Dynamics 365 Finance & Operations: Tracking Vendor Changes without Losing Your Mind

Slated in the 10.0.32 version of Dynamics 365 Finance & Operations, Microsoft has introduced a new feature that allows for workflow approval of changes to vendor bank account information. This feature is designed to address concerns related to segregation of duty, which is an important concept in financial and accounting systems.

Segregation of duty is the practice of separating responsibilities for different stages of a financial transaction to prevent fraud or errors. This means that different individuals should be responsible for initiating, authorizing, and recording financial transactions. By implementing workflows for vendor bank account changes, Dynamics 365 Finance & Operations is helping to ensure that these transactions are properly authorized.

In the past, it was common for employees to be able to make changes to vendor bank account information without any oversight or approval. This presented a significant risk for fraudulent activity, as an employee with access to this information could easily make unauthorized changes and transfer funds to their own account or to a third-party account.

The new feature in Dynamics 365 Finance & Operations helps to mitigate this risk by requiring approval from one or more authorized individuals before changes to vendor bank account information can be made. This ensures that there is an appropriate level of oversight and control over these transactions, reducing the likelihood of fraud or errors.

The workflow approval process for vendor bank account changes in Dynamics 365 Finance & Operations is configurable and can be customized to meet the specific needs of each organization. This allows companies to set up an approval process that is tailored to their specific requirements, such as requiring multiple levels of approval or specific individuals to approve certain types of changes.

Overall, the new feature in Dynamics 365 Finance & Operations that allows for workflow approval of changes to vendor bank account information is a welcome addition for organizations that are serious about maintaining strong internal controls and ensuring proper segregation of duty. By requiring approval from authorized individuals, companies can help to reduce the risk of fraudulent activity and ensure that financial transactions are properly authorized and recorded.

On Your Own Policing of Vendor Account Management

Managing the monitoring of vendor bank accounts had organizations resorting to manual and tedious methods of keeping track of vendor bank account changes. This was often done through periodic comparison of historical reports scanning previous account settings with the latest.

This process was not only time-consuming but also prone to errors and oversights. It required someone to manually sift through large volumes of data, looking for changes in vendor bank account information. Given the potential risks of unauthorized changes, this process could not be ignored, and organizations had to dedicate significant time and resources to ensure the accuracy and completeness of this review.

Stopgap Measures for Vendor Account Management

The previous method of policing vendor bank account changes relied on individuals to identify changes and flag any discrepancies manually which resulted in only catching suspicious behavior after the fact. Unfortunately, a savvy bad actor could make the self-serving changes, perform some nefarious activity, and then clean up the operation by reverting the changes to the previous state. This left a significant gap in having unauthorized changes going unnoticed, leading to financial losses, and overall lack of transactional integrity within the financial system.

In order to further combat this nefarious activity, organizations were left to implementing customizations that would be constantly monitor changes in vendor bank accounts and notify the appropriate personnel for them to investigate accordingly.

Additional measures had organizations implementing a stopgap measure to track changes to vendor accounts systematically. This involved enabling database logging on the vendor bank account tables, which provided an audit trail of changes made to these accounts.

While this method was effective in tracking changes to vendor accounts, it came at an additional cost in terms of storage and performance. Enabling database logging generates a large amount of data, which can quickly eat up storage space. Moreover, it can impact system performance, slowing down other processes running on the system.

In addition to the storage and performance costs, this method was also not foolproof. It relied on the assumption that the individuals responsible for making changes to vendor accounts were properly trained, trusted, and authorized to do so. If an unauthorized change was made, it may not be immediately evident in the audit trail, leading to delays in detecting and addressing any issues as well as not preventing the action from taking place to begin with.

The new vendor bank account approval workflow feature in Dynamics 365 Finance & Operations provides a more efficient and reliable way to track changes to vendor accounts. By requiring approval from authorized individuals before changes can be made, the system ensures that changes are properly authorized and recorded. 

Overall, while the database logging stopgap measure provided a way to track changes to vendor accounts in the absence of an approval workflow, it came at additional storage and performance costs. With the new vendor bank account approval workflow feature in Dynamics 365 Finance & Operations, organizations can manage their vendor accounts more efficiently and with greater peace of mind, knowing that proper controls are in place to manage changes to vendor bank account information.

Taking Control: Why a Workflow Approval Process Should be Implemented Across the Board in Dynamics 365 Finance & Operations

While the vendor bank account approval workflow feature in Dynamics 365 Finance & Operations is a significant step forward in managing changes to vendor bank account information, there is a valid question to be asked as to why the same workflow approval process has not been implemented for all application parameters and master data, particularly in areas like tax setup, posting profiles, or fixed assets that can have a significant impact if left unchecked.

The answer to this question likely lies in the fact that vendor bank account information is particularly sensitive and subject to potential fraud or errors, making it a high priority area for segregation of duty concerns. However, there are certainly other areas of the application where similar risks exist and where implementing a workflow approval process would be beneficial.

In the case of tax setup, for example, incorrect settings could result in the incorrect calculation of taxes, leading to incorrect reporting and potentially significant financial penalties. Similarly, posting profiles and fixed asset data can have a significant impact on financial reporting, making it critical to ensure that changes to these areas are properly authorized and tracked.

One possible reason for not implementing a workflow approval process on all areas of the application is the potential impact on system performance. The workflow approval process can be resource-intensive and implementing it across all areas of the application could impact system performance and slow down other processes running on the system.

Another reason could be the potential administrative burden of managing a large number of approval workflows across multiple areas of the application. This could require significant resources and could potentially create bottlenecks in the approval process.

In conclusion, while implementing a workflow approval process on all areas of the application would certainly provide additional control and oversight, there are valid reasons why it has not been done. However, organizations should consider implementing a similar workflow approval process in other high-risk areas of the application to ensure that changes are properly authorized and tracked. This will help mitigate the risk of errors and fraud and provide greater peace of mind when it comes to managing critical areas of the application.

Audits, Incidents, and Facts: The Importance of Auditable Tracking in Dynamics 365 Finance & Operations

Providing auditable tracking of configuration data is critical for organizations operating under the scrutiny of regulatory compliance audits such as Sarbanes Oxley (SOX). The ability to demonstrate proper authorization, segregation of duties, and control over critical data areas is a key requirement of these audits, and failure to do so can result in significant financial penalties or other negative consequences. 

However, it is not just about being in compliance; it is also about being able to effectively manage incidents when they occur. Having auditable tracking of configuration data means that when an incident occurs, the organization is in a position to talk about the event and has facts on how it was mitigated and resolved. This not only helps to ensure compliance but also helps to build confidence with stakeholders and demonstrates a commitment to maintaining a robust and effective control environment. By leveraging tools such as the workflow approval process in Dynamics 365 Finance & Operations, organizations can better manage critical data areas, mitigate the risk of incidents, and demonstrate compliance when it matters most.

Comments

Post a Comment

Popular posts from this blog

Exploring C# Optimization Techniques from Entry-Level to Seasoned Veteran

Image
As with any endeavor there are always multiple ways to achieve the primary objective, this is especially the case with software development as the element of individual creativity plays a central part in the solution. Given the varying levels of experience that make up a project roster it is crucial that all players accept respectful critique of their approach and have an open mind as to the different ways to solve the stated problem. It is important to analyze the different solutions and look at the pros and cons of each option objectively to ensure all potential scenarios are covered that results in a robust and stable solution. Sample Problem Let us now setup a sample project to analyze how a developer might approach such given their differing levels of experience and creativity. Project Detail: The state of California is opposing a one-time carbon t
Read more

Lost in Translation: The Risks and Rewards of Programming Language Selection In 2023

Image
As technology continues to evolve, so do programming languages. In recent years, several new programming languages have emerged, each with its own strengths and weaknesses. In 2023, there are several programming languages worth considering learning, including F#, Elixir, Kotlin, Julia, Red, and Crystal. F# is a functional programming language that runs on the .NET framework. It is designed to be scalable, efficient, and cross-platform. F# is a good choice for data processing and scientific computing. Elixir is a dynamic, functional language that runs on the Erlang virtual machine. It is designed for building scalable, fault-tolerant, distributed applications. Elixir is a good choice for building web applications, chatbots, and IoT applications. Kotlin is a statically typed programming language that runs on the Java Virtual Machine. It is designed to be concise, expressive, and safe. Kotlin is a good choice for developing An
Read more

The Ultimate KPI: Why Knowledge Sharing, Collaboration, and Creative Freedom Are Critical to Success

Image
In the world of software development, the acronym KPI is often associated with "Key Performance Indicator." In recent news there is a meme that is being circulated suggesting that KPI should be an abbreviation for "Keep People Informed," "Keep People Inspired," "Keep People Interested," and "Keep People Involved", which suggests that by focusing on these four areas, companies can retain talent and reduce turnover, which is critical in a field that is constantly evolving. Keeping people informed is essential in software development because it is a field that is constantly changing. Developers need to know about new technologies, updates to existing ones, and changes in the industry. Companies that keep their employees informed about these developments help to build trust and loyalty. It also helps to ensure that developers are up-to-date on the latest
Read more