Mitigating cyber risk with HCM Advanced Controls

Historically, information technology (IT) and security teams have been responsible for developing strategies to mitigate cyber risk; now business mentalities are shifting to acknowledge that cybersecurity is a shared responsibility across an entire organization. Human resource (HR) leaders face their own challenges to successfully secure not only employee data, but also control who can act on that data within HR systems. The integrity and security of data is an increasingly important priority as users are empowered with more and more access and autonomy to leverage strategic data and complete back-office transactions as a part of their daily roles.

As a direct consequence, HR leaders must now begin to address questions like how can we ensure that the employees have the right system access to perform their primary job responsibilities? How can we validate that our employees cannot access data or initiate transactions that threaten data confidentiality or expose our organization to fraud, legal or financial risks?

One company helping organizations answer these risk management questions is Oracle. Oracle’s HCM Advanced Controls offering provides HR leaders the tools to proactively minimize and manage security risks within human resources.

A few key benefits offered from Oracle’s HCM Advanced Controls solution include:

1. Institutionalize security and embed it into HR processes

• HCM Advanced Controls is the springboard to increase the understanding, purpose and visibility of security to a wider audience of an organization’s workforce.
• All too often, responsibility for identifying and monitoring security risks relies too heavily on a few select specialists – now you can engage employees across your organization with relevant analytics and insights & empower them to collaborate on security issues.
• An array of delivered reports and dashboards enables a wide array of users to make strategic decisions and fulfill common compliance/regulatory reporting requirements.

2. Separation of duties (SOD)

• With HCM Advanced Controls, user access conflicts can be identified and prevented both proactively and reactively.
• Rules can be established to control and limit access. For example, controlling a user who can hire new employees but cannot also manage payroll functions.
• Oracle provides a growing library of risk models that help organizations identify both user security access risks and business transaction risks.
• Access models quickly evaluate, identify and remedy employees with security access risk.
• Transaction models can evaluate specific user transactions, business transaction sequences and transaction frequencies that may expose a company to risk.

3. Access certifications

• It’s never been easier to administer organization-wide reviews of users with elevated access (i.e., access beyond basic employee and manager security).
• Security access can be evaluated on an established cadence (i.e., quarterly or monthly) or on an ongoing basis to support organizational changes by the business.
• Both managers and security certifiers have an enhanced experience, with access to a single area where they can quickly review and certify user security.

HCM Advanced Controls offers an opportunity to revisit how your organization monitors employee access in an effort to eliminate potential security risks and optimize data integrity. It’s beneficial to begin thinking beyond standard security design and consider the role that HCM Advanced Controls could play to help mitigate potential security risks across your organization today.

For more information on this topic or to learn how Baker Tilly can help, contact our team.