Oracle Fusion 26A · Risk Management

Oracle Risk Management 26A Release Intelligence

12 feature changes for Oracle Risk Management in 26A — affecting Oracle Risk Management Cloud, SoD, and audit controls. Analyze release impact, regression risks, affected components and recommended validations.

Analyze Risk Management Impact Request Demo
8 High
0 Med-High
4 Medium
0 Low
17 pages
13 APIs
26A Risk Management Command Center
LIVE · FEB 2026
Total Features
12
High Severity
8
Affected Pages
17
Affected APIs
13
High8
Med-High0
Medium4
Low0
RELEASE OVERVIEW

What Changed in Oracle Risk Management 26A

Oracle Fusion 26A (February 2026) delivers 12 feature changes for Oracle Risk Management — covering process logic, accounting rules, integration payloads, security policies and reporting outputs. 8 are marked HIGH severity and require prioritised regression validation before production cutover.

Total Changes
12
High Severity
8
Pages Affected
17
APIs Affected
13

Oracle Risk Management 26A Feature Changes

Every Risk Management change Oracle shipped in 26A, with severity, affected components, and recommended validations. Combines initial 26A release notes with the latest 26A patch updates.

Advanced Access Model Enhancements

HIGH
Type: Security / Access Auto-enabled

Improved segregation-of-duties analysis and enhanced access modeling for enterprise roles and inherited privileges Strengthens enterprise SoD governance and reduces audit risks

Pages: Advanced Access ControlsManage Models
APIs: Access Control REST APIs
ESS Jobs: Import Access Models
Config: Role TemplatesAccess Rules
Processes: User Access Certification
Test Cases: Validate inherited-role conflict detection and remediation workflow
Data Objects: User RolesPrivilegesRole Hierarchies

Enhanced Financial Reporting Compliance Controls

HIGH
Type: Compliance / Reporting Customer-action-required

Expanded monitoring capabilities for financial controls and policy exception reporting Helps organizations meet regulatory and audit compliance requirements

Pages: Financial Reporting Compliance
APIs: Risk Compliance APIs
ESS Jobs: Compliance Evaluation Jobs
Config: Compliance Frameworks
Processes: Financial Audit Review
Test Cases: Test policy violation detection and compliance report generation
Data Objects: Financial ControlsPolicy Exceptions

Redwood User Experience Updates

MEDIUM
Type: UI / Usability Auto-enabled

Adoption of Redwood UX components for improved navigation and usability across Risk Management dashboards Improves user productivity and aligns with Oracle modern UI standards

Pages: Risk Management HomeDashboards
Config: Redwood UI Preferences
Processes: Risk Monitoring
Test Cases: Validate dashboard renderingfiltersand navigation flows
Data Objects: Risk DashboardsUser Preferences

Access Certification Workflow Improvements

HIGH
Type: Workflow / Approval Auto-enabled

Enhanced approval routing and notification handling for user access certification campaigns Improves governance efficiency and reduces manual certification effort

Pages: Access Certification
APIs: Certification Workflow APIs
ESS Jobs: Certification Processing Jobs
Config: Approval Rules
Processes: Access Review and Certification
Test Cases: Execute approvalrejectionescalationand reminder scenarios
Data Objects: Certification CampaignsApprovals

Enhanced Audit Trail Visibility

HIGH
Type: Audit / Security Auto-enabled

Expanded audit logging for risk evaluations, control updates, and remediation activities Improves forensic analysis and regulatory audit readiness

Pages: Audit HistoryRisk Incidents
APIs: Audit Event APIs
ESS Jobs: Audit Synchronization Jobs
Config: Audit Policies
Processes: Risk Investigation and Remediation
Test Cases: Validate audit log generation and event traceability
Data Objects: Audit LogsRisk Events

Preventive Controls Analyzer Updates

HIGH
Type: Process / Controls Customer-action-required

Improved preventive control simulation and transaction analysis for ERP transactions Enables proactive identification of risky transactions before processing

Pages: Preventive Controls Analyzer
APIs: Transaction Analysis APIs
ESS Jobs: Control Analysis Jobs
Config: Preventive Control Rules
Test Cases: Test transaction violation detection across ERP flows
Data Objects: TransactionsPreventive Controls

AI-Assisted Risk Insights

MEDIUM
Type: AI / Analytics Optional

Introduced AI-driven recommendations for identifying anomalous user access and control exceptions Enhances proactive risk detection using AI-based analytics

Pages: Risk Insights Dashboard
APIs: AI Risk Insight APIs
ESS Jobs: AI Analysis Jobs
Config: Insight Threshold Rules
Processes: Risk Monitoring and Investigation
Test Cases: Validate anomaly scoring and recommendation accuracy
Data Objects: Risk InsightsAnomaly Events

Security Patch and Vulnerability Alignment

HIGH
Type: Security / Infrastructure Auto-enabled

Alignment with latest Oracle quarterly security and identity management protections for cloud environments (Oracle Docs) Critical for maintaining secure ERP access and reducing exposure to vulnerabilities

Pages: Security Console
APIs: Identity Management APIs
ESS Jobs: Security Sync Jobs
Config: Identity Policies
Processes: Identity Governance
Test Cases: Validate authenticationrole syncand session security controls
Data Objects: User SessionsIdentity Policies

Enhanced Segregation of Duties analysis in Security Console

HIGH
Type: Enhancement No Opt-in Required

SoD analysis in Security Console improved to validate role hierarchies during role creation/editing; detects conflicts using provisioning rules before role assignment Prevents fraud and compliance violations by ensuring no user/role combination violates enterprise SoD policies; critical for SOX compliance and audit readiness (Oracle Documentation)

Pages: Security Console > Roles > Create RoleEdit RoleSoD Analysis Page
APIs: Security REST Roles APISecurity Setup APIs
ESS Jobs: Role Import JobSecurity Role Synchronization Job
Config: Manage RolesManage Data Access SetsManage Security ProfilesManage Job Roles
Processes: Role creation with conflicting duties (AP invoice vs paymentbuyer vs approver)Role hierarchy validationSoD violation detection scenarios
Test Cases: Test role creation with conflicting dutiesvalidate SoD warning/rejectionsimulate user provisioning conflicttest role hierarchy inheritance rules
Data Objects: ASE_ROLE_HIERARCHYASE_SOD_RULESASE_PROVISIONING_RULES

Integration with Application Access Controls Governor (AACG) strengthened

HIGH
Type: Enhancement No Opt-in Required

Tightened integration between Fusion Security and AACG enforcing preventive SoD controls during provisioning workflows Ensures preventive SoD enforcement (not just detection), reducing risk of fraud during user provisioning (Oracle Documentation)

Pages: Setup and Maintenance > Risk Management > Access Controls
APIs: AACG REST ServicesIdentity Governance APIs
ESS Jobs: Access Control Evaluation JobRisk Analysis Batch Job
Config: Manage Access ControlsManage Risk AnalysisManage User Provisioning
Processes: User role assignmentaccess request approval workflowsSoD conflict remediation
Test Cases: Test access request rejection due to SoD conflicttest approval routingvalidate policy enforcement during provisioning
Data Objects: AACG_POLICY_RULESAACG_CONTROL_MATRIX

Improved SoD conflict simulation and what-if analysis

MEDIUM
Type: Enhancement No Opt-in Required

Enhanced simulation capability to evaluate SoD violations before provisioning roles to users

Pages: Risk Management > Advanced Controls > Simulation
APIs: Risk Analysis API
ESS Jobs: Simulation Batch Job
Config: Role designaccess risk analysiscompliance reporting
Processes: Simulate user-role combinationstest SoD policy impact before deployment
Test Cases: Validates access design earlyreducing downstream remediation effort and audit findings
Data Objects: ASE_SOD_SIMULATION_RESULTS

Expanded built-in SoD policy library updates

MEDIUM
Type: Enhancement No Opt-in Required

Updated predefined SoD policy templates aligned with Oracle security reference model

Pages: Risk Management > Controls Library
APIs: Controls REST API
ESS Jobs: Controls Import Job
Config: Manage Controls LibraryManage Security Reference Model
Processes: Validate seeded SoD rulescompare custom vs seeded policies
Test Cases: Speeds up compliance setup and ensures alignment with Oracle best practices
Data Objects: ASE_POLICY_LIBRARY

Affected Components Across Risk Management 26A

Deduplicated inventory of Risk Management components impacted by the 26A release (initial + patch). Use these lists as your regression scope baseline.

Affected Pages

17
Access Certification Advanced Access Controls Audit History Dashboards Edit Role Financial Reporting Compliance Manage Models Preventive Controls Analyzer Risk Incidents Risk Insights Dashboard Risk Management > Advanced Controls > Simulation Risk Management > Controls Library Risk Management Home Security Console Security Console > Roles > Create Role Setup and Maintenance > Risk Management > Access Controls SoD Analysis Page

Affected APIs

13
AACG REST Services AI Risk Insight APIs Access Control REST APIs Audit Event APIs Certification Workflow APIs Controls REST API Identity Governance APIs Identity Management APIs Risk Analysis API Risk Compliance APIs Security REST Roles API Security Setup APIs Transaction Analysis APIs

Affected ESS Jobs

13
AI Analysis Jobs Access Control Evaluation Job Audit Synchronization Jobs Certification Processing Jobs Compliance Evaluation Jobs Control Analysis Jobs Controls Import Job Import Access Models Risk Analysis Batch Job Role Import Job Security Role Synchronization Job Security Sync Jobs Simulation Batch Job

Affected Config Objects

21
Access Rules Approval Rules Audit Policies Compliance Frameworks Identity Policies Insight Threshold Rules Manage Access Controls Manage Controls Library Manage Data Access Sets Manage Job Roles Manage Risk Analysis Manage Roles Manage Security Profiles Manage Security Reference Model Manage User Provisioning Preventive Control Rules Redwood UI Preferences Role Templates Role design access risk analysis compliance reporting

Affected Business Processes

20
Access Review and Certification Financial Audit Review Identity Governance Order-to-Cash Procure-to-Pay Risk Investigation and Remediation Risk Monitoring Risk Monitoring and Investigation Role creation with conflicting duties (AP invoice vs payment Role hierarchy validation Simulate user-role combinations SoD conflict remediation SoD violation detection scenarios User Access Certification User role assignment Validate seeded SoD rules access request approval workflows buyer vs approver) compare custom vs seeded policies test SoD policy impact before deployment

Recommended Test Cases

25
Execute approval Speeds up compliance setup and ensures alignment with Oracle best practices Test access request rejection due to SoD conflict Test policy violation detection and compliance report generation Test role creation with conflicting duties Test transaction violation detection across ERP flows Validate anomaly scoring and recommendation accuracy Validate audit log generation and event traceability Validate authentication Validate dashboard rendering Validate inherited-role conflict detection and remediation workflow Validates access design early and navigation flows and reminder scenarios and session security controls escalation filters reducing downstream remediation effort and audit findings rejection role sync simulate user provisioning conflict test approval routing test role hierarchy inheritance rules validate SoD warning/rejection validate policy enforcement during provisioning

Other Oracle 26A Modules

Continue your 26A release readiness across other Oracle modules.

26A Cash Management Changes
View Analysis
26A Costing Changes
View Analysis
26A Demand Management Changes
View Analysis
26A ERP & AI Agents Changes
View Analysis
Back to 26A Hub

Oracle Risk Management 26A FAQs

Common questions from teams preparing for Oracle Risk Management 26A.

What changed in Oracle Risk Management 26A?
Oracle Fusion 26A (February 2026) introduces 12 feature changes for Oracle Risk Management, with 8 flagged HIGH severity by Oracle. Changes touch business processes including Access Review and Certification, Financial Audit Review, Identity Governance, Order-to-Cash and surface on pages such as Access Certification, Advanced Access Controls, Audit History.
How many high-risk changes does Oracle Risk Management 26A have?
Oracle marks 8 of the 12 changes as HIGH, 0 as MEDIUM-HIGH, 4 as MEDIUM and 0 as LOW. High-severity items in Risk Management typically require comprehensive regression validation before production cutover because they touch core transactional, security or accounting logic.
Which APIs are affected by Oracle Risk Management 26A?
Affected APIs include AACG REST Services, AI Risk Insight APIs, Access Control REST APIs, Audit Event APIs, Certification Workflow APIs. Custom integrations consuming these endpoints should be validated against the 26A schema and behavioural deltas during your test pod cycle.
What test cases should run for Oracle Risk Management 26A?
SyntraFlow recommends validating Execute approval, Speeds up compliance setup and ensures alignment with Oracle best practices, Test access request rejection due to SoD conflict, Test policy violation detection and compliance report generation, Test role creation with conflicting duties. The release-aware test pack is auto-composed by SyntraFlow Release Intelligence based on the 26A impact analysis on your specific tenant.
How does Oracle Risk Management 26A differ from 26B?
26A landed February 2026 and 26B follows in May 2026. The 26A Risk Management changes establish the baseline that 26B builds on. Validating 26A first ensures a smoother 26B upgrade. Use SyntraFlow Release Intelligence to compare both quarters.
Segregation of Duties (SoD) Across Oracle Releases

Module Change History

Track how Oracle Segregation of Duties (SoD) evolved across the last 5 quarterly releases — same module, different release scope.

Jul 2025
25C
Segregation of Duties (SoD)
Explore →
Oct 2025
25D
Segregation of Duties (SoD)
Explore →
Feb 2026 · current
26A
Segregation of Duties (SoD)
You are here
May 2026
26B
Not impacted
Jul 2026
26C
Segregation of Duties (SoD)
Explore →
How SyntraFlow Tests Segregation of Duties (SoD) Natively

Built-in for Oracle, not bolted on

SyntraFlow runs Segregation of Duties (SoD) testing through purpose-built native modules — DataVault auto-generates test data, AI heals Redwood selectors, Process Mining maps real flows, Release Intelligence narrows scope per Oracle release.

BUILT FOR THIS MODULE

SoD Testing

Pre-built SoD ruleset, violation detection and certification.
BUILT FOR THIS MODULE

Role-Based Testing

Tests role design and entitlement assignment.
NATIVE PLATFORM

Oracle Fusion Testing Tool

AI test automation built for every Oracle Fusion module — Redwood UI, AI agents, quarterly patches.
NATIVE PLATFORM

SyntraFlow DataVault

Auto-generates valid Oracle test data — supplier hierarchies, employee assignments, GL combinations.
NATIVE PLATFORM

Config Discovery

Scans your live tenant and maps every configuration, role, security policy and customisation.
NATIVE PLATFORM

AI-Powered Oracle Testing

Self-healing Redwood selectors, AI agent validation, generative test data.
NATIVE PLATFORM

Release Intelligence Platform

Tenant-specific impact reports for every Oracle quarterly release, CPU and CSPU.
More on Segregation of Duties (SoD) & Oracle Testing

From the Blog

FROM THE BLOG

CVE-2026-21992: Oracle IAM Emergency Patch
FROM THE BLOG

Oracle January 2026 CPU Patching Guide
FROM THE BLOG

What Is Regression Testing?
FROM THE BLOG

UAT Testing for Oracle Fusion Cloud
FROM THE BLOG

Oracle Fusion Patch Testing Checklist

Prepare Oracle Risk Management for 26A

Get a tenant-specific 26A Risk Management impact assessment and ship targeted regression coverage.

Request Assessment Analyze Risk Management Environment
Release Intelligence Separately-licensed SyntraFlow module

How SyntraFlow Release Intelligence Works

Release Intelligence is a SyntraFlow module that is licensed and priced separately from the core SyntraFlow test automation platform. It pinpoints exactly what each Oracle Fusion quarterly release or critical patch will affect in your tenant — and produces the test scenarios needed to validate it. The workflow runs in five connected steps:

  1. Connects to your Oracle Fusion environment. A secure read-only connection to your live Oracle Fusion tenant ingests setup data, security model, and live transactions — no manual exports, no spreadsheets.
  2. Scans your complete configuration with Config Intelligence. Config Intelligence snapshots every setup object (FSM tasks, profile options, BPM rules, descriptive flexfields, security policies) and compares it against the incoming release.
  3. Reads master & transaction data via DataVault. DataVault profiles your real master data and live transactions so impact analysis is grounded in what your business actually runs — not generic Oracle samples.
  4. Produces a detail-level Impact Map. Cross-references the release notes against your configuration and data to highlight which features, flows, integrations, and reports are at risk — down to the line-level setting or seeded role that changed. See Release Impact Analysis.
  5. Generates test scenarios & remediation report. Outputs ready-to-execute test cases targeting each impacted area, plus a remediation report with the exact steps to update your setup or data so the patch goes live with minimum disruption. Run them with Patch Testing Automation.

Licensing note: Release Intelligence is a standalone SyntraFlow module available as its own subscription, or as an add-on to the SyntraFlow test automation platform. Pricing is separate from the core platform — contact us for module pricing and bundling options.

Related Reading