Dynamics 365 Finance & Operations: Tracking Vendor Changes without Losing Your Mind
Slated in the 10.0.32 version of Dynamics 365 Finance & Operations, Microsoft has introduced a new feature that allows for workflow approval of changes to vendor bank account information. This feature is designed to address concerns related to segregation of duty, which is an important concept in financial and accounting systems.
Segregation of duty is the practice of separating responsibilities for different stages of a financial transaction to prevent fraud or errors. This means that different individuals should be responsible for initiating, authorizing, and recording financial transactions. By implementing workflows for vendor bank account changes, Dynamics 365 Finance & Operations is helping to ensure that these transactions are properly authorized.
In the past, it was common for employees to be able to make changes to vendor bank account information without any oversight or approval. This presented a significant risk for fraudulent activity, as an employee with access to this information could easily make unauthorized changes and transfer funds to their own account or to a third-party account.
The new feature in Dynamics 365 Finance & Operations helps to mitigate this risk by requiring approval from one or more authorized individuals before changes to vendor bank account information can be made. This ensures that there is an appropriate level of oversight and control over these transactions, reducing the likelihood of fraud or errors.
The workflow approval process for vendor bank account changes in Dynamics 365 Finance & Operations is configurable and can be customized to meet the specific needs of each organization. This allows companies to set up an approval process that is tailored to their specific requirements, such as requiring multiple levels of approval or specific individuals to approve certain types of changes.
Overall, the new feature in Dynamics 365 Finance & Operations that allows for workflow approval of changes to vendor bank account information is a welcome addition for organizations that are serious about maintaining strong internal controls and ensuring proper segregation of duty. By requiring approval from authorized individuals, companies can help to reduce the risk of fraudulent activity and ensure that financial transactions are properly authorized and recorded.
On Your Own Policing of Vendor Account Management
Managing the monitoring of vendor bank accounts had organizations resorting to manual and tedious methods of keeping track of vendor bank account changes. This was often done through periodic comparison of historical reports scanning previous account settings with the latest.
This process was not only time-consuming but also prone to errors and oversights. It required someone to manually sift through large volumes of data, looking for changes in vendor bank account information. Given the potential risks of unauthorized changes, this process could not be ignored, and organizations had to dedicate significant time and resources to ensure the accuracy and completeness of this review.
Stopgap Measures for Vendor Account Management
The previous method of policing vendor bank account changes relied on individuals to identify changes and flag any discrepancies manually which resulted in only catching suspicious behavior after the fact. Unfortunately, a savvy bad actor could make the self-serving changes, perform some nefarious activity, and then clean up the operation by reverting the changes to the previous state. This left a significant gap in having unauthorized changes going unnoticed, leading to financial losses, and overall lack of transactional integrity within the financial system.
In order to further combat this nefarious activity, organizations were left to implementing customizations that would be constantly monitor changes in vendor bank accounts and notify the appropriate personnel for them to investigate accordingly.
Additional measures had organizations implementing a stopgap measure to track changes to vendor accounts systematically. This involved enabling database logging on the vendor bank account tables, which provided an audit trail of changes made to these accounts.
While this method was effective in tracking changes to vendor accounts, it came at an additional cost in terms of storage and performance. Enabling database logging generates a large amount of data, which can quickly eat up storage space. Moreover, it can impact system performance, slowing down other processes running on the system.
In addition to the storage and performance costs, this method was also not foolproof. It relied on the assumption that the individuals responsible for making changes to vendor accounts were properly trained, trusted, and authorized to do so. If an unauthorized change was made, it may not be immediately evident in the audit trail, leading to delays in detecting and addressing any issues as well as not preventing the action from taking place to begin with.
The new vendor bank account approval workflow feature in Dynamics 365 Finance & Operations provides a more efficient and reliable way to track changes to vendor accounts. By requiring approval from authorized individuals before changes can be made, the system ensures that changes are properly authorized and recorded.
Overall, while the database logging stopgap measure provided a way to track changes to vendor accounts in the absence of an approval workflow, it came at additional storage and performance costs. With the new vendor bank account approval workflow feature in Dynamics 365 Finance & Operations, organizations can manage their vendor accounts more efficiently and with greater peace of mind, knowing that proper controls are in place to manage changes to vendor bank account information.
Taking Control: Why a Workflow Approval Process Should be Implemented Across the Board in Dynamics 365 Finance & Operations
While the vendor bank account approval workflow feature in Dynamics 365 Finance & Operations is a significant step forward in managing changes to vendor bank account information, there is a valid question to be asked as to why the same workflow approval process has not been implemented for all application parameters and master data, particularly in areas like tax setup, posting profiles, or fixed assets that can have a significant impact if left unchecked.
The answer to this question likely lies in the fact that vendor bank account information is particularly sensitive and subject to potential fraud or errors, making it a high priority area for segregation of duty concerns. However, there are certainly other areas of the application where similar risks exist and where implementing a workflow approval process would be beneficial.
In the case of tax setup, for example, incorrect settings could result in the incorrect calculation of taxes, leading to incorrect reporting and potentially significant financial penalties. Similarly, posting profiles and fixed asset data can have a significant impact on financial reporting, making it critical to ensure that changes to these areas are properly authorized and tracked.
One possible reason for not implementing a workflow approval process on all areas of the application is the potential impact on system performance. The workflow approval process can be resource-intensive and implementing it across all areas of the application could impact system performance and slow down other processes running on the system.
Another reason could be the potential administrative burden of managing a large number of approval workflows across multiple areas of the application. This could require significant resources and could potentially create bottlenecks in the approval process.
In conclusion, while implementing a workflow approval process on all areas of the application would certainly provide additional control and oversight, there are valid reasons why it has not been done. However, organizations should consider implementing a similar workflow approval process in other high-risk areas of the application to ensure that changes are properly authorized and tracked. This will help mitigate the risk of errors and fraud and provide greater peace of mind when it comes to managing critical areas of the application.
Audits, Incidents, and Facts: The Importance of Auditable Tracking in Dynamics 365 Finance & Operations
Providing auditable tracking of configuration data is critical for organizations operating under the scrutiny of regulatory compliance audits such as Sarbanes Oxley (SOX). The ability to demonstrate proper authorization, segregation of duties, and control over critical data areas is a key requirement of these audits, and failure to do so can result in significant financial penalties or other negative consequences.
However, it is not just about being in compliance; it is also about being able to effectively manage incidents when they occur. Having auditable tracking of configuration data means that when an incident occurs, the organization is in a position to talk about the event and has facts on how it was mitigated and resolved. This not only helps to ensure compliance but also helps to build confidence with stakeholders and demonstrates a commitment to maintaining a robust and effective control environment. By leveraging tools such as the workflow approval process in Dynamics 365 Finance & Operations, organizations can better manage critical data areas, mitigate the risk of incidents, and demonstrate compliance when it matters most.
Comments
Post a Comment