cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Admin Review stage in SOD Review and UAR Review - who should do this?

Former Member

on ‎07-28-2011 10:09 PM

0 Kudos

Hello experts,

We have configured SOD review and UAR review in CUP and have opted to include the Admin Review stage. We have created three custom UME roles that the tasks can be assigned to one or more individuals to perform the Admin Review tasks (1 for SOD, 1 for UAR, 1 for reports on the Informer tab).

The problem is that we are unable to separate the adminstrative tasks of updating requests with reviewers and coordinators, with the authority to change the configuration options under the Options menu node.

We would like to separate these but it does not seem possible So the dilemma is that someone doing administrative type work could easily change the config, even enter an incorrect url and bomb the process.

The question is: What are other organizations doing with this? Is the Admin Review role filled by someone in IT Support, the Security team, User administration, Internal Controls, Internal Audit, or simply having a GRC System Administrator be responsible for this activity?

Thanks for your help. (We're on 5.3 Sp14)

Glen

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎07-31-2011 6:56 PM
0 Kudos

Hi Glen,

Many of the AC permissions aren't granular enough to provide complete segregation of access. It would be much easier and secure when GRC administrator themselves are managing SOD/UAR review rounds(at least till the part of preparing system, generating and dispatching SOD/UAR requests and monitoring the progress of review rounds), so it would be their responsibility to maintain proper configuration of the application.

This is how SOD/UAR reviews are managed in some of the companies I have seen.

Regards,

Amol

Show replies
Show replies
Ask a Question