1z0-1058-23 Practice Exam Questions with Answers Oracle Risk Management Cloud 2023 Implementation Professional Certification

Upon submission, if no user has been assigned the Risk or Control reviewer and approver roles for a newly created risk definition and its associated control, the system automatically places both the risk (R100) and the control (C100) in the “In Review” state. This status indicates that the risk and control are pending review and are not yet approved or active within the system. The “In Review” state serves as a holding status until the appropriate roles are assigned and the review and approval process can be completed.

References:The information is based on the Oracle Risk Management Cloud documentation and resources, which detail the workflow and states of risk and control objects within the system123.

In Oracle Risk Management, a transaction model includes filters that define aspects of risk, then select transactions exhibiting the defined risk. These models, known as “transaction models” in Oracle Advanced Financial Controls, return temporary results. The suspect records identified by a model are replaced each time the model is evaluated. This feature is particularly useful for testing a risk-logic definition before applying it in a control or for auditors assessing the risk inherent in a system at a given moment.

References:

• Overview of Oracle Advanced Controls1.

For importing Risk-Control data into Oracle Risk Management, the .xml format should be used. This is because:

• The .xml format is structured and allows for the definition of custom tags, making it suitable for complex data interchange.
• Oracle documentation specifies that when finishing entering data into the import template, it should be saved in the .xml file format1.

References:The information is based on Oracle’s official documentation regarding the import template data requirements, which outlines the necessary steps and preferred formats for data import into the Risk Management system1.

To add values to a Risk Type list of values, you need to add the lookup codes to the GRCM_RISK_TYPE Lookup Type. Here’s how you can do it:

• Navigate to the Lookups page in the Setup and Administration work area.
• Click on Create Lookup to open the Create Lookup page.
• In the Lookup Type field, enter GRCM_RISK_TYPE.
• Enter a code in the Lookup Code field. The code should consist of 30 or fewer characters, use upper-case for alphabetic characters, and underscores to fill the space between words.
• In the Meaning field, enter the text that will be presented in the list of values.
• Ensure that the combination of lookup code and meaning is unique.
• In the Status field, select Active to make the new value available for use.

References:

• Manage Lookups documentation from Oracle1.
• Risk Management User Guide2.

To populate the Control Method field with a new custom value, such as a third-party application, you would use the Lookup Code of the new lookup value. This process involves navigating to the Lookups page in the Setup and Administration work area, where you can manage the lookup codes and their meanings. Here’s a step-by-step guide:

• Open the Lookups page by selecting the Lookups tab in the Setup and Administration work area.
• Click on ‘Show Filters’.
• In the Meaning field of the Filters panel, enter the value you noted.
• Click ‘Search’ to find the specific lookup code.
• Once you have located the lookup code, you can use it to populate the Control Method field with the new custom value1.

References:

• Oracle Help Center documentation on adding a risk field2.
• Oracle documentation on managing lookups1.

• Choose display (or hide) configurable options: This allows users to manage the visibility of configurable options such as results, events, consequences, and treatments within the module.
• Set “object-perspective” association: Users can associate objects with specific perspectives, which helps in organizing and viewing data according to different business dimensions.
• Edit the assessment activity question and guidance text: This step involves customizing the questions and guidance text for various assessment activities to align with the organization’s specific requirements.

References:The information provided is based on the Oracle Risk Management documentation and resources, ensuring accuracy and adherence to the official guidelines12.

Please note that while ‘Create object data import templates’ and ‘View assessment response details for all assessment types’ are valid actions within Oracle Risk Management, they are not listed as steps that can be performed on the Configure Module Objects pages according to the provided documentation.

• Navigate to the “Access Entitlements” page within Oracle Advanced Access Controls.
• Create two separate entitlements that include the client-defined access points for initiating a purchase order and for approving payments on that purchase order.
• Go to the “Models” tab of Advanced Controls and create an access model. This model will be based on the entitlements you have just created.
• After creating the access model, proceed to the “Controls” tab of Advanced Controls.
• Deploy an access control and select the access model you previously created. This will enforce the control to monitor user access as per the requirement.

References:

• Oracle Advanced Access Controls documentation provides a comprehensive overview of the process for creating models and controls to monitor access assignments for separation-of-duties violations1.
• The Oracle Advanced Access Controls Cloud Data Sheet details the features relevant to monitoring access policies, including the creation and deployment of access controls2.

1: Overview of Oracle Advanced Controls 2: Oracle Advanced Access Controls Cloud Data Sheet

• Migrate Existing Risk and Control Matrix: As part of the implementation, you may import your existing risk and control framework. This is essential for ensuring that the historical data and established processes are integrated into the new system1.
• Create a Project Plan: A well-defined project plan with clear objectives, goals, and exit criteria is crucial for a structured approach to implementation. This plan will guide the implementation process and help in tracking progress against the set goals1.
• Identify Users: It is important to identify the different users who will interact with the Financial Reporting Compliance system. This includes everyday users, administrators, and those responsible for sustained use. Proper identification and training of these users are key to successful adoption and ongoing use of the system1.

References:

• Implementation Overview of Risk Management1.
• Oracle Risk Management and Compliance 23D - Implement2.
• Oracle Risk Management and Compliance 24A - Implement3.

• Validate New Lookup Values: Before importing data, it’s crucial to ensure that any custom list of values, such as Control Frequency, has new lookup values created. This is necessary because the import process relies on these values to correctly map the imported data to the corresponding fields in the Oracle Risk Management system.
• Validate Worksheet IDs: It’s important to check that there are no duplicate worksheet IDs within the same worksheet. Duplicate IDs can cause conflicts and errors during the import process, leading to data corruption or loss.
• Validate System ID Column: The System ID column must be populated correctly to maintain data integrity. This column typically contains unique identifiers for records, which are used to track and manage data throughout the import process.

References:

• For the validation of new lookup values and ensuring the correct population of the System ID column, refer to the best practices outlined in the Oracle documentation on import and export management1.
• The importance of unique worksheet IDs and their validation is discussed in the Oracle Risk Management User Guide, which provides instructions on preparing data for import2.

When a new control is added in Oracle Financial Reporting Compliance and the control owner clicks Submit, the control’s state changes to reflect the stage the record has reached in its workflow. Since users with the Control Reviewer and Control Approver roles exist, the expected outcome is that the control goes into the “Waiting for Approval” state. This state indicates that the control is pending review and approval by the designated users with the appropriate roles.

References:

• State and Status of Records in Financial Reporting Compliance1.
• Overview of Oracle Financial Reporting Compliance2.

When setting up assessments in Financial Reporting Compliance, the following tasks should be completed:

• Identify the type of assessments included in each assessment cycle: This involves understanding the different assessment activities that will be conducted and ensuring they align with the objectives of the assessment cycle1.
• Determine if control assessments are planned ahead of time or are run impromptu: This task involves deciding whether the assessments will be scheduled as part of a batch (planned) or initiated on an individual basis (impromptu) as the need arises1.
• Determine whether assessments templates, plans, and completed assessments need to go through a review and approve workflow: This includes establishing a process for reviewing and approving the assessment templates, plans, and the assessments themselves to ensure they meet the required standards and objectives1.

References:

• The Oracle documentation on Financial Reporting Compliance provides detailed information on the overview of assessments, including the creation and management of assessment templates and plans, as well as the initiation of assessment batches or impromptu assessments1.
• Additional resources from Oracle outline the processes for setting up and completing assessments, emphasizing the importance of planning, scheduling, and reviewing assessments to ensure compliance and effective risk management234.

To work with records in Financial Reporting Compliance, a user must be both “eligible” and “authorized”. An eligible user who creates a record is automatically authorized as its owner. The owner can edit details of the record, including its data-security configuration. However, if the superuser’s account is created but the synchronization jobs havenot been run, they would not be able to create new Data Security Policies. This is because the synchronization jobs are likely necessary to update the system with the new user’s roles and permissions, allowing them to perform actions such as creating Data Security Policies.

References:Secure Records in Financial Reporting Compliance documentation on Oracle’s website provides detailed information on the eligibility and authorization required for users to work with records1. Additionally, the Using Financial Reporting Compliance guide further describes the process of defining business processes, identifying risks, creating controls, and assessing the validity of those objects over time2.

• Functional Security Policy: This selects a set of functional privileges, each permitting the use of a field or other user-interface feature. It defines a policy for a duty role, selecting functional privileges to be inherited by other roles the duty role belongs to1.
• Data Security Policy: These policies apply to Oracle Cloud applications and can be assigned to duty roles. They grant access to work areas, dashboards, task flows, application pages, reports, batch programs, etc2.

References: For the official and verified answer, please refer to the Oracle Risk Management documentation on their website, specifically the sections discussing the creation of roles and the assignment of function security policies and data security policies to duty roles132.

When a new control is created and submitted, its state is set to “In Review” as part of the workflow process. This state indicates that the control is awaiting review by an authorized user. If the user who created the control is not a Control Approver, they do not have the authority to approve the control, and hence, the control remains in the “In Review” state until an authorized Control Approver reviews and accepts the control, changing its state to “Approved.”

References:

• Review or Approve Objects1
• State and Status of Records in Financial Reporting Compliance2

To meet the requirement for performing Design Review and Certification assessment for all controls, the client can choose two options:

• Option A: This option might involve using pre-built assessment templates that are aligned with industry standards and best practices. By selecting this option, the client can ensure a consistent and thorough review of all controls, leveraging the expertise embedded in these templates.
• Option E: This option could include the creation of custom assessment plans tailored to the specific needs of the client’s organization. Custom plans allow for flexibility and can address unique aspects of the client’s controls that may not be covered by standard templates.

Both options provide a structured approach to conducting Design Review and Certification assessments, ensuring that all controls are evaluated effectively and in accordance with the client’s requirements.

References:The answers are based on the Oracle Risk Management Cloud documentation, which includes detailed descriptions of the assessment processes and options available within the system123.

• Create an Imported Business Object: Import the file containing the list of companies into Oracle Risk Management as an imported business object1.
• Select the ‘Payment’ Business Object: Choose Oracle’s delivered “Payment” business object, which includes attributes related to payment transactions2.
• Combine Objects in a Model: Use the transaction model to combine the imported business object with the “Payment” business object1.
• Add a Standard Filter: Implement a standard filter to compare the “Remit to Supplier Name” from the “Payment” object with the “Company Name” from the imported business object. Set the similarity condition to 95% to identify payments made to companies on the list1.

References:

• Oracle’s documentation on Overview of Transaction Models provides insights into how transaction models can uncover transactions that might involve risk, such as payments to unwanted companies.
• The Overview of Business Objects explains how to work with imported objects and combine them with delivered objects for analysis.
• Detailed instructions on Selecting Business Objects for a Transaction Model guide through the process of creating and using filters within a model.

• Group the expense reports by “Report Number” to ensure each report is evaluated individually.
• Apply an inclusive filter to select reports where the “Expense Type” includes any of the specified suspicious combinations.
• The “In” condition allows the filter to match any of the listed expense types within a single report.

References For specific instructions and verified procedures, please refer to the Oracle Risk Management documentation available on the Oracle website or contact Oracle support directly for assistance.

Please note that the actual implementation details and available features may vary based on the version of the Oracle Risk Management system you are using and any customizations that have been applied. It’s always best to consult the official documentation or a qualified Oracle consultant for the most accurate information.