To the GRC gurus,
I have the below situation. In our MSMP setup, we only have ARM set up. After running the Risk Analysis, there are some unmitigated risk. So the security applied the mitigation control ID in the ARM via the button 'Mitigate Risk' button. After applying it, the ARM is submitted and roles are applied to the user.
However when we look for the user in the Mitigated User link, we cannot find the user. We ran the sync job for repository objects and still nothing.
Do we need to have the Mitigation Assignment activated in the MSMP in order for the user to appear in the Mitigated User link? If not, am I looking at the right place ie mitigated link for the user?
Appreciate any hints or answer.