I wanted to reach out to others to see who actually sets up the security roles/rights in an
Who should be responsible for setting up security roles/rights for your accounting/finance software package?
Answers
It it my feeling that the
It then up to the CFO and others to determine what permissions each person to needs access to the system requires. This is a collaborative exercise.
It is an Accounting/Finance software package.......YOU ARE RESPONSIBLE FOR IT...OWN IT!
Your CFO should have put his foot down and staked ownership of it from the beginning. There is NO excuse for others having control over it. You can delegate responsibilities to them but control is still with you.
The best answer is it depends. If you have dedicated IT staff that supports the software and or an Information Security
If your organization is smaller and appropriate controls are in place, having access management for Accounting users within the Accounting/Finance department would be appropriate.
Anon
IT do not own the right to decide who accesses the Accounting System. The CFO does, and IT should guide/advise him/her where the security set up is technically complex. Often an IT systems analyst may be a great advisor to the CFO on what to do/not to do.
Are you running a cloud app or on premise?
Managing an accounting system is entirely a provence reserved for the finance Function.
IT department may offer assistance especially on complex issues but ownership remains that of Finance.
We are on premise.
Does anyone have any suggestions on how to convince the President that the ownership should be under Finance? The CFO who is a consultant will not even touch this topic. Leaving the Accounting/Finance dept. to fight for the tools to do our job. We now have a Director of Finance who is trying to get the controls however, the CEO has the say and he runs the OPS dept.
3
Either make the arguments given by those who have responded or just go with the dsyfunctional flow until it blows up.
Then say the the CEO "I told you so..."
In a case like this, I made an Acknowledgement of Duties AND Responsibilities Memo and made EVERYONE sign. Based on experience, people want to "do" things but do NOT want the responsibilities that go with it. When people are made to acknowledge their responsibilities, they usually have second thoughts about it.
As a benefit......Look at it as a way to protect your behind.
Only the finance team understands internal controls. You should convince the CFO and CEO of the consequences of not having the proper controls in place. Get a list of the rights and you can walk through scenario's that can happen if the rights aren't set up correctly. I am sure there are some user rights that provide opportunities for fraud.
Thank you for your feedback. I have made arguments and the CFO does not want to hear it. The President seems to be in shock each time I mention I still don't have the proper role/rights to the system. At this point I am going with what Wayne has said which is just go with the dysfunctional flow. It is the only option unless I want to be terminated.
I also appreciate your response Emerson as I just had my performance review and I stated in the review where appropriate that I did not have the appropriate tools to successfully complete certain task/responsibilities due to the role/rights restriction.
Down fall is, the Direct of Finance placed on my quarter goals to complete 1 of the issues each quarter for me to receive my bonus, which I have no control of since I don't have the proper/role rights to complete.
With all of that said, all I really want to do is just get my job done, grow my department and be as valuable to the company as possible.
Thank you all again for your feedback.
Anon
Go meet with the system owners one more time.
Ask them to review what you need to do (i.e. your job duties) in the system and then to comment on which duties need a change in your access rights. Ask the system owners if they see any reason not to change your access rights.
Do this for each task.
Then document it.
Meanwhile, stay professional and update your resume.
OR
Play their game....
For any task where you cannot get the right access, ask the system owners to run the report, or to make the change for you. Do this by email or IT help desk ticket to create a trail. Let your boss know you are working with others to get the information and then inform him if it works or not. You'll soon know what really is going on.
My Boss is having the sames issues. He can't get anywhere either and it is part of his goals given to him from the President.
I have done what you mention and they insist everyone in Accounting/Finance have the appropriate rights. We all have the same rights which prevent us from finishing tasks timely and have to create work arounds which disconnect from the transactions.
In all honesty, OPS is trying to force all of us to quit. Even the new Director that just started. OPS is trying to convince the CEO that Finance needs to report to OPS. The CEO has never worked anywhere else but here.
I am going to take you up on your advice which is to stay professional and update my resume.
Sometimes it is amazing how totally dysfunctional and incompetent people succeed in spite of themselves.
Filed Under:
Technology