1z0-1058-23 Sample Questions Answers

To change the participant who completes the assessment, the assessment manager should:

• Navigate to the assessment record.
• Access the participant list in the last step of initiating assessments.
• Modify the participant list to select a different user as the assessor.

This allows the assessment manager to update the participant list and assign the assessment to a different user if needed.

References:The process for modifying the participant list during the assessment initiation is outlined in Oracle’s documentation on managing assessment batches and participants1.

Upon submission, if no user has been assigned the Risk or Control reviewer and approver roles for a newly created risk definition and its associated control, the system automatically places both the risk (R100) and the control (C100) in the “In Review” state. This status indicates that the risk and control are pending review and are not yet approved or active within the system. The “In Review” state serves as a holding status until the appropriate roles are assigned and the review and approval process can be completed.

References:The information is based on the Oracle Risk Management Cloud documentation and resources, which detail the workflow and states of risk and control objects within the system123.

• Navigate to the Risk Management work area.
• Select the Manage Object Perspectives task.
• Search for the Control-Business Units association.
• In the Required field for the Control-Business Units association, set the value to Yes.
• Save and close the Manage Object Perspectives screen.

This action ensures that when new controls are defined, it is mandatory to assign a Business Units perspective to each control.

References:

• Oracle documentation on managing object perspectives1.

When a Control object has scheduled assessments with future dates and the test plans associated with it are updated before the assessment starts, the assessment will be associated with the version of the test plans that were current at the time the assessment was initiated. This ensures that the assessment is conducted with the relevant procedures and criteria that were intended for that specific period.

References:The information provided is based on the Oracle Risk Management documentation, which details the use of test plans in control assessments and how they are managed within the system123. The REST API documentation for Oracle Fusion Cloud Risk Management also provides insights into how test plans can be viewed and managed, indicating the behavior of the system when updates occur2.

To create an impromptu assessment in Oracle Risk Management, the following steps are outlined:

• Navigate to the record of an individual process, risk, or control.
• Initiate the creation of an impromptu assessment.
• In the General region of the Create Impromptu Assessment page, you are required to:
• An Assessment Record Security Assignment region becomes active, where you can authorize users as viewers, assessors, reviewers, or approvers. Here, you would select a Reviewer for the assessment.

It’s important to note that an impromptu assessment does not require a template or a plan, and perspectives or activity are not mentioned as required fields in the documentation.

References:The information for creating an impromptu assessment is detailed in the Oracle documentation1. Further overview of assessments can be found in related Oracle documentation2.

• When you synchronize transaction data, the system uploads new and modified records from your Oracle Cloud data source for the business objects used by all current transaction models and controls1.
• The synchronization job updates all business objects used by all current transaction models and controls, and it does so based on the transactions dated after the Transaction Created As of Date1.
• This ensures that the transaction models (and controls) evaluate current data, which is crucial for maintaining the accuracy and relevance of the controls1.

References:

• For more information on the synchronization process and its impact on transaction models, you can refer to the Oracle documentation on Synchronizing Transaction Data1.
• Additional details regarding the scheduling and running of data synchronization jobs can be found in the Oracle documentation on Scheduling or Running Data Synchronization2.
• The Oracle Fusion Cloud Risk Management 23D What’s New document provides insights into the necessity of running the Transaction Data Source Synchronization job when there are new attributes or attribute changes in business objects3.

To address risks using treatment plans in Financial Reporting Compliance, the following settings should be configured:

• Navigate to the Module Objects in the application.
• Select the Edit Risk Object Configuration option.
• Set the Treatment attribute to Show. This will enable the visibility of treatment plans within the risk object configuration, allowing for the management and association of treatment plans with specific risks1.

References:

• Oracle’s documentation on Financial Reporting Compliance details the management of treatment plans, including the configuration settings required to show treatment plans within the risk object configuration1.
• Additional resources from Oracle provide guidance on the use of treatment plans in Financial Reporting Compliance, outlining the steps to create, view, edit, and delete treatment plans23.

When a new control is created and submitted, its state is set to “In Review” as part of the workflow process. This state indicates that the control is awaiting review by an authorized user. If the user who created the control is not a Control Approver, they do not have the authority to approve the control, and hence, the control remains in the “In Review” state until an authorized Control Approver reviews and accepts the control, changing its state to “Approved.”

References:

• Review or Approve Objects1
• State and Status of Records in Financial Reporting Compliance2

• Select the type of Oracle Financial Reporting Compliance object you want to relate to the advanced controls you’re deploying. You may select Process, Risk, or Control.
• Select ‘Add Related Object’.
• In a Search dialog, supply parameter values to list a filtered set of Oracle Financial Reporting Compliance objects.
• Click ‘Search’ to list the objects that satisfy your search parameters.
• From the list, select any number of objects, then click ‘OK’.
• As needed, select another type and add objects of that type by repeating steps 1 through 5.

This process allows you to relate new processes and controls to the Financial Reporting Compliance objects.

References:

• Overview of Oracle Financial Reporting Compliance1.
• Relate Controls to Financial Reporting Compliance Objects2.

• Identify Responsible Users for Perspectives: Determine the individuals or teams who will have the authority and responsibility to create and manage perspectives. This includes setting up the perspectives and ensuring they are aligned with the organization’s reporting and security requirements1.
• Identify Responsible Users for Controls/Risks: Establish who will be responsible for the creation and ongoing management of controls and risks within the system. This ensures that there is accountability and that these elements are kept up-to-date with the organization’s needs2.

References: For the official and verified answer, please refer to the Oracle Risk Management documentation on their website, specifically the sections discussing post go-live activities and the management of perspectives and security3142.

• Reviewing and approving control descriptions: Financial Reporting Compliance allows you to define business processes, identify risks, and create controls to counter those risks. Part of this process involves reviewing and ensuring the accuracy and completeness of control descriptions1.
• Reviewing control assessment results: The platform enables you to assess the validity of the controls over time. This includes reviewing the results of control assessments and any issues related to their effectiveness1.

References:

• Overview of Oracle Financial Reporting Compliance1.
• Oracle Fusion Financial Reporting Compliance Cloud Service2.

• Navigate to the “Access Entitlements” page within Oracle Advanced Access Controls.
• Create two separate entitlements that include the client-defined access points for initiating a purchase order and for approving payments on that purchase order.
• Go to the “Models” tab of Advanced Controls and create an access model. This model will be based on the entitlements you have just created.
• After creating the access model, proceed to the “Controls” tab of Advanced Controls.
• Deploy an access control and select the access model you previously created. This will enforce the control to monitor user access as per the requirement.

References:

• Oracle Advanced Access Controls documentation provides a comprehensive overview of the process for creating models and controls to monitor access assignments for separation-of-duties violations1.
• The Oracle Advanced Access Controls Cloud Data Sheet details the features relevant to monitoring access policies, including the creation and deployment of access controls2.

1: Overview of Oracle Advanced Controls 2: Oracle Advanced Access Controls Cloud Data Sheet

Once the remediation of a segregation of duties conflict is completed in Fusion Security by removing the conflicting access from the users, the status of the incident in Advanced Access Controls (AAC) should be set to “Resolved”. This indicates that the necessary actions have been taken to address the incident and no further immediate action is required. The “Resolved” status is used to signify that the incident has been dealt with and the conflict has been eliminated.

References:The information is verified and aligned with the Oracle Risk Management documentation, which details the incident statuses and states within the AAC1.

To work with records in Financial Reporting Compliance, a user must be both “eligible” and “authorized”. An eligible user who creates a record is automatically authorized as its owner. The owner can edit details of the record, including its data-security configuration. However, if the superuser’s account is created but the synchronization jobs havenot been run, they would not be able to create new Data Security Policies. This is because the synchronization jobs are likely necessary to update the system with the new user’s roles and permissions, allowing them to perform actions such as creating Data Security Policies.

References:Secure Records in Financial Reporting Compliance documentation on Oracle’s website provides detailed information on the eligibility and authorization required for users to work with records1. Additionally, the Using Financial Reporting Compliance guide further describes the process of defining business processes, identifying risks, creating controls, and assessing the validity of those objects over time2.

To create a model that returns users with a specified access point while excluding a specific operating unit, you would need to include both the Access Point and User Business Object in your model. The Access Point allows you to specify the particular access that users have been assigned. The User Business Object enables you to include user-specific information and apply additional filters, such as excluding users associated with a particular operating unit.

References:The information provided is based on the Oracle Risk Management documentation, which details the process of creating access models and the necessary components involved in such models12. It is important to refer to the latest Oracle documentation for the most accurate and up-to-date information regarding Advanced Access Controls.

• Not in: This condition can cause extra columns to appear because it filters out certain values, which may require additional columns for context.
• Similar: The ‘Similar’ condition can introduce extra columns as it attempts to find transactions that are alike but not exactly the same, necessitating more data for comparison.
• Between (when using a date attribute): Using the ‘Between’ condition with date attributes can add extra columns to display the range of dates that the transactions fall into.

References:The information provided here is based on Oracle’s documentation on viewing or editing an incident within the Risk Management and Compliance module1. For a detailed understanding of how these conditions affect the transaction incident data, refer to the official Oracle documentation.

• Identify the number of access points in each entitlement.
• Since the entitlements do not share access points, each access point in one entitlement can be paired with each access point in the other entitlement.
• Multiply the number of access points in the first entitlement by the number of access points in the second entitlement to find the total number of combinations.