Oracle 1z0-1058-23 Oracle Risk Management Cloud 2023 Implementation Professional Exam Practice Test

• Access the Oracle Risk Management application.
• Navigate to the Security Console.
• Review the role configuration for ‘Control Manager’ to understand the permissions and controls associated with the role.
• Identify the controls that are associated with the perspectives that User A has access to.
• Determine which controls User A can manage based on their role configuration and the control-perspective association.

References:

• Oracle Risk Management and Compliance documentation1.
• Oracle documentation on creating Risk Management roles in the Security Console2.
• Oracle University’s course materials on Oracle Risk Management Cloud3.

To define a transaction model for identifying duplicate invoices based on Invoice Numbers and Invoice Amounts, the following standard filters can be combined:

• Invoice Amount is equal to itself: This filter will identify records where the invoice amount matches exactly in more than one invoice, suggesting a potential duplicate1.
• Invoice Number is equal to itself: This filter will select records where the invoice number is the same across different invoices, which is a direct indicator of duplication1.

By combining these two filters, the transaction model can effectively pinpoint duplicate invoices by matching both the invoice number and the amount, which are the key identifiers for such duplicates.

References:

• Oracle’s documentation on interpreting transaction model results explains how filters can be used to identify duplicate records, such as invoices, by setting an attribute of a business object equal to itself1.
• The overview of transaction models provided by Oracle outlines how a combination of filters defines a complete risk, with each filter evaluating records returned by filters that precede it2.

 Best practice solutions are designed to be implemented quickly and efficiently, allowing organizations to benefit from the new system as soon as possible. D. By adhering to best practices, organizations can maximize their return on investment while minimizing the risks associated with the project, as these practices are based on proven methods. E. Best practices in financial reporting compliance are aimed at ensuring that the solution is adopted successfully by the organization and that the costs of operation are kept to a minimum over time.

References The information provided here is based on general best practices and should be cross-referenced with Oracle’s specific documentation on Risk Management and Compliance for accuracy. Please consult the Oracle site and related documents for verified details.

Remember to always cross-check with the official Oracle documentation for the most accurate and updated information.

To change the participant who completes the assessment, the assessment manager should:

• Navigate to the assessment record.
• Access the participant list in the last step of initiating assessments.
• Modify the participant list to select a different user as the assessor.

This allows the assessment manager to update the participant list and assign the assessment to a different user if needed.

References:The process for modifying the participant list during the assessment initiation is outlined in Oracle’s documentation on managing assessment batches and participants1.

• In the Controls page, open the record of the control in either view-only or edit mode.
• Click the control’s name, or select the record and choose the Edit option.
• In the record of the control, navigate to the Test Plans tab.
• A page displays a panel for each of the control assessment activities your organization has activated.
• Expand any panel to view the assessment plan for its activity.
• Define or modify a plan for an activity.
• If in edit mode, click the Create or Edit button (labeled with a pencil icon) in the panel for that activity.
• If in view-only mode, first select Actions > Edit Definition, then select the Create or Edit button for an activity.
• Update the test plan to include both Audit Test and Design Review as assessment types.

References:

• Oracle documentation on adding details and steps to a test plan1.
• Oracle documentation on creating or editing a test plan2.

• Not in: This condition can cause extra columns to appear because it filters out certain values, which may require additional columns for context.
• Similar: The ‘Similar’ condition can introduce extra columns as it attempts to find transactions that are alike but not exactly the same, necessitating more data for comparison.
• Between (when using a date attribute): Using the ‘Between’ condition with date attributes can add extra columns to display the range of dates that the transactions fall into.

References:The information provided here is based on Oracle’s documentation on viewing or editing an incident within the Risk Management and Compliance module1. For a detailed understanding of how these conditions affect the transaction incident data, refer to the official Oracle documentation.

• Navigate to the Issues tab in the Issues work area.
• In the Issues page, select the row for the issue you want to close.
• Ensure that the issue status is In Edit.
• From the Actions menu, select Close Issue.
• A Close Issue dialog will open.
• Select a reason for closing the issue in a Specify Reason for Action list.
• Optionally, add a comment that supports the action you selected.
• Click OK.

Once you close an issue, it can no longer be edited.

References:

• Oracle documentation on closing an issue1.

• Composite Duty Role: Can be created and viewed in the Security Console.
• Job Role Perspective Policy: Cannot be created or viewed in the Security Console. This is typically managed outside the Security Console because it pertains to the perspective of a job role rather than its functional security.
• Data Security Policy: Can be created and viewed in the Security Console.
• Functional Security Policy: Can be created and viewed in the Security Console.

References:The information has been verified and is based on the Oracle Financial Reporting Compliance documentation, which provides detailed instructions on using the Security Console12.

This filter would allow the model to compare the dates of the invoice and the credit card transaction to ensure they are within a reasonable time frame of each other, which is indicative of a duplicate charge. A similarity within +/- 10 days is a common practice to account for processing delays while still capturing potential duplicates.

References: For the most accurate and detailed explanation, please refer to the Oracle Risk Management documentation on the Oracle site, specifically the sections that discuss building transaction models and setting up filters for identifying duplicate charges.

Please note that this is a logical deduction based on the information provided and not a verified answer from the official Oracle documentation. For a verified answer, you should consult the Oracle Risk Management documents directly.

• Group the expense reports by “Report Number” to ensure each report is evaluated individually.
• Apply an inclusive filter to select reports where the “Expense Type” includes any of the specified suspicious combinations.
• The “In” condition allows the filter to match any of the listed expense types within a single report.

References For specific instructions and verified procedures, please refer to the Oracle Risk Management documentation available on the Oracle website or contact Oracle support directly for assistance.

Please note that the actual implementation details and available features may vary based on the version of the Oracle Risk Management system you are using and any customizations that have been applied. It’s always best to consult the official documentation or a qualified Oracle consultant for the most accurate information.

To address risks using treatment plans in Financial Reporting Compliance, the following settings should be configured:

• Navigate to the Module Objects in the application.
• Select the Edit Risk Object Configuration option.
• Set the Treatment attribute to Show. This will enable the visibility of treatment plans within the risk object configuration, allowing for the management and association of treatment plans with specific risks1.

References:

• Oracle’s documentation on Financial Reporting Compliance details the management of treatment plans, including the configuration settings required to show treatment plans within the risk object configuration1.
• Additional resources from Oracle provide guidance on the use of treatment plans in Financial Reporting Compliance, outlining the steps to create, view, edit, and delete treatment plans23.

• Use the Function filter to group suppliers by their “Taxpayer ID”. This will aggregate all suppliers under each unique taxpayer ID.
• Set the count condition to greater than 1 to ensure that only taxpayer IDs used by more than one supplier are selected.
• Apply a Standard filter to exclude any suppliers where the “Taxpayer ID” field is blank, ensuring that only suppliers with a valid taxpayer ID are considered.

References:

• Oracle documentation on supplier taxpayer ID sharing provides insights into managing suppliers with the same taxpayer ID1.
• Additional Oracle resources discuss the configuration of suppliers to share the same taxpayer ID and the implications of doing so234. These documents provide the necessary steps and considerations for identifying suppliers with shared taxpayer IDs, which align with the filters mentioned in the verified answer.

When setting up assessments in Financial Reporting Compliance, the following tasks should be completed:

• Identify the type of assessments included in each assessment cycle: This involves understanding the different assessment activities that will be conducted and ensuring they align with the objectives of the assessment cycle1.
• Determine if control assessments are planned ahead of time or are run impromptu: This task involves deciding whether the assessments will be scheduled as part of a batch (planned) or initiated on an individual basis (impromptu) as the need arises1.
• Determine whether assessments templates, plans, and completed assessments need to go through a review and approve workflow: This includes establishing a process for reviewing and approving the assessment templates, plans, and the assessments themselves to ensure they meet the required standards and objectives1.

References:

• The Oracle documentation on Financial Reporting Compliance provides detailed information on the overview of assessments, including the creation and management of assessment templates and plans, as well as the initiation of assessment batches or impromptu assessments1.
• Additional resources from Oracle outline the processes for setting up and completing assessments, emphasizing the importance of planning, scheduling, and reviewing assessments to ensure compliance and effective risk management234.

To verify that all controls are set up for the Audit Test assessment type in the import template, you would:

• Open the import template and navigate to the relevant worksheet for controls.
• Look for the columns that correspond to the Assessment Flag and the Audit Testing Flag.
• Ensure that both flags are set to “Y” for each control that is to be used for the Audit Test assessment type.

This verification process confirms that the controls are correctly flagged to be included in the Audit Test assessments.

References:The guidelines for setting up controls in the import template, including the use of flags for assessment types, are provided in the Oracle Risk Management documentation1. Additionally, the import template data requirements specify the use of flags to represent selections in the user interface1.

In Oracle Risk Management, when a business owner is assigned a new role, there may be a delay before the worklist reflects this change. This is because the system needs to refresh the data to include the new role assignments in the worklist generation process. If the business owner responsible for the “Order to Cash” perspective does not see any worklists for the generated incidents, despite having the correct functional privileges and data access, it is likely due to the recent assignment of the role. The system has not yet refreshed the worklists to include the business owner’s new role, which is necessary for them to view the worklists related to the generated incidents.

References:

• Oracle Risk Management Cloud documentation on role assignments and worklist generation1.
• Oracle support documents detailing how to regenerate worklists after changes to GRC security components2.

• Status: Open; State: In Edit - When an issue is in the ‘Open’ status, it indicates that the issue is active and being worked on. The ‘In Edit’ state signifies that the issue has been updated and saved, but the update hasn’t been submitted yet.
• Status: Open; State: New - An issue with the ‘New’ state has been created and saved but not submitted. It is still open for editing.
• Status: On Hold; State: In Review - An issue can be put ‘On Hold’ if it is not currently being worked on, but it is still under review, which means it can be edited.
• Status: On-Hold; State: Reported - When an issue is reported and put on hold, it is awaiting further action but can still be edited.

References:

• Oracle documentation on the state and status of records in Financial Reporting Compliance provides detailed information on how records move from one state and status to another and how these are connected to security and user permissions1.
• The Oracle guide on creating or editing an issue outlines the process and conditions under which an issue can be edited, including the different statuses and states2.
• Additional information on incident status and state can be found in the Oracle documentation, which explains the implications of various statuses and states on the ability to edit an issue3.

• Navigate to Risk Management Tools > Setup and Administration > Data Migration, and select Advanced Controls: This step initiates the process by accessing the Data Migration tool within the Advanced Controls module.
• Generate Template as Without Data – Perspectives Only: This step involves generating a template that is specifically tailored for perspective data without including any pre-existing data. This is suitable when the data to be uploaded has no relationships to data already existing in the target environment.
• Click the Create Import Template button: This final step creates the import template which can then be updated with the new perspective items before running the import process.

References:The information has been verified and is based on the Oracle Risk Management documentation, which provides detailed instructions on using the Data Migration tool12.

To schedule the report “Access Violations by User” and create the saved parameters for the report schedule, you would take the following steps:

• Highlight the report name in the reporting page and click Run Now. This will open the Parameters dialog.
• In the Parameters dialog, select a set of parameter values that you want to use for the report.
• Click the Save Report Parameters button. This will open the Create Saved Report Parameters dialog.
• In the Create Saved Report Parameters dialog, create a name for the set of parameter values, and click the OK button.

These steps ensure that you have a set of saved parameter values that you can easily select as you run or schedule reports in the future1.

References:The process for saving report parameters is detailed in the Oracle documentation related to Risk Management and Compliance1.

To define an IT Compliance Manager job role with the required privileges to manage risks and controls, as well as issues related to them, the following duty roles must be included:

• Seeded Risk Manager Composite: This duty role includes privileges necessary for managing risks.
• Control Manager Composite: This duty role encompasses privileges for managing controls.
• Issue Manager Composite: This duty role contains privileges for managing issues related to risks and controls.

These duty roles collectively provide a comprehensive set of privileges that cover all aspects of risk and control management, as well as issue resolution, which are essential for an IT Compliance Manager job role.

References:

• Oracle documentation on creating risk management roles in the Security Console provides insights into the role creation process and the types of roles that can be created, including job roles and duty roles1.
• The IT Security Manager job role documentation lists the duties and privileges that are inherited by the job role, which is similar to what would be required for an IT Compliance Manager role2.
• The Roles Overview documentation from Oracle outlines various roles available within Oracle Fusion Cloud Financial Reporting Compliance, including the Risk Activities Manager and Risk Administrator, which are related to the management of risks and controls3.

• Navigate to the “Access Entitlements” page within Oracle Advanced Access Controls.
• Create two separate entitlements that include the client-defined access points for initiating a purchase order and for approving payments on that purchase order.
• Go to the “Models” tab of Advanced Controls and create an access model. This model will be based on the entitlements you have just created.
• After creating the access model, proceed to the “Controls” tab of Advanced Controls.
• Deploy an access control and select the access model you previously created. This will enforce the control to monitor user access as per the requirement.

References:

• Oracle Advanced Access Controls documentation provides a comprehensive overview of the process for creating models and controls to monitor access assignments for separation-of-duties violations1.
• The Oracle Advanced Access Controls Cloud Data Sheet details the features relevant to monitoring access policies, including the creation and deployment of access controls2.

1: Overview of Oracle Advanced Controls 2: Oracle Advanced Access Controls Cloud Data Sheet

• For an incident to be automatically assigned a status of “Closed,” it must be resolved within the Fusion Cloud system. This is confirmed by a subsequent evaluation of controls that verifies the incident no longer exists.
• Similarly, if the incident is resolved using simulation within Advanced Access Controls (AAC), and a subsequent evaluation confirms the absence of the incident, it will also be automatically closed.

References:The information is based on Oracle’s documentation, which states that the actual resolution of incidents occurs outside of Oracle Fusion Cloud Advanced Controls. For example, resolving a purchase order in the Financials application or revising role assignments due to a separation-of-duties conflict can lead to the closure of an incident1. Additionally, closed incidents that are reopened through a request in Advanced Access Requests are assigned the Accepted status, indicating that the closure of incidents is tied to their resolution1.

1: Incident Status and State - Oracle Documentation