Skip to Content
0
Former Member
Dec 04, 2008 at 03:13 AM

Questions about mitigating controls

37 Views

I am helping a client provide a rock-solid response to an audit concern with regards to mitigating controls. At present, the client is using an older version of Virsa CC (I think 5. something?) and have a few questions.

1 .Can you maintain a global mitigating control by risk ID, or is it only by user, role, profile, and HR object?

2. How can HR object be used? I saw "Job" in this --I assume this would be like "Accountant I", "Accountant II" , etc.? What other options are there?

3. When would you ever use profile? I used to think of times when profiles were assigned to roles, like SAP_ALL (which was of course over used before SoX).

Thanks for your help

Brian