Free Sample
+ Collection
Code Files

Governance, Risk, and Compliance Handbook for Oracle Applications

Nigel King, Adil R Khan

Written by industry experts with more than 30 years combined experience, this handbook covers all the major aspects of Governance, Risk, and Compliance management in your organization with this book and ebook.
RRP $44.99
RRP $74.99
Print + eBook

Want this title & more?

$12.99 p/month

Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.

Book Details

ISBN 139781849681704
Paperback488 pages

About This Book

  • Governance: In depth coverage of corporate, IT, and security Governance, which includes important topics such as strategy development and communication, strategic reporting and control, and more
  • Risk Management: Creating a risk management program, performing risk assessment and control verification, and more
  • Compliance Management: Cross-industry, cross-regional laws and regulations, industry-specific laws and regulations, region-specific laws and regulations
  • To maximize real world learning, the book is built around a fictional company establishing its governance processes
  • Written by industry experts with more than 30 years combined experience

Who This Book Is For

The audience for this book is the people that advise the board, the internal audit department and CIO office on controls, security and risk assurance. Consultants that are implementing Financials or GRC Applications who wish to gain an understanding of the Governance Risk and Compliance processes, and how they are represented in Oracle, should find it a useful primer. Risk Assurance professionals will find it a reliable companion.

Table of Contents

Chapter 1: Introduction
How this book is organized
Oracle's Governance Risk and Compliance Footprint
The Audit and Compliance process
GRC Capability Maturity Model
Chapter 2: Corporate Governance
Developing and Communicating Corporate Strategy with Balanced Scorecard
Communicating and confirming Corporate Strategy with iLearning
Managing Records Retention Policies with Content Management Server
Financial planning and analysis with Hyperion FR
Monitoring Execution with Oracle Business Intelligence
Enterprise Risk Management
Whistle-blower protections
Chapter 3: Information Technology Governance
Developing and communicating IT strategy with balanced scorecards
Maintaining a valid configuration
Service desk administration through Oracle Enterprise Manager
Chapter 4: Security Governance
Security balanced scorecard
System wide advice
Chapter 5: Risk Assessment and Control Verification
InFission approach for Risk Assessment and Control Verification
Oracle's GRC Manager and Intelligence—risk assessment and control verification system
Chapter 6: Documenting Your Controls
Process and procedure documents
InFission approach for managing process and procedure documents
Managing process documents in Oracle GRC Manager
Risks and controls documents
InFission approach to risk and controls documentation
Managing risks in Oracle GRC Manager
Managing controls in Oracle GRC Manager
Managing control documentation lifecycle in GRC Manager
Chapter 7: Managing Your Testing Phase: Management Testing and Certifying Controls
Management testing for internal audit program
Management testing for Regulatory Compliance Audits
Management testing for Enterprise Risk Management
InFission's approach to management testing
Management testing using Oracle GRC Manager
Chapter 8: Managing Your Audit Function
Audit planning
Internal controls assessment
Audit report
Chapter 9: IT Audit
InFission IT Audit approach
Automated application controls using Oracle GRC Controls Suite
Chapter 10: Cross Industry Cross Compliance
ISO 27001 — Information Security Management System (ISMS)
Control Objectives for IT (COBIT)
California Breach Law
Healthcare Information Portability and Protection Act (HIPPA)
Payment Card Industry (PCI)
Federal Sentencing Guidelines
Chapter 11: Industry-focused Compliance
Hi-tech manufacturing
Environmental compliance and ISO 14000
Life sciences and medical instrument manufacturing
Banking and financial services
Chapter 12: Regional-focused Compliance
Regulatory compliance in major economic regions
Managing regional compliance using Oracle GRC Manager

What You Will Learn

  • Master Oracle’s Balanced Scorecard that helps management govern the enterprise through the development and communication of strategy for the enterprise
  • Trace execution of the strategy that was laid out in the balanced scorecard through Oracle Business Intelligence
  • Express security priorities and objectives in the form of a balanced scorecard and ensure that the objectives are in line with the corporate strategy
  • Perform risk assessment and control verification
  • Capture whistleblower complaints by setting up a guest account in iSupport
  • Develop and maintain control documentation that will be effective in the verification of controls included in the audit plan
  • Complete coverage of Management Testing—its uses, approach and techniques—which is a critical phase of the GRC program
  • Manage your internal Audit Function and learn how it is assisted through access controls, preventative controls, and configuration controls
  • Describe IT Audit activities; provide an approach for managing the IT audit program and review examples of automating IT Audit activities
  • Look at regulations that apply to particular industries and manage major compliance issues in high tech manufacturing, pharmaceutical and life sciences, and banking
  • Build and manage an integrated compliance platform to address regional regulations in major economic zones around the world.

In Detail

It seems that every year since the Enron collapse there has been a fresh debacle that refuses to lower the spotlight from corporate Governance, Risk, and Compliance management.

Before Sarbanes Oxely forced company managers to become risk conscious, if you asked a chief executive whether he thought he had adequate internal controls, the most likely answer would have been “What is an internal control?”

This is clearly no longer the case. Every week some story breaks detailing a lack of good governance, a failure to plan for a foreseeable catastrophe or a failure to comply with an important law or regulation. These stories bring GRC themes into public view, and public scrutiny, and make management and directors keen to show they have put their best efforts forward to govern their companies well, manage risks to the enterprise, and to comply with all applicable laws.

Perhaps only Oracle and SAP are in a position to really address all three aspects. The mission of GRC applications is to ensure that the managers and directors of Enterprises that run such applications have a strong defensible position.

Written by industry experts with more than 30 years combined experience, this book covers the Governance, Risk Management and Compliance Management of a large modern enterprise and how the IT Infrastructure, in particular the Oracle IT Infrastructure, can assist in that governance. This book is not an implementation guide for GRC products rather it shows you how those products participate in the governance process, how they introduce or mitigate risk, and how they can be brought into compliance with best practice, as well as applicable laws and regulations.

The book is divided into three major sections:
Governance – where we discuss the strategic management of the enterprise, setting plans for managers, making disclosures to investors, and ensuring that the board knows that the enterprise is meeting its goals and staying within its policies.

Risk Management – where we discuss audit disciplines. This is where we work out what can go wrong, document what we have to do to prevent it from going wrong and check that what we think prevents it going wrong - actually works! We move through the various sub-disciplines within the audit profession and show what tools are best suited from within the Oracle family to assist.

Compliance Management – where we map the tools and facilities that we have discovered in the first two sections to frameworks and legislations. We give this from an industry and geography agnostic viewpoint, and then drill into some specific industries and countries.

We neither stay in the narrow definition of GRC applications, nor limit ourselves to the Business Applications but take you to the most appropriate places in the full Oracle footprint. The book is written from the perspective of big GRC. It is not an implementation manual for the GRC products, although we hope you can get the best out of the GRC products after reading this book. We discuss many applications and technology products that are not in the GRC product family.


Read More