Hi Ravi,
Below are the steps can be followed :
1.Remediate/remove the risks shown in the user level risk analysis by following the document as suggested by Alessandro above.Normally risks can be removed by correcting the role or removing the unnecessary role from the system.
2.Mitigate the risks-Most of the time some risks cannot be removed from the system due to numerous reasons like limitation of resources due to which same person performing multiple duties in an organization which creates conflicts.These factors are known to business and they are ready to live with these risks.In these cases business create Mitigation Control to mitigate particular risk and monitor those risks continuously to avoid threats to their business.
Hope this helps.
Regards
Pradeep