In Oracle Risk Management, when a business owner is assigned a new role, there may be a delay before the worklist reflects this change. This is because the system needs to refresh the data to include the new role assignments in the worklist generation process. If the business owner responsible for the “Order to Cash” perspective does not see any worklists for the generated incidents, despite having the correct functional privileges and data access, it is likely due to the recent assignment of the role. The system has not yet refreshed the worklists to include the business owner’s new role, which is necessary for them to view the worklists related to the generated incidents.

References:

• Oracle Risk Management Cloud documentation on role assignments and worklist generation1.
• Oracle support documents detailing how to regenerate worklists after changes to GRC security components2.

• Data Security Policies: These are essential for defining who has access to what data within Oracle Risk Management. Without these policies, even if the controls exist, they will not be visible to users.
• Control Manager Security Role: Assigning this role to a user is not sufficient for them to see controls. The data security policies specifically related to the controls must be created and associated with the user’s role.
• Visibility of Controls: For controls to be visible in the Financials Risk Compliance (FRC) module, the data security policies must grant access to the controls based on the user’s role.

References:The information provided here is based on Oracle’s documentation on Risk Management Cloud, which outlines the importance of data security policies in ensuring the visibility of controls within the system12. For a detailed understanding of the creation and assignment of data security policies, refer to the official Oracle documentation.

To associate a risk to a control within Oracle Risk Management, you would use the control definition. Specifically, you would navigate to the Related Objects tab within the control definition and add the risk there. This process links the risk directly to the control, allowing for a clear association between the two within the system.

References:The Oracle Cloud Risk Management and Compliance documentation provides insights into how risks and controls are managed within the system, including the association of risks to controls1. Additionally, the Implementing Risk Management guide from Oracle’s official documentation outlines the steps and considerations for setting up and managing risks and controls, which includes associating risks to controls2.