2011 Dec 19 12:50 PM
Hi,
I checked this forum but didn't find any helpful thread for my question. We are using GRC version 5.3. Is there any SAP report or tables available that would show history of mitigating controls per user? In running the Compliance Calibrator for a user, SOD issues were present that we didn't expect because we thought existing mitigating controls were applied and that we were regularly monitoring this user for the associated risks. We thought that the problem might be that the validity period might have expired, but our corporate security group currently doesn't even show the mitigating control for the user. I wanted to look at the history of the mitigating control for the user to see if I could validate their claim.
Thanks,
John
2011 Dec 19 4:14 PM
Hi,
First of all, there's a special forum for GRC: "Governance, Risk and Compliance".
Check under RAR-> configuration tab:
Default expiration time for mitigating controls (in days)
When assigning a mitigating control to a risk, you must specify the validity period of the controlIf the End Date is left blank, the value in this option is used to calculate the end date of the validity period; the default value is 365 (days)
Check also under CUP->configuration->mitigation.
You'll be able to find the documentation for this configuration parameters in the corresponding Config Guide.
Regarding Mitigation controls per user, I guess you can just check RAR -> Mitigation tab.
Cheers,
Diego.