• On the Manage Issues page within Oracle Risk Management, users have the ability to link various related objects to an issue.
• The objects that can be associated with an issue include Assessments, Risks, and Controls.
• This association is crucial for maintaining a comprehensive view of the risk landscape and ensuring that all relevant factors are considered during the issue management process.

References:The information is based on the Oracle Risk Management Cloud documentation which details enhancements to reporting issues, remediation plans, and related objects1. Additionally, discussions on the Oracle community forums confirm that related objects such as processes can be viewed but are not directly related on the Risk Definition Page, indicating that the primary related objects are indeed Assessments, Risks, and Controls2.

To define an IT Compliance Manager job role with the required privileges to manage risks and controls, as well as issues related to them, the following duty roles must be included:

• Seeded Risk Manager Composite: This duty role includes privileges necessary for managing risks.
• Control Manager Composite: This duty role encompasses privileges for managing controls.
• Issue Manager Composite: This duty role contains privileges for managing issues related to risks and controls.

These duty roles collectively provide a comprehensive set of privileges that cover all aspects of risk and control management, as well as issue resolution, which are essential for an IT Compliance Manager job role.

References:

• Oracle documentation on creating risk management roles in the Security Console provides insights into the role creation process and the types of roles that can be created, including job roles and duty roles1.
• The IT Security Manager job role documentation lists the duties and privileges that are inherited by the job role, which is similar to what would be required for an IT Compliance Manager role2.
• The Roles Overview documentation from Oracle outlines various roles available within Oracle Fusion Cloud Financial Reporting Compliance, including the Risk Activities Manager and Risk Administrator, which are related to the management of risks and controls3.

• Data Security Policies: These are essential for defining who has access to what data within Oracle Risk Management. Without these policies, even if the controls exist, they will not be visible to users.
• Control Manager Security Role: Assigning this role to a user is not sufficient for them to see controls. The data security policies specifically related to the controls must be created and associated with the user’s role.
• Visibility of Controls: For controls to be visible in the Financials Risk Compliance (FRC) module, the data security policies must grant access to the controls based on the user’s role.

References:The information provided here is based on Oracle’s documentation on Risk Management Cloud, which outlines the importance of data security policies in ensuring the visibility of controls within the system12. For a detailed understanding of the creation and assignment of data security policies, refer to the official Oracle documentation.