cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unable to see the Mitigation Control ID & Monitor details in Role level Risk Analysis

Former Member

on ‎03-14-2014 9:27 AM

0 Kudos

Dear Experts,

We had migrated the RAR data from GRC5.3 to GRC10.0 as required. However,

1) We are unable to find the Mitigation Controller ID and Monitor details for mitigating the Risk in GRC10.0 though we have created the Mitigation Monitors and Approvers in Organizations and Access Control Owners options available in Access Management work center of GRC10.0.

2) Also we knew that we have an option to map the Mitigation Admin ID to a username and email address in GRC5.3 but the same is not available in GRC10.0

For your reference, here I am attaching the screenshot.

Kindly go through the attached screenshot and provide us the solution for the above mentioned queries

Thanks and regards
================
Santosh.S

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎03-14-2014 12:07 PM
0 Kudos

Hi Alessandro,

As suggested, we have followed all the mentioned steps. We still have issues for two scenarios:

1) When analysing the Report in GRC10.0, the Mitigated Roles are not displaying the complete information such as Controller ID and Monitor information though we can see the same in GRC5.3 system.

2) When we are trying to mitigate the SoD conflicts for a role there we are unable to select the Controller ID or Monitor to mitigate it though the Monitors, Approvers are maintained in Organization and Access Control Owner as Monitor and Owners as suggested.

For your reference, the screenshot has been attached in the previous email.

Kindly go through the attached screenshot and provide us the solution.

Thanks and regards

===============

Santosh.S

Show replies
Show replies
Former Member
‎03-19-2014 12:02 PM
0 Kudos

Dear Experts,

Now we are able to see the complete information in the Mitigated Roles in Access Management work center such as Control ID, Risk ID, Valid from, Valid to and Monitor information.

Also we are able to see the same information for even the customized role which has mitigated with customized mitigation controler, controller id, risk id, function id.

However, we are unable to see the same in Role Risk Voilation Report of "Reports & Analytics" work center.

Also we are getting the information as "No Voilations" when we check the Access Risk Analysis for a Role at Role Level or at Role Level Simulation of Access Management work center. 

Please provide us the solution for the above query ASAP.

Thanks and regards

===============

Santosh.S

alessandr0
Active Contributor
‎03-14-2014 9:49 AM
0 Kudos

Hi Santosh,

have you updated the Mitigation Approver / Mitigation Monitor in the mitigating control? Also check if the risk is properly assigned to the mitigating control.

A mitigating control must belong to an organization and the approver/monitor must be defined as owner for this organization and can then be picked in the control. Owners must also be defined as Mitigation Approver.

Regards

Alessandro

Show replies
Show replies
Ask a Question