9.2 Segregation of Duties Query - HCM

Purpose: Use this document as a reference for running and reviewing the segregation of duties query in ctcLink

Audience:College Local Security Administrators

You must have at least one of these local college managed security roles:

  • ZD_DS_QRY_SECURITY_TABLES

If you need assistance with the above security roles, please contact your local college supervisor or IT Admin to request role access.

Segregation of Duties

When talking about Segregation of Duties, it is important to understand the risk areas within the application and understand what security roles compromise the access to those areas. When conflicts are identified, users’ access must be adjusted where possible to remove offending roles. When this is not possible due to resource constraints, mitigating controls must be put into place. These can be Log reviews, rotating personnel, reconciliations, etc. that occur to monitor the data and transactions for any potential fraud or misuse. Reports can be run to validate the data or transactions, or some review of audit records where applicable. Compensating controls can be preventative, detective, or monitoring controls that are executed by an independent supervisory-level employee. There MUST be an audit trail for each compensating control.

Running the Segregation of Duties query

It is recommended that the Schedule Query option be used for larger queries. Please see the following QRG for instructions to run the query:

Running Large Results Queries (Schedule Query)

The query name is: QHC_SEC_SEGREGATION_OF_DUTIES

The query prompt is for Company.

Schedule Query screenshot

A supplemental query QHC_SEC_SEGREGATION_DRILLDOWN can be used to view role conflicts.

The query prompts are for Company and optionally for User ID.

Schedule Query page screenshot
Summary of Sensitive Access

The summary of sensitive access shows the conflict area and the navigation paths used to identify that conflict.

Navigation Paths:

Navigation Paths screenshot
Conflicting Navigations

Core Config and Processing:

Core Config and Processing screenshot

Benefits and Create Pay Jrnl:

Benefits and Create Pay Journal screenshot

Benefits and Pay:

Benefits and Pay screenshot

Comp Bank and Pay:

Comp Bank and Pay screenshot

Comp Bank and Processing:

Comp Bank and Processing screenshot

Hire Term and Term Approval:

Hire Term and Term Approval screenshot

Hire Term and Pay:

Hire Term and Pay screenshot

Hire Term Approval and Pay:

Hire Term Approval and Pay screenshot

Pay and Processing:

Pay and Processing screenshot

Pay Config and Pay:

Pay Config and Pay screenshot

Pay Config and Processing:

Pay Config and Processing screenshot

Time Approval and Benefits:

Time Approval and Benefits screenshot

Time and Benefits:

Time and Benefits screenshot

Time and Pay:

Time and Pay screenshot

Time and Processing:

Time and Processing screenshot

Time and Approval:

Time and Approval screenshot
SOD Audits

Running the Segregation of Duties query, at least twice yearly, helps to confirm that role assignments and authorization levels are correct, to mitigate access risks, and to ensure audit readiness.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.