more-arw search

Q&A Forum

Who should be responsible for setting up security roles/rights for your accounting/finance software package?

I wanted to reach out to others to see who actually sets up the security roles/rights in an accounting/finance systems. Currently we have an OPS individual and the Buyer who hold the Admin rights to the software and no one in Accounting/Finance dept. have Admin. This has become a huge issue as we cannot perform any set-up changes to the new system in order for transactions to flow correctly. My question is: Is this normal in other companys/corporations for your Operations guy and Buyer/Planner to have the role/rights and determine who gets what? For me it is not normal.

Answers

Topic Expert
Wayne Spivak
Title: President & CFO
Company: SBAConsulting.com
LinkedIn Profile
(President & CFO, SBAConsulting.com) |

It it my feeling that the CFO or designate and the CIO have the ability to set permissions (set is the actual ability to enter the software and enter users and access control lists (ACL)).

It then up to the CFO and others to determine what permissions each person to needs access to the system requires. This is a collaborative exercise.

EMERSON GALFO
Title: CFO
Company: C-Suite Services
LinkedIn Profile
(CFO, C-Suite Services) |

It is an Accounting/Finance software package.......YOU ARE RESPONSIBLE FOR IT...OWN IT!

Your CFO should have put his foot down and staked ownership of it from the beginning. There is NO excuse for others having control over it. You can delegate responsibilities to them but control is still with you.

Glen Norman
Title: Lead Analyst - Accounting Systems
Company: Energy Transfer
(Lead Analyst - Accounting Systems, Energy Transfer) |

The best answer is it depends. If you have dedicated IT staff that supports the software and or an Information Security Management group, they typically would to the actual granting of permissions within the application. Defining what each role can and cannot do and approval of who has which role should reside with the functional business owner. In this case someone within Accounting/Finance. OPS should not control access for Accounting/Finance.

If your organization is smaller and appropriate controls are in place, having access management for Accounting users within the Accounting/Finance department would be appropriate.

Topic Expert
Len Green
Title: Performance Improvement Consultant and E..
Company: Haygarth Consulting LLC
LinkedIn Profile
(Performance Improvement Consultant and ERP Strategist, Haygarth Consulting LLC) |

Anon
IT do not own the right to decide who accesses the Accounting System. The CFO does, and IT should guide/advise him/her where the security set up is technically complex. Often an IT systems analyst may be a great advisor to the CFO on what to do/not to do.
Are you running a cloud app or on premise?

Emeka Ezugwu
Title: Principal Manager, Accounts
Company: Nigerian Ports Authority
(Principal Manager, Accounts, Nigerian Ports Authority) |

Managing an accounting system is entirely a provence reserved for the finance Function.
IT department may offer assistance especially on complex issues but ownership remains that of Finance.

Anonymous
(Accounting Manager) |

We are on premise.

Does anyone have any suggestions on how to convince the President that the ownership should be under Finance? The CFO who is a consultant will not even touch this topic. Leaving the Accounting/Finance dept. to fight for the tools to do our job. We now have a Director of Finance who is trying to get the controls however, the CEO has the say and he runs the OPS dept.

Topic Expert
Wayne Spivak
Title: President & CFO
Company: SBAConsulting.com
LinkedIn Profile
(President & CFO, SBAConsulting.com) |

Either make the arguments given by those who have responded or just go with the dsyfunctional flow until it blows up.

Then say the the CEO "I told you so..."

EMERSON GALFO
Title: CFO
Company: C-Suite Services
LinkedIn Profile
(CFO, C-Suite Services) |

In a case like this, I made an Acknowledgement of Duties AND Responsibilities Memo and made EVERYONE sign. Based on experience, people want to "do" things but do NOT want the responsibilities that go with it. When people are made to acknowledge their responsibilities, they usually have second thoughts about it.

As a benefit......Look at it as a way to protect your behind.

Topic Expert
Patrick Dunne
Title: Chief Financial Officer
Company: Milk Source
(Chief Financial Officer, Milk Source) |

Only the finance team understands internal controls. You should convince the CFO and CEO of the consequences of not having the proper controls in place. Get a list of the rights and you can walk through scenario's that can happen if the rights aren't set up correctly. I am sure there are some user rights that provide opportunities for fraud.

Anonymous
(Accounting Manager) |

Thank you for your feedback. I have made arguments and the CFO does not want to hear it. The President seems to be in shock each time I mention I still don't have the proper role/rights to the system. At this point I am going with what Wayne has said which is just go with the dysfunctional flow. It is the only option unless I want to be terminated.

I also appreciate your response Emerson as I just had my performance review and I stated in the review where appropriate that I did not have the appropriate tools to successfully complete certain task/responsibilities due to the role/rights restriction.

Down fall is, the Direct of Finance placed on my quarter goals to complete 1 of the issues each quarter for me to receive my bonus, which I have no control of since I don't have the proper/role rights to complete.

With all of that said, all I really want to do is just get my job done, grow my department and be as valuable to the company as possible.

Thank you all again for your feedback.

Topic Expert
Len Green
Title: Performance Improvement Consultant and E..
Company: Haygarth Consulting LLC
LinkedIn Profile
(Performance Improvement Consultant and ERP Strategist, Haygarth Consulting LLC) |

Anon
Go meet with the system owners one more time.
Ask them to review what you need to do (i.e. your job duties) in the system and then to comment on which duties need a change in your access rights. Ask the system owners if they see any reason not to change your access rights.
Do this for each task.
Then document it.
Meanwhile, stay professional and update your resume.

OR
Play their game....
For any task where you cannot get the right access, ask the system owners to run the report, or to make the change for you. Do this by email or IT help desk ticket to create a trail. Let your boss know you are working with others to get the information and then inform him if it works or not. You'll soon know what really is going on.

Anonymous
(Accounting Manager) |

My Boss is having the sames issues. He can't get anywhere either and it is part of his goals given to him from the President.

I have done what you mention and they insist everyone in Accounting/Finance have the appropriate rights. We all have the same rights which prevent us from finishing tasks timely and have to create work arounds which disconnect from the transactions.

In all honesty, OPS is trying to force all of us to quit. Even the new Director that just started. OPS is trying to convince the CEO that Finance needs to report to OPS. The CEO has never worked anywhere else but here.

I am going to take you up on your advice which is to stay professional and update my resume.

Topic Expert
Wayne Spivak
Title: President & CFO
Company: SBAConsulting.com
LinkedIn Profile
(President & CFO, SBAConsulting.com) |

Sometimes it is amazing how totally dysfunctional and incompetent people succeed in spite of themselves.

3539 views
Topics
Products and Companies

Get Free Membership

By signing up, you will receive emails from Proformative regarding Proformative programs, events, community news and activity. You can withdraw your consent at any time. Contact Us.

Business Exchange

Browse the Business Exchange to find information, resources and peer reviews to help you select the right solution for your business.

Learn more

Contribute to Community

If you’re interested in learning more about contributing to your Proformative community, we have many ways for you to get involved. Please email content@proformative.com to learn more about becoming a speaker or contributing to the blogs/Q&A Forum.