cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Require Risks to Be Mitigated Before Approval

Former Member

on ‎04-04-2013 12:32 AM

0 Kudos

In our Workflow, a user will create a access request in GRC 10 SP9.  The request is sent to the Role Owner for approval.  The Role Owner is required to perform a Risk Analysis and either approve or reject the request.  For Requests that have SOD's a detour path is intiated that routes the requests to a Controller.  We want the Controller to be required, before approval, to Mitigate the risks.  Does anyone know of a configuration setting to force this action.

Respectfully,

Michael Mease

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Colleen
Advisor
Advisor
‎04-04-2013 2:17 AM
0 Kudos

Hi Michael

Would it be better to set a different initiator rule to check for unmitigated risk first. Have two path outcomes - one that goes to the Controller to Mitigate vs once that goes to approver to the approver? The first path can then continue to approver after controller has completed mitigation?

There's been a few posts in the community about this this type of initiator rule. They have the parameter 1071 - Enable risk analysis on form submission would be required

Show replies
Show replies
Former Member
‎04-04-2013 6:12 PM
0 Kudos

Hi Colleen,

Thank you for your reply.  I agree and that is what we are trying to accomplish.  We want the role owner to approve the access first and then route to controller to mitigate the risk before provisioning.  During our testing, the controller can submit request without mitigating the risk and the user id is created.  We have enabled the 1071 parameter but still id will be created with unmitigated SOD's.

Respectfully,

Mike Mease

Colleen
Advisor
Advisor
‎04-04-2013 11:48 PM
0 Kudos

Hi Michael

What is your Task Setting for the MSMP Stage for Controller?

In the task setting there is an option to "Approve Despite Risk". If this is unselected would this prevent them from approving?

I assume you've got following parameter set

  • 1071    Enable risk analysis on form submission
  • 1072    Mitigation of critical risk required before approving the request
  • 1073    Enable SoD violations detour on risks from existing roles
Ask a Question