
audit warehouse, enabling simplified reporting, analysis, and
threat detection on audit data. In addition, database audit
settings are centrally managed and monitored from within Audit
Vault, reducing IT security cost. With Oracle Audit Vault,
organizations are in a much better position to enforce privacy
policies, guard against insider threats, and address regulatory
requirements such as Sarbanes-Oxley and PCI.
BenefitsFaster deploymentsAn integrated suite approach enables
faster deployments and streamlined day-to-day operations
Improved securityProven, best-in-class solutions work together
as a single solution by abstracting and centralizing security for
applications and web services
Lower TCOA single solution cuts the time spent integrating
disparate components, and provides a single point of contact for
support, a single license contract, and the backing of the world's
largest enterprise software company
**Oracle Identity and Access Management Suite Applications The
Oracle Identity and Access Management Suite of Applications
includes: Oracle Access Manager Oracle Identity Manager Oracle
Identity Federation with Fedlet Oracle Directory Services Plus
The next slide describes the Oracle Access Manager.**User Access
Management for Secure Business InteractionsOracle Access Manager
allows users of your applications or IT systems to log in once and
gain access to a broad range of IT resources. Oracle Access Manager
provides an identity management and access control system that is
shared by all your applications. The result is a centralized and
automated single sign-on (SSO) solution for managing who has access
to what information across your entire IT infrastructure.
BenefitsStrong authentication for secure access
controlEliminating latency in changes to identity policy
information and improves authentication flexibility across mission
critical applications
Seamless interoperability for the heterogeneous
enterpriseSupports the widest range of third party platforms
including IBM Websphere, BEA Weblogic and SAP; thereby providing
scalability and reducing TCO
Identity administration combined with access controlProtects
resources at the point of access and delegates authentication and
authorization decisions to a central authority to help enforce
compliance
**Core Technology for User Provisioning and Cost-Efficient
ComplianceThe rights and attributes of each person who accesses
your IT system continually change as roles, rules, and policies
evolve within your enterprise. The challenge is compounded during
mergers and acquisitions, and when sharing IT privileges with
business partners and customers. Add to that, the burden associated
with meeting regulatory and privacy requirements such as SOX,
HIPAA, HSPD12, and many others. Oracle Identity Manager is a
best-in-class user provisioning and administration solution that
automates the process of adding, updating, and deleting user
accounts from applications and directories; and improves regulatory
compliance by providing granular reports that attest to who has
access to what.
BenefitsIncrease enterprise productivity and securityThe
industry's most comprehensive identity administration solution
features automated user provisioning and de-provisioning, password
management, and approval workflow to cut costs and improve
security
Sustainable complianceThe first solution to integrate
comprehensive auditing, attestation, reporting, diagnostics, and
separation of duties enforcement, makes meeting compliance and
privacy requirements easier, affordable, and repeatable
Proven scalabilityBased on open architecture, Oracle supports
some of the largest provisioning deployments in the industry today;
managing thousands of resources and millions of users across
geographies**Cross-Domain User Access for Seamless Business
IntegrationOracle Identity Federation 11g provides a self-contained
and flexible multi-protocol federation server that can be rapidly
deployed with your existing identity and access management systems.
With its support for leading standards-based protocols, it ensures
the interoperability to securely share identities across vendors,
customers, and business partners without the increased costs of
managing, maintaining, and administering additional identities and
credentials.
BenefitsRapid deploymentAccelerates federation by enabling
identity providers and service providers to connect seamlessly
within minutes. Deploy with minimal configuration and IT support
with an out-of-the-box federated solution
Securely extend business capabilitiesCreate trust relationships
between partners and agencies by connecting users seamlessly and
securely
Standards based interoperable architecture offers
scalabilitySimplify the integration process between business
domains with open architecture for better security, increased
compliance and privacy, and lower costs**Oracle Directory Server
Enterprise Edition(Formerly SUN Directory Server Enterprise
Edition) is the best known directory server with proven large
deployments in carrier and enterprise environments. It is also the
most supported directory by ISVs, so it is ideal for heterogeneous
environments. ODSEE provides a core directory service with embedded
database, directory proxy, Active Directory (AD) synchronization
and a Web administration console. BenefitsRapid
deploymentAccelerates federation by enabling identity providers and
service providers to connect seamlessly within minutes. Deploy with
minimal configuration and IT support with an out-of-the-box
federated solution
Securely extend business capabilitiesCreate trust relationships
between partners and agencies by connecting users seamlessly and
securely
Standards based interoperable architecture offers
scalabilitySimplify the integration process between business
domains with open architecture for better security, increased
compliance and privacy, and lower costs**Oracle Directory Server
Enterprise Edition(Formerly SUN Directory Server Enterprise
Edition) is the best known directory server with proven large
deployments in carrier and enterprise environments. It is also the
most supported directory by ISVs, so it is ideal for heterogeneous
environments. ODSEE provides a core directory service with embedded
database, directory proxy, Active Directory (AD) synchronization
and a Web administration console. BenefitsGreater business
valueImprove application users' productivity and enhance business
transaction availability. Oracle Enterprise Manager is the only IT
management solution that delivers integrated user experience
management, business transaction management and business service
management in a single management console. This integrated approach
helps you understand user experiences, track their transactions and
relate performance issues to underlying IT infrastructure.
Maximum return on IT investmentSimplify management and lower
management-related labor costs for your entire application stack.
Oracle Enterprise Manager is the only solution that manages
applications, middleware, database, and hardware while also
providing broad solutions for application performance management;
configuration and change management; lifecycle management; and
application quality management. This integrated approach eliminates
unnecessary tools and delivers true end-to-end management
visibility and control.
Unparalleled customer satisfactionResolve IT issues proactively.
Oracle Enterprise Manager is the industrys first and only IT
management solution to integrate support services. Within a single
console you can manage your IT, interact with Oracle on
support-related issues, exchange ideas and learn from your peers at
other companies, and implement recommendations and fixes using
automated workflows
****Oracle GRC PortalIf you are interested in learning more
about the Oracle Governance, Risk and Compliance (GRC) Technology
Products and/or Applications, then I do encourage you to visit the
Oracle GRC Portal at
http://www.oracle.com/us/solutions/corporate-governance/index.htm.
I obtained most of the information for this presentation
directly from the Oracle GRC Portal. It doesnt cost anything to
access this information and you dont need an Oracle username or
password to access the Oracle GRC Portal.
OIC Oracle GRC Training PortalI also encourage you to visit the
OIC Oracle GRC Training Portal at
http://www.oracleelearning.com/moodle. We use Moodle as our
training platform. You can also use this OIC E-Learning Portal to
register for any Oracle GRC Courses that we offer. I also suggest
that you visit and post discussions on our forum at
http://www.oracleelearning.com/moodle/mod/forum/view.php?id=46.
OIC YouTube ChannelWe have prepared and uploaded several
presentations to the OIC YouTube Channel at
http://www.youtube.com/theoicllc. These are audio presentations.
You can also download the PowerPoint version of each presentation.
Currently, the list of presentations available on the OIC YouTube
Channel include:Introduction to OICCreate a New Account for My
Oracle SupportAccessing the OIC Oracle Partner Network (OPN)
PortalAccessing the OIC Dedicated Release 12.1.1 Oracle Vision
InstanceIntroduction to Oracle GRC Platform
**I encourage you to contact me if you have questions, comments,
or suggestions. I also encourage you to visit our website at
www.theoicllc.com and our YouTube channel at
www.youtube.com/theoicllc. You can also review the current Oracle
GRC courses that we offer at www.oracleelearning.com/moodle.
Use Your ResourcesI encourage you to take the time to learn how
to access and use your OIC resources. The time and effort it takes
to setup these resources and your investment in time to leverage
these resources is nothing compared to the time and money you will
save and/or potentially earn. You will significantly improve your
Oracle skills and have the confidence knowing that you have access
to My Oracle Support, Oracle Partner Network, and Release 12.1.1 of
the Oracle Vision Demo Instance. In addition, you have access to
many other resources. We provide links to many of these resources
on the Resource tab on our website at http://www.theoicllc.com.
If you use the resources, which are available to our OIC Member
Contractors, you will soon realize that you have thousands of
dollars worth of tools and resources that are available to your
24/7 and 365 days a year.**ConclusionThank you for taking the time
to learn more about the OIC and Oracle Governance, Risk and
Compliance (GRC) Technology Products and Applications.
Please do not hesitate to contact me if you have any questions,
comments, suggestions, etc.
*We Implement GRC Solutions Using Oracle GRC Applications*
