Oracle 1z0-1058-23 Oracle Risk Management Cloud 2023 Implementation Professional Exam Practice Test

• Select the type of Oracle Financial Reporting Compliance object you want to relate to the advanced controls you’re deploying. You may select Process, Risk, or Control.
• Select ‘Add Related Object’.
• In a Search dialog, supply parameter values to list a filtered set of Oracle Financial Reporting Compliance objects.
• Click ‘Search’ to list the objects that satisfy your search parameters.
• From the list, select any number of objects, then click ‘OK’.
• As needed, select another type and add objects of that type by repeating steps 1 through 5.

This process allows you to relate new processes and controls to the Financial Reporting Compliance objects.

References:

• Overview of Oracle Financial Reporting Compliance1.
• Relate Controls to Financial Reporting Compliance Objects2.

• Composite Duty Role: Can be created and viewed in the Security Console.
• Job Role Perspective Policy: Cannot be created or viewed in the Security Console. This is typically managed outside the Security Console because it pertains to the perspective of a job role rather than its functional security.
• Data Security Policy: Can be created and viewed in the Security Console.
• Functional Security Policy: Can be created and viewed in the Security Console.

References:The information has been verified and is based on the Oracle Financial Reporting Compliance documentation, which provides detailed instructions on using the Security Console12.

To associate a risk to a control within Oracle Risk Management, you would use the control definition. Specifically, you would navigate to the Related Objects tab within the control definition and add the risk there. This process links the risk directly to the control, allowing for a clear association between the two within the system.

References:The Oracle Cloud Risk Management and Compliance documentation provides insights into how risks and controls are managed within the system, including the association of risks to controls1. Additionally, the Implementing Risk Management guide from Oracle’s official documentation outlines the steps and considerations for setting up and managing risks and controls, which includes associating risks to controls2.

• In the Controls page, open the record of the control in either view-only or edit mode.
• Click the control’s name, or select the record and choose the Edit option.
• In the record of the control, navigate to the Test Plans tab.
• A page displays a panel for each of the control assessment activities your organization has activated.
• Expand any panel to view the assessment plan for its activity.
• Define or modify a plan for an activity.
• If in edit mode, click the Create or Edit button (labeled with a pencil icon) in the panel for that activity.
• If in view-only mode, first select Actions > Edit Definition, then select the Create or Edit button for an activity.
• Update the test plan to include both Audit Test and Design Review as assessment types.

References:

• Oracle documentation on adding details and steps to a test plan1.
• Oracle documentation on creating or editing a test plan2.

• Validate New Lookup Values: Before importing data, it’s crucial to ensure that any custom list of values, such as Control Frequency, has new lookup values created. This is necessary because the import process relies on these values to correctly map the imported data to the corresponding fields in the Oracle Risk Management system.
• Validate Worksheet IDs: It’s important to check that there are no duplicate worksheet IDs within the same worksheet. Duplicate IDs can cause conflicts and errors during the import process, leading to data corruption or loss.
• Validate System ID Column: The System ID column must be populated correctly to maintain data integrity. This column typically contains unique identifiers for records, which are used to track and manage data throughout the import process.

References:

• For the validation of new lookup values and ensuring the correct population of the System ID column, refer to the best practices outlined in the Oracle documentation on import and export management1.
• The importance of unique worksheet IDs and their validation is discussed in the Oracle Risk Management User Guide, which provides instructions on preparing data for import2.

To define a transaction model for identifying duplicate invoices based on Invoice Numbers and Invoice Amounts, the following standard filters can be combined:

• Invoice Amount is equal to itself: This filter will identify records where the invoice amount matches exactly in more than one invoice, suggesting a potential duplicate1.
• Invoice Number is equal to itself: This filter will select records where the invoice number is the same across different invoices, which is a direct indicator of duplication1.

By combining these two filters, the transaction model can effectively pinpoint duplicate invoices by matching both the invoice number and the amount, which are the key identifiers for such duplicates.

References:

• Oracle’s documentation on interpreting transaction model results explains how filters can be used to identify duplicate records, such as invoices, by setting an attribute of a business object equal to itself1.
• The overview of transaction models provided by Oracle outlines how a combination of filters defines a complete risk, with each filter evaluating records returned by filters that precede it2.

The issue described occurs when the Risk Owner role lacks the necessary privileges to access the control object. Even though the risk object has been created and mapped to a control object, if the Risk Owner’s role is not configured with the appropriate permissions, they will not be able to view or interact with the control. This is a common scenario during the implementation phase where roles and permissions need to be carefully assigned to ensure proper access to the risk management system’s features.

References:The explanation is based on the Oracle Risk Management documentation, which provides insights into role-based access and the importance of correct privilege assignment for different roles within the system123.

To bypass the approval process when updating risks, you should ensure that no user is assigned a job role that includes the Risk Reviewer Composite or Risk Approver Composite Duty Role. This configuration prevents the system from initiating the review and approval process each time a risk is updated.

References:

• Bypass the Approval Chain1.
• REST API for Oracle Fusion Cloud Risk Management2.

To verify that all controls are set up for the Audit Test assessment type in the import template, you would:

• Open the import template and navigate to the relevant worksheet for controls.
• Look for the columns that correspond to the Assessment Flag and the Audit Testing Flag.
• Ensure that both flags are set to “Y” for each control that is to be used for the Audit Test assessment type.

This verification process confirms that the controls are correctly flagged to be included in the Audit Test assessments.

References:The guidelines for setting up controls in the import template, including the use of flags for assessment types, are provided in the Oracle Risk Management documentation1. Additionally, the import template data requirements specify the use of flags to represent selections in the user interface1.

• Validate New Lookup Values: Before importing data, it’s crucial to ensure that any custom list of values, such as Control Frequency, has new lookup values created. This is necessary because the import process relies on these values to correctly map the imported data to the corresponding fields in the Oracle Risk Management system.
• Validate Worksheet IDs: It’s important to check that there are no duplicate worksheet IDs within the same worksheet. Duplicate IDs can cause conflicts and errors during the import process, leading to data corruption or loss.
• Validate System ID Column: The System ID column must be populated correctly to maintain data integrity. This column typically contains unique identifiers for records, which are used to track and manage data throughout the import process.

References:

• For the validation of new lookup values and ensuring the correct population of the System ID column, refer to the best practices outlined in the Oracle documentation on import and export management1.
• The importance of unique worksheet IDs and their validation is discussed in the Oracle Risk Management User Guide, which provides instructions on preparing data for import2.

To secure controls based on the company organization using the Oracle Risk Management import template, the following worksheets are essential:

• Perspective Items: This worksheet is used to define values for all perspectives. Each value must have a type code that matches the type code for the perspective it belongs to, which is set in the Perspective worksheet1.
• Controls: The Controls worksheet supplies data that defines the controls themselves. This is crucial for establishing the specific controls that will be secured1.
• Perspective-Control: This worksheet defines how perspective values relate to controls. It is necessary to associate specific controls with the relevant organizational perspectives1.

References:The information is based on the Oracle Risk Management documentation, which details the use of the Data Migration template and its worksheets for importing various types of data, including object data, transaction data, and association data1.

• For an incident to be automatically assigned a status of “Closed,” it must be resolved within the Fusion Cloud system. This is confirmed by a subsequent evaluation of controls that verifies the incident no longer exists.
• Similarly, if the incident is resolved using simulation within Advanced Access Controls (AAC), and a subsequent evaluation confirms the absence of the incident, it will also be automatically closed.

References:The information is based on Oracle’s documentation, which states that the actual resolution of incidents occurs outside of Oracle Fusion Cloud Advanced Controls. For example, resolving a purchase order in the Financials application or revising role assignments due to a separation-of-duties conflict can lead to the closure of an incident1. Additionally, closed incidents that are reopened through a request in Advanced Access Requests are assigned the Accepted status, indicating that the closure of incidents is tied to their resolution1.

1: Incident Status and State - Oracle Documentation

• Reviewing and approving control descriptions: Financial Reporting Compliance allows you to define business processes, identify risks, and create controls to counter those risks. Part of this process involves reviewing and ensuring the accuracy and completeness of control descriptions1.
• Reviewing control assessment results: The platform enables you to assess the validity of the controls over time. This includes reviewing the results of control assessments and any issues related to their effectiveness1.

References:

• Overview of Oracle Financial Reporting Compliance1.
• Oracle Fusion Financial Reporting Compliance Cloud Service2.

To add values to a Risk Type list of values, you need to add the lookup codes to the GRCM_RISK_TYPE Lookup Type. Here’s how you can do it:

• Navigate to the Lookups page in the Setup and Administration work area.
• Click on Create Lookup to open the Create Lookup page.
• In the Lookup Type field, enter GRCM_RISK_TYPE.
• Enter a code in the Lookup Code field. The code should consist of 30 or fewer characters, use upper-case for alphabetic characters, and underscores to fill the space between words.
• In the Meaning field, enter the text that will be presented in the list of values.
• Ensure that the combination of lookup code and meaning is unique.
• In the Status field, select Active to make the new value available for use.

References:

• Manage Lookups documentation from Oracle1.
• Risk Management User Guide2.

In Oracle Risk Management, when you want to identify Controls with the most Incidents, particularly where those Controls account for a significant percentage (like 80%) of all Incidents, you would apply the Pareto principle. This principle is also known as the 80/20 rule, where roughly 80% of the effects come from 20% of the causes. In this context, after importing a custom object that contains the number of incidents associated with each control into a transaction model, you would use the Pareto pattern filter. This filter will help you identify the subset of Controls that are contributing to the majority of Incidents, allowing you to focus on the most critical areas that need attention.

References:

• Oracle Advanced Controls Cloud Service documentation1.
• Overview of Oracle Advanced Controls2.

When setting up assessments in Financial Reporting Compliance, the following tasks should be completed:

• Identify the type of assessments included in each assessment cycle: This involves understanding the different assessment activities that will be conducted and ensuring they align with the objectives of the assessment cycle1.
• Determine if control assessments are planned ahead of time or are run impromptu: This task involves deciding whether the assessments will be scheduled as part of a batch (planned) or initiated on an individual basis (impromptu) as the need arises1.
• Determine whether assessments templates, plans, and completed assessments need to go through a review and approve workflow: This includes establishing a process for reviewing and approving the assessment templates, plans, and the assessments themselves to ensure they meet the required standards and objectives1.

References:

• The Oracle documentation on Financial Reporting Compliance provides detailed information on the overview of assessments, including the creation and management of assessment templates and plans, as well as the initiation of assessment batches or impromptu assessments1.
• Additional resources from Oracle outline the processes for setting up and completing assessments, emphasizing the importance of planning, scheduling, and reviewing assessments to ensure compliance and effective risk management234.

• Navigate to the Issues tab in the Issues work area.
• In the Issues page, select the row for the issue you want to close.
• Ensure that the issue status is In Edit.
• From the Actions menu, select Close Issue.
• A Close Issue dialog will open.
• Select a reason for closing the issue in a Specify Reason for Action list.
• Optionally, add a comment that supports the action you selected.
• Click OK.

Once you close an issue, it can no longer be edited.

References:

• Oracle documentation on closing an issue1.

• Navigate to the Risk Management work area.
• Select the Manage Object Perspectives task.
• Search for the Control-Business Units association.
• In the Required field for the Control-Business Units association, set the value to Yes.
• Save and close the Manage Object Perspectives screen.

This action ensures that when new controls are defined, it is mandatory to assign a Business Units perspective to each control.

References:

• Oracle documentation on managing object perspectives1.

• Create an Imported Business Object: Import the file containing the list of companies into Oracle Risk Management as an imported business object1.
• Select the ‘Payment’ Business Object: Choose Oracle’s delivered “Payment” business object, which includes attributes related to payment transactions2.
• Combine Objects in a Model: Use the transaction model to combine the imported business object with the “Payment” business object1.
• Add a Standard Filter: Implement a standard filter to compare the “Remit to Supplier Name” from the “Payment” object with the “Company Name” from the imported business object. Set the similarity condition to 95% to identify payments made to companies on the list1.

References:

• Oracle’s documentation on Overview of Transaction Models provides insights into how transaction models can uncover transactions that might involve risk, such as payments to unwanted companies.
• The Overview of Business Objects explains how to work with imported objects and combine them with delivered objects for analysis.
• Detailed instructions on Selecting Business Objects for a Transaction Model guide through the process of creating and using filters within a model.

• Navigate to the “Access Entitlements” page within Oracle Advanced Access Controls.
• Create two separate entitlements that include the client-defined access points for initiating a purchase order and for approving payments on that purchase order.
• Go to the “Models” tab of Advanced Controls and create an access model. This model will be based on the entitlements you have just created.
• After creating the access model, proceed to the “Controls” tab of Advanced Controls.
• Deploy an access control and select the access model you previously created. This will enforce the control to monitor user access as per the requirement.

References:

• Oracle Advanced Access Controls documentation provides a comprehensive overview of the process for creating models and controls to monitor access assignments for separation-of-duties violations1.
• The Oracle Advanced Access Controls Cloud Data Sheet details the features relevant to monitoring access policies, including the creation and deployment of access controls2.

1: Overview of Oracle Advanced Controls 2: Oracle Advanced Access Controls Cloud Data Sheet

To define an IT Compliance Manager job role with the required privileges to manage risks and controls, as well as issues related to them, the following duty roles must be included:

• Seeded Risk Manager Composite: This duty role includes privileges necessary for managing risks.
• Control Manager Composite: This duty role encompasses privileges for managing controls.
• Issue Manager Composite: This duty role contains privileges for managing issues related to risks and controls.

These duty roles collectively provide a comprehensive set of privileges that cover all aspects of risk and control management, as well as issue resolution, which are essential for an IT Compliance Manager job role.

References:

• Oracle documentation on creating risk management roles in the Security Console provides insights into the role creation process and the types of roles that can be created, including job roles and duty roles1.
• The IT Security Manager job role documentation lists the duties and privileges that are inherited by the job role, which is similar to what would be required for an IT Compliance Manager role2.
• The Roles Overview documentation from Oracle outlines various roles available within Oracle Fusion Cloud Financial Reporting Compliance, including the Risk Activities Manager and Risk Administrator, which are related to the management of risks and controls3.