Oracle Governance, Risk and Compliance (GRC) Solutions
Training Using Real Business Cases and Live Oracle GRC Controls Suite
During this webinar, I will describe:
 My Motivation for Oracle GRC Live
 Our Objectives for Oracle GRC Live
 Our Training Schedule and Format
 Business Case for our Real World Scenario
 Client’s Objectives
 Our Proposed Oracle GRC Solution
 OIC Oracle GRC Implementation Method (GRCIM)
 Links to Oracle GRC Resources
 Q&A Session
4/13/2015
Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.
2
Place Highly Talented Oracle GRC Professionals on Oracle GRC Projects

OIC cannot grow without a network of highly talented Oracle GRC, Security and
Internal Controls Professionals. We need:
 Oracle GRC Functional Professionals to Implement and Configure GRC Controls
Suite on OIC and 3RD Party Projects
 Risk Management Professionals to assume leadership positions with the OIC to
develop Risk Assessment and Risk Management Solutions, and help companies
improve their Financial Closing and Financial Reporting Processes using the Oracle
GRC Controls Suite of Applications, Oracle GRC Manager and Hyperion Financial
Management.
 Director of Sales and Marketing / Business Development (Commission)
 Director of Oracle GRC Internships
 OIC is a global virtual Oracle Governance, Risk and Compliance (GRC), Security and
Internal Controls Practice where Oracle GRC Professionals earn, at least, $80 per
hour plus expenses and have an opportunity to share profits and equity.
4/13/2015
Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.
3
Find the Best, Train the Best, Be the Best




Find highly motivated and talented Accounting, Auditing,
Compliance, GRC, Risk Management and Oracle Financial
Professionals
Provide opportunity to discuss real world business cases and design
Oracle GRC solutions to satisfy requirements for client Business
Processes
Implement Solution in Oracle GRC Controls Suite using OIC GRC
Sandbox, thus gaining valuable hands on experience implementing
and using the most current releases of the applications in the Oracle
GRC Controls Suite
Develop TOP Team of Oracle GRC, Security and Internal Control
Professional Contractors that represent the best talent in the industry
4/13/2015
Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.
4
Oracle GRC Live – Our Training Schedule


Meet Tuesday evenings from 6:30 to 7:30 pm CST to:
 Review progress on exercises assigned during the Saturday
afternoon session
 Provide Q&A Session
 Provide Status Update of OIC
Meet Saturday afternoons from 1:30 to 3:30 pm CST to:
 Review your lab exercises that you completed.
 Provide an Overview of a New Topic
 Review lab questions
 Review and demo how to complete lab exercises
4/13/2015
Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.
5
Business Case Scenario for Oracle GRC Live





Your client is a US public company with annual revenues of approximately
$2.5 Billion Dollars. They operate four different US Legal Entities CORP,
CO01, CO02, and CO03. Companies 01, 02 and 03 each operate several
processing plants. Each Company (i.e. Legal Entity) uses the same calendar,
currency and chart of accounts.
Each Company will also be defined as an Operating Unit
Client is currently using Oracle Release 11.5.10.2 for Oracle Financials, Oracle
Supply Chain, Oracle HR and PR and other Oracle Applications.
Client is also currently implementing Oracle Release 12.1.3 for one or more
Organizations.
Client will have three (3) production instances: US for R 11.5.10.2, US for R
12.1.3 and Brazil for R11.5.10.2
4/13/2015
Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.
6
Ensure Adequate Compliance, Security and Internal Controls





Comply with Sarbanes-Oxley Act of 2002 (SOX)
Remove Material Deficiency for Inadequate SOD
Ensure New Implementation Complies with SOX
Implement Continuous Controls Monitoring
Monitor Differences in Configuration Parameters
4/13/2015
Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.
7
Implement Configuration, SOD, Transaction and Preventive Controls
Control
Oracle
GRC
Solution
Comments
Configuration
Management
CCG
5.5.1
• Take Snapshot of Baseline Configuration
• Compare Snapshots between Occurrences, Ledgers,
Operating Units, and Instances
Change Management
CCG
5.5.1
• Define Change Tracking Definitions to track changes
for one or more objects defined in the schema for a
specific Oracle Application and Instance
• Define Change Tracking Queries to track changes for
one or more objects defined in the schema for one or
more Oracle Applications, Instances, Users, and Time
Period. Send Notifications to Specific Users when
someone changes a parameter.
4/13/2015
Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.
8
Implement Configuration, SOD, Transaction and Preventive Controls
Control
Oracle
GRC
Solution
Comments
Application Access
Controls
AACG
8.6
• Monitor User Access to one or more specific Functions
in an Oracle EBS Instance
Segregation of Duties
AACG
8.6
• Import Oracle Predefined Best Practices Library of
Segregation of Duties (SOD) Controls, Templates, and
Models.
4/13/2015
Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.
9
Implement Configuration, SOD, Transaction and Preventive Controls
Control
Oracle
GRC
Solution
Comments
Transaction Controls
TCG 8.6
• Monitor Transactions (as opposed to Configuration
Parameters) to mitigate the risk of fraud and material
misstatement in Company’s Financial Statements.
Preventive Controls
PCG
7.3.2
• Integrate PCG with AACG 8.6 to implement
preventive controls for User Provisioning
• Limit access to fields, buttons, list of values and other
objects on JAVA forms (not HTML forms)
4/13/2015
Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.
10


GRCIM leverages Oracle Unified Method (OUM) 5.3 to develop a
predefined set of deliverables to support the implementation of
Oracle GRC Controls Suite including:
 Oracle GRC Controls (GRCC) 8.6
▪ Oracle Application Access Controls Governor (AACG) 8.6
▪ Oracle Transaction Controls Governor (TCG) 8.6
 Oracle Configuration Controls Governor (CCG) 5.5.1
 Oracle Preventive Controls Governor (PCG) 7.3.2
GRCIM also leverages OUM to implement:
 Oracle GRC Intelligence (GRCI) 3.01
 Oracle GRC Manager (GRCM) 8.0
4/13/2015
Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.
11
Step
Description
Results
1
OIC GRC Express Portal
System displays the OIC GRC Express Portal, which
provides Access to GRC Sandbox, GRC Training
Platform, OIC University.
2
OIC Oracle GRC Sandbox
You can access the individual Oracle GRC applications.
3
OIC Oracle GRC Training Platform
You can access Oracle GRC Manuals and OIC Oracle GRC
Training Documents.
4
OIC Requirements for Oracle GRC,
Security and Controls Professional
You can review our requirements for Oracle GRC,
Security and Controls Professionals
5
Oracle GRC Resources
I urge you to review the OIC website and links to Oracle
GRC Resources
6
OIC Oracle GRC Express Blog
I urge you to participant by adding posts, comments,
etc.
7
OIC Global Oracle GRC Contractors
Network
I thought we could use this portal for e-Learning and
Chat.
8
OIC YouTube
Review the short videos that I have uploaded.
4/13/2015
Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.
12
#
Question
Type of Internal Control Provided
1
What are the GRC applications
included in the Oracle GRC Controls
Suite?
1.
2.
3.
4.
5.
6.
4/13/2015
AACG
GRCI
GRCM
CCG
PCG
TCG
Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.
13
#
Question
Type of Internal Control Provided
1
Map the following Oracle GRC
Applications to the Controls Listed
• TCG
• GRCI
• GRCM
• AACG
• PCG
• CCG
1.
2.
3.
4.
5.
6.
4/13/2015
Segregation of Duties
Configuration Management
Transaction Controls
Change Management
Preventive Controls
Application Access Controls
Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.
14
#
Question
2
Can you install Oracle CCG 5.5.1 on a
Virtual Server?
3
Can you Configure CCG 5.5.1 with an
EBS Instance that uses RAC?
4
What is the GRC Support Matrix?
5
What triggers the generation of the
baseline snapshot and baseline
change tracking definitions?
4/13/2015
Answer
Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.
15
Step Description
Results
1
Log into Oracle CCG 5.5.1.
2
Log into Oracle GRCC 8.6
3
Log into Oracle R12.1.1 and select
GRC Controls Responsibility
4
Log into
OracleElearning.com/Moodle
5
Log into all other links provided
4/13/2015
Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.
16
Questions and Answers Session
4/13/2015
Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.
17
During this lesson, you learned:
 CCG Provides Internal Controls for:
 Configuration Management
 Change Management Controls
 Prerequisites for an Oracle GRC Solution Supported by Oracle
 Generate Baseline Snapshot and Change Tracking Definitions
 Edit, Test and Schedule Snapshot Definitions
 Log into CCG 5.5.1
 Display Your Welcome Page
 Change Your User Profile
 Appendices include:
 Appendix I: Course Outline Using CCG 5.5.1
 Appendix II: Links to Oracle CCG Manuals
4/13/2015
Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.
18
This concludes this lesson. You are now ready to begin your
adventure with Oracle GRC Live with Real World Business
Cases and Real World Solutions Using the Oracle GRC
Controls Suite of Applications.
4/13/2015
Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.
19
OIC (Oracle Independent Consultants LLC) is an Oracle Gold Partner and
focuses solely on providing risk and advisory services, installation,
implementation and configuration services, training and resources for
Oracle Governance, Risk and Compliance (GRC) solutions, which includes
Oracle Security and Control solutions.
Contact Us to learn more. You can also call me directly at 214-783-0751
or send an email to roger.drolet@theoicllc.com.
Roger Drolet, CPA, MBA, CISA, CITP
www.theoicllc.com
www.oraclegrcexpress.com
4/13/2015
Copyright © Oracle Independent Consultants (OIC) LLC, 2011. All rights reserved.
20