You can use Mitigating Controls to associate controls with risks, and assign them to users, roles, profiles, or HR objects. You can then define individuals as control monitors, or approvers, and assign them to specific controls. You can also create organizations and business processes to help categorize mitigating controls.
Using the Mitigating Controls section, you can complete the following tasks:
Create mitigating controls (that you cannot remove)
Assign mitigating controls to users, roles, and profiles that contain a risk
Establish a period of time during which the control is valid
Specify steps to monitor conflicting actions associated with the risk
Create administrator, control monitors, approvers, and risk owners, and assign them to mitigating controls