Hi,
We are upgrading our system from GRC 5.3 to GRC 10.0. We have Mitigation Control for each Risk id which is already validated by Corporate SoX team. Currently in system I can see that we can mitigate Users/Roles/Profiles/HR Objects.
We would like to know if we can mitigate at the Risk Level itself?
Scenario : Risk P001 linked to a control P001GLO001.
Now when Risk analysis is performed for a user, risk P001 should not show up in the report since it is already mitigated by control P001GLO001.
Can we mitigate at Risk Level?
Thanks!!!