The Office of the Vice President, Chief Financial Officer, and Comptroller announces a new policy: 9.1.2 Segregation of Duties in Enterprise-wide Applications for Procurement and Tracking of Equipment. This policy mitigates the risks of non-segregation of duties by prohibiting certain role combinations for enterprise-wide systems. Access to enterprise-wide applications by an employee with a prohibited role combination is only allowed after obtaining advance approval for an exception request. The online application is available here.
Highlights include:
- Identification of the role combinations prohibited from access to enterprise applications.
- An exception request is required, including a risk mitigation plan and internal review procedures, before an employee with a prohibited role combination may access enterprise applications.
- Outlining the exception request submission process, which must be re-requested every two years.
Contact
If you have questions about the updates to the policy, please contact the CFO Business and Finance Policy Office at obfspolicies@uillinois.edu.