Managing access to eExpenses

Further information

SAP Concur eExpenses will be live in Social Sciences division from 18 October, but check with your department when you should start using it for claiming most expenses.     eExpenses will be available for other departments and participating colleges from mid-November with individual departments (and colleges) choosing when to introduce it and when to stop accepting the current paper expenses claim form, in the window until it is retired at Easter 2022.  You should hear from your department or college when to start using eExpenses. If in doubt, check with your departmental or college finance or admin team.


The University uses SAP Concur eExpenses to manage expense claims. Claims are entered by claimants, review and approval are undertaken on the system, and reports can be used to manage the process. 


Departments are responsible for managing their processes for administering expenses and maintaining appropriate access to eExpenses. This is managed by authorised signatories with responsibility for managing system access. Careful management is important to protect financial information and implement financial controls. See guidance on the Maintaining roles and data in eExpenses page which provides more information about access.


Sensitive information

Access to eExpenses may enable administrators to see sensitive and personal data. They must therefore be aware of the requirements for confidentiality in handling University information. The University complies with the requirements of the General Data Protection Regulation (GDPR) and individuals with access to eExpenses must ensure they do not contravene these. Financial or personal information must never be divulged to parties who do not need this in the course of ordinary University business.



  1. Accessing forms
  2. Authorised signatories for managing access
  3. Requesting access
  4. Maintaining access
  5. Removing access
  6. Process controls

Expand All

    eExpenses Approver and Administrative Roles form

    Use the eExpenses Approver and Administrative Roles form to add, remove or amend:

    • Budget-holder approver: 
      • Assigned to a cost centre or project sub-task
      • Responsible for confirming that the activity has taken place and is appropriate to charge to their budget
    • Authorised approver: includes the Finance Team review (1 pence approval limit) and the department’s authorised approvers (£1,000 and £10,000) with delegated authority to approve expenditure
    • Preview delegate: enables the user to review submitted claims and add notes or comments
    • BI manager: has access to reports


    For more information about these roles, please see Maintaining roles and data in eExpenses.

    eExpenses Senior Staff Approver Request form

    Use the eExpenses Senior Staff Approver Request form (XLSM) to add, remove or amend a named approver for senior staff.  Expense claims for senior staff receive additional approval from a named approver. Details of who should approve claims for senior staff are available on Maintaining roles and data in eExpenses.

    eExpenses Claimants Access form

    Use the eExpenses Claimants Access form to:

    • Add a new undergraduate claimant: required to set up any undergraduate student that needs to claim expenses
    • Add new staff or postgraduate student claimants in exceptional circumstances (staff and postgraduate students are set up on eExpenses via an automated process, but  there could be a delay between their start date and set up on eExpenses and the form can be used where access is urgently required)
    • Amend details for an existing undergraduate claimant, for example, name, title (staff and postgraduate student details are amended via other processes).
    • Make an undergraduate claimant inactive (staff and postgraduate claimants are made inactive via other processes)
    • Departments are responsible for managing the administrative roles within eExpenses through an authorised signatory with authority for managing system roles
    • Authorised signatories manage access to both eExpenses and Oracle Financials


    The role of the authorised signatory is vital in ensuring that access to key University systems is appropriately controlled in line with the principles for managing access.

    • Information about the responsibilities of authorised signatories, considerations on who to appoint as an authorised signatory and links to the relevant forms for setting up and removing authorised signatories are available via the Managing access to Oracle Financials pages
    • Details of authorised signatories for managing system access are included on the User Access Dashboard, distributed to departments monthly for review
    • Authorised signatories should be updated promptly when needed
    • Access should be considered on a case by case basis, reflecting the specific duties of the individual and the tasks they are expected to perform. Guidance on the roles within eExpenses is available at Maintaining roles and data in eExpenses.
    • To request access, the appropriate online service request should be completed (see links to forms above). This can be done by the person requesting access, their line manager, the department’s finance team, or by the department’s authorised signatory for managing access. 
    • Every request requires approval from an authorised signatory for managing access. An appropriate approver should be selected from the drop-down list. Please note that it is advisable to seek divisional approval for HAFs (Heads of Administration and Finance), or equivalent, access. 


    Drop-down list returns all authorised signatories and will not scroll:

    If the drop-down list returns all authorised signatories for Oracle access, including those outside your department you will need to clear your web browser's cache and restart the request.  See Cache Clearing Instructions (PDF).  If the problem persists, or you need advice on how to do this, please contact the FSSC Helpdesk via

    The authoriser receives email notification when the form is submitted, and should review, consider and approve the request if appropriate. This submits the form to the Financial Systems Support Centre (FSSC) team.



    • Departments should regularly review access reports to ensure that access to eExpenses it is up to date and that users have access appropriate for their role
    • Reports will be included in the User Access Dashboard from August 2021, distributed monthly to departments
    • Information about the dashboards, including gaining access and how to work with the data, is available on the Dashboards page
    • Departments with reporting access can run the reports in eExpenses or before August 2021 can contact to request a report (see more information about report on the Reporting on expenses webpage)
    • Reports should be reviewed carefully, and action taken as needed to remove or update access
    • It is important to remove approver and other access to eExpenses promptly when it is no longer needed (most claimant accounts are managed via an automated process). This is key to maintaining the security of the system and effectiveness of control. Additionally, leaving someone in a workflow once they have left can cause issues.
    • You may need to remove access if someone leaves the department, their role changes (for example, they no longer have responsibility for reviewing or approving expenses) or due to long-term absence (for example, parental leave). You may need to remove all access or individual responsibilities.
    • To request access, the appropriate online service request should be completed (see forms above)

    Delegation of authority

    Departments should appoint an appropriate authorised signatory for managing eExpenses and Oracle Financials access, expected to be a senior member of the department such as the HAF (Head of Administration and Finance) or a senior finance manager, responsible for authorising access requests and monitoring access to Oracle Financials.

    Authorised signatories should manage changes in access promptly and in line with two key principles:

    • Access must only be granted to those that need it (and removed as soon as it is not needed)
    • Access must be limited to the minimum needed to deliver the role, including appropriate approval limits 

    Segregation of duties

    Requests for access to eExpenses must be authorised by someone other than the user. It is good practice for the authoriser to be senior to the user.  Divisional teams should approve requests for access for HAFs, or equivalent, where possible.


    Adequate review of the User Access Dashboard or individual reports should be undertaken at least quarterly to ensure that all access remains appropriate. Checks should be evidenced and retained.


    For use until eExpenses live in your department

    SAP Concur eExpenses 

    For use when eExpenses live in your department.

    Mobile code: 95D6V7

    Company/SSO code for first time SAP Concur mobile app log-in, when eExpenses live in your department

    Downloads and related links

    Guidance and support


    SAP Concur 24/7 support: 0800 389 8758 

    Payment query: