How this book is organized
We have written this book with a section dedicated to each of the following three blocks:
Governance: Here we discuss the strategic management of the enterprise, setting the plans for the managers, making disclosures to investors, and ensuring that the board knows that the enterprise is meeting its goals and staying within its policies.
Risk management: Here we discuss the audit disciplines. This is where we work out what can go wrong, document what we have to do to prevent it from going wrong, and check that what we think prevents it from going wrong actually works. We move through the various sub disciplines within the audit profession and show what tools are best suited from within the Oracle family to assist.
Compliance management: Here we map the tools and facilities that we have discovered in the first two sections for frameworks and legislations. We will give this from an industry and geography agnostic viewpoint and then drill in to some specific industries and countries.
We neither stay in the narrow definition of the GRC applications, nor limit ourselves to the business applications but take you to the most appropriate places in the full Oracle footprint. For example, some of the configuration management and change control problems are addressed within the GRC applications and some of them are addressed within Enterprise Manager.
This means that the book is not organized by product. It is organized by the governance and risk assurance processes. A given product may be represented in multiple places in the book and a given process may contain multiple product references.
