PacktLib: Governance, Risk, and Compliance Handbook for Oracle Applications

Governance, Risk, and Compliance Handbook for Oracle Applications

Credits

Foreword

About the Authors

Acknowledgement

About the Authors

Acknowledgement

About the Reviewers

www.PacktPub.com

Preface

Introduction

How this book is organized

Definitions

Oracle's Governance Risk and Compliance Footprint

The Audit and Compliance process

GRC Capability Maturity Model

Summary

Corporate Governance

Developing and Communicating Corporate Strategy with Balanced Scorecard

Communicating and confirming Corporate Strategy with iLearning

Managing Records Retention Policies with Content Management Server

Financial planning and analysis with Hyperion FR

Monitoring Execution with Oracle Business Intelligence

Enterprise Risk Management

Whistle-blower protections

Summary

Information Technology Governance

Developing and communicating IT strategy with balanced scorecards

Maintaining a valid configuration

Service desk administration through Oracle Enterprise Manager

Summary

Security Governance

Security balanced scorecard

System wide advice

Summary

Risk Assessment and Control Verification

InFission approach for Risk Assessment and Control Verification

Oracle's GRC Manager and Intelligence—risk assessment and control verification system

Summary

Documenting Your Controls

Process and procedure documents

InFission approach for managing process and procedure documents

Managing process documents in Oracle GRC Manager

Risks and controls documents

InFission approach to risk and controls documentation

Managing risks in Oracle GRC Manager

Managing controls in Oracle GRC Manager

Managing control documentation lifecycle in GRC Manager

Summary

Managing Your Testing Phase: Management Testing and Certifying Controls

Management testing for internal audit program

Management testing for Regulatory Compliance Audits

Management testing for Enterprise Risk Management

InFission's approach to management testing

Management testing using Oracle GRC Manager

Summary

Managing Your Audit Function

Audit planning

Internal controls assessment

Audit report

Summary

IT Audit

InFission IT Audit approach

Automated application controls using Oracle GRC Controls Suite

Summary

Cross Industry Cross Compliance

Sarbanes-Oxley

ISO 27001 — Information Security Management System (ISMS)

Control Objectives for IT (COBIT)

California Breach Law

Healthcare Information Portability and Protection Act (HIPPA)

Payment Card Industry (PCI)

Federal Sentencing Guidelines

Summary

Industry-focused Compliance

Hi-tech manufacturing

Environmental compliance and ISO 14000

RoHS WEEE

Life sciences and medical instrument manufacturing

Banking and financial services

Summary

Regional-focused Compliance

Regulatory compliance in major economic regions

Managing regional compliance using Oracle GRC Manager

Summary