cancel
Showing results for 
Search instead for 
Did you mean: 

Risk Analysis in the application generates risk of another approver

Former Member
0 Kudos

Hello,

Configure a BRF + to shoot simulataneas approvals role name, requests are routed correctly, but when the first approver performs RISK ANALYSIS him out conflicts of all approvers. how I can fix the mistake as would have to mitigate risks that do not belong? appreciate your help.

BRF:

Request:

Roles that should be considered in the generation of risk:

To perform risk analysis. the detail shows me a role that the user should not approve approver.

Regards,

Freddy

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member197694
Active Contributor
0 Kudos

Dear Freddy,

I think you have selected Approval Level is Request in stage settings,In that case change to Role and try.

Regards

Baithi

Former Member
0 Kudos

Hello Baithi,

Thanks for your answer, stage if you set the field to approve role. What I really want is that the risks arising in the application are approved by the officer responsible and not by anyone.

I have configured mitigating controls for each SAP module and the error occurs to me is that any agent of any module can approve everything not only what belongs.

Regards,

Freddy

madhusap
Active Contributor
0 Kudos

Hi Freddy,

If I understood your requirement correctly, what you wanted to achieve is routing the roles in your request to different approvers based on Company Code and Role Names.

Your stage settings are all respective approvers should approve the request at this stage.

But the same approvers should be able to mitigate risks if there are any risks caused by the roles for which they are owners and you want these approvers to be able to mitigate risks only for the roles they can approve? Is my understanding correct?

Basically "Risk Analysis" will run at REQUEST LEVEL based on all the roles included in the request and hence though roles have different approvers, all approvers will be able to see Risk Violations in the request and will be able to mitigate the risks, but if you have Mitigation Assignment Workflow enabled, whoever Mitigate the risks, they still go to Mitigation Owner for approval.

Let us know what is your exact concern with this approach so that easy to suggest you any approach that best suits your requirement

Regards,

Madhu.

Former Member
0 Kudos

Hello Madhu Babu,

Thank you very much for your response, your understanding is correct. My exact concern lies in the fact that an approver mitigate the risks caused by roles that do not belong. how could address this problem ?. or relmente functionality grc must run the risk analysis for all roles and all approvers will be able to mitigate the risks?

Regards,

Freddy.

Former Member
0 Kudos

hello Freddy,

the Mitigation assignment workflow will forward the request to the agent(approver). This agent is specified in the Stage. you can use standard Agent ids(i do not have GRC now), or create your own decision table to route the requests, to approvers

So, could you check if Mitigation assignment workflow is set up or not.

Regards

Plaban