Instructions manual for segregation of duty

4.6 ORDER TO CASH: SOD RULES BOOK

Process Overview: Manage Customer Master

Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

2 Manage Invoicing Users with access to transactional function should not High Enter Customer Ability to record amount
and Receipts be given access to alter the master data files Receipts received in AR system
User may collaborate with the customer and extend the Enter Accounts Ability to record invoices/
High
payment terms for the customers Receivable Invoice/ credit note issued to the
Credit Note customer
Users with access to transactional function shall not be
given access to alter the master data files Medium Remittances Ability to record checks
submitted to banks

Page | 52
Instructions manual for segregation of duty
Process Overview: Customer Invoicing/Credit Notes
Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

3 Manage Recommendatory to keep period controls separate from Medium Open and Close Ability to open and close
Accounting users recording/approving the transactions as user may Periods - receivables period and swap
enter backdated/future transactions in the absence of Receivables unaccounted transactions to
other controls future periods

1 Customer Master User may collaborate with the customer and extend the High Customer Account Ability to ability to maintain
payment terms for the customers Maintenance customer site details like
payment terms, address,
sites, contacts etc.

P2P Accounting User with Import Journal functions may perform Low Import Journals Ability to import journal entries
Controls unauthorized import journals for all the modules (AP, created for transactions
CM, Payroll etc.) entered in all the other
applications like payables,
receivables, inventory, payroll
etc.

2.2 Payment and If invoicing and receipt are with the same users, then High Maintain Automatic Ability to create automatic
Receipts the user may collaborate with customers and Receipts receipts and update the
manipulate the receipts against their invoices created receipts

2.2 Payment and If invoicing and remittance creation access, User may Low Remittances Ability to record checks
Receipts collaborate with customers and create fictitious submitted to banks
remittances for checks received from such customers,
this will reflect such receipts lying with bank for
processing.

Page | 53
Instructions manual for segregation of duty
Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

2.2 Payment and If Invoicing and customer receipts are with the same High Enter Customer Ability to record amount
Receipts users, then the user may collaborate with customers Receipts received in AR system
and enter the fictitious receipts against their invoices

P2P Accounting Users authorized for creating/approving Low Enter Actual Ability to enter manual/
Controls invoice/payment/receipt/other subledger functions Journal Entry/ recurring journal entry in GL
should not be allowed to pass/approve adjustment Reverse system
transactions in the GL as it can impact effectiveness of
reconciliation

Note: In cases where retail customers are serviced by Point of Sale (PoS) systems, create customer and customer invoices is valid transaction
and not an exception.

Process Overview: Payments and Receipts

Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

1 Customer Master User may collaborate with the customer and extend the High Customer Account Ability to ability to maintain
payment terms for the customers Maintenance customer site details like
payment terms, address,
sites, contacts etc.

P2P Manage User with Import Journal functions may perform Low Import Journals Ability to import journal entries
Accounting unauthorized import journals for all the modules (AP, created for transactions
CM, Payroll etc.) entered in all the other
applications like payables,
receivables, inventory, payroll
etc.

Page | 54
Instructions manual for segregation of duty
Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

P2P Bank Users may collaborate with customers to enter fictitious High Bank Account Ability to reconcile
Reconciliation receipts and cover it by reconciling the same in bank Reconciliation receipts/payments recorded in
statement the system with bank
statement recorded in the
system

2.1 Creating of If Invoicing and customer receipts are with the same High Create Ability to create receivable
Invoices and users, then the user may collaborate with customers Transactions invoices and credit notes
Credit Notes and enter the fictitious receipts against their invoices

P2P Budget Controls Users with ability to define/enter budget should not be Medium Control Budgets Ability to define budget
allowed to enter/approve the actual transactions organization, account ranges,
freeze budget etc.

R2R Post Journals Users with authority to enter/post/approve budgets Low Post Journal Entry/ Ability to post journal entries
should not be allowed to enter/post/approve budget Reverse created manually/imported
consumption transactions from subledgers to impact the
account balances

Process Overview: Manage Reporting

Conflicting Process SoD Violation Risk Conflicting FMIS Conflicting function
Categorization Function description

2 Manage Invoicing Period end user may make unauthorized adjustments to Medium Create Ability to create receivable
and Receipts invoices/credit notes to proceed with period closure Transactions invoices and credit notes

Page | 55