on 05-09-2012 4:42 PM
Hi Experts
I have just tried to create a mitigating control via RAR > MITIGATION > MITIGATING CONTROLS > CREATE > BUSINESS UNIT but the business unit field is empty please can you tell me why and how I can fix this please.
Also the field "Management Approver" is empty.
Thanks
MW
Hi Kevin
Thank you for your prompt reply. From where do I get my Business Units info from?
Regards
MW
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mark,
Here is how you can create Mitigating controls:
1. Create Administrators (RAR-->Mitigation-->Administrators), only these can be assigned as Approvers or monitors
2. Create Business Units(RAR-->BU-->Create), Can be given any name & description ( Say like HR, FI, MM). Also Assign Approvers & monitor, dropdown will list admins created in Step 1
3. Create Mitigating Controls (RAR-->MC-->Create). Here fill all the details, assign Risks that can be mitigated by this Mitigation Control, Approvers & Monitors.
Regards,
Ajesh.
Hi Ajesh
OK thanks for that. So as an example I could use WilsonJ??
I have added all the business units to the system. For demonstration purposes I have created the following
Approver
Risk Owner
Monitor & Risk Owner
Monitor & Approver
Is there anything else I need to do to create a mitigation demo??
Regards
Mark
Hi Ajesh
No one logs onto GRC except me at the moment as it is a new implementation and I am trying to get it up and running.
For the demo we have chosen a role now I need to set mitigating control for this role. So I am trying to find out how to create a mitigation ID which has to be a unique alphanumeric identification for the mitigating control ID. It is a HR role so I choose HR as the business unit, choose an approver etc
The SMTP server has been set up, the question is I am not sure how I can test this to make sure it all works, I had thought about setting the system up so it will send me an email, so is this possible???
Can you tell me how to add Management Approvers as well please
Thanks
regards
Mark
Hi Mark,
Not possible to send a mail. You can run risk analysis on a role. If its a HR role, say you get risks H001XXXX. Now you mitigate role (Mitigation Tab-->Migtigated Role--> Search--> Add). Make you have created relevant Control ID with the associated risks H001*. You can choose control ID same as Risk i.e H001. Once you mitigate, you can now run risk analysis on Role. The risks related to H001* should not show up.
Similarly you can do for a user.
Regards,
Ajesh.
Hi Ajesh
I thought the whole idea of mitigation was so that workflow would be triggered and an approver could say yes or no. So why do we not want approvers or monitors to get an email.???
I have set the RAR-->Config-->Workflow > NO
Regards
Mark
PS I found this on another blog
RAR alert notification functionality doesn't use any of CUP workflows, instead based on Configuration of Risk owner / mitigating control approver email address, RAR sends notification email to them. format of alert notification email is hardcoded in RAR.
I found the discussion very informative
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Mark:
Have you set up your business units Under Business Units under the mitigation tab??
Thanks.
Kevin Tucholke
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.