1z0-1058-23 Exam Dumps - Oracle Risk Management Cloud Questions and Answers

To meet the segregation of duties requirements in Oracle Advanced Access Controls, you would:

• Construct two separate models to represent the two segregation of duties requirements.
• For the first requirement, create a model with condition filters that identify users who have access to both supplier creation pages and invoice pages. This model will help ensure that a user can access either one of these functions but not both.
• For the second requirement, create another model with condition filters that identify users who have access to both invoice creation pages and payment creation pages. Similarly, this model will enforce that a user can access either one of these functions but not both.
• Deploy controls based on these models to continuously monitor for and prevent violations of the segregation of duties as defined.

By creating two models and corresponding controls, you can effectively enforce the segregation of duties requirements, ensuring that users have access to only one of the critical functions in each pair, thereby mitigating the risk of fraud or error.

References:The approach for enforcing segregation of duties using Oracle Advanced Access Controls is supported by Oracle documentation, which outlines the creation and use of models and controls to regulate user access and prevent conflicts123.

To correct an incorrect Risk-Control mapping, the following steps should be taken according to Oracle’s documentation:

• From the Data Load Workbench, select the Validation Errors tab.
• Select Fix Maps to access the mappings.
• In the Data Load Mappings screen, identify and fix any errors.
• Click Validate, and then click Save to apply the changes1.

References:

• Oracle Help Center provides a guide on fixing mapping errors in the Data Load Workbench1.
• The overview of Oracle Advanced Controls outlines the process of managing risk and compliance within Oracle applications2.

To populate the Control Method field with a new custom value, such as a third-party application, you would use the Lookup Code of the new lookup value. This process involves navigating to the Lookups page in the Setup and Administration work area, where you can manage the lookup codes and their meanings. Here’s a step-by-step guide:

• Open the Lookups page by selecting the Lookups tab in the Setup and Administration work area.
• Click on ‘Show Filters’.
• In the Meaning field of the Filters panel, enter the value you noted.
• Click ‘Search’ to find the specific lookup code.
• Once you have located the lookup code, you can use it to populate the Control Method field with the new custom value1.

References:

• Oracle Help Center documentation on adding a risk field2.
• Oracle documentation on managing lookups1.

To work with records in Financial Reporting Compliance, a user must be both “eligible” and “authorized”. An eligible user who creates a record is automatically authorized as its owner. The owner can edit details of the record, including its data-security configuration. However, if the superuser’s account is created but the synchronization jobs havenot been run, they would not be able to create new Data Security Policies. This is because the synchronization jobs are likely necessary to update the system with the new user’s roles and permissions, allowing them to perform actions such as creating Data Security Policies.

References:Secure Records in Financial Reporting Compliance documentation on Oracle’s website provides detailed information on the eligibility and authorization required for users to work with records1. Additionally, the Using Financial Reporting Compliance guide further describes the process of defining business processes, identifying risks, creating controls, and assessing the validity of those objects over time2.

• Not in: This condition can cause extra columns to appear because it filters out certain values, which may require additional columns for context.
• Similar: The ‘Similar’ condition can introduce extra columns as it attempts to find transactions that are alike but not exactly the same, necessitating more data for comparison.
• Between (when using a date attribute): Using the ‘Between’ condition with date attributes can add extra columns to display the range of dates that the transactions fall into.

References:The information provided here is based on Oracle’s documentation on viewing or editing an incident within the Risk Management and Compliance module1. For a detailed understanding of how these conditions affect the transaction incident data, refer to the official Oracle documentation.

To define an IT Compliance Manager job role with the required privileges to manage risks and controls, as well as issues related to them, the following duty roles must be included:

• Seeded Risk Manager Composite: This duty role includes privileges necessary for managing risks.
• Control Manager Composite: This duty role encompasses privileges for managing controls.
• Issue Manager Composite: This duty role contains privileges for managing issues related to risks and controls.

These duty roles collectively provide a comprehensive set of privileges that cover all aspects of risk and control management, as well as issue resolution, which are essential for an IT Compliance Manager job role.

References:

• Oracle documentation on creating risk management roles in the Security Console provides insights into the role creation process and the types of roles that can be created, including job roles and duty roles1.
• The IT Security Manager job role documentation lists the duties and privileges that are inherited by the job role, which is similar to what would be required for an IT Compliance Manager role2.
• The Roles Overview documentation from Oracle outlines various roles available within Oracle Fusion Cloud Financial Reporting Compliance, including the Risk Activities Manager and Risk Administrator, which are related to the management of risks and controls3.

• The assessor navigates to the Manage Assessments page.
• They select the assessment that they have previously submitted.
• They click the Reopen button to reopen the assessment.
• The assessor can then attach the critical test evidence document that was initially forgotten.
• After attaching the document, the assessor can resubmit the assessment for review.

References:The steps are based on the Oracle Risk Management documentation which outlines the process for managing assessments, including the ability to reopen an assessment to attach additional documents before resubmitting it12.

When an assessor is reviewing Prior Results as part of an operational assessment for a control, such as manual AP Invoice entry, they are able to view the results of prior operational assessments specifically for that control. This is because the system is designed to allow assessors to focus on the historical performance and evaluation of the control in question, providing a targeted and relevant overview of its effectiveness and any issues that have been identified in the past.

References:The information provided is based on the Oracle Risk Management documentation, which outlines the processes and capabilities of the system regarding operational assessments and the review of Prior Results1.

• For an incident to be automatically assigned a status of “Closed,” it must be resolved within the Fusion Cloud system. This is confirmed by a subsequent evaluation of controls that verifies the incident no longer exists.
• Similarly, if the incident is resolved using simulation within Advanced Access Controls (AAC), and a subsequent evaluation confirms the absence of the incident, it will also be automatically closed.

References:The information is based on Oracle’s documentation, which states that the actual resolution of incidents occurs outside of Oracle Fusion Cloud Advanced Controls. For example, resolving a purchase order in the Financials application or revising role assignments due to a separation-of-duties conflict can lead to the closure of an incident1. Additionally, closed incidents that are reopened through a request in Advanced Access Requests are assigned the Accepted status, indicating that the closure of incidents is tied to their resolution1.

1: Incident Status and State - Oracle Documentation

When a new control is added in Oracle Financial Reporting Compliance and the control owner clicks Submit, the control’s state changes to reflect the stage the record has reached in its workflow. Since users with the Control Reviewer and Control Approver roles exist, the expected outcome is that the control goes into the “Waiting for Approval” state. This state indicates that the control is pending review and approval by the designated users with the appropriate roles.

References:

• State and Status of Records in Financial Reporting Compliance1.
• Overview of Oracle Financial Reporting Compliance2.