Hi All,
I have configured my workflow in such a way that, when a request reaches a certain approver (who is authorized to mitigate), he has following options available (we have configured this way):
1. Submit the Request: This will simply approve the request. But I would NOT want him to approve the request if it has violations. First he should mitigate the risks and then approve the request.
May I know how I can do it? Is this the correct process?
2. Reject the Request: If he is not ok, he can reject the request. I am ok with this and no action is required.
3. Forward the Request: If he needs any business clarifications, he can forward the request to the user's manager before mitigating and approving the request. This is also ok for me.
4. Mitigate the risk: If a request has risk violations, he can mitigate the risks by clicking on "Mitigate" button on "Risk Analysis" tab.
Here is the problem I see. The straight forward what he can do is, mitigate the risks and then approve the request (Submit). However, there is one more option with him and that is, he can mitigate the risks and then changes his mind to reject the request!
If he rejects the request (after mitigating the risks), the mitigation which was done before, is not "UNDONE". Meaning, that user is mitigated though the request is rejected!
This is very confusing and this way users are simply mitigated for no reason!
May I know below things:
1. What is the best way or practice to mitigate risks in a request?
2. How above explained problem (for point#4) can be addressed?
3. How I can stop approving a request if it has violations?
Please advise on this.
Regards,
Faisal