Skip to Content
0
Former Member
Jan 18, 2008 at 12:44 AM

Enhanced Integration Between AE and CC

13 Views

We have setup the following:

W1) AE Workflows + Mitigation of CC Risks through AE

W2) CC Control Creation Workflows in AE

W3) CC Mitigation Object Workflows in AE

W4) CC Risk Creation Workflows in AE

The challenge is as follows:

When a manager is required to approve an access request which has

reported Risk violations the manager has to do one or more compliance

activities:

A) mitigate the risk

or

B) create a control (if it doesnt exist) and then mitigate the risk

We expect theoritically that when Action (A) is taken is should trigger

W3 and that when Action (B) is taken is should trigger W3 and W4.

However, we are finding that it does neither.

Please advise on whether we are have overlooked required configuration

or whether this functionality does not exist.

Steps for the Reconstruction

Setup W1, W2, W3, W4

Request a new user account through AE and assign a role that generates

a violation with no existing controls.

Through AE in one of the workflow stages have the approver select

mitigate risk -> create the risk -> save the mitigation.

Check Compliance Calibrator:

Expected --> Two new workflows and the control should not exist in CC

Actual Observed --> New new workflows and control exists with the

mitigated user in the table