Internal Controls: Short-Term Implementation
An extensive analysis of enterprise-wide administrative access system roles and role combinations was recently completed to identify exposure to potential risks due to the lack of segregation duties. Specifically, the role combinations which create segregation of duty risks, include:
- iBuy Requestor with FABweb Unit Rep, Unit Contact*
- iBuy Approver with FABweb Unit Rep, Unit Contact*
- Banner Department Manager/Requestor with FABweb Unit Rep, Unit Contact*
- P-Card Cardholder with FABweb Unit Rep, Unit Contact*
* Earlier communications included a Unit Specialist and Unit Head roles, which are no longer among combinations which create segregation of duty risks
iBuy, FABweb, and Banner Roles Explained
To help you understand better how your responsibilities might be affected by the separation of conflicting roles, please view the roles descriptions below. By expanding each section, you will learn what each role is used for and how they may be combined while maintaining the necessary separation of duties.
[Expand All] | [Collapse All]
SHOPPER
SHOPPER - Can do everything necessary to create a requisition and submit it for approval EXCEPT adding C-FOAPAL information. When a Shopper submits a requisition, it moves into the Department Account Coder (DAC) queue for their assigned Chart/Org so the C-FOAPAL information can be entered. Generally this role is not combined with any other role.
| Shopper role can be combined with: |
Fabweb Unit Rep |
| Fabweb Approver |
| Biennial Unit Contact |
| Biennial Unit Head |
| Banner Department Manager/Requestor |
REQUESTOR
REQUESTOR - Can do everything necessary to create a requisition and submit it for approval INCLUDING adding the C-FOAPAL information. When a Requestor submits a requisition, it moves into the Approval queue linked to the Chart/Org entered within the C-FOAPAL information. This role can be combined with the DAC or Approver roles. However, it is University best practice for the same user to not create and approve the same requisition.
| Requestor role can be combined with: |
iBuy Approver |
| iBuy Dept Account Coder |
| iBuy Executive Approver |
| iBuy Hospital Requestor (Limited) |
| iBuy Invoice Acknowledger |
| Fabweb Approver |
| Banner Department Manager/Requestor |
DEPARTMENT ACCOUNT CODER (DAC)
DEPARTMENT ACCOUNT CODER (DAC) - Can add C-FOAPAL information to complete a requisition initiated by a Shopper. Once the appropriate C-FOAPAL information has been entered and the requisition submitted, it then moves into the Approval queue linked to the Chart/Org entered within the C-FOAPAL information. There may be more than one DAC within a queue for a particular Chart/Org. This role can be combined with the Requestor or Approver roles. Advised to have at least two people assigned to the role of DAC in each department.
| Dept Account Coder role can be combined with: |
iBuy Approver |
| iBuy Hospital Requestor |
| iBuy Invoice Acknowledger |
| iBuy Query Only |
| iBuy Requestor |
| Fabweb Unit Rep |
| Fabweb Approver |
| Biennial Unit Contact |
| Biennial Unit Head |
| Banner Department Manager/Requestor |
APPROVER
APPROVER - Can approve, reject, edit, return or forward a requisition within their approval queue. The Approval queues are set up by dollar ranges with a particular Chart/Org. There may be more than one Approver within a queue for a particular dollar range and Chart/Org. This role can be combined with the Requestor or DAC roles. Advised to have at least two people assigned to the role of Approver in each department. However, it is University best practice for the same user to not create and approve the same requisition.
| Approver role can be combined with: |
iBuy Dept Account Coder |
| iBuy Hospital Requestor |
| iBuy Invoice Acknowledger |
| iBuy Query Only |
| iBuy Requestor |
| Fabweb Approver |
| Banner Department Manager/Requestor |
EXECUTIVE APPROVER
EXECUTIVE APPROVER - Can only approve, reject, forward, or return requisitions (but not edit them) within their approval queue.
| Executive Approver role can be combined with: |
iBuy Hospital Requestor |
| iBuy Invoice Acknowledger |
| iBuy Query Only |
| iBuy Requestor |
| Fabweb Unit Rep |
| Fabweb Approver |
| Biennial Unit Contact |
| Biennial Unit Head |
| Banner Department Manager/Requestor |
QUERY ONLY
QUERY ONLY - Can only review requisitions, purchase orders, and invoices for validation of account or report reconciliation. Unable to perform any other actions on a requisition. This role cannot be combined with that of a Requestor.
| Query Only role can be combined with: |
iBuy Approver |
| iBuy Dept Account Coder |
| iBuy Executive Approver |
| iBuy Invoice Acknowledger |
| Fabweb Unit Rep |
| Fabweb Approver |
| Biennial Unit Contact |
| Biennial Unit Head |
| Banner Department Manager/Requestor |
INVOICE ACKNOWLEDGER
INVOICE ACKNOWLEDGER - Can approve, return, or forward invoices within their approval queue. This role will only acknowledge invoices with line items over $5,000 on vendors set up with e-invoicing. For a list of these vendors please see types of vendors. This role can be combined with the Requestor or Approver roles. Advised to have at least two people assigned to the role of Invoice Acknowledger in each department.
| Invoice Acknowledger role can be combined with: |
iBuy Approver |
| iBuy Dept Account Coder |
| iBuy Executive Approver |
| iBuy Hospital Requestor |
| iBuy Query Only |
| iBuy Requestor |
| Fabweb Unit Rep |
| Fabweb Approver |
| Biennial Unit Contact |
| Biennial Unit Head |
| Banner Department Manager/Requestor |
HOSPITAL REQUESTOR
UIC ONLY - HOSPITAL REQUESTOR - Some iBuy users at the University of Illinois Hospital & Health Sciences System have the Hospital Requestor role. The Hospital Requestor role is similar to the Requestor role but includes Materials Management review as an additional step in certain workflows. Hospital Requestors use the Route to Materials Management form instead of the Route to Purchasing Form. Also, Hospital Requestors have access to a subset of hosted and punchout catalogs.
| Hospital Requestor role can be combined with: |
iBuy Approver |
| iBuy Dept Account Coder |
| iBuy Executive Approver |
| iBuy Invoice Acknowledger |
| iBuy Requestor (Limited) |
| Fabweb Approver |
| Banner Department Manager/Requestor |
UNIT REPRESENTATIVE
UNIT REPRESENTATIVE - This role completes and submits equipment new acquisition records to Property Accounting though FABweb and is responsible for communication with Property Accounting regarding adjustments to Otags. They are responsible for submitting non-cash addition records in FABweb. They are also responsible for updating already existing Ptags. They also initially create equipment transfer and disposal requests in FABweb for subsequent unit Approver approval. They have read-only access to the Biennial Inventory system.
| Unit Representative role can be combined with: |
iBuy Dept Account Coder |
| iBuy Executive Approver |
| iBuy Invoice Acknowledger |
| iBuy Query Only |
| iBuy Shopper |
| Fabweb Approver |
| Biennial Unit Contact |
| Biennial Unit Head |
APPROVER
APPROVER - This role reviews and approves equipment transfer and disposal requests in FABweb prior to submission to the recipient unit or Property Accounting. This role does not have access to process new acquisitions or update existing Ptags in FABweb. They have read-only access to the Biennial Inventory system.
| Approver role can be combined with: |
iBuy Approver |
| iBuy Dept Account Coder |
| iBuy Executive Approver |
| iBuy Hospital Requestor |
| iBuy Invoice Acknowledger |
| iBuy Query Only |
| iBuy Requestor |
| iBuy Shopper |
| Fabweb Unit Rep |
| Biennial Unit Contact |
| Biennial Unit Head |
| Banner Department Manager/Requestor |
UNIT CONTACT
UNIT CONTACT - This role is a high level role in the unit and is responsible for conducting and completing the Biennial Inventory. The Unit Contact is also known as the Property Contact, or the Unit Property Accounting Contact. Only one individual is designated as the Unit Contact within your 3-digit organization. The person in this role needs to know deadlines and how to do each task throughout the Biennial Inventory process, such as loading the inventory list, assigning roles to Unit Specialists, performing physical inventory, and monitoring progress and deadlines.
| Unit Contact role can be combined with: |
iBuy Dept Account Coder |
| iBuy Executive Approver |
| iBuy Invoice Acknowledger |
| iBuy Query Only |
| iBuy Shopper |
| Fabweb Unit Rep |
| Fabweb Approver |
| Biennial Unit Head |
UNIT HEAD
UNIT HEAD - This role is a high level role in the unit and is responsible for approving and signing off on the Biennial Inventory results. The Unit Head has read-only access to the Biennial Inventory system. Only one individual is designated as the Unit Head within your 3-digit organization. It is highly encouraged that your actual Unit Head be designated for this role. Units, schools, or colleges are currently allowed to designate other individuals (such as the unit, school, or college business managers) as warranted and desired within their org structure.
| Unit Head role can be combined with: |
iBuy Dept Account Coder |
| iBuy Executive Approver |
| iBuy Invoice Acknowledger |
| iBuy Query Only |
| iBuy Shopper |
| Fabweb Unit Rep |
| Fabweb Approver |
| Biennial Unit Contact |
UNIT SPECIALIST
UNIT SPECIALIST - This role is assigned and managed by the Unit Contact within the Biennial Inventory system. The Unit Specialist can perform the physical inventory using either the web version or the mobile app version, but has limited capability within the Biennial Inventory system. Larger units can assign multiple Unit Specialists to help perform the unit physical inventory.
| Unit Specialist role can be combined with: |
iBuy Approver |
| iBuy Dept Account Coder |
| iBuy Executive Approver |
| iBuy Hospital Requestor |
| iBuy Invoice Acknowledger |
| iBuy Query Only |
| iBuy Requestor |
| iBuy Shopper |
Department Manager/Requestor
Department Manager/Requestor - Persons assigned this profile will create requisitions and inquire on PO information. They will also provide follow up with purchasing to insure documents are processed in a timely manner and to make inquires and provide back-up documents (quote, etc) as required.
| Department Manager/Requestor role can be combined with: |
iBuy Approver |
| iBuy Dept Account Coder |
| iBuy Executive Approver |
| iBuy Hospital Requestor |
| iBuy Invoice Acknowledger |
| iBuy Query Only |
| iBuy Requestor |
| iBuy Shopper |
| Fabweb Approver |
Suggestions for Resolving Conflicting Roles
To help you resolve some of the conflicting roles, please view the suggested strategies below. By expanding each section, you will learn how to resolve conflict between the roles and stay compliant. This section will be continuously updated as we add additional strategies. Please visit frequently.
iBuy Approver w/FABweb Unit Rep and/or Biennial Unit Contact
- Change iBuy Approver role to iBuy Executive Approver. Executive Approver can approve or reject acquisitions but cannot edit those requisitions
Banner Department Manager/Requester w/FABweb Unit Rep and/or Biennial Unit Contact
- The Banner Department Manager/Requester role is used to create Banner requisitions. Since this role is not used for iBuy orders, your USC can remove the role if it’s not needed in your unit.
iBuy Requester w/FABweb Unit Rep and/or Biennial Unit Contact
- The iBuy Shopper and Department Account Coder (DAC) roles may be used in conjunction to replace an iBuy Requestor
- The Shopper role can do everything necessary to create a requisition and submit it for approval except adding C-FOAPAL information
- After a Shopper submits a requisition, it routes to the DAC to add the C-FOAPAL information and routes to the iBuy approval queue
- Note this option requires one additional individual in the process to fulfill the DAC role. The DAC role cannot be combined with the Shopper and it cannot be combined with the Executive Approver.
FABweb Unit Rep with any procurement role noted above
- Brainstorm and evaluate other staff resources within your unit, school, or college for the FABweb Unit rep role assignment. Many units have segregated equipment management function by placing responsibility of this role to the unit’s facilities management group or other office administrators as opposed to having the unit Business Office staff handling procurement perform these incompatible functions.
Biennial Unit Contact with any procurement role noted above
- Brainstorm and evaluate other staff resources within your unit, school, or college for the Unit Contact role assignment. The Unit Contact role in the Biennial process can more easily be escalated within schools and colleges given the limited scope of the role to specifically manage and conduct the Biennial Inventory. Think of this like hiring an external party to complete the physical inventory as many retailers do. Some colleges have created shared service centers at the School or College level to complete the mandated Biennial Inventory providing additional independence from the unit staffers completing procurement and FABweb transactions.
Suggestions for Mitigating Risk through Additional Preventative Controls
To help mitigate some of the risks, please expand and view the suggested preventative controls below. This section will be continuously updated as we add additional strategies. Please visit frequently.
When multiple org codes are in play in a unit with conflicting roles
- Divide the roles by department so no one individual has a conflicting role within one organization code.
- Example: Employee will be the iBuy Approver for orgs 321 and 654, and the Biennial Unit Contact for orgs 123, 465, and 789, which will prevent an individual from performing an inventory verification on equipment for which they also approved the purchase.
- Utilize optional iBuy approval queues for purchases under $10,000. This ensures an iBuy order is not self-approved and must be approved by a separate individual with the iBuy approval role.
- Create departmental policy to have those individuals responsible for the receiving function to have no procurement, FABweb Unit Rep, or Biennial Unit Contact role. Good receiving controls include completion of a receiving report (date & time received, vendor, quantity and description of items received) with comparison to shipping documents and original purchase request.
- Create departmental policy to require Banner receiving for all equipment purchases at the time of requisition. This combined with an independent receiving function above ensures an independent check on receipt of equipment purchased by the unit.
- Utilize optional P-Card approver role (in addition to reconciler). Use of this optional role within the P-Card application would result in additional controls by providing an independent review of the purchase, receipts, and verification of the business purpose.
Suggestions for Mitigating Risk through additional detective controls
- Units can create periodic expense review procedures within their unit in order to identify any questionable transactions or activity related to individuals with incompatible roles. Units must include all related funding types to ensure review of all departmental equipment expense transactions and purchases.
- Units can review self-approved orders in iBuy through specialized reporting.
- Individuals reconciling monthly transactional activity should not be performing procurement or equipment tracking functions.
- Ensure faculty receive financial information for their CFOAPAL’s on a monthly basis. Additionally, consider distributing monthly financial information utilizing enterprise applications such as My-UI-Financials.
Report
Find out if you and/or your staff are in compliance with Section 9 - Audits, Internal Control, and Business System Security policy manual. This report takes 30 - 45 seconds to populate, please do not refresh the site during this time.
Role conflicts are listed by the home org code for the employee who has the conflicting roles. To drill down into which org codes the roles are in, hover over the blue boxes to drill down into the data.
The report is updated daily, therefore any immediate changes to role combinations will be reflected on the next day.
Contact Us
FAQ
FAQ Section will be completed after the Implementation Team finalizes customer focus groups and pilots the initiative with select units.
Please check back soon!
Last updated: January 10, 2022