Skip to Content
author's profile photo Former Member
Former Member

Clarification of Mitigating Alerts and Notifications

I am investigating mitigating controls in 5.2 and have a query regarding the difference between 'generate action log' and 'alert notifications'. In the configuration tab when maintaining background jobs for mit controls there are the above 2 options. None of the supporting documents clearly explain the difference between these. They're obviously both emails. I expect one advises that mitigating control is due to be executed (alert notificiation). That leaves 'generate action log' which seems to have something to do with capturing transactional data from R3. Can anybody clarify how these are used?

Many thanks in advance

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

4 Answers

  • Best Answer
    Posted on Sep 17, 2008 at 08:01 PM

    "Generate action log" will go to the RTA on your ERP system, look into the STAD/STAT tables and analyse the transactions the users have run. If any one user has either executed a transaction from within a critical action risk or a combination of transactions from an SoD risk, the user name, date/time/terminal and transaction(s) will appear in the alert log.

    Mitigating alerts check if a mitigation alert monitor has actually run the report that has been assigned in the control, in the defined period. He needs to have run that report at least once in order for this to work (so that CC can calculate the control period).

    "Alert notifications" allows you to schedule a different time for when you want emails being sent to risk owners or control owners in case of a new alert. These emails will contain the information from the actual alert.

    Frank.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Sep 18, 2008 at 06:26 AM

    Hello Grainne,

    Agreeing to what Frank and Tavi have suggested, you may use these reports and notifications independently for each of the three tasks mentioned in the tab. This decision would primarily be based on the frequency of each of the three happening in your implementation.

    E.g you may have "Critical action alerts" generated and notified every hour if they are important from your business point of view, while you may have "Mitigation" running every day if they are less in number and not that critical. Also, there might be a scenerio where you do not want to send Emails for all the three, for which you can make a selection independently.

    Regards,

    Hersh.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Sep 17, 2008 at 06:35 PM

    Hi,

    Alert log is generated whenever you execute any of the critical transactions maintained in Critical Transaction link under Rule Architect. Regarding "generate log" that will be generate whenever you will schedule a backgournd job for "alerts" and you can check the result in "Alert" tab for give transaction. To make alert work for you, you should have a file located at application server directry and give the path of that file in Congfig -> miscelaneous->alert log file name & location. If you have this file physically located and that path is meritioned here, you are done with your alert config. And if you select "Alert notification"

    while scheduling the job it will send the notification (email) also apart from above mentioned things.

    Thanks,

    Tavi

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Sep 19, 2008 at 09:06 AM

    Hi

    Firstly thank you to Tavi, Frank and Hersh. I really appreciate your speedy responses and it has shone light on this topic for me.

    I'd like to summarise to ensure I have clearly understood. The mitigating controls, users, controllers and approvers are maintained in the 'Mitigation' tab.

    The alerts are emails and relate to the execution of the defined mitigating controls (reports). If the controls are not executed in defined period an alert will be sent to the monitor to remind them or alert them that this activity is to be performed. The Monitor is the person assigned to run these controls reports in specified period.

    The notification logs read from R3 logs and will look specifically for mitigated users. It will check to see if they run a combination of the mitigated transactions e.g. create vendor, raise invoice. If this combination of transactions occur a log will generate with relevant details. My question here is 'are notification logs sent my e mail and who is person to receive them, is it the monitor?' If not, where are they to be found. Is this a resource hungry activity and is it recommended.

    Is the Monitor the only role relating to above.

    Thanks so much in advance.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.