Hello
I am testing our access request workflows and applied a mitigating control to a risk in order to continue the workflow. I removed the risk from the mitigating control and approved the deletion but when I check the mitigating control the risk still appears in the mitigating control. I then tried to delete the entire mitigating control then went through the same process (e.g. approve) but, again, when I check the mitigating controls repository the mitigating control still appears. As if I had never attempted to delete it.
Its almost as if the control is still linked to the risk somewhere else but I'm not sure where. I checked around in the role definition but could not find anything.
Any help is appreciated.