cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Risks has been removed but Mitigating Control still stays with the users?

Go to solution
Former Member

on ‎02-26-2009 5:03 AM

0 Kudos

Hi all,

I have a situation where after a risk has been removed from the users by removing the violating roles, however the Mitigating Control still remains tagged to the same user. Is there any efficient way of removing Mitigating Controls from users where the risks no longer exists?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-26-2009 6:51 AM
0 Kudos

Hi Alvin,

After removal of voilating roles from risk..If u think to remove user from mitigation conrol ,,go to mitigation-search for u r mitigation conrol and go to mitigated users tab,,and select the user and delete.

I hope this solves your problem

Thanks,

Joseph.

Show replies
Show replies
Former Member
‎02-26-2009 8:26 AM
0 Kudos

Hi Joseph, thanks for the info. My problem comes in when the user request to have the violating role removed via CUP and it so happens that the Mitigating Control assigned for the old risk still has 6 more months of validity left. It seem like there is no mechanism to auto remove this MC when the role has been removed after the request in CUP have been approved and auto-provision.

My problem is that there might be many more of such users with redundant MC assigned to them in RAR. I can't find a way to search for such redundant MCs for cleanup. There is a possibility that when the same roles are assigned back to the users via request in CUP, these redundant MC if applicable will cause the Risk Analysis via CUP to not flag out any SoD issue.

Answers (3)

Answers (3)

hkaur
Advisor
Advisor
‎03-31-2009 8:02 AM
0 Kudos

Hello,

Yes you can find invalid mitigation controls in CC 4.0 also. The report is there in the Utilities Menu of CC 4.0.

See this thread:

Regards

Harleen

SAP GRC RIG

Show replies
Show replies
Former Member
‎02-27-2009 6:53 AM
0 Kudos

Sure.

You can just schedule it as any other report on periodic and ad-hoc basis as well.

--

Cheers!

Aman

Show replies
Show replies
Former Member
‎02-26-2009 9:02 AM
0 Kudos

Hi Alvin,

You can also remove the assignment of invalid Mitigation Controls for user by running a report under "Informer" Tab ->"User Level" and select report type to be Invalid Mitigation Control. This report will display all the invalid Mitigation Controls and from there u can disable / remove the assignment of this mitigation control to the particular user(s).

--

Thanks,

Aman

Show replies
Show replies
Former Member
‎02-27-2009 6:44 AM
0 Kudos

Hi Aman,

thanks for the advice, guess I just have to run this report on a periodic basis as a workaround.

regards

Former Member
‎03-30-2009 7:31 PM
0 Kudos

Hi Aman,

Is there any way to find the invalid Mitigation Controls in CC 4.0? I have the same situation like Alvin.

Edited by: Hari Chanda on Mar 30, 2009 8:58 PM

Ask a Question