Oracle GRC - Overview

In most organizations during Oracle ERP implementations there are many security, auditing and compliance related requirements where you would want to enforce Governance, minimize Risk and be complaint as per the company policies. GRC is one such module from Oracle which caters all such needs. 

GRC is a solution that manages business processes for greater efficiency, controls user access to reduce risk and track data changes to increase financial integrity.

GRC has 4 products:

Application Access Control Governor AACG - It helps to implement segregation of duties within an organization. Ex: A user who has can create a supplier cannot pay the supplier. This module can help identify such responsibilities and access to a user who has both the privileges

Transactions Control Governor TCG - It helps to prevent any fraudulent business transactions. For ex: if you have to identify a user who has created and made a payment to the supplier.  TCG can help detect such fraudulent activities

Configuration Control Governor -Maintains audit trail of configuration changes Ex: if someone has changed billing address, bank account details etc. Detects such setup changes,

Preventive Control Governor PCG - Enforce certain rules to prevent unauthorized actions or business transactions.

 View image

 In this article i will try to provide detailed features and capabilities of Preventive Controls Governor (PCG) module which is integrated within Oracle eBs.

PCG is a set of applications that run within Oracle E-Business suite as a component of the Governance, Risk, and Compliance Controls Suite (GRC).

PCG has several modules:

Form Rules:  Extend oracle eBs forms without modifying the seeded code and does not require much development expertise. Key things which can be performed using form rules

·         Prevent changes to designated fields

·         Restrict access to LOV's and Block/Fields based on OU, Responsibility, Username etc.

·         Make fields mandatory, hidden etc

·         Show pop-up messages, error messages etc.

·         Provides options to write SQL queries or DB procedures, packages.

Flow Rules: When there is a need to automate any business processes or perform sequence of activities within a process or need to enforce an approval process for any business transactions/setups in such cases flow rules can be used. Two steps to define a flow rule.

Launch Criteria: Trigger or an event based subscription types are the two options which needs to be created to initiate the rule.

Process Flow: Process flow needs to be defined according to the requirement. It has several options like

·         Provides SQL rules to perform DML operations, call oracle API's etc.

·         Provides Notification rules to perform approval or FYI notifications leveraging GRC workflows

·         Provides options to call concurrent programs or business events

Multiple rules can be used together. Ex: SQL rule, followed by approval rule, followed by notification rule etc. They can be defined sequentially within a process to perform the steps. Dependencies can be created between the steps like an approval rule has approve or reject options. Another process or step can be build based on approval/rejection.

Scenarios where there are no out of the box oracle options like Oracle AME, flow rules can be an option to explore which does not require much coding.

Audit Rules:  Enables Audit Trial on oracle tables. Audit changes to designated fields. Monitor changes to designated fields and email notifications based on 'Triggers' or pre-defined schedule

Change Control: Combines the functionality of Form, Flow and Audit rules