An access risk requires an identifier and defined attributes.
Choose
.The Access Risks screen appears.
Choose Create.
Enter the basic attributes for the access risk.
In the Risk ID field, enter a 4-character alphanumeric code to identify the risk.
This code must be unique to this access risk.
In the Description field, enter a short, plain text description of the risk.
From the Risk Type dropdown list, select the risk type.
Risk types include:
Segregation of Duties (SoD) risk
Critical Action risk
Critical Permission risk
From the Risk Level dropdown list, select the severity of the risk.
Risk Levels include:
Low
Medium
High
Critical
From the Business Process dropdown list, select the business process for this risk.
From the Status dropdown menu, select either Enabled or Disabled to indicate whether to activate the risk when you save it.
Choose the Functions tab to display the Function screen.
You use this screen to identify functions for this risk:
Select the check box next to an empty row and click the down-arrow at the right side of the row to display a scrolling list of all defined functions.
Select the function you want to add to the risk.
Repeat these steps until you have included all the functions in the risk:
For SoD risks, select at least two functions.
For Critical Action and Critical Permission risks, select at least one function.
Choose the Detailed Description tab to display the Detailed Description text field. Enter a description of the risk.
Choose the Control Objective tab to display the Control Objective text field. Enter a description of the control objective targeted by the risk.
Caution
Avoid Tab keyboard characters when you enter risk data in the Detailed Description and the Control Objective text fields. Tab keyboard characters can cause problems when you use the Export and Import utilities to move rules from one system to another.
Choose the Risk Owners tab to display the Owner ID screen.
Caution
To assign a risk owner to an access risk, you must ensure that the user is assigned as an owner.
You use this screen to identify the employee or employees who own this risk:
Choose the plus icon to add a Risk Owner field.
Select the down arrow at the right side of the row to display a list of defined employees.
To assign to the risk, select an owner from the list.
Repeat these steps to assign all owners to the risk.
Choose the Rule Sets tab to display the Rule Set screen.
This screen identifies the rules sets to add to this risk:
Choose the plus icon to add a rule set field.
Select the down arrow at the right side of the row to display a scrolling list of all defined rule sets.
Select the rule set you want to add to the risk.
Repeat these steps until you have added all the rule sets to the risk.
Choose Save.