Introduction to Oracle GRC Controls

Introduction:-

Oracle GRC term is relatively new word compared to Oracle E Business Suite, but it is getting hot day by day. Where GRC Stands for Governance – Risk Management – Compliance. GRC takes cares of Corporate Governance, Corporate Compliance, and Enterprise Risk management. GRC integrates organizations to manage known and unknown risks – which helps to demonstrate compliance with their organizational policies and external regulations. GRC includes Orchestrating employees in other words we can call it as configuring GRC system as well as configuring employees or an organization. GRC came into spotlight only after Sarbanes-Oxley Act which needs for all US listed companies to design and implement suitable SOX compliance.

Components of Oracle GRC:-

AACG: – Application Access Controls Governor

It provides a real time monitoring and enforcement controls. Currently it also includes prevention of access provisioning for Responsibility based security design in Oracle EBS, We have custom connectors for RBAC based security design for EBS. Oracle AACG provides library of Best practice controls library.

PCG: – Preventive Controls Governor

As names tells it’s a preventive controls mechanism, where Preventive controls can be used in EBS Forms (except OAF Forms) and EBS Workflows. PCG protects sensitive application data. One of the widely used features of PCG is Audit feature which reduce audit costs, reduced maintenance costs and increased IT productivity.

CCG: – Configurations Controls Governor

CCG mainly geared towards application integrity and functionality. The solution enables tracking of all changes, providing a detailed audit history, and records designated setup values, permitting quick comparison of values from different points in time or environments. With Oracle Configuration Controls Governor, you can ensure application integrity, audit changes, and continuously monitor setups. As a result, you can reduce financial loss, regulatory cost, audit effort, and the risks associated with them.

TCG: – Transaction controls Governor

TCG continuously monitors transactions against policies to detect suspicious transactions or redundant business practices that get in the way of performance. By spotting anomalies in everyday transactions, the system prevents cash leakage; TCG resides inside AACG which will minimize the installation efforts.

History of Oracle GRC:-

Oracle acquired Logical Apps a California based company in October 2007.Logical apps were leading provider of automated Governance, Risk and Compliance Controls management solutions. During Oracle acquisition

1) Oracle AACG version was in 7.X version but as of today they are in 8.6.5.The upgrade path was from 7.X > 8.0 > 8.1> 8.2> 8.5>8.6.3>8.6.4>8.6.5

2) Oracle PCG was in its 6.X version but as of today they are in 7.3.3 and this is the upgrade path for (6.5.3 – 6.5.8)->6.5.8.1->7.1.2->7.2.2.2->7.2.3->7.3->7.3.1->7.3.2->7.3.3

3) Oracle CCG current version is 5.5.1, Oracle didn’t made any significant updates for CCG.

4) Oracle TCG current version is 8.6.5.