We are going through AP SOX review, and have a gap identified:  SOX have suggested that a user should not have Invoice Entry and Approval access to Oracle Payables.  The user entering invoice should not have access to approval and the person approving the invoice should not have access to entry funciton.

We are on 11.5.8.  How can these two functions be segregated?

Hi

Its possible to create a user who can enter/create an invoice, and not be able to validate/approve it.

1.Go to the sys admin responsibilty, and under responsibilties, pick up that particular responsibilty(Lets say you named it XXX_Invoice_Entry).

2.Towards the bottom of the page is the menu exclusions tab. Under type, select function, and under name select “invoice approve” (Assuming it has been assigned to the respective menu that was assigned to that responsibilty. I was working under Super user responsibility.)

3.Assign that responsibilty to the required user. This user can now enter an invoice, and when they go to the invoice actions button, the validate and validate related invoices options will be greyed out, and so will create accounting.

The other requirement of having a user who can only validate without creating an invoice is still somewhat baffling. However, I’m still looking into it, and discussing it with the rest of the AP team. As soon as I have any positive solution/feedback, I’ll definately get in touch. In case you also get a work around within the standard application before any body does, please share the solution on the blog.

Regards

Timothy.

Hi Timothy

Thank you for this.  It certainly solves one of the two segregation of duties issue: entry of invoice without approval/validate.  The other one is approval/validate without entry - this is something I have not yet figured out.  I will let you know if I come up with any solution. Likewise please let me know if you figure something out.

Hi

I did extensive consulting with my AP team here and on metalink as well. Fortunately we are also running 11.5.8, so we explored all the nooks and crannies of the application. It appears that the second objective cannot be achieved from the front end and you might certainly have to go in for a customization. However, in 11.5.10, there is the forms personalization feature which can enable you to achieve this directly from the front end. I’m sure 11.5.10 has many SOX considerations embedded in it, so may be a future upgrade might solve a lot of your SOX concerns. Keep us posted on what you finally resolve.

Regards

Timothy.

We did research as well and could not achieve the second objective.  We ended up allowing AP Manager Invoice Entry and Approval, and defining a Business Process to generate Invoice Register report by AP Managers daily and reviewing it.  If the register shows that a manager has entered an invoice then it would be followed up by the AP Director.

Looking forward to upgrading to 11.5.10!