Over the past few weeks or so, I have been busy helping one of our clients in implementing Oracle's solution for Sarbanes Oxley compliance "Oracle Internal Controls Manager". OICM includes various functionalities for documenting business processes, creating risks, setting up control activites and documenting test results. Oracle Internal Controls Manager allows auditors to identify risks associated with business processes and the potential impact of risks.

Infact, in Oracle Internal Controls Manager one can create a library of risks associated with business processes. Such risks are termed as entity risks and can be tied directly to the enterprise. Each of the risks can be classified based on probability and impact. In the screenshot below, you can see how a new risk type can be defined in Oracle Internal Controls Manager. Risk can either be created using the auditor responsibility tab and using the "Create Risk" button. Oracle ICM also provides the facility to import risks. Risks can be imported using the setup menu. Risks can be updated as and when there is a change in business processes or if there is a change in regulatory requirements. OICM supports risk categories for both BASEL II as well as Sarbanes Oxley.

Related Posts

Sarbanes Oxley Software Features
Importance of Automating SOX
Benefits of 404 Implementation
Control Deficiencies in Processes