Book Image

Governance, Risk, and Compliance Handbook for Oracle Applications

By : Nigel King, Adil R Khan, Adil Khan
Book Image

Governance, Risk, and Compliance Handbook for Oracle Applications

By: Nigel King, Adil R Khan, Adil Khan

Overview of this book

It seems that every year since the Enron collapse there has been a fresh debacle that refuses to lower the spotlight from corporate Governance, Risk, and Compliance management.Before Sarbanes Oxely forced company managers to become risk conscious, if you asked a chief executive whether he thought he had adequate internal controls, the most likely answer would have been "What is an internal control?" This is clearly no longer the case. Every week some story breaks detailing a lack of good governance, a failure to plan for a foreseeable catastrophe or a failure to comply with an important law or regulation. These stories bring GRC themes into public view, and public scrutiny, and make management and directors keen to show they have put their best efforts forward to govern their companies well, manage risks to the enterprise, and to comply with all applicable laws.Perhaps only Oracle and SAP are in a position to really address all three aspects. The mission of GRC applications is to ensure that the managers and directors of Enterprises that run such applications have a strong defensible position. Written by industry experts with more than 30 years combined experience, this book covers the Governance, Risk Management and Compliance Management of a large modern enterprise and how the IT Infrastructure, in particular the Oracle IT Infrastructure, can assist in that governance. This book is not an implementation guide for GRC products rather it shows you how those products participate in the governance process, how they introduce or mitigate risk, and how they can be brought into compliance with best practice, as well as applicable laws and regulations.The book is divided into three major sections:Governance ñ where we discuss the strategic management of the enterprise, setting plans for managers, making disclosures to investors, and ensuring that the board knows that the enterprise is meeting its goals and staying within its policies.Risk Management ñ where we discuss audit disciplines. This is where we work out what can go wrong, document what we have to do to prevent it from going wrong and check that what we think prevents it going wrong - actually works! We move through the various sub-disciplines within the audit profession and show what tools are best suited from within the Oracle family to assist.Compliance Management ñ where we map the tools and facilities that we have discovered in the first two sections to frameworks and legislations. We give this from an industry and geography agnostic viewpoint, and then drill into some specific industries and countries.We neither stay in the narrow definition of GRC applications, nor limit ourselves to the Business Applications but take you to the most appropriate places in the full Oracle footprint. The book is written from the perspective of big GRC. It is not an implementation manual for the GRC products, although we hope you can get the best out of the GRC products after reading this book. We discuss many applications and technology products that are not in the GRC product family.
Table of Contents (22 chapters)
Governance, Risk, and Compliance Handbook for Oracle Applications
Credits
Foreword
About the Authors
Acknowledgement
About the Authors
Acknowledgement
About the Reviewers
www.PacktPub.com
Preface

Acknowledgement

Firstly I would like to thank Steve Miranda, the head of Oracle's Fusion applications development for granting us the permission to write this book. He also made the grave mistake of recruiting me onto his team and paying attention to me when I was bleating that this Enron issue was going to mean that audit was going to have to be automated. Steve really is a great leader and it has been a great learning experience to watch him guide the ship of impossible dreams that is Fusion, and quell the storms, not only of outrageous fortune, but the tempestuous spirits that are the management team at Oracle.

I need to thank my great friend and co-conspirator Adil, without whom the mountain would have been twice as high and the load twice as heavy.

There have been many people at Oracle who have given assistance: Georginna Manning and the Demo Solution Services team—their support for my constant requests for demo environments was invaluable; Swanarli Bag and the GRC team for making screenshots from the edge of possibility.

I would like to thank Bastin Gerald, Mumu Pande, Saye Arumugam, and the team that helped take Internal Controls Manager to market. Their minds are onto other great ventures now, but it was great to ride those rapids in the early days with them. We really did shape an industry.

I need to thank Mr. Kurt Robson, who brought me into Oracle and taught me the science and discipline of design. It is not possible to work at Oracle among so many shining intellects without having that brilliance reflect off the surface of your own mind, however dully.

I need to thank my friends and trainers Pat Regan and Mike Marshall, who through all this kept me fit and asked me to keep my hands up and my head moving.

There is no thanks that is enough for my beautiful wife Anita without whose support my life would be pretty unmanageable. My thanks as well to my son Ansel, who has to tolerate weekends spent in libraries and coffee shops watching me write and research.