on 07-18-2012 9:04 AM
i was just reading some GRC docs and stumbled upon a term "Mitigating Controls"
could any one please explain what is this..and whether they are assigned to users or risks.
As per my understanding it is a addition check applied upon a user whick does not allow him complete a transaction unless it is approved by a an approver // moniter.
please correct i am wrong.
rgds..........kk
Hi Krishna,
Mitigation controls are created for the risk and user/role/profile can be assigned to it.
Approver and Monitor are also assigned to the Mitigation Control.
So when you run the User/Role/Profile based Risk Analysis then you can see the Mitigated risk with the Mitigation Monitor Details.
It says that there is someone who is monitoring this User/Role/Profile with this risk.
Regards,
Shaily
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Krishna,
Please refer the below mentioned SCN thread. I hope it give you some relevant information.
https://scn.sap.com/thread/1339366
Regards,
Yukti
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
What is the relation between rules and mitigation controls?
rgds.......kk
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Krishna,
You can use Mitigating Controls to associate controls with risks, and assign them to users, roles, profiles, or HR objects.
Make individuals as control monitors or approves and then assign them to controls.
You can refer to the help document available at
http://help.sap.com/saphelp_grcac10/helpdata/en/16/7a5f2e29744e078f9305017fee2fc2/frameset.htm
regards,
Rajeshwari
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.