Managing access to Oracle Financials - Process controls

Process controls

Delegation of authority

Departments should appoint an appropriate authorised signatory for Oracle access, expected to be a senior member of the department such as the Head of Administration and Finance or a senior finance manager, responsible for authorising access requests and monitoring access to Oracle Financials.

Authorised signatories for Oracle access should manage access requests promptly in line with two key principles:

  • Access must only be granted to those that need it (and removed as soon as it is not needed).
  • Access must be limited to the minimum needed to deliver the role, including appropriate approval and journal limits. Enquiry (read-only) access should be used wherever possible; edit access should only be granted where the user needs to carry out transaction activity.

Segregation of duties

All requests for access to Oracle Financials must be authorised by someone other than the user. It is good practice for the authoriser to be senior to the user; divisional teams should approve requests for access for heads of administration and finance (or equivalent) where possible.

It is good practice to embed segregation of duties between the person completing the request form and the person authorising the request.

Review

Adequate review of user access reports or the User Access Dashboard should be undertaken at least quarterly to ensure that all access remains appropriate. Checks should be evidenced and retained.

Contact Us


 : Financial Systems
       Finance Division
       University of Oxford
       23-38 Hythe Bridge Street
       OX1 2ET

 Raise a support call
 : 01865 (2) 84800
 : Contact Financial Systems    

 : Opening hours:
       8.00am - 5.00pm
       Monday - Friday (except Bank
       Holidays, Easter and
       Christmas)