• Save
Automating PeopleSoft Segregation of Duties: HCM and Financials
 

Automating PeopleSoft Segregation of Duties: HCM and Financials

on

  • 865 views

SmartERP webinar presentation covering automating Segregation of Duties for PeopleSoft HCM and Financials applications.

SmartERP webinar presentation covering automating Segregation of Duties for PeopleSoft HCM and Financials applications.

Statistics

Views

Total Views
865
Views on SlideShare
855
Embed Views
10

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 10

http://www.slideee.com 10

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Automating PeopleSoft Segregation of Duties: HCM and Financials Automating PeopleSoft Segregation of Duties: HCM and Financials Presentation Transcript

  • Automating PeopleSoft Segregation of Duties: HCM and Financials PRESENTER: Kirk Chan, Smart ERP Solutions, Inc. NOTE: phones/mics are muted. Please submit any questions using the GoToMeeting QUESTION feature
  • Smart ERP Solutions
  • IS THIS YOUR SoD BEST PRACTICE? View slide
  • Segregation of Duties Segregation of duties (SoD), or separation of duties, is the concept of having more than one person required to complete a task. To help prevent fraud and error, no one individual should: • Initiate a transaction • Approve a transaction • Record a transaction • Reconcile balances • Handle assets View slide
  • •No single individual should have control over two or more phases of a transaction or operation… •No one individual employee can complete a significant business transaction in its entirety… •Those responsible for physical receipt of goods should not be responsible for paying for the goods. •Those responsible for custody of goods should not be responsible for maintaining the records of the assets. •Those responsible for collection of receivables should not be responsible for entries in the book of accounts. What is Segregation of Duties Examples of Segregation of Duties
  • What Duties Should be Segregated? Purchase an Item PO Initiator PO Approver PO Receiver • Financial Duties – Requisition Initiator – Requisition Approver – P.O. Initiator – P.O. Approver
  • Workflow/HR Duties
  • Key Functionality for Automating SoD • Configurable Data Security You can employ fine-grained row level security via easy to use configuration options, to secure by any field, in any application in PeopleSoft. • Flexible Segregation of Duties Create policies for multiple SoD models and structure simple or complex SoD rules. You can apply different models to reflect the different needs of each part of your business. • Mitigation Mitigation allows you to cater to temporary or long-term situations where certain users may be authorized to “violate” your Segregation of Duties policy. This enables you to document such situations in preparation for your audit. You can then exclude mitigated users from your reports to avoid wasted effort during the audit. • Detective Mode Report of SoD violations at the Component, Permissions List and Role Level. • Preventative Mode Enforce SoD by validating security before user access. • Cater to seasonality Specify “from” and “to” dates to allow temporary seasonal variations to your normal business control requirements. This approach creates a very strong Return on Investment during the results analysis phase by allowing simplified or highly granular approach to SoD analysis. • Context based security Allows different security attributes for specific pages. For example, you can allow a user to only view his own department on an expense reimbursement, while allowing him to access all departments when entering a journal.
  • Benefits of Automation with Effective SoD • Allows you to build robust, proactive, manageable controls into your live system • Prevents SoD violations • Greatly reduces the time needed to manage SoD controls and achieve SOX compliance • Reduces the workload needed to prepare for your audits and clean up afterwards • Provides the evidence of controls that auditors demand, reducing the time taken to complete the audit • Affordable by organizations of all sizes
  • Top 10 Financials SoD Rules • Creating a journal entry and opening a closed accounting period • Maintaining accounts receivable master data and posting receipts • Depositing cash and reconciling bank statements • Completing goods transfer and adjusting physical inventory counts • Approving time cards and distributing pay checks • Preparing an order and changing a billing document • Changing an order and creating a delivery • Creating a journal entry and opening a closed accounting period • Creating general ledger accounts and posting journal entries • Maintaining bank account information and posting payments • Maintaining assets and creating a goods receipt
  • Top HCM SoD rules
  • Analysis Security Management Segregation of Duties Compliance Reporting Auditing Internal Controls A key element in the compliance lifecycle
  • Effective Automated Segregation of Duties SoD Proactive SoD Reactive SoD Mitigation
  • Characteristics/Benefits of Effective SoD • Built-in model enables SoD enforcement – Violations checked BEFORE go-live – Your decision to enforce rules or allow violations • Saves time (= money) – Easy set-up – Easy testing for violations – Quick and easy reporting – Reduces number of compensating controls required – Reduces auditing effort / costs • Reduces risk – Enforcing and reporting SoD violations reduces opportunity for fraud
  • SoD – The Issues • Nothing in PeopleSoft – Any release • Do use a Spreadsheet? • How do you… – Ensure the actual access control mirrors the spreadsheet? – Right people access the right data? – Manage change control problems? – Assess impact of changes? – Manage enforcement of SoD?
  • Proactive SoD Aim: Prevent SoD Violations occurring during security Assignment. Ensure Security Policy is enforced long term.
  • SoD Dashboards
  • Change Role assignment Or Security without affecting live security ‘Proactive’ SoD OK A/P “Super” Voucher Clerk Role 1. AP Voucher clerk 2. Secondary role 2 3. Secondary role 3 SoD Violations Check Violations A/P “Super” Voucher Clerk Role 1. AP Voucher clerk 2. Secondary role 2 3. Secondary role 6 SoD Violations Check Bank PaymentsInvoice entry (A/P) Credit NotesVendor Master Purchase OrderVendor Master Invoice entry (A/P)Purchase Order Vendor MasterPurchase Order Invoicing (A/R)Credit Notes Credit limitsSales Order Entry Sales Order EntryCustomer Master Goods ReceiptPurchase Order Sales Order EntrySales Pricing Bank PaymentsVendor Master Purchase OrderSales Order Entry From this taskSegregate this task: Extract from pre-populated, model Build Security
  • Proactive SoD: User Profiles
  • Reactive SoD Aim: Accurately assess existing security for remediation. Reduce Audit time and cost. Build case for restructuring security.
  • ‘Reactive’ SoD Components (In-depth Audit) Permission List (Process) Roles (High-Level) Reporting directly on existing security to identify any Current SoD violations
  • Creation of PeopleSoft SoD Rules • Role level – Create matrix of all active system roles – Identify all roles that should not be linked to the same user • Such as HR representative and Payroll Admin • Permission List / Business Process level – Include Application security & processing options – Add to / modify as needed • Component / Program level – Add in any custom or modified processing – If creating your own rules • Start with most important controls & gradually add to them
  • Mitigation – The Issues • Current Economic Climate – Many redundancies equates to less people doing more. – Major requirement from Audit to allow remediation where a user is considered a risk. – SOX requires that during an audit all risks must at least be visible and understood by the business. – With this comes risk assessment and documentation. • Seasonal Changes – Staff holidays or time away from office requires other users be able to perform these additional duties.
  • • Ability to mitigate users once a validation has occurred. • Details of mitigation, including notes get added to a mitigation table. • The user gets checked during the next validation but is not added to the violations table. • Ability to time out mitigations, i.e. allowing for staff who are on holiday, etc. Mitigation Solutions
  • Mitigation
  • PeopleSoft SoD Dashboards
  • PeopleSoft SoD Dashboards
  • PeopleSoft SoD Dashboards
  • • The user’s security profile is made up of the assigned roles, the permission lists assigned to that role and permission lists assigned directly to the user. Understanding PeopleSoft Security
  • Smart SoD Process
  • Demo: Smart SoD™ Financials demo HCM demo
  • Summary
  • Value Statement Security and Segregation of Duties is an important element of your overall PeopleSoft security and risk management Key Features of an automated solution can help you maintain legislative compliance (SoX), meet audit requirements and reduce the likelihood and impacts of fraud and errors • Expressly designed for your current PeopleSoft • Powerful Proactive, Reactive and Mitigation Features • Automated Workflow Approvals • Reporting/Dashboards facilitate audits and compliance • Use pre-packaged built-in security and SoD rules or easily create your own • Add-on Architecture Lowers Total Cost of Ownership – Seamless Integration – Utilize Best Practices – Maintenance and Upgrades
  • Questions? Submit your question using the GoToMeeting QUESTION feature (any remaining questions will be addressed via email after the broadcast)
  • Thank You Visit www.smarterp.com for information or contact us at sales@smarterp.com