I have been doing a lot of research related to Rel 12 and its impact on risk assessment and SOD processes.  There are a LOT of new functions being introduced by Oracle to support the OA framework (java) forms.  For example, bank account maintenance is adding 44 functions.  Accounting Setup Manager is adding 78 new functions. 



Any "SOD" solution that does not use the concept of a function group (like ICM) will be a nightmare to maintain since you have to define conflicts function versus function rather than function group versus function group.



I continue to pursue the goal of publishing the risk assessment content and methodology in the public domain.  It will be done by the time that I finish the book series I have started.  The first book lays the foundation and the next three will focus on assessing risk in the three most common process flows - Procure to Pay, Financial Close, and Order to Cash.  The risk assessment process will be the first integrated assessment (manual and system) process published of which I am aware.  It will assessing risk from outside the system (manual processes) through what happens in the system (IT access controls and processes) to what happens after the system (such as reconciliations).



It would be nice if Oracle jumped into the open source bandwagon by promotion and supporting these efforts.  Eventually, I'll get around to making my pitch to Oracle execs why it is in their best interest to do so.  For now, I am focused on getting the first book written.  What a lot of work...



Regards,

Jeffrey T. Hare, CPA CISA CIA