Professional Documents
Culture Documents
Best Practices
July 2018
Oracle recommends that you start with these best practice processes. This
deck shows the processes in some detail
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Oracle Confidential – Internal/Restricted/Highly Restricted 4
Financial Reporting Compliance
Risk Management Applications:
Advanced Controls
Best Practice Process
Identify Unwanted
Access
Address Issues,
Fine-Tune Risks Deploy Advanced
Improve
& Controls Controls
Processes
Certify
Controls
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal/Restricted/Highly Restricted 5
Financial Reporting Compliance
Risk Management Applications:
Advanced Controls
Best Practice Process
Document Risks & Controls Document operational/financial risks and controls in central repository. Use streamlined workflow to review and
improve.
Assess Control Perform self-assessments of all controls, and independently test key controls. Streamline testing with standardized test
Effectiveness plans; accelerate with prior test results.
Identify Unwanted Design automated tests of Financials Cloud transactions to find fraud, error and policy violations.
Transactions
Identify Unwanted Access Design automated tests of Financials Cloud user access to find more users who could cause fraud, error and policy
violations.
Deploy Advanced Controls Enforce continual automated testing and incident management.
Address Issues, Improve Document treatment of control issues that are determined to be significant deficiencies or material weaknesses. Use
Processes issues and treatments to guide process improvements.
Certify Controls Compile control assessment reports for management and audit committee. Produce control certification reports for
executives and financial officers.
Fine-Tune Risks & Controls Perform periodic risk assessments based on feedback from control assessments, issues found, and new data – e.g.,
changes to business goals or regulations.
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Oracle Confidential – Internal/Restricted/Highly Restricted 6
Advanced Access Controls Best Practice Process
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal/Restricted/Highly Restricted 7
Advanced Access Controls Best Practice Process
Identify
Deploy Address Report
Excessive
Controls Issues Results
Access
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal/Restricted/Highly Restricted 8
Let’s see the Advanced Access Controls best
practice process in action…
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal/Restricted/Highly Restricted 9
Preview
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Oracle Confidential – Internal/Restricted/Highly Restricted 21
Convert Models to Controls
Process Owner
Internal Auditor
9. Review
Incident
Internal Reports
Auditor
1. Gather 5. Review 8. Review
configuration Results & Incidents &
data Remediate Remediate
4. Test &
Process Refine
Models
Owner
3. Import 6. Deploy
Business Pre-built Advanced
Models Controls
Analyst
Implementer should guide and train the users to perform their activities in Adv Controls