The audience for this Governance, Risk, and Compliance Handbook for Oracle Applications is the people that advise the board, the internal audit department and CIO office on controls, security and risk assurance. Consultants that are implementing Financials or GRC Applications who wish to gain an understanding of the Governance Risk and Compliance processes, and how they are represented in Oracle, should find it a useful primer. Risk Assurance professionals will find it a reliable companion.
The book is not organized by product, rather by the governance and risk assurance processes. A given product may be represented in multiple places within the book and a given process may contain multiple product references.
To ensure that we keep ourselves grounded in real problems, the book is written as a journal of a fictional company establishing its governance processes. It will introduce managers and directors responsible for various aspects of the governance, risk and compliance problem and where that problem is exposed and how it is addressed in the technology and business applications.
The book is divided into three major sections:
Governance - where we discuss strategic management of the enterprise, setting the plans for the managers, making disclosures to investors, and ensuring that the board knows that the enterprise is meeting its goals and staying within its policies.
Risk Management - where we discuss audit disciplines. This is where we work out what can go wrong, document what we have to do to prevent it from going wrong and check that what we think prevents it going wrong actually works. We move through the various sub-disciplines within the audit profession and show what tools are best suited from within the Oracle family to assist.
Compliance Management - where we map the tools and facilities that we have discovered in the first two sections to frameworks and legislations. We give this from an industry and geography agnostic viewpoint and then drill in to some specific industries and countries.
We neither stay in the narrow definition of the GRC applications, nor limit ourselves to the Business Applications but take you to the most appropriate places in the full Oracle footprint. The book is written from the perspective of big GRC. It is not an implementation manual for the GRC products, although we hope you can get the best out of the GRC products after reading this book. We discuss many applications and technology products that are not in the GRC product family.
|Product dimensions:||7.50(w) x 9.25(h) x 0.98(d)|
About the Author
Nigel King is Vice President for Functional Architecture for Fusion Applications. As such he leads a band of architects whose job it is to steward the designs and underpinnings for those things that span product families. He has been working for Oracle for 17 years. In that time he has worked mostly in Applications Development. Nigel has worked in many areas of Applications, starting off in Distribution Management and then leading Oracle Applications' first venture into Business Intelligence, and Product Lifecycle Management Applications. A restless observer and inventor, Nigel's real passion has always been to see a problem defined, and in being defined well, resolved. By first profession Nigel is a Chartered Management Accountant. He is also a Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) and Certified Information Security Professional (CISSP). He swears that as soon as he gets the book finished he will catch up with his continuing professional education credits (CPE). Nigel's Patents include, "Methods and systems for portfolio planning", "Audit management workbench", "Internal audit operations for Sarbanes Oxley compliance" and "Audit planning". He was fortunate to be hanging around at Oracle when the whole Enron thing happened. A decade later and GRC Apps have been born, been new, grown old and are now suffused into many of the applications that surround them.
Nigel is also Chairman of the Open Applications Group. The Open Applications Group is a 501(c)(6) not-for-profit standards development organization (SDO). Our community is focused on building process-based business standards for eCommerce, Cloud Computing, Service Oriented Architecture (SOA), Web Services, and Enterprise Integration.
The OAGi Specification includes ICXML, an XML specification for the exchange or risk and control libraries.
Before joining Oracle, Nigel worked in what he now considers the real world, first as an Accountant and then selling and implementing business systems. He gained insights in the high technology sector working for Philips, the consumer packaged goods sector working for Homepride Foods and Jeyes Group and was introduced to the software world through Business Technology Consultants.
Nigel also co-authored the eBusiness Suite, Manufacturing and Supply Chain handbook. You can also trace Nigel's thinking on GRC at ISACA's international conferences over the years. 2005, An Overview of Emerging Tools and Technologies for Auditors, 2006 Compliant Access Provisioning, 2008 Security Provisioning for Outsourced Services.
Nigel is also a licensed boxer, keen soccer player and coach, and Boston qualifying marathon runner.
Nigel lives with his beautiful wife Anita and their soccer fanatic son Ansel in San Mateo, California.
Adil Khan is a Senior Director at FulcrumWay with over 15 years of experience in enterprise business systems. Adil also serves on the board of the Oracle Applications Users Group Internal Controls and Security Interest Group (OAUG-ICSSIG). At FulcrumWay, Adil has successfully designed and implemented internal controls management systems for more than 15 global companies listed on NYSE and NASDAQ. His expertise includes streamlining and automating Governance Risk and Compliance processes based on industry standards such as ERM-COSO and CoBIT. Prior to FulcrumWay, Adil served as a board member and Chief Executive Officer of ALTM - a public company listed on the NASDAQ.