Oracle Fusion 26A · Risk Management

Oracle Risk Management 26A Release Intelligence

12 feature changes for Oracle Risk Management in 26A — affecting Oracle Risk Management Cloud, SoD, and audit controls. Analyze release impact, regression risks, affected components and recommended validations.

Analyze Risk Management Impact Request Demo

8 High

0 Med-High

4 Medium

0 Low

17 pages

13 APIs

26A Risk Management Command Center

LIVE · FEB 2026

Total Features

High Severity

Affected Pages

Affected APIs

High8

Med-High0

Medium4

Low0

RELEASE OVERVIEW

What Changed in Oracle Risk Management 26A

Oracle Fusion 26A (February 2026) delivers 12 feature changes for Oracle Risk Management — covering process logic, accounting rules, integration payloads, security policies and reporting outputs. 8 are marked HIGH severity and require prioritised regression validation before production cutover.

Total Changes

High Severity

Pages Affected

APIs Affected

Oracle Risk Management 26A Feature Changes

Every Risk Management change Oracle shipped in 26A, with severity, affected components, and recommended validations. Combines initial 26A release notes with the latest 26A patch updates.

Advanced Access Model Enhancements

HIGH

Type: Security / Access Auto-enabled

Improved segregation-of-duties analysis and enhanced access modeling for enterprise roles and inherited privileges Strengthens enterprise SoD governance and reduces audit risks

Pages: Advanced Access ControlsManage Models

APIs: Access Control REST APIs

ESS Jobs: Import Access Models

Config: Role TemplatesAccess Rules

Processes: User Access Certification

Test Cases: Validate inherited-role conflict detection and remediation workflow

Data Objects: User RolesPrivilegesRole Hierarchies

Enhanced Financial Reporting Compliance Controls

HIGH

Type: Compliance / Reporting Customer-action-required

Expanded monitoring capabilities for financial controls and policy exception reporting Helps organizations meet regulatory and audit compliance requirements

Pages: Financial Reporting Compliance

APIs: Risk Compliance APIs

ESS Jobs: Compliance Evaluation Jobs

Config: Compliance Frameworks

Processes: Financial Audit Review

Test Cases: Test policy violation detection and compliance report generation

Data Objects: Financial ControlsPolicy Exceptions

Redwood User Experience Updates

MEDIUM

Type: UI / Usability Auto-enabled

Adoption of Redwood UX components for improved navigation and usability across Risk Management dashboards Improves user productivity and aligns with Oracle modern UI standards

Pages: Risk Management HomeDashboards

Config: Redwood UI Preferences

Processes: Risk Monitoring

Test Cases: Validate dashboard renderingfiltersand navigation flows

Data Objects: Risk DashboardsUser Preferences

Access Certification Workflow Improvements

HIGH

Type: Workflow / Approval Auto-enabled

Enhanced approval routing and notification handling for user access certification campaigns Improves governance efficiency and reduces manual certification effort

Pages: Access Certification

APIs: Certification Workflow APIs

ESS Jobs: Certification Processing Jobs

Config: Approval Rules

Processes: Access Review and Certification

Test Cases: Execute approvalrejectionescalationand reminder scenarios

Data Objects: Certification CampaignsApprovals

Enhanced Audit Trail Visibility

HIGH

Type: Audit / Security Auto-enabled

Expanded audit logging for risk evaluations, control updates, and remediation activities Improves forensic analysis and regulatory audit readiness

Pages: Audit HistoryRisk Incidents

APIs: Audit Event APIs

ESS Jobs: Audit Synchronization Jobs

Config: Audit Policies

Processes: Risk Investigation and Remediation

Test Cases: Validate audit log generation and event traceability

Data Objects: Audit LogsRisk Events

Preventive Controls Analyzer Updates

HIGH

Type: Process / Controls Customer-action-required

Improved preventive control simulation and transaction analysis for ERP transactions Enables proactive identification of risky transactions before processing

Pages: Preventive Controls Analyzer

APIs: Transaction Analysis APIs

ESS Jobs: Control Analysis Jobs

Config: Preventive Control Rules

Processes: Procure-to-PayOrder-to-Cash

Test Cases: Test transaction violation detection across ERP flows

Data Objects: TransactionsPreventive Controls

AI-Assisted Risk Insights

MEDIUM

Type: AI / Analytics Optional

Introduced AI-driven recommendations for identifying anomalous user access and control exceptions Enhances proactive risk detection using AI-based analytics

Pages: Risk Insights Dashboard

APIs: AI Risk Insight APIs

ESS Jobs: AI Analysis Jobs

Config: Insight Threshold Rules

Processes: Risk Monitoring and Investigation

Test Cases: Validate anomaly scoring and recommendation accuracy

Data Objects: Risk InsightsAnomaly Events

Security Patch and Vulnerability Alignment

HIGH

Type: Security / Infrastructure Auto-enabled

Alignment with latest Oracle quarterly security and identity management protections for cloud environments (Oracle Docs) Critical for maintaining secure ERP access and reducing exposure to vulnerabilities

Pages: Security Console

APIs: Identity Management APIs

ESS Jobs: Security Sync Jobs

Config: Identity Policies

Processes: Identity Governance

Test Cases: Validate authenticationrole syncand session security controls

Data Objects: User SessionsIdentity Policies

Enhanced Segregation of Duties analysis in Security Console

HIGH

Type: Enhancement No Opt-in Required

SoD analysis in Security Console improved to validate role hierarchies during role creation/editing; detects conflicts using provisioning rules before role assignment Prevents fraud and compliance violations by ensuring no user/role combination violates enterprise SoD policies; critical for SOX compliance and audit readiness (Oracle Documentation)

Pages: Security Console > Roles > Create RoleEdit RoleSoD Analysis Page

APIs: Security REST Roles APISecurity Setup APIs

ESS Jobs: Role Import JobSecurity Role Synchronization Job

Config: Manage RolesManage Data Access SetsManage Security ProfilesManage Job Roles

Processes: Role creation with conflicting duties (AP invoice vs paymentbuyer vs approver)Role hierarchy validationSoD violation detection scenarios

Test Cases: Test role creation with conflicting dutiesvalidate SoD warning/rejectionsimulate user provisioning conflicttest role hierarchy inheritance rules

Data Objects: ASE_ROLE_HIERARCHYASE_SOD_RULESASE_PROVISIONING_RULES

Integration with Application Access Controls Governor (AACG) strengthened

HIGH

Type: Enhancement No Opt-in Required

Tightened integration between Fusion Security and AACG enforcing preventive SoD controls during provisioning workflows Ensures preventive SoD enforcement (not just detection), reducing risk of fraud during user provisioning (Oracle Documentation)

Pages: Setup and Maintenance > Risk Management > Access Controls

APIs: AACG REST ServicesIdentity Governance APIs

ESS Jobs: Access Control Evaluation JobRisk Analysis Batch Job

Config: Manage Access ControlsManage Risk AnalysisManage User Provisioning

Processes: User role assignmentaccess request approval workflowsSoD conflict remediation

Test Cases: Test access request rejection due to SoD conflicttest approval routingvalidate policy enforcement during provisioning

Data Objects: AACG_POLICY_RULESAACG_CONTROL_MATRIX

Improved SoD conflict simulation and what-if analysis

MEDIUM

Type: Enhancement No Opt-in Required

Enhanced simulation capability to evaluate SoD violations before provisioning roles to users

Pages: Risk Management > Advanced Controls > Simulation

APIs: Risk Analysis API

ESS Jobs: Simulation Batch Job

Config: Role designaccess risk analysiscompliance reporting

Processes: Simulate user-role combinationstest SoD policy impact before deployment

Test Cases: Validates access design earlyreducing downstream remediation effort and audit findings

Data Objects: ASE_SOD_SIMULATION_RESULTS

Expanded built-in SoD policy library updates

MEDIUM

Type: Enhancement No Opt-in Required

Updated predefined SoD policy templates aligned with Oracle security reference model

Pages: Risk Management > Controls Library

APIs: Controls REST API

ESS Jobs: Controls Import Job

Config: Manage Controls LibraryManage Security Reference Model

Processes: Validate seeded SoD rulescompare custom vs seeded policies

Test Cases: Speeds up compliance setup and ensures alignment with Oracle best practices

Data Objects: ASE_POLICY_LIBRARY

Affected Components Across Risk Management 26A

Deduplicated inventory of Risk Management components impacted by the 26A release (initial + patch). Use these lists as your regression scope baseline.

Affected Pages

Access Certification Advanced Access Controls Audit History Dashboards Edit Role Financial Reporting Compliance Manage Models Preventive Controls Analyzer Risk Incidents Risk Insights Dashboard Risk Management > Advanced Controls > Simulation Risk Management > Controls Library Risk Management Home Security Console Security Console > Roles > Create Role Setup and Maintenance > Risk Management > Access Controls SoD Analysis Page

Affected APIs

AACG REST Services AI Risk Insight APIs Access Control REST APIs Audit Event APIs Certification Workflow APIs Controls REST API Identity Governance APIs Identity Management APIs Risk Analysis API Risk Compliance APIs Security REST Roles API Security Setup APIs Transaction Analysis APIs

Affected ESS Jobs

AI Analysis Jobs Access Control Evaluation Job Audit Synchronization Jobs Certification Processing Jobs Compliance Evaluation Jobs Control Analysis Jobs Controls Import Job Import Access Models Risk Analysis Batch Job Role Import Job Security Role Synchronization Job Security Sync Jobs Simulation Batch Job

Affected Config Objects

Access Rules Approval Rules Audit Policies Compliance Frameworks Identity Policies Insight Threshold Rules Manage Access Controls Manage Controls Library Manage Data Access Sets Manage Job Roles Manage Risk Analysis Manage Roles Manage Security Profiles Manage Security Reference Model Manage User Provisioning Preventive Control Rules Redwood UI Preferences Role Templates Role design access risk analysis compliance reporting

Affected Business Processes

Access Review and Certification Financial Audit Review Identity Governance Order-to-Cash Procure-to-Pay Risk Investigation and Remediation Risk Monitoring Risk Monitoring and Investigation Role creation with conflicting duties (AP invoice vs payment Role hierarchy validation Simulate user-role combinations SoD conflict remediation SoD violation detection scenarios User Access Certification User role assignment Validate seeded SoD rules access request approval workflows buyer vs approver) compare custom vs seeded policies test SoD policy impact before deployment

Recommended Test Cases

Execute approval Speeds up compliance setup and ensures alignment with Oracle best practices Test access request rejection due to SoD conflict Test policy violation detection and compliance report generation Test role creation with conflicting duties Test transaction violation detection across ERP flows Validate anomaly scoring and recommendation accuracy Validate audit log generation and event traceability Validate authentication Validate dashboard rendering Validate inherited-role conflict detection and remediation workflow Validates access design early and navigation flows and reminder scenarios and session security controls escalation filters reducing downstream remediation effort and audit findings rejection role sync simulate user provisioning conflict test approval routing test role hierarchy inheritance rules validate SoD warning/rejection validate policy enforcement during provisioning

Other Oracle 26A Modules

Continue your 26A release readiness across other Oracle modules.

26A Cash Management Changes

View Analysis

26A Costing Changes

View Analysis

26A Demand Management Changes

View Analysis

26A ERP & AI Agents Changes

View Analysis

Back to 26A Hub

Oracle Risk Management 26A FAQs

Common questions from teams preparing for Oracle Risk Management 26A.

What changed in Oracle Risk Management 26A?

Oracle Fusion 26A (February 2026) introduces 12 feature changes for Oracle Risk Management, with 8 flagged HIGH severity by Oracle. Changes touch business processes including Access Review and Certification, Financial Audit Review, Identity Governance, Order-to-Cash and surface on pages such as Access Certification, Advanced Access Controls, Audit History.

How many high-risk changes does Oracle Risk Management 26A have?

Oracle marks 8 of the 12 changes as HIGH, 0 as MEDIUM-HIGH, 4 as MEDIUM and 0 as LOW. High-severity items in Risk Management typically require comprehensive regression validation before production cutover because they touch core transactional, security or accounting logic.

Which APIs are affected by Oracle Risk Management 26A?

Affected APIs include AACG REST Services, AI Risk Insight APIs, Access Control REST APIs, Audit Event APIs, Certification Workflow APIs. Custom integrations consuming these endpoints should be validated against the 26A schema and behavioural deltas during your test pod cycle.

What test cases should run for Oracle Risk Management 26A?

SyntraFlow recommends validating Execute approval, Speeds up compliance setup and ensures alignment with Oracle best practices, Test access request rejection due to SoD conflict, Test policy violation detection and compliance report generation, Test role creation with conflicting duties. The release-aware test pack is auto-composed by SyntraFlow Release Intelligence based on the 26A impact analysis on your specific tenant.

How does Oracle Risk Management 26A differ from 26B?

26A landed February 2026 and 26B follows in May 2026. The 26A Risk Management changes establish the baseline that 26B builds on. Validating 26A first ensures a smoother 26B upgrade. Use SyntraFlow Release Intelligence to compare both quarters.

Prepare Oracle Risk Management for 26A

Get a tenant-specific 26A Risk Management impact assessment and ship targeted regression coverage.

Request Assessment Analyze Risk Management Environment