Instructions manual for segregation of duty

4.8 RECORD TO REPORT: SOD RULES BOOK

Page | 60
Instructions manual for segregation of duty
Process Overview: Enter Journals (Actuals)
Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

1.2 Enter Journals Users with authority to enter/post/approve budgets High Enter Budget Ability to create budget
(Budget) should not be allowed to enter/post/approve budget Journal Entry/ journals/enter budget transfers
consumption transaction Reverse

1.3 Post Journal Maker and checker conflict, user creating the document Medium Post Journal Ability to post journal entries
should not be allowed to post the same. as per the assigned
authorization limit for the
specified set of books

1.4 Approve Journals Maker and checker conflict, user creating the document High Approve Journal Ability to approve journal
should not be allowed to approve the same. entries as per the assigned
authorization limit for the
specified set of books

2.3 Period Control Users with authority to enter/post/approve budgets Medium Open and Close Ability to open and close GL
should not be allowed to control period opening and Periods GL periods
closing to ensure transactions are not cleared by the temporarily/permanently
period close personnel without appropriate discussion

P2P Approve Invoice Users authorized for creating/approving Low Approve Invoices Ability to approve vender
invoice/payment/receipt/other subledger functions invoices entered by AP
should not be allowed to pass/approve adjustment accountant
transactions in the GL as it can impact effectiveness of
reconciliation

P2P Approve POs/ Users authorized for creating/approving Low Approve Ability to approve purchase
Releases invoice/payment/receipt/other subledger functions Purchase Order orders as per the assigned
should not be allowed to pass/approve adjustment limit entered by PO buyer

Page | 61
Instructions manual for segregation of duty
Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

transactions in the GL as it can impact effectiveness of

reconciliation

P2P Create and Cancel Users authorized for creating/approving Low Create Invoices Ability to enter invoices
Invoice invoice/payment/receipt/other subledger functions received from the vendor in the
should not be allowed to pass/approve adjustment oracle system
transactions in the GL as it can impact effectiveness of
reconciliation

P2P Process payments Users authorized for creating/approving Low Create Payments Ability to create payments
invoice/payment/receipt/other subledger functions against validated and
should not be allowed to pass/approve adjustment approved invoices
transactions in the GL as it can impact effectiveness of
reconciliation

P2P Generate POs/ Users authorized for creating/approving Low Create Purchase Ability to create standard
Releases invoice/payment/receipt/other subledger functions Orders purchase orders, blanket
should not be allowed to pass/approve adjustment purchase agreements etc.
transactions in the GL as it can impact effectiveness of
reconciliation

P2P Payment and Users authorized for creating/approving Low Remittances Ability to record checks
Receipts invoice/payment/receipt/other subledger functions submitted to banks
should not be allowed to pass/approve adjustment
Ability to record amount
transactions in the GL as it can impact effectiveness of Low Enter Customer received in AR system
reconciliation Receipts

Page | 62
Instructions manual for segregation of duty
Process Overview: Enter Journals (Budget)
Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

1.2 Enter Journals Users with authority to enter/post/approve budgets High Enter Actual Ability to enter manual/
(Actual) should not be allowed to enter/post/approve budget Journal Entry/ recurring journal entry in GL
consumption transaction as there is a risk of budget Reverse system
violations

1.3 Post Journal Maker and checker conflict, user creating the document Medium Post Journal Ability to post journal entries
should not be allowed to post the same. as per the assigned
authorization limit for the
specified set of books

1.4 Approve Journals Maker and checker conflict, user creating the document High Approve Journal Ability to approve journal
should not be allowed to approve the same. entries as per the assigned
authorization limit for the
specified set of books

2.3 Period Control Users with authority to enter/post/approve journals Medium Open and Close Ability to open and close GL
should not be allowed to control period opening and Periods GL periods
closing to ensure transactions are not cleared by the temporarily/permanently
period close personnel without appropriate discussion

P2P Approve Invoice Users with authority to enter/post/approve budgets Low Approve Invoices Ability to approve vender
should not be allowed to enter/post/approve budget invoices entered by AP
consumption transactions accountant

P2P Approve POs/ Users with authority to enter/post/approve budgets Low Approve Ability to approve purchase
Releases should not be allowed to enter/post/approve budget Purchase Order orders as per the assigned
consumption transactions limit entered by PO buyer

Page | 63
Instructions manual for segregation of duty
Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

P2P Create and Cancel Users with authority to enter/post/approve budgets Low Create Invoices Ability to enter invoices
Invoice should not be allowed to enter/post/approve budget received from the vendor in the
consumption transactions oracle system

P2P Process payments Users with authority to enter/post/approve budgets Low Create Payments Ability to create payments
should not be allowed to enter/post/approve budget against validated and
consumption transactions approved invoices

P2P Generate POs/ Users with authority to enter/post/approve budgets Low Create Purchase Ability to create standard
Releases should not be allowed to enter/post/approve budget Orders purchase orders, blanket
consumption transactions purchase agreements etc.

R2R Payment and Users with authority to enter/post/approve budgets Low Enter Customer Ability to record amount
Receipts should not be allowed to enter/post/approve budget Receipts received in AR system
consumption transactions

Process Overview: Post Journals

Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

1.1 Enter Journals Maker and checker conflict, user creating the document Medium Enter Actual Ability to enter manual/
(Actual) should not be allowed to post the same. Journal Entry/ recurring journal entry in GL
Reverse system

1.2 Enter Journals Maker and checker conflict, user creating the document Medium Enter Budget Ability to create budget
(Budget) should not be allowed to post the same. Journal Entry/ journals/enter budget transfers
Reverse

Page | 64
Instructions manual for segregation of duty
Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

2.3 Period Control Users with authority to enter/post/approve journals Medium Open and Close Ability to open and close GL
should not be allowed to control period opening and Periods GL periods
closing to ensure transactions are not cleared by the temporarily/permanently
period close personnel without appropriate discussion

A2R Manage Users with authority to enter/post/approve budgets shall Low Assets Ability to run depreciation for
Acquisition, not be allowed to enter/post/approve actual transactions Depreciation all the assets in an asset book
Monitoring and
Tracking Assets Ability to create assets, retire
Low
Workbench assets, change asset
assignments, change asset
category, change location etc
for a single asset

Capitalizing Ability to capitalize assets

Low Assets earlier created as a CWIP
asset
Ability to perform asset
Low Mass transactions like
Transactions revaluations/retirements/transf
ers/reclassifications etc. in one
go.
Ability to create and record
Asset Physical location wise asset inventory in
Low Inventory the system

Page | 65
Instructions manual for segregation of duty
Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

P2P Approve Invoice Users with authority to enter/post/approve budgets Low Approve Invoices Ability to approve vender
should not be allowed to enter/post/approve budget invoices entered by AP
consumption transactions accountant

P2P Approve POs/ Users with authority to enter/post/approve budgets Low Approve Ability to approve purchase
Releases should not be allowed to enter/post/approve budget Purchase Order orders as per the assigned
consumption transactions limit entered by PO buyer

P2P Create and Cancel Users with authority to enter/post/approve budgets Low Create Invoices Ability to enter invoices
Invoice should not be allowed to enter/post/approve budget received from the vendor in the
consumption transactions oracle system

P2P Process payments Users with authority to enter/post/approve budgets Low Create Payments Ability to create payments
should not be allowed to enter/post/approve budget against validated and
consumption transactions approved invoices

P2P Generate POs/ Users with authority to enter/post/approve budgets Low Create Purchase Ability to create standard
Releases should not be allowed to enter/post/approve budget Orders purchase orders, blanket
consumption transactions purchase agreements etc.

O2C Payment and Users authorized for creating/approving Low Enter Customer Ability to record amount
Receipts invoice/payment/receipt/other subledger functions Receipts received in AR system
should not be allowed to pass/approve adjustment
transactions in the GL as it can impact effectiveness of
reconciliation

Page | 66
Instructions manual for segregation of duty
Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

Users authorized for creating/approving Low Remittance Ability to record checks

invoice/payment/receipt/other subledger functions submitted to banks
should not be allowed to pass/approve adjustment
transactions in the GL as it can impact effectiveness of
reconciliation

Process Overview: Approve Journals

Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

1.1 Enter Journals Maker and checker conflict, user creating the document High Enter Actual Ability to enter manual/
(Actual) should not be allowed to post the same. Journal Entry/ recurring journal entry in GL
Reverse system

1.2 Enter Journals Maker and checker conflict, user creating the document High Enter Budget Ability to create budget
(Budget) should not be allowed to post the same. Journal Entry/ journals/enter budget transfers
Reverse

2.3 Period Control Users with authority to enter/post/approve journals Low Open and Close Ability to open and close GL
should not be allowed to control period opening and Periods GL periods
closing to ensure transactions are not cleared by the temporarily/permanently
period close personnel without appropriate discussion

P2P Approve Invoice Users with authority to enter/post/approve budgets Low Approve Invoices Ability to approve vender
should not be allowed to enter/post/approve budget invoices entered by AP
consumption transactions accountant

Page | 67
Instructions manual for segregation of duty
Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

P2P Approve POs/ Users with authority to enter/post/approve budgets Low Approve Ability to approve purchase
Releases should not be allowed to enter/post/approve budget Purchase Order orders as per the assigned
consumption transactions limit entered by PO buyer

P2P Create and Cancel Users with authority to enter/post/approve budgets Low Create Invoices Ability to enter invoices
Invoice should not be allowed to enter/post/approve budget received from the vendor in the
consumption transactions oracle system

P2P Process payments Users with authority to enter/post/approve budgets Low Create Payments Ability to create payments
should not be allowed to enter/post/approve budget against validated and
consumption transactions approved invoices

P2P Generate POs/ Users with authority to enter/post/approve budgets Low Create Purchase Ability to create standard
Releases should not be allowed to enter/post/approve budget Orders purchase orders, blanket
consumption transactions purchase agreements etc.

O2C Payment and Users with authority to enter/post/approve budgets Low Enter Customer Ability to record amount
Receipts should not be allowed to enter/post/approve budget Receipts received in AR system
consumption transactions
Users authorized for creating/approving
Remittances Ability to record checks
invoice/payment/receipt/other subledger functions Low
submitted to banks
should not be allowed to pass/approve adjustment
transactions in the GL as it can impact effectiveness of
reconciliation

1.3 Post Journals Allowing same user to approve and post journal Low Post Journal Ability to post journal entries
reduces a review/approval layer in the transaction flow as per the assigned
and therefore should be avoided authorization limit for the
specified set of books

Page | 68
Instructions manual for segregation of duty
Process Overview: Import Journals
Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

2.3 Users with authority to import journals should not be

Ability to open and close GL
allowed to control period opening and closing to ensure Open and Close
Period Control Medium periods
transactions are not cleared by the period close Periods GL
temporarily/permanently
personnel without appropriate discussion

Process Overview: Allocation of Expenses

Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

1.1 Enter Journals Mass allocation is cost allocation function and should be Low Enter Actual Ability to enter manual/
(Actual) used only by specific employees once all the balances Journal Entry/ recurring journal entry in GL
are finalized, regular GL accountants with such function Reverse system
may erroneously run the process which will result in
inappropriate GL balances

1.2 Enter Journals Mass allocation is cost allocation function and should be Low Enter Budget Ability to create budget
(Budget) used only by specific employees once all the balances Journal Entry/ journals/enter budget
are finalized, regular GL accountants with such function Reverse transfers
may erroneously run the process which will result in
inappropriate GL balances

Page | 69
Instructions manual for segregation of duty
Process Overview: Period Control
Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

1.1 Enter Journals Users with authority to enter/post/approve journals Medium Enter Actual Ability to enter manual/
(Actual) should not be allowed to control period opening and Journal Entry/ recurring journal entry in GL
closing to ensure transactions are not cleared by the Reverse system
period close personnel without appropriate discussion

1.2 Enter Journals Users with authority to enter/post/approve journals Medium Enter Budget Ability to create budget
(Budget) should not be allowed to control period opening and Journal Entry/ journals/enter budget
closing to ensure transactions are not cleared by the Reverse transfers
period close personnel without appropriate discussion

2.1 Import Journal Users with authority to import journals should not be Medium Import Journals Ability to import journal entries
allowed to control period opening and closing to ensure created for transactions
transactions are not cleared by the period close entered in all the other
personnel without appropriate discussion applications like payables,
receivables, inventory, payroll
etc.

1.4 Approve Journal Users with authority to enter/post/approve journals Low Approve Journal Ability to approve journal
should not be allowed to control period opening and entries as per the assigned
closing to ensure transactions are not cleared by the authorization limit for the
period close personnel without appropriate discussion specified set of books

1.3 Post Journal Users with authority to enter/post/approve journals Medium Post Journal Ability to post journal entries
should not be allowed to control period opening and as per the assigned
closing to ensure transactions are not cleared by the authorization limit for the
period close personnel without appropriate discussion specified set of books

Page | 70
Instructions manual for segregation of duty
Process Overview: Period Control - AGIS
Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

2.4 Intercompany Recommendatory to keep period controls separate from Medium Initiate and Ability to initiate intercompany
Transactions users recording/approving the transactions as user may Receive transaction and send it to
enter backdated/future transactions in the absence of Intercompany approval by recipient and
other controls Transactions vice-versa.

Page | 71