Risk Management Cloud (RMC)

An implementation of Oracle ERP Cloud has more than 10,000 Privileges and 4,000 Roles out-of-the-box, plus usually hundreds of additional Roles created by the organisation and its implementation team. With limited documentation, identifying the high risk privileges within each process, and hence which users and Roles have Sensitive Access or Segregation of Duties issues, is a major challenge for all organisations running ERP Cloud.

 

Systems Risk Services helps organisations address this challenge through two methods:

 

 

Oracle’s solution integrates directly with their ERP, HCM and PPM Clouds and this allows organisations to be able to easily report on users and Roles with Segregation of Duties issues in ‘real time’.

Newer features in Oracle Risk Management Cloud

 

Oracle Risk Management Cloud continues to add useful functionality to help better control Oracle ERP, HCM and PPM Clouds. For example, from Release 20A onwards, it also allows administrators to assess Segregation of Duties against the specified rules when creating or editing Roles.

 

Additionally it has Role Recertification abilities, which is very useful for organisations that have to reconfirm that access remains appropriate for compliance requirements such as Sarbanes Oxley (SOX) and demonstrate completeness of this recertification.

Oracle and Systems Risk Services partnering to implement Risk Management Cloud

 

Systems Risk Services are proud to be an Oracle Partner to help organisations implement Risk Management Cloud in a controlled, effective and efficient manner. We have experience of helping organisations to:

 

  • Define business cases to identify the likely subscription and implementation costs, business benefits and suggest an implementation approach and timelines that considers both business capacity and controls testing
  • Implement the service – our approach is a combination of:
    • The tool. Implement the RMC tool so that it is available to report access challenges
    • Content. Define best practice content to ensure that Segregation of Duties rules are in line with business requirements
    • Supporting processes. Document and design business processes to ensure the operators understand how to use the tool maintain rules and ensure that the tool and its rules can be maintained in the future. This is particularly important given Oracle’s Quarterly Releases
  • Remediate issues identified – our team has helped more than 50 organisations to remediate Segregation of Duties issues identified, through amending assignments, amending Roles, amending business process operating models or defining and implementing auditing or other mitigating controls

 

Additionally we will make sure that access to the Risk Management Cloud Service itself is restricted and monitoring controls exist around its rules, so that auditors can rely on the results from your reports.

 

If this sounds valuable to your organisation, we would be delighted to work with you on your Risk Management Cloud project. Please contact us for more information.

Case studies

 

Case study 1

For a UK scientific research organisation, they needed to ensure that their existing E-Business Suite access controls would be maintained as part of their move to Oracle ERP and HCM Cloud.

 

Systems Risk Services implemented Oracle Risk Management Cloud, ensuring that the tool was quickly up and running able to produce sample results for Segregation of Duties rules and ready to define the supporting processes and content.

Case study 2

For a telecommunications organisation, their External Auditors had highlighted a number of challenges around Segregation of Duties.

 

Systems Risk Services worked with the organisation and defined the scope, approach and budget for an implementation of Oracle Risk Management Cloud. This allowed the organisation to better understand the business case prior to the implementation.