Switch to the store?

Governance, Risk, and Compliance Handbook for Oracle Applications

More Information
Learn
  • Master Oracle’s Balanced Scorecard that helps management govern the enterprise through the development and communication of strategy for the enterprise
  • Trace execution of the strategy that was laid out in the balanced scorecard through Oracle Business Intelligence
  • Express security priorities and objectives in the form of a balanced scorecard and ensure that the objectives are in line with the corporate strategy
  • Perform risk assessment and control verification
  • Capture whistleblower complaints by setting up a guest account in iSupport
  • Develop and maintain control documentation that will be effective in the verification of controls included in the audit plan
  • Complete coverage of Management Testing—its uses, approach and techniques—which is a critical phase of the GRC program
  • Manage your internal Audit Function and learn how it is assisted through access controls, preventative controls, and configuration controls
  • Describe IT Audit activities; provide an approach for managing the IT audit program and review examples of automating IT Audit activities
  • Look at regulations that apply to particular industries and manage major compliance issues in high tech manufacturing, pharmaceutical and life sciences, and banking
  • Build and manage an integrated compliance platform to address regional regulations in major economic zones around the world.
About

It seems that every year since the Enron collapse there has been a fresh debacle that refuses to lower the spotlight from corporate Governance, Risk, and Compliance management.

Before Sarbanes Oxely forced company managers to become risk conscious, if you asked a chief executive whether he thought he had adequate internal controls, the most likely answer would have been “What is an internal control?”

This is clearly no longer the case. Every week some story breaks detailing a lack of good governance, a failure to plan for a foreseeable catastrophe or a failure to comply with an important law or regulation. These stories bring GRC themes into public view, and public scrutiny, and make management and directors keen to show they have put their best efforts forward to govern their companies well, manage risks to the enterprise, and to comply with all applicable laws.

Perhaps only Oracle and SAP are in a position to really address all three aspects. The mission of GRC applications is to ensure that the managers and directors of Enterprises that run such applications have a strong defensible position.

Written by industry experts with more than 30 years combined experience, this book covers the Governance, Risk Management and Compliance Management of a large modern enterprise and how the IT Infrastructure, in particular the Oracle IT Infrastructure, can assist in that governance. This book is not an implementation guide for GRC products rather it shows you how those products participate in the governance process, how they introduce or mitigate risk, and how they can be brought into compliance with best practice, as well as applicable laws and regulations.

The book is divided into three major sections:
Governance – where we discuss the strategic management of the enterprise, setting plans for managers, making disclosures to investors, and ensuring that the board knows that the enterprise is meeting its goals and staying within its policies.

Risk Management – where we discuss audit disciplines. This is where we work out what can go wrong, document what we have to do to prevent it from going wrong and check that what we think prevents it going wrong - actually works! We move through the various sub-disciplines within the audit profession and show what tools are best suited from within the Oracle family to assist.

Compliance Management – where we map the tools and facilities that we have discovered in the first two sections to frameworks and legislations. We give this from an industry and geography agnostic viewpoint, and then drill into some specific industries and countries.

We neither stay in the narrow definition of GRC applications, nor limit ourselves to the Business Applications but take you to the most appropriate places in the full Oracle footprint. The book is written from the perspective of big GRC. It is not an implementation manual for the GRC products, although we hope you can get the best out of the GRC products after reading this book. We discuss many applications and technology products that are not in the GRC product family.

Features
  • Governance: In depth coverage of corporate, IT, and security Governance, which includes important topics such as strategy development and communication, strategic reporting and control, and more
  • Risk Management: Creating a risk management program, performing risk assessment and control verification, and more
  • Compliance Management: Cross-industry, cross-regional laws and regulations, industry-specific laws and regulations, region-specific laws and regulations
  • To maximize real world learning, the book is built around a fictional company establishing its governance processes
  • Written by industry experts with more than 30 years combined experience
Page Count 488
Course Length 14 hours 38 minutes
ISBN9781849681704
Date Of Publication 23 Aug 2012
InFission approach for Risk Assessment and Control Verification
Oracle's GRC Manager and Intelligence—risk assessment and control verification system
Summary

Authors

Nigel King

Nigel King is Vice President for Functional Architecture for Fusion Applications. As such he leads a band of architects whose job it is to steward the designs and underpinnings for those things that span product families. He has been working for Oracle for 17 years. In that time he has worked mostly in Applications Development. Nigel has worked in many areas of Applications, starting off in Distribution Management and then leading Oracle Applications’ first venture into Business Intelligence, and Product Lifecycle Management Applications. A restless observer and inventor, Nigel’s real passion has always been to see a problem defined, and in being defined well, resolved. By first profession Nigel is a Chartered Management Accountant. He is also a Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) and Certified Information Security Professional (CISSP). He swears that as soon as he gets the book finished he will catch up with his continuing professional education credits (CPE). Nigel’s Patents include, “Methods and systems for portfolio planning”, “Audit management workbench”, “Internal audit operations for Sarbanes Oxley compliance” and “Audit planning”. He was fortunate to be hanging around at Oracle when the whole Enron thing happened. A decade later and GRC Apps have been born, been new, grown old and are now suffused into many of the applications that surround them. Nigel is also Chairman of the Open Applications Group. The Open Applications Group is a 501(c)(6) not-for-profit standards development organization (SDO). Our community is focused on building process-based business standards for eCommerce, Cloud Computing, Service Oriented Architecture (SOA), Web Services, and Enterprise Integration. The OAGi Specification includes ICXML, an XML specification for the exchange or risk and control libraries. Before joining Oracle, Nigel worked in what he now considers the real world, first as an Accountant and then selling and implementing business systems. He gained insights in the high technology sector working for Philips, the consumer packaged goods sector working for Homepride Foods and Jeyes Group and was introduced to the software world through Business Technology Consultants. Nigel also co-authored the eBusiness Suite, Manufacturing and Supply Chain handbook. You can also trace Nigel’s thinking on GRC at ISACA’s international conferences over the years. 2005, An Overview of Emerging Tools and Technologies for Auditors, 2006 Compliant Access Provisioning, 2008 Security Provisioning for Outsourced Services. Nigel is also a licensed boxer, keen soccer player and coach, and Boston qualifying marathon runner. Nigel lives with his beautiful wife Anita and their soccer fanatic son Ansel in San Mateo, California.

Adil R Khan

Adil Khan is a Senior Director at FulcrumWay with over 15 years of experience in enterprise business systems. Adil also serves on the board of the Oracle Applications Users Group Internal Controls and Security Interest Group (OAUG-ICSSIG). At FulcrumWay, Adil has successfully designed and implemented internal controls management systems for more than 15 global companies listed on NYSE and NASDAQ. His expertise includes streamlining and automating Governance Risk and Compliance processes based on industry standards such as ERM-COSO and CoBIT. Prior to FulcrumWay, Adil served as a board member and Chief Executive Officer of ALTM - a public company listed on the NASDAQ.