cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Mitigating control "valid to" date not correct

Rich_Turnquist
Participant

on ‎01-28-2010 7:42 PM

0 Kudos

In our GRC 5.3 (SP10) system, I have a mitigating control to Risk valid for 730 days (2 years) in RAR. Then in CUP, I have the role reaffirm period set at 12 months. When I mitigate a role directly in RAR, the validity date is 2 years. However, when I mitigate the risk's through ERM, my valid from date is today (1/28/2010) and my valid to date is 5/8/2010. Does anyone know where this (seemingly) random valid to date is coming from?

This is what my "mitigated roles" screen looks like:

Y_NY_DEPT_DIVA Division Administrator FI001 E01800201 1/28/2010 5/8/2010 ANF2018

Y_NY_DEPT_DIVA Division Administrator FI001 E01800401 1/28/2010 5/8/2010 ANF2018

Y_NY_DEPT_NON_PUR_REQ_ENTRY Purchasing Req Entry FI001 E018* 1/28/2010 1/28/2012 ANF2018

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (6)

Answers (6)

Rich_Turnquist
Participant
‎04-28-2010 2:15 PM
0 Kudos

Hi Victor,

SAP came back with "It will be fixed in SP13 due out in Aug 2010".

Thanks,

Peggy

Show replies
Show replies
Former Member
‎04-28-2010 11:42 PM
0 Kudos

Thanks for your support Peggy.

Regards,

Víctor M. Granados

harryp_sykes
Member
‎06-06-2011 8:38 PM
0 Kudos

We use the default 365 days for Mitigating Controls default expiration time. We are running Compliance Calibrator 5.2. We would like to extend the Mitigatinc control "valid to" date for another year. How do we go about changing the "Valid to" date. If you can help, we need an answer really soon, as our Mitigating Controls are about to expire.

Thank you,

Harry P. Sykes, Jr.

SAP GRC and Security Consultant

ABB, Inc.

440-585-8698

Rich_Turnquist
Participant
‎02-02-2010 6:26 PM
0 Kudos

I have opened a CSS message with SAP.

Thanks,

Peggy

Show replies
Show replies
Former Member
‎04-28-2010 9:25 AM
0 Kudos

Hi Peggy,

The same case is happening to me. By chance you've had a response to the CSS.

Thanks in advance,

Víctor Granados

Edited by: Victor Granados on Apr 28, 2010 10:26 AM

Rich_Turnquist
Participant
‎02-02-2010 2:51 PM
0 Kudos

I have the CUP configuration for "Default Duration (Days) for the Mitigation Control" set to 365.

I have the RAR configuration for "Default expiration time for Mitigating Controls (in days)" set to 730.

My URL for "Web Service Info for CC Mitigation" is:

http://<server>:<port>/VirsaCCMitigation5_0Service/Config1?wsdl&style=document

While in ERM and I click on the Risk ID under the Risk Violations, here is what I see:

*Risk Mitigation*

Mitigating Control* Select

Role Name* Y_NY_HR_PAYROLLTEST

Risk ID* H010001

Monitor ID* Select

Control Valid From*

Control Valid To*

The Control Valid From date is always the current date.

The Contorl Valid To date is always 100 days past the current date.

I expected it to be either 365 days later or 730 days later.

Plus, it doesn't let me edit it - so I can't even change it.

Thank all of you for your help on this. I am curious what other people see in their system.

Show replies
Show replies
former_member366047
Contributor
‎02-02-2010 5:09 PM
0 Kudos

Peggy,

When I tested it in my internal system, I am getting the same Control Valid from and to dates of 3 months in ERM. Whereas my default control valid date set in RAR is 1095 days.

This might be a bug, and I suggest you open a CSS message so we can rectify this.

Thanks!

Ankur

SAP GRC RIG

Rich_Turnquist
Participant
‎02-02-2010 2:17 PM
0 Kudos

It also seems strange that the number of days it picks is always 100 days - it's always consistantly 100 days. Sure seems like a configuration setting but I can't find it.

Thanks,

Peggy

Show replies
Show replies
Former Member
‎02-02-2010 2:29 PM
0 Kudos

Peggy,

CUP has a separate configuration setting for Mitigation control validity, which is always used by system if you mitigate anything from CUP.

I wasn't able to find any similar config in ERM, not sure where it is coming from in your case.

Can you please check what value you have in CUP under config-->mitigation for "Default Duration (Days) for the Mitigation

Control".

As Dylan mentioned what URL did you specify in ERM for Mitigation control web service, the config "Do not use Web Service; CC deployed on the same server " is only available for Risk analysis webservice, may be the system to which mitigation url is pointing has different validity for mitigating control.

Regards,

Amol

Rich_Turnquist
Participant
‎02-02-2010 1:59 PM
0 Kudos

I picked the option: Do not use Web Service; CC deployed on the same server since all components are deployed on the same server.

Thanks,

Peggy

Show replies
Show replies
Former Member
‎02-01-2010 11:14 PM
0 Kudos

Hi Peggy,

Is the Mitigation Web Service pointed to the correct URL? Maybe it pointing to a different system?

ERM Configuration --> Miscellaneous --> Web Service Info. for CC Mitigation

Show replies
Show replies
Ask a Question