Companies operating large transactions and transaction volumes need to maintain strict and comprehensive controls over the types of access each employee is granted and over the different approval screenings required for each task or operation. For auditing processes, the most important roles – and the ones that require the greatest level of control – are the ones tied to Finance, since these are the most susceptible to fraud.
Dynamics 365 Finance’s segregation of duties functionality allows companies to perform comprehensive in-house audits. In addition, it also allows auditing teams to conduct constant reviews of roles and appointments within the company.
Certain business rules must be properly defined before executing the segregation of controls process. Below, you will find a 6-step list of these rules and an analysis of the multiple benefits you can draw from the segregation of duties functionality in Dynamics 365.
- Defining critical tasks by area and position: It is paramount to define strong criteria for activities performed by each area or role within your company. Among other goals, said activities must be designed to comply with internal and external auditing regulations. Determining duties per area and position will ensure an overall clearer and smoother best practice in Finance.
- Defining rules: You can easily establish the rules or conflicts that must be avoided within Dynamics at a duties level when the activities pertaining to each area and position are clear.
- Creating a matrix: Conflicts surrounding non-compliance can be identified once rules have been identified. A conflict matrix then helps visualize and explain which roles and duties must not be cross-assigned. The severity of each non-compliance event can also be defined in this instance.
- Defining rules in Dynamics 365: Once you have a matrix of what can and cannot overlap, you can then create segregation in Dynamics 365. We recommend designing a matrix and rules based on Dynamics 365’s own language and nomenclature.
- Verifying conflicts: The verification process of conflicts between user roles and privileges can be executed once the matrix has been defined. This process involves an analysis of the previously created matrix and each role within the company.
- Resolution of role conflict: The conflict resolution functionality of Dynamics 365 Finance creates a list of rules lacking in compliance, at which point the auditing team must act using one of several options including denying permission or blocking a user from conducting a task.
The result is a tool that ensures in-house auditing teams establish new periodic review processes in which every request is checked against rules defined in the matrix.