we are on GRC Access Control 10 SP11.
We have activated the Risk approval WF. A user change a risk (e.g. set the status Inactive) and then, the owner of that risk receive the notification request to Approve or Reject.
I don't know if this workflow is thus by design or if some configuration is missing. But when an approver open the Request (in order to approve or reject it) is really not clear what kind of change has been made on that risk by the requestor. Moreover although a request is approved the change at the risk, requested by the user, is not carried out.
Any experience on that?