Managing access to eExpenses

 

The SAP Concur 24/7 Support Desk is your first port of call for queries about using the eExpenses system. Contact them on 0800 389 8758 or via Help within SAP Concur which also offers a chat function.

For issues relating to accessing eExpenses please see Managing access to eExpenses for information on how staff, postgraduate and undergraduate students are set up and the forms needed to add and remove access if required.

 

The University uses SAP Concur eExpenses to manage expense claims. Claims are entered by claimants, review and approval are undertaken on the system, and reports can be used to manage the process. 

Departments are responsible for managing their processes for administering expenses and maintaining appropriate access to eExpenses. This is managed by authorised signatories with responsibility for managing system access. Careful management is important to protect financial information and implement financial controls.

See guidance on the Maintaining roles and data in eExpenses page which provides more information about access.

 

Sensitive information

Access to eExpenses may enable administrators to see sensitive and personal data. They must therefore be aware of the requirements for confidentiality in handling University information. The University complies with the requirements of the General Data Protection Regulation (GDPR) and individuals with access to eExpenses must ensure they do not contravene these. Financial or personal information must never be divulged to parties who do not need this in the course of ordinary University business.

 
  1. Forms to request, amend and remove access
  2. Authorised signatories for managing access
  3. Requesting access
  4. Maintaining access
  5. Removing access
  6. Process controls

Expand All

eExpenses Approver and Administrative Roles form (OSM service request)

Use this form to add, remove or amend:

  • Budget-holder approver - Assigned to a cost centre or project sub-task, the Budget-holder approver is responsible for confirming that the activity:
    • Has taken place; and
    • Is appropriate to charge to their budget
  • Authorised approver - includes:
    • the Finance Team review (1 pence approval limit); and
    • the department’s authorised approvers (£1,000 and £10,000) with delegated authority to approve expenditure
  • Preview delegate - enables the user to review submitted claims and add notes or comments
  • BI manager - has access to reports

For more information about these roles, please see Maintaining roles and data in eExpenses.

eExpenses Senior Staff Approver Request form (xlsm)

Use this form to add, remove or amend a named approver for senior staff. 

Expense claims for senior staff receive additional approval from a named approver. Details of who should approve claims for senior staff are available on Maintaining roles and data in eExpenses.

eExpenses Claimants Access form (OSM service request)

Staff and postgraduate students are set up as eExpense users via an automated process, there may be a small number of exceptional circumstances where there is a delay between their start date and set up on eExpenses, this form can be used where access is urgently required.

This form is used to:

  • Add a new undergraduate claimant: required to set up any undergraduate student that needs to claim expenses
  • Add staff and postgraduate students where they have not been set up automatically on eExpenses or need to be set up urgently before the automated process runs
  • Amend details for an existing undergraduate claimant, for example, name, title (staff and postgraduate student details are amended via other processes)
  • Make an undergraduate claimant inactive (staff and postgraduate claimants are made inactive via other processes)

eExpenses Central Finance Change of User Roles form (xlsm)

Use this form to request a change of user role for an eExpenses user working within Central Finance.

  • Departments are responsible for managing the administrative roles within eExpenses through an authorised signatory with authority for managing system roles
  • Authorised signatories manage access to both eExpenses and Oracle Financials

Important

The role of the authorised signatory is vital in ensuring that access to key University systems is appropriately controlled in line with the principles for managing access.

 
  • Information about the responsibilities of authorised signatories, considerations on who to appoint as an authorised signatory and links to the relevant forms for setting up and removing authorised signatories are available via the Managing access to Oracle Financials pages
  • Details of authorised signatories for managing system access are included on the User Access Dashboard, distributed to departments monthly for review
  • Authorised signatories should be updated promptly when needed
  • Access should be considered on a case by case basis, reflecting the specific duties of the individual and the tasks they are expected to perform. Guidance on the roles within eExpenses is available at Maintaining roles and data in eExpenses.
  • To request access, the appropriate online service request should be completed (see links to forms above). This can be done by the person requesting access, their line manager, the department’s finance team, or by the department’s authorised signatory for managing access. 
  • Every request requires approval from an authorised signatory for managing access. An appropriate approver should be selected from the drop-down list. Please note that it is advisable to seek divisional approval for HAFs (Heads of Administration and Finance), or equivalent, access.
  • The authoriser receives email notification when the form is submitted, and should review, consider and approve the request if appropriate. This submits the form to the Financial Processes, Systems and Assurance (FPSA) team. 

Drop-down list returns all authorised signatories and will not scroll:

If the drop-down list returns all authorised signatories for Oracle access, including those outside your department you will need to clear your web browser's cache and restart the request. If the problem persists, or you need advice on how to do this, please contact the Financial Systems Service Desk via financials@admin.ox.ac.uk.

 

 

  • Departments should regularly review access reports to ensure that access to eExpenses it is up to date and that users have access appropriate for their role
  • Reports will be included in the User Access Dashboard, distributed monthly to departments
  • Information about the dashboards, including gaining access and how to work with the data, is available on the Dashboards page
  • Departments with reporting access can run the reports in eExpenses. See more information about report on the Reporting on expenses webpage
  • Reports should be reviewed carefully, and action taken as needed to remove or update access
  • It is important to remove approver and other access to eExpenses promptly when it is no longer needed (most claimant accounts are managed via an automated process). This is key to maintaining the security of the system and effectiveness of control. Additionally, leaving someone in a workflow once they have left can cause issues.
  • You may need to remove access if someone leaves the department, their role changes (for example, they no longer have responsibility for reviewing or approving expenses) or due to long-term absence (for example, parental leave). You may need to remove all access or individual responsibilities.
  • To request access, the appropriate online service request should be completed (see forms above)

Delegation of authority

Departments should appoint an appropriate authorised signatory for managing eExpenses and Oracle Financials access, expected to be a senior member of the department such as the HAF (Head of Administration and Finance) or a senior finance manager, responsible for authorising access requests and monitoring access to Oracle Financials.

Authorised signatories should manage changes in access promptly and in line with two key principles:

  • Access must only be granted to those that need it (and removed as soon as it is not needed)
  • Access must be limited to the minimum needed to deliver the role, including appropriate approval limits 

Segregation of duties

Requests for access to eExpenses must be authorised by someone other than the user. It is good practice for the authoriser to be senior to the user.  Divisional teams should approve requests for access for HAFs, or equivalent, where possible.

Review

Adequate review of the User Access Dashboard or individual reports should be undertaken at least quarterly to ensure that all access remains appropriate. Checks should be evidenced and retained.

Log in to SAP Concur eExpenses

Only use this link, do not access via SAP Concur website. Re-click here if session times out

Help

SAP Concur 24/7 support: 0800 389 8758 

Try the app!

When eExpenses is live in your department, download the app and log in using:

  • Verified email address or
  • SSO (in format abcd1234@ox.ac.uk) or
  • University unique mobile code (95D6V7)

Forms

Guidance and support