Question regarding SOD detour in GRC 10.1

Former Member · ‎2020 Jan 28

Hello,

We are currently on GRC 10.1 SP15.

We have defined the risk type as Critical or non-critical. The request mitigation policy is set to have mitigation only for the critical risks.

From what I understand, GRAC_MSMP_DETOUR_SODVIOL function helps route the request in cases of a risk. Currently, both critical and non-critical risks are routed and the risk owner cannot close a request with critical risk without mitigation.

Is there any standard function available where in the request is routed only in case of critical risks and the non-critical risks does not invoke the routing.

Thank you,

Praman Mulay

RameshVithanala · ‎2020 Jan 30

Hi Praman,

Then it can be achieved using the Mitigation Policy,your BRF+ DTshould look like this

Risk Type : SOD+ Risk Level : Critical should route to Complinance Rule

Risk Type : SOD+ Risk Level : Non Critical should route to Non Complinance Rule(No Stage for auto approval)

Thanks

Ramesh

RameshVithanala · ‎2020 Jan 29

Hi Praman,

I am little confused with your request. Normally Risk Type will be SOD,CP,CA?You can leverage mitigation policy on the risk level instead of risk type...

EX:

SOD + Critical + High Risk Level should be routed for approval

SOD + Medium + Low Risk Level should be auto approved with no stages

Thanks

Ramesh

madhusap · ‎2020 Jan 29

Hi Praman,

You can copy the standard FM "GRAC_MSMP_DETOUR_SODVIOL" and create a custom function module.

In this custom FM, you can check the risk analysis results and can write simple logic to check the risk analysis and consider routing only if there are Critical Risks. In standard FM as long as there are risk analysis results the routing will happen irrespective of risk level or type.

Regards,

Madhu

Question regarding SOD detour in GRC 10.1

Know the answer?

Need more details?

Accepted Solutions (0)

Answers (3)

Answers (3)