Optimising financial processes

Posted on:

Rule Quality Assurance for INFOR Approva Users

Rule Quality Assurance

Through ‘Rule Quality Assurance’ we refer to the practice of securing and validating the quality and consistency of your rule set.

The Approva rules are used to define user access risk conditions in ERP and other corporate systems. The rules check for Segregation of Duty (SoD) and Sensitive Access (SA) risk. The defined conditions are necessarily detailed to ensure risks reported are genuine and not false ‘positives’. Over time the rules are adjusted to handle changing circumstances such as:

  • Emerging compliance and risk requirements
  • System upgrades and local customisations
  • Evolving experience for risk monitoring within the company
  • Company specific or local process implementations

Variants of a master set of rulebooks may also be implemented to handle regional or business unit variations and multiple system implementations.

In parallel, industry best practices for monitoring of user access rights continues to evolve to handle additional risk scenarios, new versions of ERP systems and to optimise effectiveness of risk monitoring. Over time a gap develops between implemented rule sets and latest best practice.

Understanding the Business Risk

As the rules change it is important to maintain quality and consistency within and across rule sets. However, changes can result in errors, inconsistencies and variance in similar or identical duties or tasks. The quality of the rule definitions directly impacts the quality and consistency of the violations reporting and therefore the transparency and understanding of the business risk. Even with good maintenance and change control procedures in place, an assurance of quality and consistency is needed.

Also grasping the gap between your implemented rule set and latest industry best practices requires a detailed comparison. Understanding the gap provides awareness of potential to extend and optimise the coverage of your risk monitoring. This ensures you are well-placed to make informed and up-to-date decisions regarding what industry developments may be relevant for your organisation. This minimises risk of unexpected audit findings in areas currently perceived as secure against possible SoD risk and/or fraud cases to be.

Recommended Solution 

The solution we propose consists of a Rule Quality Assurance service based on an automated approach to validate the quality and consistency of your rule set and to compare against latest best practice. This service:

  • Checks for consistency of task definitions within and across rule sets
  • Checks for errors in rules such as duplicate and incomplete conditions
  • Compares implemented rules & tasks against latest industry best practice

The service is fast, efficient and accurate. The delivered package provides:

  • Management summary of the findings – enabling high level understanding and prioritisation of any action needed
  • Set of detailed reports providing all information necessary to complete any needed updating and corrective activities
  • On-site or on-line meeting to walk though results and recommendations

Next Step

To find out more about Rule Quality Assurance, download our service offer page here Rule Quality Assurance

or get in touch with us at services at Consider.