9.2 Segregation of Duties Query - HCM
Purpose: Use this document as a reference for running and reviewing the segregation of duties query in ctcLink
Audience: College Local Security Administrators
You must have at least one of these local college managed security roles:
- ZD_DS_QRY_SECURITY_TABLES
If you need assistance with the above security roles, please contact your local college supervisor or IT Admin to request role access.
Segregation of Duties
When talking about Segregation of Duties, it is important to understand the risk areas within the application and understand what security roles compromise the access to those areas. When conflicts are identified, users’ access must be adjusted where possible to remove offending roles. When this is not possible due to resource constraints, mitigating controls must be put into place. These can be Log reviews, rotating personnel, reconciliations, etc. that occur to monitor the data and transactions for any potential fraud or misuse. Reports can be run to validate the data or transactions, or some review of audit records where applicable. Compensating controls can be preventative, detective, or monitoring controls that are executed by an independent supervisory-level employee. There MUST be an audit trail for each compensating control.
It is recommended that the Schedule Query option be used for larger queries. Please see the following QRG for instructions to run the query:
Running Large Results Queries (Schedule Query)
The query name is: QHC_SEC_SEGREGATION_OF_DUTIES
The query prompt is for Company.
A supplemental query QHC_SEC_SEGREGATION_DRILLDOWN can be used to view role conflicts.
The query prompts are for Company and optionally for User ID.
The summary of sensitive access shows the conflict area and the navigation paths used to identify that conflict.
Navigation Paths:
| Cat | Subcategory | NAV PATHS |
|---|---|---|
| HR | CONFIG | Main Menu>Set Up HCM>Common Definitions>GL Integrations>Common GL Objects>Configure GL Business Unit |
| JB | BENEFITS | Main Menu>Benefits>Enroll in Benefits>Assign to Benefit Program Main Menu>Benefits>Employee/Dependent Information>Benefits Personal Data |
| JB | COMP_BANK | Main Menu>Payroll for North America>Employee Pay Data USA>Request Direct Deposit Main Menu>Compensation>Base Compensation>Compensation Reports>Employee Compensation Changes |
| JB | HIRE_TERM | Main Menu>Self Service>Personal Information>Name Change Main Menu>Workforce Administration>Job Information>Job Data |
| JB | TERM_APPR | Main Menu>Set Up HCM>Product Related>Compensation>Base Compensation>Salary Plan Main Menu>Manager Self Service>Job and Personal Information>Approve Name Change% |
| PY | PAY | Main Menu>Payroll for North America>Payroll Processing USA>Produce Payroll>Confirm Payroll Main Menu>Global Payroll & Absence Mgmt>Absence and Payroll Processing>Review Absence/Payroll Info>Administrator Results Main Menu>Payroll for North America>Employee Pay Data USA>Create Additional Pay Main Menu>Payroll for North America>Employee Pay Data USA>Update Payroll Options |
| PY | PAY_CONFIG | Main Menu>Set Up HCM>Product Related>Payroll for North America>Payroll Processing Controls>Direct Deposit Controls |
| PY | PRCS | Main Menu>Global Payroll & Absence Mgmt>Absence and Payroll Processing>Calculate Absence and Payroll Main Menu>Payroll for North America>Payroll Processing USA>Produce Payroll>Calculate Payroll |
| TL | APPROVE | Main Menu>Manager Self Service>Time Management>Approve Time and Exceptions>Approve Overtime Requests Main Menu>Time and Labor>Approve Time>Approve Payable Time |
| TL | TIME | Main Menu>Self Service>Time Reporting>Report Time>Overtime Requests Main Menu>Time and Labor>Enroll Time Reporters>Maintain Time Reporter Data Main Menu>Time and Labor>Enroll Time Reporters>Create Time Reporter Data Main Menu>Time and Labor>Report Time>Adjust Paid Time |
Core Config and Processing:
Benefits and Pay:
Comp Bank and Pay:
Hire Term and Pay:
Hire Term Approval and Pay:
Pay and Processing:
Pay Config and Pay:
Pay Config and Processing:
Time and Pay:
Time and Processing:
Time and Approval:
Running the Segregation of Duties query, at least twice yearly, helps to confirm that role assignments and authorization levels are correct, to mitigate access risks, and to ensure audit readiness.
0 Comments
Add your comment