Internal Controls: Resolving High Risk Role Combinations
An extensive analysis of enterprise-wide administrative access system roles and role combinations was recently completed to identify exposure to potential risks due to the lack of segregation duties. Specifically, the role combinations which create segregation of duty risks, include:
- iBuy Requestor with FABweb Unit Rep or Biennial Unit Contact*
- iBuy Approver with FABweb Unit Rep or Biennial Unit Contact*
- Banner Department Manager/Requestor with FABweb Unit Rep or Biennial Unit Contact*
- P-Card Cardholder with FABweb Unit Rep or Biennial Unit Contact*
* Earlier communications included a Unit Specialist and Unit Head roles, which are no longer among combinations which create segregation of duty risks
Next Steps
If you or your staff need conflicting role combinations to continue business operation, you must take steps to either: A) resolve the conflicts through additional preventive controls, or B) submit a form to qualify for the Internal Controls Exception Request Process.
|
|
|
| Click the Resolve Conflicts button to learn more about the roles and explore ways to resolve or mitigate conflicting role combinations. |
Click to explore the Internal Controls Exception Request Process: receive a waiver and request the prohibited role combination.
|
Report
Find out if you and/or your staff are in compliance with Section 9 - Audits, Internal Control, and Business System Security policy manual. This report takes 30 - 45 seconds to populate, please do not refresh the site during this time.
Role conflicts are listed by the home org code for the employee who has the conflicting roles. To drill down into which org codes the roles are in, hover over the blue boxes to drill down into the data.
The report is updated daily, therefore any immediate changes to role combinations will be reflected on the next day.
Contact Us
For questions about Internal Controls, please email us at sharedservices@uillinois.edu.
Last updated: May 18, 2022