Skip to Content
author's profile photo Former Member
Former Member

difference between simulation and mitigation

difference between simulation and mitigation

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Aug 31, 2012 at 11:01 AM

    Hi Santosh,

    A very simple and basic difference between simulation and mitigation is:

    Simulation - It is a proactive way to understand if any Risks are being assigned in our system.

    The common Simulation Analysis is provided at :

    1. User Level - To check for Risks which can be assigned to User. This can be possible by assigning any new Role to User or modifying the existing Roles which are assigned to User.
    2. Role Level - To check for Risks within the Role by adding Actions / Permissions.

    GRC also provides the functionality to perform the Simulation on HR Objects, Profile and Organizational Level

    Mitigation - Mitigations are controls which help us to monitor the existing Risks available in our system. Mitigations can be maintained and assigned at User, User at Org Rule, Role, Profile, HR Objects Levels.

    Regards,

    Nikita.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Aug 22, 2012 at 11:18 AM

    A very big difference.....

    Simulation - Where you simulate the addition/removal of access from the objects analysed (i.e. a Role added to a user, or a transaction removed from a role etc) and see the possible affect the change will make on the risk analysis violation count.

    Mitigation - An application of a control on a specific risk at a User or Role level, so if that risk does exist, it will not be reported as there is a control in place to monitor/control that risk from being realised etc.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Aug 23, 2012 at 01:54 AM

    Hi Santosh,

    Simulation:-
    To run “what-if” scenarios, you run a simulation analysis of adding actions, roles, or profiles to existing users, roles, HR objects, or organizations.

    Mitigation:-
    It allows you to mitigate risks that cannot be removed by modifying access. This includes maintaining the following types of data manually or with export/import utilities and using the data to mitigate users, roles, profiles, HR Objects, or users at organizational levels.

    I hope this will help you to understand the difference between both.

    Regards,

    Yukti

    😊

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.