on 05-31-2011 10:09 AM
i hve created a RISK and assigned a Mitigation Id to it. But the risk still appears in Risk Analysis(BUT,IT SHOULD NOT APPEAR), where the option of 'exclude Mitigated Risk' is selected. Could any one tell, why is this appearing and how to mitigate the Risk(i.e not to appear in Risk Analysis)
Hi Plaban,
The reason this could happen is that after assigning the mitigation control to the risk, you may not have done user synchronization.
Pl. do user synchronization and then check, this should solve the problem.
Regards,
Ankit
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi ankit, i am doing RA at Role level. So no user is involved here.Moreover, Mitigation control defines relation between, Mitigation Id and Risk Id. So, even if I do User Synchronisation, there would be no difference in RA result, since User Synhronization will update User data from Backend and not Mitigation ID(which is present in GRC ONLY).
Hi Plaban,
Have you done a Batch Risk Analysis for Roles in 'Incremental' mode?
After you map the risk to mitigation, you need to run 'Barch Risk Analysis' for 'Roles' for the change to be realised for Risk Analysis.
In Production Systems, there will be a daily or weekly job that does this. Form what i read i assume that you are checking in Test System. Kindly run the Batch Analysis, check and let know.
Rgds
Ganesh.S
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.