Search icon Close icon
Search icon
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Governance, Risk, and Compliance Handbook for Oracle Applications
Governance, Risk, and Compliance Handbook for Oracle Applications

Governance, Risk, and Compliance Handbook for Oracle Applications: Written by industry experts with more than 30 years combined experience, this handbook covers all the major aspects of Governance, Risk, and Compliance management in your organization with this book and ebook.

€48.99 €33.99
Book Aug 2012 488 pages 1st Edition
eBook
€48.99 €33.99
Print
€62.99
Subscription
€14.99 Monthly
eBook
€48.99 €33.99
Print
€62.99
Subscription
€14.99 Monthly

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now

Product Details

Publication date : Aug 24, 2012
Length 488 pages
Edition : 1st Edition
Language : English
ISBN-13 : 9781849681704
Vendor :
Oracle
Category :
Business & Other
Concepts :
Operations Management
Tools :
Oracle GRC (Beginner)
Table of content icon View table of contents Preview book icon Preview Book

Governance, Risk, and Compliance Handbook for Oracle Applications

Chapter 1. Introduction

This is a book about governance, risk management, and compliance management of a large modern enterprise and how the IT infrastructure, in particular the Oracle IT Infrastructure, can assist in that governance. The IT infrastructure both presents a risk and also provides the infrastructure to mitigate and manage that risk. The IT infrastructure must be shown to be in compliance with policies, laws, and regulations, and assists in establishing and confirming that compliance. We have written this book from the perspective of big GRC. There have been many solutions springing up around fashionable pieces of the compliance problem. At the start of the Sarbanes gold rush, it was document management. For a while that was the management of the close process. Then for a very long time it was segregation of duties. These are all important components. We have tried our best to take the perspective of those who are responsible for the stewardship of the company, and see the GRC problem from their perspective. We have written at length about governance To this end, our book is aimed at risk assurance professionals, executives, directors, and those who advise them. It is not an implementation manual for the GRC products, although we hope you can get the best out of the GRC products after reading this book. In this book, we have discussed many applications and technology products that are not in the GRC product family. Again, we are not attempting to write an implementation guide for those products. We can hopefully show you how those products participate and assist in the governance process, how they introduce or mitigate risk, and how they can be brought into compliance with best practice as well as applicable laws and regulations.

How this book is organized

We have written this book with a section dedicated to each of the following three blocks:

  • Governance: Here we discuss the strategic management of the enterprise, setting the plans for the managers, making disclosures to investors, and ensuring that the board knows that the enterprise is meeting its goals and staying within its policies.

  • Risk management: Here we discuss the audit disciplines. This is where we work out what can go wrong, document what we have to do to prevent it from going wrong, and check that what we think prevents it from going wrong actually works. We move through the various sub disciplines within the audit profession and show what tools are best suited from within the Oracle family to assist.

  • Compliance management: Here we map the tools and facilities that we have discovered in the first two sections for frameworks and legislations. We will give this from an industry and geography agnostic viewpoint and then drill in to some specific industries and countries.

We neither stay in the narrow definition of the GRC applications, nor limit ourselves to the business applications but take you to the most appropriate places in the full Oracle footprint. For example, some of the configuration management and change control problems are addressed within the GRC applications and some of them are addressed within Enterprise Manager.

This means that the book is not organized by product. It is organized by the governance and risk assurance processes. A given product may be represented in multiple places in the book and a given process may contain multiple product references.

Definitions

Before we go much further, we should lay down some basic definitions of these three key terms.

Governance

The www.businessdictionary.com has a great definition of governance:

Traditionally defined as the ways in which a firm safeguards the interests of its financiers (investors, lenders, and creditors). The modern definition calls it the framework of rules and practices by which the board of directors ensure accountability, fairness, and transparency in the firm's relationship with all the stakeholders (financiers, customers, management, employees, government, and the community). This framework consists of (1) explicit and implicit contracts between the firm and the stakeholders for distribution of responsibilities, rights, and rewards; (2) procedures for reconciling the sometimes conflicting interests of stakeholders in accordance with their duties, privileges, and roles; and (3) procedures for proper supervision, control, and information-flows to serve as a system of checks-and-balances. It is also called corporation governance.

I really like this definition, partly because it lets you know where the real accountability for Governance lies in the enterprise, but mostly because it is pretty much undefined in most of the frameworks that have had influence on the GRC market.

Risk

Probability of loss inherent in a firm's operations and environment (such as competition and adverse economic conditions) that may impair its ability to provide returns on investment. The leading framework in risk management was published by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission. COSO ERM extends the definition from not meeting a financial objective to not meeting any of the enterprise's objectives. It makes it pretty clear that the body that is responsible for signing off on the corporate strategy should also ensure that there is a process to identify the risks of not meeting the goals.

Compliance

Certification or confirmation that the doer of an action such as the writer of an audit report, or the manufacturer or supplier of a product, meets the requirements of accepted practices, legislation, prescribed rules and regulations, specified standards, or the terms of a contract.

Oracle's Governance Risk and Compliance Footprint

The following figure gives an overview of the major functional areas of the governance, risk, and compliance problems and the Oracle Component that best addresses that problem:

When you consider who is involved in the governance, risk, and compliance process, you start to appreciate the tools that you need to complete the footprint.

Balanced Scorecard

This tool is used to express and communicate the mission of the enterprise.

Business Intelligence

This tool is used to measure the degree to which the strategy that has been communicated is actually executing.

Financial Planning and Analysis

This tool is used to convert the mission of the enterprise into financial goals, forecasts that can be discussed with investors through the management )discussion, and analysis.

Consolidations and Financial Reporting

This set of tools is used to report to investors the progress toward the goals expressed in the financial plan.

Learning

This tool is used to ensure delivery of ethics and policy education and confirm their understanding.

Risk Management Applications

This tool is used to discover and document risks to the mission of the enterprise, and to ensure that management has well-designed and effective operating controls to mitigate those risks. Such tools cover the following:

  • Access Controls Governor: To ensure that appropriate access is granted to systems.

  • Transaction Controls Governor: To ensure that transaction policies are followed and fraudulent transactions found.

  • Configuration Controls Governor: To ensure that recommended settings of the applications that themselves constitute great automated controls are appropriately configured and that changes are authorized and recorded.

  • Preventive Controls Governor: To extend the controls footprint of the delivered application.

  • Oracle Enterprise Manager: Enterprise Manager also has great capabilities to extract configuration settings and measure them against baseline. The settings that are tracked within EM by default tend to be deeper technical settings.

  • GRC Manager: To provide self assessment, testing operations, and to aggregate the results of the documentation and testing phases of the governance program for managers of the risk assurance activity.

  • GRC Intelligence: To provide the most potent and important information to the executive suite and directors on the residual risk to the enterprise.

Sub Certification

Sub Certification applications are used to allow management to confirm the controls within processes that they are responsible for. Such tools include Hyperion Close Process Manager.

Process Management Applications

These applications are used to provide the pivot point for the risk analysis and management accountability. Largely, these are the processes within the applications themselves. The process may be orchestrated through Oracle Workflow as in the case of purchase order approval or journal approval.

Content Management Applications

These applications are used to provide evidence store for unstructured information. They also provide a store for standard working papers and completed working papers that have been part of the testing activity.

Identity and Authorization Management Applications

These applications are used to provide authentication of users, accountability for their actions in the system, and authorization to information assets required to do their jobs.

Our case study

In order to ensure that we keep ourselves grounded in real problems, we have written the book as a journal of a fictional company establishing its governance processes. We will introduce managers and directors responsible for various aspects of the governance, risk, and compliance problem and where that problem is exposed and how it is addressed in the technology and business applications.

In the previous figure, we have seen the key roles that are directly engaged in the governance, risk management, and compliance activities in a typical organizational chart.

Their IT infrastructure is comprised of Sun Hardware and are running Oracle database, middleware, and business applications. We do have one of the subsidiaries of InFission running JD Edwards just to allow us to illustrate GRC working in a heterogeneous applications environment.

Roles involved in GRC activities

It is worth examining what function is responsible for what activity and what part of the Oracle footprint each is most interested in.

Audit Committee member

The audit committee of the board of directors must have at least three members. One member must have accounting or financial management expertise and all other members must be financially literate. All members must be independent.

The Audit Committee is charged with the oversight of the Financial Reporting process, including review of quarterly and annual financial statements on behalf of the investors and to discuss annual financial statement with management and auditors.

They need to review Management Discussion and Analysis (MD&A) with management and auditors. This is where management gives guidance on where the business is going. Such guidance is also given in Earnings Announcements, press releases, and guidance provided to rating agencies.

They need to monitor the system of internal control and compliance with legal and regulatory requirements. In order to do this, they need to monitor the system of risk assessment and risk management. This may be synonymous with overseeing the internal audit function, but in recent years many enterprises have set up a separate risk management program office reporting it to the management. This oversight means that the audit plan and the scope of the audits are signed off by the audit committee.

In order to ensure that the tone at the top is appropriate, received, and understood the audit committee is generally responsible for an ethics program, and responsible to manage whistle-blower complaints.

Signing Officers

The CEO and CFO of the company are responsible for signing the Sarbanes-Oxley Section 302 Certifications.

These certifications, referred to by the Securities and Exchange Commission as "Rule 13a-14(a)/15d-14a Certifications", must be signed separately by the CEO and the CFO, and filed as an exhibit to quarterly reports on Form 10-Q or 10-Q(SB) and to annual reports on Form 10-K or Form 10-KSB, as Exhibit 31, or, for foreign private issuers, as an exhibit to Form 20-F. The SEC has specified the form and wording of these certifications, which cannot be changed.

Briefly, the Signing Officer certifies that he has reviewed the report, that he believes that it does not contain any misleading misstatement or omission, and that it fairly presents the company's financial position and results of operations. The officer also certifies his responsibility for the company's disclosure controls and procedures and internal controls over financial reporting and as to their effectiveness.

Chief Audit Executive

The Chief Audit Executive is a part of the company but generally has reporting relationships to the Audit Committee of the board of directors.

The duties of the Chief Audit Executive include:

  • Status, strategy, and organization of the Internal Audit Department

  • Management/supervision of the internal audit activity

  • Ensuring the timely completion of internal auditing engagements

  • Ensuring that reports on internal auditing engagements are provided to the audit committee with minimum delay

  • Providing an annual holistic opinion on the effectiveness and adequacy of risk management, control, and governance processes

Chief Financial Officer

As well as being one of the signing officers, the CFO obviously heads the departments that are involved in processing of transactions that most directly affect the subledgers and general ledger, the preparation of financial statements, and financial planning and analysis.

Chief Information Officer

In addition to Sarbanes-Oxley (SOX), CIOs and CSOs must understand and achieve compliance with the Health Insurance Portability and Accountability Act (HIPAA) the Payment Card Industry Data Security Standard (PCI DSS) for organizations processing credit card transactions, and the Federal Information Security Management Act (FISMA) for federal agencies as well as many other global, national, and industry-wide regulations and mandates.

IT governance includes writing IT policies that define who within an organization is responsible for key decisions with regards to IT adoption and usage, who is held accountable for such decisions, and how results are monitored and measured. Implementing IT governance strategies includes assigning committees to steer technology adoption, architectural reviews, and project analysis. Governance is about processes, which should support consistent and transparent methods for managing your information technology acquisitions and usage.

The CIO is also responsible for IT risk management. Risk management requires adapting to constantly changing business requirements and monitoring what technologies are deployed within the organization Risk management encompasses surviving a constantly changing threat landscape by tightening and optimizing an organization's information security, both perimeter and internal, while improving business agility and efficiency.

The CIO is also responsible for IT compliance approaches, governance by designing, assessing, and implementing controls. These controls must map back to the various industry requirements and best practices that ultimately determine success or failure during an IT audit.

Chief Operating Officer

Many of the controls in the business are part of the processes and procedures operating in the Business Units themselves. For example, your revenue line might be unreliable due to side contracts that are made by your salespeople. Management in the business is responsible for the design of the controls and certifying their effectiveness.

The Audit and Compliance process

The following figure explains the Audit and Compliance process starting with the establishment of the program office and ending with certified financial statements:

While there are many processes that support and feed into the audit processes process, it is important to realize who the players are at the end of top level process. The process has to make evident to investors and regulators that risks are managed. Once an Audit and Compliance process is established, it goes through a risk assessment, audit planning, documentation phase, a testing phase, and a reporting phase, before the results are combined with the financial disclosures and signed by the management.

Risk Assessment phase

In the Risk Assessment phase, you will be cataloging the risks to the objectives of the business and asking questions such as "What can go wrong?". There are many methodologies, tools, and focuses for this. One methodology is to review the financial statements by subsidiary and highlight the lines that are material and then start to investigate the risks to which that line is exposed. For example, if a subsidiary constitutes less than five percent of the revenue of the enterprise, its revenue line may not be material. For one of the subsidiaries, the revenue line may be subject to risks of mistatement. For example, if revenue is claimed when customers have vouchers outstanding. Other methodologies include facilitated workshop methods and survey methods.

Audit Planning phase

In the Audit Planning phase, you will create a set of audit engagements, each with a defined scope and projected timeframe. Scope may be defined in terms of process, business units, and subsidiaries. The scope sets a boundary around the set of risks and controls that will be tested. An engagement itself is a project that has an engagement manager and a set of auditors assigned. The audit and its scope is generally authorized through an engagement letter addressed to the management and authorized from the Chief Audit Executive or audit committee. It may well include a records request for access to records that are within the scope of the audit.

Documentation phase

As you kick off the program, you will probably establish a program office. The controls will need to be cataloged, but they are generally organized by processes, and the processes and procedures themselves may be controls in and of themselves. The testing phase will be performed within the legal entities and business units of the enterprise, so the enterprise structure needs to be documented.

Testing phase

The testing phase will include a risk assessment to prompt the management to think about the risks to the mission of the enterprise. When the risks have been cataloged, the scope of the audit and the audit plan can be set. The scope may be set in terms of the processes, business units, or individual controls. The audit plan is broken down into individual engagement projects that have their own scope, where controls are tested and the results reported back to the Chief Audit Executive. Management may also be testing controls themselves and providing self assessments of the effectiveness of those controls.

Reporting phase

The reporting phase brings together management testing and the results of audit operations to be able to arm management and the directors with the information they need to certify the financial statements.

The Chief Audit Executive will need to keep the audit committee apprised of the findings in the audit engagements.

Relationships between entities, accounts, process, risk controls, and tests

We should always remember that the end goal is that we can prove to the investors that management and directors have worked with due diligence to govern the company, assess risks to the enterprise and its mission, and comply with applicable laws and regulations.

We should look at an example of a process, a risk, a control, and a test:

In this example, a subsidiary of Infission runs the U.S. Operations. Part of the results for the subsidiary is the revenue line. The receivables management process has a material impact on what is reported as revenue. There is an inherent risk that we may apply improper revenue recognition policies. For example, we may recognize revenue, even though we have written into the contract that the customer has right of return if the product does not perform as specified, within 90 days. The control may be that every contract with revenue over 100,000 dollars is reviewed by the Revenue Recognition Team. That control may be tested by generating a report of all contracts over 100,000 and testing for revenue recognition approval.

GRC Capability Maturity Model

The governance process itself can start small in a fairly ad hoc manner and can mature to where the governance processes are truly optimized. The IT Policy Compliance Group, an industry and advisory consortium adapted the Capability Maturity Model first published by The Carnegie Mellon Software Engineering Institute to the GRC Domain. It has provided a way for companies to measure where they are on the spectrum, and give themselves a sense of how far they have to go and the costs and benefits in getting there.

The following figure shows the levels in the Capability Maturity Model and the process characteristics at each of the levels:

We will be revisiting the Capability Maturity Model to see how different pieces of our GRC solution help move us along the spectrum towards optimizing our controls footprint, minimizing the costs, maximizing the repeatability, and ensuring we have measurable results that can be expressed in terms of business value. The IT Policy Compliance Group provides standardized assessments to help companies measure where they are.

Summary

In this chapter, we have introduced the GRC Concepts and explained the breadth of tools that Oracle has, to address the GRC problems. We have introduced the fictional company with whom we will be taking the governance, risk, and compliance journey. We have also introduced the key roles that have a stake in the governance, risk, and compliance process and explained what that stake is. We have shown the overall risk management and compliance process at a very high level to see how the information comes together for the signing officers to certify to the investors in the enterprise that the risks are managed and the controls are effective. We have illustrated how a sample process, risk, and control are related to a financial statement line for a subsidiary within the enterprise and explained how the process can move from an ad hoc manual process to a repeatable, automated, and optimized solution over time.

In the next chapter we will introduce the Governance theme with Corporate Governance. We will take a look at key strategic issues that Infission faces as an enterprise and also how to craft and communicate the strategic intent of Infission.

Left arrow icon

Page 1 of 7

Right arrow icon

Key benefits

  • Governance: In depth coverage of corporate, IT, and security Governance, which includes important topics such as strategy development and communication, strategic reporting and control, and more
  • Risk Management: Creating a risk management program, performing risk assessment and control verification, and more
  • Compliance Management: Cross-industry, cross-regional laws and regulations, industry-specific laws and regulations, region-specific laws and regulations
  • To maximize real world learning, the book is built around a fictional company establishing its governance processes
  • Written by industry experts with more than 30 years combined experience

Description

It seems that every year since the Enron collapse there has been a fresh debacle that refuses to lower the spotlight from corporate Governance, Risk, and Compliance management.Before Sarbanes Oxely forced company managers to become risk conscious, if you asked a chief executive whether he thought he had adequate internal controls, the most likely answer would have been "What is an internal control?" This is clearly no longer the case. Every week some story breaks detailing a lack of good governance, a failure to plan for a foreseeable catastrophe or a failure to comply with an important law or regulation. These stories bring GRC themes into public view, and public scrutiny, and make management and directors keen to show they have put their best efforts forward to govern their companies well, manage risks to the enterprise, and to comply with all applicable laws.Perhaps only Oracle and SAP are in a position to really address all three aspects. The mission of GRC applications is to ensure that the managers and directors of Enterprises that run such applications have a strong defensible position. Written by industry experts with more than 30 years combined experience, this book covers the Governance, Risk Management and Compliance Management of a large modern enterprise and how the IT Infrastructure, in particular the Oracle IT Infrastructure, can assist in that governance. This book is not an implementation guide for GRC products rather it shows you how those products participate in the governance process, how they introduce or mitigate risk, and how they can be brought into compliance with best practice, as well as applicable laws and regulations.The book is divided into three major sections:Governance ñ where we discuss the strategic management of the enterprise, setting plans for managers, making disclosures to investors, and ensuring that the board knows that the enterprise is meeting its goals and staying within its policies.Risk Management ñ where we discuss audit disciplines. This is where we work out what can go wrong, document what we have to do to prevent it from going wrong and check that what we think prevents it going wrong - actually works! We move through the various sub-disciplines within the audit profession and show what tools are best suited from within the Oracle family to assist.Compliance Management ñ where we map the tools and facilities that we have discovered in the first two sections to frameworks and legislations. We give this from an industry and geography agnostic viewpoint, and then drill into some specific industries and countries.We neither stay in the narrow definition of GRC applications, nor limit ourselves to the Business Applications but take you to the most appropriate places in the full Oracle footprint. The book is written from the perspective of big GRC. It is not an implementation manual for the GRC products, although we hope you can get the best out of the GRC products after reading this book. We discuss many applications and technology products that are not in the GRC product family.

What you will learn

Master Oracle s Balanced Scorecard that helps management govern the enterprise through the development and communication of strategy for the enterprise Trace execution of the strategy that was laid out in the balanced scorecard through Oracle Business Intelligence Express security priorities and objectives in the form of a balanced scorecard and ensure that the objectives are in line with the corporate strategy Perform risk assessment and control verification Capture whistleblower complaints by setting up a guest account in iSupport Develop and maintain control documentation that will be effective in the verification of controls included in the audit plan Complete coverage of Management Testingóits uses, approach and techniquesówhich is a critical phase of the GRC program Manage your internal Audit Function and learn how it is assisted through access controls, preventative controls, and configuration controls Describe IT Audit activities; provide an approach for managing the IT audit program and review examples of automating IT Audit activities Look at regulations that apply to particular industries and manage major compliance issues in high tech manufacturing, pharmaceutical and life sciences, and banking Build and manage an integrated compliance platform to address regional regulations in major economic zones around the world.

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now

Product Details

Publication date : Aug 24, 2012
Length 488 pages
Edition : 1st Edition
Language : English
ISBN-13 : 9781849681704
Vendor :
Oracle
Category :
Business & Other
Concepts :
Operations Management
Tools :
Oracle GRC (Beginner)

Table of Contents

22 Chapters
Governance, Risk, and Compliance Handbook for Oracle Applications Chevron down icon Chevron up icon
Governance, Risk, and Compliance Handbook for Oracle Applications
Credits Chevron down icon Chevron up icon
Credits
Foreword Chevron down icon Chevron up icon
Foreword
About the Authors Chevron down icon Chevron up icon
About the Authors
Acknowledgement Chevron down icon Chevron up icon
Acknowledgement
About the Authors Chevron down icon Chevron up icon
About the Authors
Acknowledgement Chevron down icon Chevron up icon
Acknowledgement
About the Reviewers Chevron down icon Chevron up icon
About the Reviewers
www.PacktPub.com Chevron down icon Chevron up icon
www.PacktPub.com
Preface Chevron down icon Chevron up icon
Preface
Introduction Chevron down icon Chevron up icon
Introduction
How this book is organized
Definitions
Oracle's Governance Risk and Compliance Footprint
The Audit and Compliance process
GRC Capability Maturity Model
Summary
Corporate Governance Chevron down icon Chevron up icon
Corporate Governance
Developing and Communicating Corporate Strategy with Balanced Scorecard
Communicating and confirming Corporate Strategy with iLearning
Managing Records Retention Policies with Content Management Server
Financial planning and analysis with Hyperion FR
Monitoring Execution with Oracle Business Intelligence
Enterprise Risk Management
Whistle-blower protections
Summary
Information Technology Governance Chevron down icon Chevron up icon
Information Technology Governance
Developing and communicating IT strategy with balanced scorecards
Maintaining a valid configuration
Service desk administration through Oracle Enterprise Manager
Summary
Security Governance Chevron down icon Chevron up icon
Security Governance
Security balanced scorecard
System wide advice
Summary
Risk Assessment and Control Verification Chevron down icon Chevron up icon
Risk Assessment and Control Verification
InFission approach for Risk Assessment and Control Verification
Oracle's GRC Manager and Intelligence—risk assessment and control verification system
Summary
Documenting Your Controls Chevron down icon Chevron up icon
Documenting Your Controls
Process and procedure documents
InFission approach for managing process and procedure documents
Managing process documents in Oracle GRC Manager
Risks and controls documents
InFission approach to risk and controls documentation
Managing risks in Oracle GRC Manager
Managing controls in Oracle GRC Manager
Managing control documentation lifecycle in GRC Manager
Summary
Managing Your Testing Phase: Management Testing and Certifying Controls Chevron down icon Chevron up icon
Managing Your Testing Phase: Management Testing and Certifying Controls
Management testing for internal audit program
Management testing for Regulatory Compliance Audits
Management testing for Enterprise Risk Management
InFission's approach to management testing
Management testing using Oracle GRC Manager
Summary
Managing Your Audit Function Chevron down icon Chevron up icon
Managing Your Audit Function
Audit planning
Internal controls assessment
Audit report
Summary
IT Audit Chevron down icon Chevron up icon
IT Audit
InFission IT Audit approach
Automated application controls using Oracle GRC Controls Suite
Summary
Cross Industry Cross Compliance Chevron down icon Chevron up icon
Cross Industry Cross Compliance
Sarbanes-Oxley
ISO 27001 — Information Security Management System (ISMS)
Control Objectives for IT (COBIT)
California Breach Law
Healthcare Information Portability and Protection Act (HIPPA)
Payment Card Industry (PCI)
Federal Sentencing Guidelines
Summary
Industry-focused Compliance Chevron down icon Chevron up icon
Industry-focused Compliance
Hi-tech manufacturing
Environmental compliance and ISO 14000
RoHS WEEE
Life sciences and medical instrument manufacturing
Banking and financial services
Summary
Regional-focused Compliance Chevron down icon Chevron up icon
Regional-focused Compliance
Regulatory compliance in major economic regions
Managing regional compliance using Oracle GRC Manager
Summary

Recommendations for you

Left arrow icon
Microsoft Defender for Endpoint in Depth: Take any organization's endpoint security to the next level
Microsoft Defender for Endpoint in Depth: Take any organization's endpoint security to the next level
Mar 2023 362
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
CompTIA Security+: SY0-601 Certification Guide: Complete coverage of the new CompTIA Security+ (SY0-601) exam to help you pass on the first attempt, Second Edition
CompTIA Security+: SY0-601 Certification Guide: Complete coverage of the new CompTIA Security+ (SY0-601) exam to help you pass on the first attempt, Second Edition
Dec 2020 550
ebook
eBook
  • ebook eBook $16.99
  • print Print $30.99
$16.99 $24.99
$30.99
Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks, Third Edition
Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks, Third Edition
Feb 2023 618
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
Feb 2022 742
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
  • audiobook Audiobook $45.99
$29.99 $43.99
$54.99
$45.99
Effective Threat Investigation for SOC Analysts: The ultimate guide to examining various threats and attacker techniques using security logs
Effective Threat Investigation for SOC Analysts: The ultimate guide to examining various threats and attacker techniques using security logs
Aug 2023 314
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Keycloak - Identity and Access Management for Modern Applications: Harness the power of Keycloak, OpenID Connect, and OAuth 2.0 to secure applications, Second Edition
Keycloak - Identity and Access Management for Modern Applications: Harness the power of Keycloak, OpenID Connect, and OAuth 2.0 to secure applications, Second Edition
Jul 2023 350
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities
Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities
Jul 2023 328
ebook
eBook
  • ebook eBook $32.99
  • print Print $59.99
$32.99 $47.99
$59.99
Mastering Microsoft 365 Defender: Implement Microsoft Defender for Endpoint, Identity, Cloud Apps, and Office 365 and respond to threats
Mastering Microsoft 365 Defender: Implement Microsoft Defender for Endpoint, Identity, Cloud Apps, and Office 365 and respond to threats
Jul 2023 572
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam
CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam
Mar 2022 654
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
  • audiobook Audiobook $44.99
$27.98 $39.99
$49.99
$44.99
Mastering Windows Server 2022: Comprehensive administration of your Windows Server environment, Fourth Edition
Mastering Windows Server 2022: Comprehensive administration of your Windows Server environment, Fourth Edition
May 2023 720
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
Right arrow icon

Customer reviews

Filter icon Filter
Top Reviews
  • Top Reviews
  • Most Recent
Rating distribution
Empty star icon Empty star icon Empty star icon Empty star icon Empty star icon 0
(0 Ratings)
5 star 0%
4 star 0%
3 star 0%
2 star 0%
1 star 0%

Filter reviews by

No reviews found

People who bought this also bought

Left arrow icon
Privilege Escalation Techniques: Learn the art of exploiting Windows and Linux systems
Privilege Escalation Techniques: Learn the art of exploiting Windows and Linux systems
Nov 2021 340
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
Feb 2022 742
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
  • audiobook Audiobook $45.99
$29.99 $43.99
$54.99
$45.99
Cybersecurity – Attack and Defense Strategies: Improve your security posture to mitigate risks and prevent attackers from infiltrating your system, Third Edition
Cybersecurity – Attack and Defense Strategies: Improve your security posture to mitigate risks and prevent attackers from infiltrating your system, Third Edition
Sep 2022 570
ebook
eBook
  • ebook eBook $22.99
  • print Print $41.99
$22.99 $33.99
$41.99
Mastering Windows Security and Hardening: Secure and protect your Windows environment from cyber threats using zero-trust security principles, Second Edition
Mastering Windows Security and Hardening: Secure and protect your Windows environment from cyber threats using zero-trust security principles, Second Edition
Aug 2022 816
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Cybersecurity Career Master Plan: Proven techniques and effective tips to help you advance in your cybersecurity career
Cybersecurity Career Master Plan: Proven techniques and effective tips to help you advance in your cybersecurity career
Sep 2021 280
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
  • audiobook Audiobook $32.99
$27.98 $39.99
$49.99
$32.99
Pentesting Web Applications: Testing real time web apps [Video]
Pentesting Web Applications: Testing real time web apps [Video]
Nov 2017
video
Video
  • video Video $130.99
$130.99
Right arrow icon

Authors (2)

Profile icon Adil Khan
Adil Khan is a Senior Director at FulcrumWay with over 15 years of experience in enterprise business systems. Adil also serves on the board of the Oracle Applications Users Group Internal Controls and Security Interest Group (OAUG-ICSSIG). At FulcrumWay, Adil has successfully designed and implemented internal controls management systems for more than 15 global companies listed on NYSE and NASDAQ. His expertise includes streamlining and automating Governance Risk and Compliance processes based on industry standards such as ERM-COSO and CoBIT. Prior to FulcrumWay, Adil served as a board member and Chief Executive Officer of ALTM - a public company listed on the NASDAQ.
Read more
See other products by Adil Khan
Profile icon Nigel King
Nigel King is Vice President for Functional Architecture for Fusion Applications. As such he leads a band of architects whose job it is to steward the designs and underpinnings for those things that span product families. He has been working for Oracle for 17 years. In that time he has worked mostly in Applications Development. Nigel has worked in many areas of Applications, starting off in Distribution Management and then leading Oracle Applications first venture into Business Intelligence, and Product Lifecycle Management Applications. A restless observer and inventor, Nigels real passion has always been to see a problem defined, and in being defined well, resolved. By first profession Nigel is a Chartered Management Accountant. He is also a Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) and Certified Information Security Professional (CISSP). He swears that as soon as he gets the book finished he will catch up with his continuing professional education credits (CPE). Nigels Patents include, Methods and systems for portfolio planning, Audit management workbench, Internal audit operations for Sarbanes Oxley compliance and Audit planning. He was fortunate to be hanging around at Oracle when the whole Enron thing happened. A decade later and GRC Apps have been born, been new, grown old and are now suffused into many of the applications that surround them. Nigel is also Chairman of the Open Applications Group. The Open Applications Group is a 501(c)(6) not-for-profit standards development organization (SDO). Our community is focused on building process-based business standards for eCommerce, Cloud Computing, Service Oriented Architecture (SOA), Web Services, and Enterprise Integration. The OAGi Specification includes ICXML, an XML specification for the exchange or risk and control libraries. Before joining Oracle, Nigel worked in what he now considers the real world, first as an Accountant and then selling and implementing business systems. He gained insights in the high technology sector working for Philips, the consumer packaged goods sector working for Homepride Foods and Jeyes Group and was introduced to the software world through Business Technology Consultants. Nigel also co-authored the eBusiness Suite, Manufacturing and Supply Chain handbook. You can also trace Nigels thinking on GRC at ISACAs international conferences over the years. 2005, An Overview of Emerging Tools and Technologies for Auditors, 2006 Compliant Access Provisioning, 2008 Security Provisioning for Outsourced Services. Nigel is also a licensed boxer, keen soccer player and coach, and Boston qualifying marathon runner. Nigel lives with his beautiful wife Anita and their soccer fanatic son Ansel in San Mateo, California.
Read more
See other products by Nigel King
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.