Hi All,
We are in process of re-mediating the user access before creating mitigation control for any risks.
Risk analysis report showing some risks where my compliance team is not accepting them as risk and they are calling them as false positives.
Here are the example.
We have PO control manager where he/she can place the orders and approves the orders which was create by others but he can n't approve his/her own request
Below are the risks which are showing for the control manager in GRC.
Please suggest me how can i eliminate these type of risk(some of the authorization object fileds are not org filed so cann't use org rules for this.
Thank you in advance for your help.
Regards,
Sushma M