on 09-11-2013 4:54 PM
Hello All,
I am trying to learn the processes related to mitigation control monitoring. I understand a control requires an approver and a monitor. So what functions
does the mitigation monitor perform ?.
I'm interested in any reports that need to be working that would be employed by the monitor. Is there an enforcement mechanism logging or reporting
when the monitor runs related reports on mitigating controls ? Also, is there available documentation on this
process ?
All information on this topic is welcome.
Thanks !
Jamie
well. simple one you can get in..NWBC>setup>OWNER
when you maintain mitigation monitor see the descrition.. it gives the use of the position.
Regarsd,
Prasant
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Mitigation Monitors | Mitigation Monitors are assigned to controls to monitor activity and may receive control monitor alerts. |
Mitigation Approvers | Mitigation Approvers are assigned to controls and are responsible for approving changes to the control definition and assignments when workflow is enabled. |
The control monitor will receive e-mail only when something is changed within the mitigating control. For eg: you have changed the risk or added or rmeoved some risk from the mitigating control.
Regarding the functionality of "report" which is maintained in reports tab of mitigating control, the e-mail is sent to the approver if control monitor does not run that report at the frequency mentioned.
To send notifications is in GRAC_ALERT_GENERATION, Check box "Send Notification". Are the alert mails generated
Regards,
Prasant
Hi Prasant,
I have concern with regard to the report, please clarify my query.
As you said "Reports" which are maintained in reports tab of mitigating control, will trigger an e-mail to the Mitigation approver if control monitor does not run that report with in the frequency mentioned.
My Query:
Can GRC AC has the functionality to check the back-end system whether control monitor execute the report or not with in the maintained frequency. I think this functionality is available in PC. Could you please clarify me on this part?
Regards,
Kesava
Kesava,
I have noticed that, Mitigation Approver keeps receiving email notification on timely basis (per frequency defined in mitigation control) for mitigation control he is responsible for.
I am not sure if system will check if Monitor has failed to execute the report within the defined frequency.
Also I noticed that, Monitor has not received any email notification if Mitigation Control (Monitor is defined) is modified.
Believe, still need some more information on application behavior for this.
Hope somebody would reply.
Regards,
Faisal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.