Governance, Risk, and Compliance

Similar Messages

• Where can I download EGRCM8.0(Governance, Risk and Compliance Manager)

  hi all, i would like to know where I can get EGRCM 8.0(Enterprise Governance, Risk and Compliance Manager)? i can't find it in the Download page.

  Have you tried http://edelivery.oracle.com ?
  HTH
  Srini

• Clarifying the need for Governance Risk and Compliance in Defense

  Since Defense organizations must deal with managing internal compliance efforts and are continually challenged to provide clear evidence of internal controls to stakeholders (executives, legislators, constituents) I beleive there is a need by these organizations to leverage governance, risk and compliance solutions that can help them manage these activities...
  I want to put out a call to the community to see where you may see the need beyond the areas I mentioned above for governance, risk and compliance in Defense

  Hi Dante,
  You are correct; showing compliance is a key driver behind Defense organizations choosing GRC products.  However, your question isn't as easy as providing you with a list of standard reasons for investing in GRC.  What is required is an understanding of each discipline; Governance, Risk and Compliance, and translating these areas into real business scenarios for the customer.  In your example, Compliance is only one aspect in GRC. The Public Sector is open to discussions on Governance and Risk as well.  These organizations establish strategy/policy just like the private sector (Governance), and need to use tools/practices like Risk Management to identify and address threats to their objectives.  Hope this helps.  Dan

• Documentation for  Governance Risk and Compliance Applications Suite

  Hello,
  Can someone please point me the location where to download install guide of Governance Risk and Compliance Applications Suite.
  I check http://www.oracle.com/technology/documentation/grccs.html but download page takes me to a blank page.
  Thanks.

  Pl check again - your link takes me to the doc website without issues
  HTH
  Srini

• SAP Governance, Risk, and Compliance groups on LinkedIn

  SAP has created GRC groups on professional networking site Linkedin. GRC community members are encouraged to join the groups [SAP BusinessObjects Access Control|http://www.linkedin.com/groups?gid=2242896&trk=anetsrch_name&goback=.gdr_1272963580804_3], [SAP Business Objects Global Trade Services|http://www.linkedin.com/groups?gid=2242865&trk=fulpro_grplogo&goback=.gdr_1272963580804_3.anb_2242865_2], [SAP BusinessObjects Process Control|http://www.linkedin.com/groups?gid=2242885&trk=fulpro_grplogo&goback=.gdr_1272963580804_3.anb_2242865_2], and [SAP BusinessObjects Risk Management|http://www.linkedin.com/groups?gid=2242889&trk=fulpro_grplogo&goback=.gdr_1272963580804_3.anb_2242865_*2].

  Hi Pradeep,
  As of my knowledge, there is no Certification currently available for any of the component for GRC ACPCRM. So can check the below links to know more on SAP GRC.
  Link: [http://help.sap.com/content/bobj/sbu/docu_sbs_grcpc_design.htm#] and also
  Link: [http://www.sdn.sap.com/irj/bpx/grc] as suggested by Raghu.
  Thanks,
  Guru

• Custom Risks in Compliance Calibrator?

  Hello,
  Can someone please verify this process for me?
  My understanding is that once you create and configure a custom risk in Compliance Calibrator 5.2, you simply click generate and can then immediately run a risk analysis using the new custom risk.
  Is there any kind of a background job required to synchronise the new custom rule prior to running a risks analysis or any steps that I'm missing?
  Thanks your help is much appreciated,

  Hi Adamo,
     This is the exact process you need to follow. Once you create main risk and generate rules, you should be able to see the risk in CC. Have you enabled the particular risk? You can go to informer and try to run a simulation or ad-hoc analysis on that particular risk.
  Regards,
  Alpesh

• Oracle Service Cloud Achieves Federal Risk and Authorization Management Program Provisional Authority to Operate

  News Summary
  Oracle Service Cloud -- a software-as-a-service (SaaS) solution -- has received a Federal Risk and Authorization Management Program (FedRAMP) moderate provisional Authority to Operate (p-ATO) from the Joint Authorization Board (JAB), comprised of the Chief Information Officers (CIOs) of the U.S. Department of Homeland Security (DHS), U.S. Department of Defense (DOD), and U.S. General Services Administration (GSA).
  News Facts
  Oracle announced that Oracle Service Cloud -- a software-as-a-service (SaaS) solution -- has received a Federal Risk and Authorization Management Program (FedRAMP) moderate provisional Authority to Operate (p-ATO) from the Joint Authorization Board.
  The Oracle Service Cloud is Oracle's premier Software as a Service (SaaS) solution providing the industry's best in class customer service platform for enterprise customers. Oracle customers can deploy Oracle Service Cloud onto a robust, secure infrastructure hosting Oracle's patented customer experience (CX) software applications in an environment accredited to FedRAMP-moderate specifications.
  Oracle Service Cloud has been granted a p-ATO by the FedRAMP's Joint Authorization Board (JAB), the primary governance and decision-making body for the FedRAMP program. A JAB p-ATO provides a government wide view for security and stringent review by the JAB Technical Representatives from the DHS, DOD, and GSA. As a result, government customers can save time and money by leveraging Oracle's JAB approval to grant their own authority to operate without having to go through a full certification and accreditation.
  The rigorous review of Oracle's environment was completed by an accredited third-party organization at the FedRAMP moderate baseline level, for a SaaS offering using a community deployment model.
  Supporting Quotes
  "Oracle is very excited to announce the Service Cloud p-ATO as we continue to work towards meeting our public sector customers' demands for a highly secure, robust suite of cloud solutions built for government," Aaron Erickson, Director of Government Innovation, Public Sector North America, Oracle.
  EMarkets Daily
  Executive Biz
  FCW.com
  Markets Daily
  Tech Taffy
  Business Week
  CNN
  Congoo
  Yahoo Finance

  Have you checked the docs? There are some specific docs for enabling security like http://docs.oracle.com/cd/E18941_01/tutorials/jdtut_11r2_29/jdtut_11r2_29.html
  which guide you through the process.
  Timo

• View change documents for risks and functions

  Is there a way to see what changes have been made to risks and/or functions?  Our SOX group would like to monitor the changes that have been made, who they've been made by and when.  Currently we can go into the individual functions and risks and look at the "Change History" but not sure if there was a way to see a massive list?  Possibly a table that we can pull?
  Thanks for any help!
  Elizabeth

  Hello Elisabeth,
  unfortunately in 5.2, you will have to go to the individual functions.
  5.3 will have a one-click overview for risk/function changes, as well as configuration changes.
  Frank.

• Why system is capturing Log for Document transfer and Compliance check

  Hi All
  Although I have removed
  TD_MAP Movement Data : Document Replication Mapping (Live)
  TD_CCH Movement Data : Compliance check Document (Live)
  in custom document configuration , then also system is capturing log for document transfer and Compliance check result.
  If my understanding is wrong then what is the use of Log control in customs document configuration for
  Document Transfer
  Document Check
  Thanks
  Akhil..

  Hi Akhil,
  For some situations, GTS allows you some control over the logging by specifying the Profile to use.  But if you do not specify a Profile, logging still occurs using the default values in the standard code.
  Regards,
  Dave

• What is the risk, and how to detect, Trojan infection with Flashback/Flashfake? (PowerMac G5 OS X 10.5.8)

  What is the risk, and how to detect, Trojan infection with Flashback/Flashfake? (PowerMac G5 OS X 10.5.8)

  Hey Kappy, without even looking I can tell you anything is better than the GeForce4MX cards, but see
  See japamacs page here on the best AGP cards for G4s & G5s...
  http://www.jcsenterprises.com/Japamacs_Page/Blog/4B4B7BA2-7ABB-47F1-87AC-B03D379 42BEE.html
  Rated slowest on top, fastest on bottom, hopefully japamac will drop in shortly.
  Oh, & they need way more RAM...
  http://www.everymac.com/systems/apple/powermac_g4/specs/powermac_g4_933_qs.html
  http://eshop.macsales.com/MyOWC/Upgrades.cfm?sort=pop&model=155&type=Memory

• ARQ: Problem with Mitigation of a Risk and Request Rejection at the same time???

  Hi All,
  I have configured my workflow in such a way that, when a request reaches a certain approver (who is authorized to mitigate), he has following options available (we have configured this way):
  1. Submit the Request: This will simply approve the request. But I would NOT want him to approve the request if it has violations. First he should mitigate the risks and then approve the request.
  May I know how I can do it? Is this the correct process?
  2. Reject the Request: If he is not ok, he can reject the request. I am ok with this and no action is required.
  3. Forward the Request: If he needs any business clarifications, he can forward the request to the user's manager before mitigating and approving the request. This is also ok for me.
  4. Mitigate the risk: If a request has risk violations, he can mitigate the risks  by clicking on "Mitigate" button on "Risk Analysis" tab.
  Here is the problem I see. The straight forward what he can do is, mitigate the risks and then approve the request (Submit). However, there is one more option with him and that is, he can mitigate the risks and then changes his mind to reject the request!
  If he rejects the request (after mitigating the risks), the mitigation which was done before, is not "UNDONE". Meaning, that user is mitigated though the request is rejected!
  This is very confusing and this way users are simply mitigated for no reason!
  May I know below things:
  1. What is the best way or practice to mitigate risks in a request?
  2. How above explained problem (for point#4) can be addressed?
  3. How I can stop approving a request if it has violations?
  Please advise on this.
  Regards,
  Faisal

  Hi Faisal,
  I try to answer your question (as always ).
  You can configure that at a specifc stage the approver cannot approve if there are risks. Therefore modify the task settings for all the stages and allow/disallow "approve despite risk". For all stages where approval can be given (like role owner stage) you can activate the button so that it is possible to approve even though risks are coming up.
  To make this setting workable you have also to set parameter 1072 (Mitigation of critical risk required before approving the request) to YES.
  Regarding the mitigation which was set but is obsolet after rejection. There is actually a simple way to remove invalid controls. Run the risk analysis and gather information for "Invalid Mitigating Controls".
  In the result you have the option to change or delete the mitigation.
  Does this answer the question(s)?
  Regards,
  Alessandro

• Installing Security and Compliance Manager on Windows 8.1

  Hi
  I am trying to install Security and Compliance Manager on my Windows 8.1 workstation.  The install is trying to install SQL Express 2008 which seems to not be compatible with Windows 8.1 and that is were the install ends.
  I tried installing SQL Express 2012 and then running the install but it looks like the database is not installed.
  Is there a new version of Security and Compliance Manager that addresses this or does anyone know how to set up SQL to accept Compliance Manager?

  Open Regedit and go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
  Delete this key under Session Manager "PendingFileRenameOperations". Restart the installation and it will work fine.
  Cheers,
  Gulab Prasad
  Technology Consultant
  Blog:
  http://www.exchangeranger.com    Twitter:
    LinkedIn:
     Check out CodeTwo’s tools for Exchange admins
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Removing risks and violations in existing SAP Landscape

  There is a landscape where SAP ECC is already installed and we are planning to install AC 5.3. As the roles are already there in ECC Dev system, so we will perform the risk analysis in Dev and once free of risks, move the role to Production. 
  I would like to know, from where to start in already existing sap roles structure to free up them from risks. Do we need to provide the business process roles to indiviual BP Owners like FI roles to FI team and same for others to clear the risks and violations.  Once completed from them, run them in RAR to found any risk violations remaining. If still found, follow the same process till all the roles and clean and can be moved to production.
  Do we need to start from transaction level?
  Any help appreciated.
  Regards,
  Sanjay

  Sanjay,
  there are various ways to achieve that and many replies are already there (pls search similar threads)
  well small summary will be
  1. customize standard rules per your org requirement
  2. role are already existing, hence i expect they were create business wise
  3. run analysis on all the role and have a report in your hand
  4. discuss with various security leads of each buisness, which risk wish to be removed and which one to be mitigated
  5. once done with cleaning of role, it's time you run analysis on users and mitigate or clean...........
  hope it helps
  regards,
  Surpreet

• I cannot get the Quicktime plugin to update from v7.7.3 to the CURRENT 7.6.6 . My plugins view tells me I'm at risk and need to update but try as I might, it won't take. I consider myself and above average Mac User. Please advise. Thank you

  for some inexplicable reason, I cannot get the Quicktime plugin to update from v7.7.3 to the CURRENT 7.6.6 . My plugins view tells me I'm at risk and need to update but try as I might, through all the known update avenues, it won't take. I consider myself and above average Mac User. Please advise. Thank you

  Someone recently noted a problem staying logged on the Huffington Post since it became connected with AOL. The workaround for that is to change your connection setting here:
  orange Firefox button (or Tools menu) > Options > Advanced > Network
  Click the "Settings" button and choose either "No Proxy" or "Use System Settings" option, and OK the change.
  Not sure whether Washington Post could be affected by that same setting.
  In reviewing your extensions, I'm puzzled that you have both DoNotTrackMe and SavvyConnect. The first one seems to aggressively block certain communications with websites (potentially affecting functionality) while the second one seems to report on your browsing habits (they better pay well is all I can say). Have you tried disabling both of those to see whether that has any effect?
  orange Firefox button (or Tools menu) > Add-ons > Extensions category

• I sent an email to a government agency and got a message back that said I was a Spybot.  What does that mean?

  I sent an email to a government agency and got a message back that said I was a spambot.  What does that mean?

  Unfortunately you have  inadvertently become aware that you are in fact a non- human. You are in reality a Bot. Please report to your closest Apple store. Tomorrow everything will be ok and you will once more believe you are human. P.S.  Do not send emails to goverment agencies again you silly Spambot.