Automating application security and audits

April 18, 2023 | 4 minute read
Text Size 100%:

Get more information link

Every day our customers process trillions of transactions and handle billions of dollars with Fusion Apps. Customers rely on us. It is a responsibility that we must take very seriously. So we’re investing heavily in data science and other measures to secure sensitive finance and HR processes. Our goal is to address security at every level, including at the cloud infrastructure layer and within applications themselves.

We have heard customer questions about how our security offerings work together. So this post will cover the basics and answer some of the most common questions about Oracle Fusion Cloud Risk Management (Oracle Risk Management).

What is Oracle Risk Management?

Oracle Risk Management automates the analysis required for user security, separation of duties (SoD), audit, policy compliance, and other internal controls for business processes running on Fusion Apps such as general ledger, accounts payable, accounts receivable, procurement, HR, and payroll. Finance and IT security teams in particular rely on Oracle Risk Management for two important reasons. First, because it generates analysis of both functional and data security (business unit, ledger, etc.) permissions at the most detailed level. And second, because it scans all transactions to detect violations in order to provide proof-positive assurance that security and internal controls are working as intended.

Why is Oracle Risk Management helpful to Fusion Apps customers?

Customers have been clear: They don’t want internal controls to depend on manual effort and a patchwork of disconnected tools. Instead they want an integrated framework, driven by data, that promotes alignment among stakeholders in the CFO’s office, IT, compliance, audit, and other functions. Fortunately, for many customers, important internal controls, security policies, underlying datasets, and key stakeholders are already part of Oracle Fusion Cloud ERP and HCM applications. This means that Oracle Risk Management can quickly and safely analyze millions of data points, share results in context, and simplify coordination among stakeholders, all without the drawbacks of integrating and exporting sensitive data to third-party cloud services.

What roles do OCI Cloud Guard and Threat Intelligence Service play?

From the perspective of Fusion Apps customers, Oracle Cloud Infrastructure's Cloud Guard and Threat Intelligence Service reduce the risk posed by security threats, improve detection, and speed responses to malicious attacks. In contrast, Oracle Risk Management helps to automate audit and prevents non-compliant application configurations. Although the solutions have different stakeholders, capabilities, and target environments, together they offer a unique value proposition:



Oracle Risk Management

Oracle Cloud Guard and Threat Intelligence Service

Primary Stakeholder

CFO/Controller (Fusion Apps IT, compliance, risk and audit teams)

CISO (Security Operations Centers, SecOps, DevSecOps, and InfoSec teams)

Unique capability

Automate user access, SoD, configuration change

Automate tasks to prevent malicious attacks using ML-driven behavior profiling across all Fusion Apps and other workloads running on OCI

Target environment

Oracle Cloud ERP and HCM

Multiple, sensitive Fusion Apps and other workloads running on OCI

Value proposition

Certify and automate security and other internal controls with ease and confidence

Strengthen overall security posture across all Fusion Apps and other workloads running on OCI


Working together the two solutions deliver on a security strategy that improves collaboration across different security and audit stakeholders while ensuring seamless coverage for Fusion Apps and other workloads running on OCI.

Take practical steps to strengthen security and automate controls

  • For Oracle Cloud ERP and HCM customers who are already live: Use this step-by-step guide to automate SoD and sensitive-access reporting tasks in just a few days. It includes videos and prebuilt Oracle Transactional Business Intelligence dashboards.

  • For Fusion Apps customers who are in the implementation phase: Use this step-by-step guide to ensure that you are “secure by design” from the start. It will help eliminate poorly-designed roles, which are the leading cause of problematic audit findings after application go-live.

Additional Resources

If you're an Oracle Partner and want to learn more, visit the Oracle Partner Community.

Get more information link

Related posts you might like

Fusion Development

The Fusion Development team is responsible for building, maintaining, and driving innovation on the Oracle Fusion Cloud Applications Suite, which includes Oracle ERP, EPM, SCM, HCM, and CX. Its members are based throughout the world with central offices in the US, India, Mexico, The Philippines, and Romania.

Previous Post

The surprisingly high cost of bad product data

Fusion Development | 4 min read

Next Post

Updated—ERP, EPM, HCM, SCM, CX, Analytics 23B roadmaps

Fusion Development | 2 min read