Skip to Content
avatar image
Former Member

Risk is Mitigated, but Risk Analysis shows 'Risk not yet Mitigated'

Hi All,

On Risk Analysis(on Access request form submission), Risk is found, but Mit. Control shows' Risk not yet mitigated'.

Access request shows no MC assigned(with option' Include Mitigated Risk')

I have assigned these risks to Mit. Controls, as shown below. What can be the reason?

m.jpg (11.0 kB)
z.jpg (94.4 kB)
1.jpg (71.2 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    Nov 24, 2014 at 05:36 AM

    After mitigation, rerun risk analysis.

    Regards,

    Prasant

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 24, 2014 at 07:43 AM

    Dear Plaban,

    as Prasant has mentioned if you mitigate during the approval in the access request you have to re-run the risk analysis to have the information updated. Also please be aware that if you mitigate risks only in your productive environment, but you have test/dev systems assigned in the access requests which have risks too, those are not mitigated and in case you have defined your workflow that access requests cannot be approved when risks then the user might not be able to approve.

    And as your system is greyed-out I assume that it might be possible to have other systems in the access request as usually a user gets the same authorization in quality system and hence this might be another issue too.

    Hope this helps.

    Regards,

    Alessandro

    Add comment
    10|10000 characters needed characters exceeded