cancel
Showing results for 
Search instead for 
Did you mean: 

GRC 5.3 mitigation control

Former Member
0 Kudos

Dear Guys,

Please help me to understand the concept of mitigation control in GRC 5.3 and when it is useful and at what time we need to implement mitigation control.

How could we mitigate user and on what criteria....????

Also some brief about control monitor.

Thanks in Advance......

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Arpit,

Steps for remediation and mitigation strategy is as below,

Once you do risk analysis, you have the list of risk available in your system, after this you have the option to remove (Remediate) risk by removing conflicting permission or action from role.

OR

there is scenario where you have to accept the risk in this case you have to opt for mitigation control, just consider one example given below,

Function A: Create PO

Function B: Release PO

Above two functions are conflicting and create risk in standard process, so as a standard practice, in reference to compliance SAP recommends to have two people doing it separately, but customer might not be having 2 postions in org to separate this, so customer has to accept the risk and create mitigation control to document this and put the monitoring control so one person can perform this function.

This way it is helful to follow the compliance and when audit happens customer can show that they have identified the risk and documented it and put alternate monitoring control, so the risk cannot be misused.

Hope this helps you understand it.

BR,

Mangesh

Former Member
0 Kudos

Thanks Mangesh.......

Answers (0)