Currently there is only a field to capture exception requester details. However would it be possible to include exception owner details as well. In our org the exception requester would be different person from the exception owner/approver.
Having following fields under general tab of Risk & Policy exception shall help to register exceptions in effective way.
Exception Requester (Person requesting the exception to Risk or Policy)
Exception Reviewer (Basically a person from GRC team reviewing the exception)
Exception Owner / Approver (Someone who owns the exception and approves it)
I think that the possibility of defining own custom roles would be useful, and I’d rather go that way instead of providing a lot of predefined roles to accommodate different possible processes in different organisations.