Processing the SOD Overdue Reports in HRS
OverviewThe Separation of Duties (SOD) Workflow Exception Dashboard (WED) reports are reports created to find users who have created HRS entries which could have a potential SOD conflict. To be an effective system compensating control, these SOD reports must be worked in a timely manner. In order to ensure timelines are held to, an additional WED report was created to monitor overdue reports - UW_HR_SOD_OVERDUE.
The current definition of 'overdue' is set by each report type, and is as follows:
- HR01: 14 calendar days
- HR02: 14 calendar days
- PY02: 21 calendar days
As the reports are worked, these threshold definitions are subject to change to better reflect the time to complete each report. All changes to threshold definitions will be communicated by the Affinity Groups, and updated in this document.
Each institution has a single SOD Administrator, usually the HR Director. It is the responsibility of this SOD Administrator to ensure reports are worked regularly, and any report deemed 'Overdue' be addressed immediately. Further, there will be intermittent audits performed by the UWSA Security Analyst for controls compliance. Results of these audits will be communicated directly to the SOD Administrator, or shared by way of Affinity Group contacts.
This procedure provides instructions for completing the WED report by reviewing the SOD reports. For more specific information on how to navigate and use the WED, please reference The Workflow Exception Dashboard in HRS.
Log into HRS and the WED will appear. Reports appear based on your current security and whether there are transactions to review.
Click on the UW HR SOD OVERDUE Report.
Click the Check to Claim check box for the individual you want to review. Your name will automatically appear in the Claimed by section with the date and time noted.
Click the hyperlink for UW_SOD_SRCH.
- You will be taken to the Separation of Duties - Review and Approve page (Navigation: UW Security Reports > SOD Review and Approve). This page will display all outstanding SOD reports, including all report types, not just the EMPLID you clicked on from the WED report.
NOTE: This purposely differs from all other WED reports, and is a security goal encouraging all SOD reports be worked expeditiously.
You may find it easier to locate the overdue reports by setting the Signature filter to Not Signed, and clicking the Report Date header, to order by Report Date.
NOTE: These filters remain in place until you change them or click Clear, even if you navigate away from the page.
To review to content of a report, click the Review/Sign link.
NOTE: You cannot review or correct your own entries.
If you are the only party responsible for this report, you can proceed to sign the report as usual. If you are overseeing the signatures of those you have delegated, contact the delegate and make certain the report is signed in a timely manner.
After clicking Review/Sign, the detail for this report will be displayed. The user who made entries (OPRID) will be displayed at the top of the page. The employees the OPRID acted upon will be listed in the grid below. Review the entries for appropriateness. Links to instructions for reviewing each report are listed below:
Once all entries have been reviewed, sign the report by clicking the Sign Report button.
This brings up a dialog box (shown below) asking you to confirm your signature.
Clicking either Yes or No will return you to the main screen. If you clicked Yes, your OPRID now appears as a signature for this report. After a report has been signed, it can continue to be reviewed using the Review/Sign link, but the signature button will no longer be visible.
Close the SOD Review and Approval tab to return to UW HR SOD Query page.
Click the Completed check box for any EMPLID you reviewed. Your name will appear in the Completed by section with the Date and Time noted.
Click the Home link to return to the main WED page.
Rows will only fall off of the report once the underlying data is corrected. In this case, when the respective report is signed.