Exclusion List
In certain cases, an object, a user, a role, or a responsibility may be authorized to perform certain actions that violate a rule. Such violating objects need to be excluded from rule analyses so that the violations they generate are not included in the violations list. The organization must also determine the actions to be taken to mitigate the associated risks.
The Exclusion Lists page displays a list of rule books owned by you (the signed-in user) or rule books containing rules owned by you (the signed-in user) and provides an overview of which rule books contain rules with associated exclusions. This is particularly useful if you plan to use these rule books in an analysis as the exclusions will impact the violations generated for that rule book. This page displays:
- The number of exclusions per rule book and the number mitigated
- The validity period for the rule book. The dates displayed in the Valid From and Valid Through columns are according to the Infor Risk & Compliance application server time zone.
- The date when the rule book was last updated. This date is according to the local time zone defined on the Preferences page.
Click a rule book link to view details of the rules owned by you (the signed-in user) including rules with exclusions.
Compensating controls enable you to document the reasons for the existence of the risk, thereby mitigating the risk. Compensating controls can be attached only after the violating objects have been marked for exclusion either while creating a new rule or by bulk exclusion.
This page enables you to perform the following actions: