Packt+ | Advance your knowledge in tech

You're reading from Governance, Risk, and Compliance Handbook for Oracle Applications Written by industry experts with more than 30 years combined experience, this handbook covers all the major aspects of Governance, Risk, and Compliance management in your organization with this book and ebook.

Product type Paperback

Published in Aug 2012

Publisher Packt

ISBN-13 9781849681704

Length 488 pages

Edition 1st Edition

Tools

Oracle GRC

Concepts

Operations Management

Table of Contents (22) Chapters

Governance, Risk, and Compliance Handbook for Oracle Applications

Credits

1. Foreword

About the Authors

Acknowledgement

About the Authors

Acknowledgement

About the Reviewers

2. www.PacktPub.com

3. Preface

1. Introduction

2. Corporate Governance FREE CHAPTER

3. Information Technology Governance

4. Security Governance

5. Risk Assessment and Control Verification

6. Documenting Your Controls

7. Managing Your Testing Phase: Management Testing and Certifying Controls

8. Managing Your Audit Function

9. IT Audit

10. Cross Industry Cross Compliance

11. Industry-focused Compliance

12. Regional-focused Compliance

Definitions

Before we go much further, we should lay down some basic definitions of these three key terms.

Governance

The www.businessdictionary.com has a great definition of governance:

Traditionally defined as the ways in which a firm safeguards the interests of its financiers (investors, lenders, and creditors). The modern definition calls it the framework of rules and practices by which the board of directors ensure accountability, fairness, and transparency in the firm's relationship with all the stakeholders (financiers, customers, management, employees, government, and the community). This framework consists of (1) explicit and implicit contracts between the firm and the stakeholders for distribution of responsibilities, rights, and rewards; (2) procedures for reconciling the sometimes conflicting interests of stakeholders in accordance with their duties, privileges, and roles; and (3) procedures for proper supervision, control, and information-flows to serve as a system of checks-and-balances. It is also called corporation governance.

I really like this definition, partly because it lets you know where the real accountability for Governance lies in the enterprise, but mostly because it is pretty much undefined in most of the frameworks that have had influence on the GRC market.

Risk

Probability of loss inherent in a firm's operations and environment (such as competition and adverse economic conditions) that may impair its ability to provide returns on investment. The leading framework in risk management was published by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission. COSO ERM extends the definition from not meeting a financial objective to not meeting any of the enterprise's objectives. It makes it pretty clear that the body that is responsible for signing off on the corporate strategy should also ensure that there is a process to identify the risks of not meeting the goals.

Compliance

Certification or confirmation that the doer of an action such as the writer of an audit report, or the manufacturer or supplier of a product, meets the requirements of accepted practices, legislation, prescribed rules and regulations, specified standards, or the terms of a contract.