Originally Mitigating Monitors were not available as usable/assignable "Agents" for workflow purposes, like EAM FF ID Controllers etc.

As of SP08, SAP  have given the GRC community the ability to use the Mitigating Control monitors to act as Approval/Notified agents in the AC MSMP workflow stages.

Usually, I use the Mitigating Control Owner to approve any Mitigating Control assignments taking place within Access Requests. I presume some companies prefer assignments to be approved by the monitors, therefore SAP have introduced that agent rule as of SP08.

Hey Kyle -

I hope all is well, this your  old Colleague Darnell Suggs

If I understand your question, you are trying to determine how a Mitigation Monitor is notified or a workflow is routed to them when a control is assigned?

The way the configuration works, a Monitors or "Owners" needs to be assigned under the "Master Data" tab and associated with an Organization which needs to be created under the 'Organizations" Quick Links. You'll need to add each uses who will be an Approver or Monitor under the "Owners" tab.

After these users are associated there, you can assign the appropriate Approvers and Monitors to the "Mitigating Controls". The requests should then be routed based on the Monitor defined within the control.

There is a guide called 'Shared Master Data with Process Control and Risk Management" that talks a little bit about this. I don't have a link the doc but just reach out to me and I can provide it.

If you are trying to just route a request to an SoD reviewer for example then I would recommend that you use the 'GRAC_MSMP_DETOUR_SODVIOL' rule and assign the group of reviews to a custom Agent. When SoD's are identified within the request it will route the request to the agent or grouping of agents for review. You can set the configuration at the role stage to require 'Any One' or 'All' approvers to Approve.

Hope this helps.