1z0-1058-23 Practice Exam Questions with Answers Oracle Risk Management Cloud 2023 Implementation Professional Certification

• Composite Duty Role: Can be created and viewed in the Security Console.
• Job Role Perspective Policy: Cannot be created or viewed in the Security Console. This is typically managed outside the Security Console because it pertains to the perspective of a job role rather than its functional security.
• Data Security Policy: Can be created and viewed in the Security Console.
• Functional Security Policy: Can be created and viewed in the Security Console.

References:The information has been verified and is based on the Oracle Financial Reporting Compliance documentation, which provides detailed instructions on using the Security Console12.

In Oracle Risk Management, when a business owner is assigned a new role, there may be a delay before the worklist reflects this change. This is because the system needs to refresh the data to include the new role assignments in the worklist generation process. If the business owner responsible for the “Order to Cash” perspective does not see any worklists for the generated incidents, despite having the correct functional privileges and data access, it is likely due to the recent assignment of the role. The system has not yet refreshed the worklists to include the business owner’s new role, which is necessary for them to view the worklists related to the generated incidents.

References:

• Oracle Risk Management Cloud documentation on role assignments and worklist generation1.
• Oracle support documents detailing how to regenerate worklists after changes to GRC security components2.

To build a transaction model that identifies invoices with USD amounts greater than the supplier’s average invoice amount, the filters must be arranged to first calculate the average invoice amount for each supplier, then select only those invoices in USD, and finally compare the invoice amounts to the average. Here’s the correct order:

• Add an “Average” Function filter grouping by “Supplier ID” where “Invoice Amount” is greater than 0. This will calculate the average invoice amount for each supplier.
• Add a standard filter where “Invoice Currency” equals “USD.” This will narrow down the invoices to those in USD currency.
• Add a standard filter where the delivered “Average Value” attribute is less than “Invoice Amount.” This will identify the invoices that are greater than the average amount calculated for each supplier.

References:The arrangement of filters is based on the AND relationship processing order as described in the Oracle Risk Management documentation, which specifies that filters at one level are evaluated before those at the level below it1.

• Access Control Manager - This duty role typically includes permissions for system configuration duties, which are not intended for the “Application Access Auditor” role. Removing this duty ensures the user cannot perform system configurations.
• Advanced Control System Administrator - This duty role also encompasses system configuration responsibilities and administrative privileges over the Advanced Controls setup. Removing this duty prevents the user from having system-wide configuration access, aligning with the client’s requirement for a role focused solely on monitoring.

References:

• The information is based on the Oracle Risk Management documentation, which outlines the responsibilities associated with various duty roles within the Advanced Access Controls framework1.
• Additional details regarding the segregation of duties and the configuration of job roles can be found in the Oracle Advanced Access Controls Cloud Data Sheet2.
• For a comprehensive understanding of the duty roles and their functions, refer to the Overview of Oracle Advanced Controls3.

• Navigate to Monitor Jobs: After initiating an export, a message presents a job ID. You should note this ID and then navigate to the Monitor Jobs page, which is accessible from either the Models or Controls page.
• Click the Export File button: Locate the row displaying the job ID you noted. Once the status displayed in that row reaches ‘Completed’, click the Download icon.
• Open with an HTML editor: The file-download window will offer you options to open or save the export file. Select the Save option and, in a distinct save-as dialog, navigate to the folder you want to save the file in. The download file is saved in .xml format, which can be opened with an HTML editor for review.

References:

• Oracle documentation on exporting models, controls, or conditions1.
• Oracle documentation on managing export jobs2.

Please note that while the steps provided are based on the Oracle documentation, it is always recommended to consult the latest Oracle Risk Management documents for the most current and accurate procedures.

• Validate New Lookup Values: Before importing data, it’s crucial to ensure that any custom list of values, such as Control Frequency, has new lookup values created. This is necessary because the import process relies on these values to correctly map the imported data to the corresponding fields in the Oracle Risk Management system.
• Validate Worksheet IDs: It’s important to check that there are no duplicate worksheet IDs within the same worksheet. Duplicate IDs can cause conflicts and errors during the import process, leading to data corruption or loss.
• Validate System ID Column: The System ID column must be populated correctly to maintain data integrity. This column typically contains unique identifiers for records, which are used to track and manage data throughout the import process.

References:

• For the validation of new lookup values and ensuring the correct population of the System ID column, refer to the best practices outlined in the Oracle documentation on import and export management1.
• The importance of unique worksheet IDs and their validation is discussed in the Oracle Risk Management User Guide, which provides instructions on preparing data for import2.

To verify that all controls are set up for the Audit Test assessment type in the import template, you would:

• Open the import template and navigate to the relevant worksheet for controls.
• Look for the columns that correspond to the Assessment Flag and the Audit Testing Flag.
• Ensure that both flags are set to “Y” for each control that is to be used for the Audit Test assessment type.

This verification process confirms that the controls are correctly flagged to be included in the Audit Test assessments.

References:The guidelines for setting up controls in the import template, including the use of flags for assessment types, are provided in the Oracle Risk Management documentation1. Additionally, the import template data requirements specify the use of flags to represent selections in the user interface1.

To work with records in Financial Reporting Compliance, a user must be both “eligible” and “authorized”. An eligible user who creates a record is automatically authorized as its owner. The owner can edit details of the record, including its data-security configuration. However, if the superuser’s account is created but the synchronization jobs havenot been run, they would not be able to create new Data Security Policies. This is because the synchronization jobs are likely necessary to update the system with the new user’s roles and permissions, allowing them to perform actions such as creating Data Security Policies.

References:Secure Records in Financial Reporting Compliance documentation on Oracle’s website provides detailed information on the eligibility and authorization required for users to work with records1. Additionally, the Using Financial Reporting Compliance guide further describes the process of defining business processes, identifying risks, creating controls, and assessing the validity of those objects over time2.

• Navigate to the Issues tab in the Issues work area.
• In the Issues page, select the row for the issue you want to close.
• Ensure that the issue status is In Edit.
• From the Actions menu, select Close Issue.
• A Close Issue dialog will open.
• Select a reason for closing the issue in a Specify Reason for Action list.
• Optionally, add a comment that supports the action you selected.
• Click OK.

Once you close an issue, it can no longer be edited.

References:

• Oracle documentation on closing an issue1.

• Choose display (or hide) configurable options: This allows users to manage the visibility of configurable options such as results, events, consequences, and treatments within the module.
• Set “object-perspective” association: Users can associate objects with specific perspectives, which helps in organizing and viewing data according to different business dimensions.
• Edit the assessment activity question and guidance text: This step involves customizing the questions and guidance text for various assessment activities to align with the organization’s specific requirements.

References:The information provided is based on the Oracle Risk Management documentation and resources, ensuring accuracy and adherence to the official guidelines12.

Please note that while ‘Create object data import templates’ and ‘View assessment response details for all assessment types’ are valid actions within Oracle Risk Management, they are not listed as steps that can be performed on the Configure Module Objects pages according to the provided documentation.

To create a model that returns users with a specified access point while excluding a specific operating unit, you would need to include both the Access Point and User Business Object in your model. The Access Point allows you to specify the particular access that users have been assigned. The User Business Object enables you to include user-specific information and apply additional filters, such as excluding users associated with a particular operating unit.

References:The information provided is based on the Oracle Risk Management documentation, which details the process of creating access models and the necessary components involved in such models12. It is important to refer to the latest Oracle documentation for the most accurate and up-to-date information regarding Advanced Access Controls.

• Access the Oracle Risk Management application.
• Navigate to the Security Console.
• Review the role configuration for ‘Control Manager’ to understand the permissions and controls associated with the role.
• Identify the controls that are associated with the perspectives that User A has access to.
• Determine which controls User A can manage based on their role configuration and the control-perspective association.

References:

• Oracle Risk Management and Compliance documentation1.
• Oracle documentation on creating Risk Management roles in the Security Console2.
• Oracle University’s course materials on Oracle Risk Management Cloud3.

To define a transaction model for identifying duplicate invoices based on Invoice Numbers and Invoice Amounts, the following standard filters can be combined:

• Invoice Amount is equal to itself: This filter will identify records where the invoice amount matches exactly in more than one invoice, suggesting a potential duplicate1.
• Invoice Number is equal to itself: This filter will select records where the invoice number is the same across different invoices, which is a direct indicator of duplication1.

By combining these two filters, the transaction model can effectively pinpoint duplicate invoices by matching both the invoice number and the amount, which are the key identifiers for such duplicates.

References:

• Oracle’s documentation on interpreting transaction model results explains how filters can be used to identify duplicate records, such as invoices, by setting an attribute of a business object equal to itself1.
• The overview of transaction models provided by Oracle outlines how a combination of filters defines a complete risk, with each filter evaluating records returned by filters that precede it2.

• Filter A is used to select payments from the specified business units (BU1, BU2, BU3, and BU4), excluding BU5.
• Filter B groups the payments by each supplier and sums the payment amounts. This filter is then used to identify suppliers who have been paid more than $100,000 USD across the selected business units.

References:The information is based on the Oracle Risk Management Cloud documentation and resources that discuss transaction models and filtering criteria for identifying specific conditions such as payment amounts to suppliers1.

• Migrate Existing Risk and Control Matrix: As part of the implementation, you may import your existing risk and control framework. This is essential for ensuring that the historical data and established processes are integrated into the new system1.
• Create a Project Plan: A well-defined project plan with clear objectives, goals, and exit criteria is crucial for a structured approach to implementation. This plan will guide the implementation process and help in tracking progress against the set goals1.
• Identify Users: It is important to identify the different users who will interact with the Financial Reporting Compliance system. This includes everyday users, administrators, and those responsible for sustained use. Proper identification and training of these users are key to successful adoption and ongoing use of the system1.

References:

• Implementation Overview of Risk Management1.
• Oracle Risk Management and Compliance 23D - Implement2.
• Oracle Risk Management and Compliance 24A - Implement3.

To correct an incorrect Risk-Control mapping, the following steps should be taken according to Oracle’s documentation:

• From the Data Load Workbench, select the Validation Errors tab.
• Select Fix Maps to access the mappings.
• In the Data Load Mappings screen, identify and fix any errors.
• Click Validate, and then click Save to apply the changes1.

References:

• Oracle Help Center provides a guide on fixing mapping errors in the Data Load Workbench1.
• The overview of Oracle Advanced Controls outlines the process of managing risk and compliance within Oracle applications2.

To bypass the approval process when updating risks, you should ensure that no user is assigned a job role that includes the Risk Reviewer Composite or Risk Approver Composite Duty Role. This configuration prevents the system from initiating the review and approval process each time a risk is updated.

References:

• Bypass the Approval Chain1.
• REST API for Oracle Fusion Cloud Risk Management2.