Showing results for 
Search instead for 
Did you mean: 

GRC 10.11 or 12 risk owner approve maintanance on BRM


Hi all

I've found this post

about on BRM after the role owner approve the maintanance of a role, we would like that the risk owner also approver the request.

on the ARM its looks like its possible, but on BRM is it possible?


Accepted Solutions (0)

Answers (1)

Answers (1)

Active Contributor
0 Kudos

Hi Arivind,

Can you try addressing this requirement using following approach?

- First set parameters 3041 and 3042 to YES which make risk analysis incumbent and cannot move forward if there are risk violations in the role.

Note: These parameters work only for risk analysis violations and not for impact analysis violations

- Role Changes resulting in HIGH risk violations should never be allowed and in that scenario inform the requestors that role authorization data need to be modified.

- Role Changes resulting in MEDIUM or LOW risk violations should be mitigated before you move to next phase in BRM.

Who initiates the control assignment request? (You need to sort this out with the client)

Approvers of control assignment request can be your risk owners.

So, any risk violations which are MEDIUM or LOW will be mitigated or the risk owners can suggest to revert back the changes.

So, everything gets sorted out at Risk Analysis phase and only when the risk violations are properly mitigated or remediated the role can move to next phase in BRM. This way risk owners are involved in the BRM process.

Let me know if any queries.