Users by Highest Unmitigated Risk

The User by Highest Unmitigated Risk report identifies how many unique users have executed both sides of an SoD or Sensitive Access Risk without having any mitigating controls assigned. Since a user can execute multiple risks, the report will display them based on the highest level of risk they have executed. Selecting a section of the graph will show the User Summary report with the correct filter applied on the Highest Level of Fully Executed Unmitigated Risk column.

Use Case

This report can help identify users who are the cause of the most issues. Most remediation projects will start with remediating roles to ensure that they are free of inherent risk and then analyze the users after. From there, you can determine if you should remediate by modifying business processes or job responsibilities or if you should apply a mitigating or manual control for that user/risk that can't be remediated otherwise.