Hi Santosh,

A very simple and basic difference between simulation and mitigation is:

Simulation - It is a proactive way to understand if any Risks are being assigned in our system.

The common Simulation Analysis is provided at :

1. User Level - To check for Risks which can be assigned to User. This can be possible by assigning any new Role to User or modifying the existing Roles which are assigned to User.
2. Role Level - To check for Risks within the Role by adding Actions / Permissions.

GRC also provides the functionality to perform the Simulation on HR Objects, Profile and Organizational Level

Mitigation - Mitigations are controls which help us to monitor the existing Risks available in our system. Mitigations can be maintained and assigned at User, User at Org Rule, Role, Profile, HR Objects Levels.

Regards,

Nikita.

Hi Santosh,

Simulation:-
To run “what-if” scenarios, you run a simulation analysis of adding actions, roles, or profiles to existing users, roles, HR objects, or organizations.

Mitigation:-
It allows you to mitigate risks that cannot be removed by modifying access. This includes maintaining the following types of data manually or with export/import utilities and using the data to mitigate users, roles, profiles, HR Objects, or users at organizational levels.

I hope this will help you to understand the difference between both.

Regards,

Yukti

A very big difference.....

Simulation - Where you simulate the addition/removal of access from the objects analysed (i.e. a Role added to a user, or a transaction removed from a role etc) and see the possible affect the change will make on the risk analysis violation count.

Mitigation - An application of a control on a specific risk at a User or Role level, so if that risk does exist, it will not be reported as there is a control in place to monitor/control that risk from being realised etc.