9.2 Segregation of Duties Query - Finance
Purpose: Use this document as a reference for running and reviewing the segregation of duties query in ctcLink
Audience: College Local Security Administrators
You must have at least one of these local college managed security roles:
- ZD_DS_QRY_SECURITY_TABLES
If you need assistance with the above security roles, please contact your local college supervisor or IT Admin to request role access.
Segregation of Duties
When talking about Segregation of Duties, it is important to understand the risk areas within the application and understand what security roles compromise the access to those areas. When conflicts are identified, users’ access must be adjusted where possible to remove offending roles. When this is not possible due to resource constraints, mitigating controls must be put into place. These can be Log reviews, rotating personnel, reconciliations, etc. that occur to monitor the data and transactions for any potential fraud or misuse. Reports can be run to validate the data or transactions, or some review of audit records where applicable. Compensating controls can be preventative, detective, or monitoring controls that are executed by an independent supervisory-level employee. There MUST be an audit trail for each compensating control.
It is recommended that the Schedule Query option be used for larger queries. Please see the following QRG for instructions to run the query:
Running Large Results Queries (Schedule Query)
The query name is: QFS_SEC_SEGREGATION_OF_DUTIES
The query prompt is for Business Unit.
A supplemental query QFS_SEC_SEGREGATION_DRILLDOWN can be used to view role conflicts.
The query prompts are for Business Unit and optionally for User ID.
The summary of sensitive access shows the conflict area and the navigation paths used to identify that conflict.
Navigation Paths:
Approve and Payment:
Approve and Voucher:
Payment and Voucher:
Payment and Supplier:
Bank Dep Approve and Bank Post Receipts:
Bank Dep Approve and Cash Custody:
Bank Dep Approve and GL Process:
Bank Dep Approve and Customer Add/Edit:
Bank Dep Approve and JE Approve:
Bank Dep Approve and JE Enter:
Bank Dep Approve and Bank RX:
Bank Post Receipts and Cash Custody:
Bank Post Receipts and Customer Add/Edit:
Bank Post Receipts and JE Approve:
Bank Post Receipts and JE Enter:
Bank Post Receipts and Bank RX:
Cash Custody and Customer Add/Edit:
Cash Custody and JE Approve:
Cash Custody and JE Enter:
Cash Custody and Bank RX:
GL Process and Bank Post Receipts:
GL Process and Cash Custody:
GL Process and Customer Add/Edit:
GL Process and JE Approve:
GL Process and JE Enter:
GL Process and Bank RX:
JE Approve and Create Payment:
JE Approve and JE Enter:
JE Approve and Bank RX:
JE Entry and Create Payment:
Buyer and Payment:
PO and Voucher:
Receiving and Voucher:
Bank Recon and Voucher Approve:
Bank Recon and Create Payment:
Bank Recon and Voucher Entry:
Bank Recon and PO Approve or Requisition Entry/Approve:
Bank Recon and PO Entry:
Supplier and Voucher:
Running the Segregation of Duties query, at least twice yearly, helps to confirm that role assignments and authorization levels are correct, to mitigate access risks, and to ensure audit readiness.
0 Comments
Add your comment