Our focus here at Fastpath is on our customers and helping them find the right solution for their audit, security and compliance needs, then providing the best support we can offer, at no additional cost. We also try to provide the best resources for our customers to help them be more efficient and effective. In that spirit, we're reviewing the top 10 most used reports and sharing why they should be in all of our customer's toolkits.
Useful Report #1: User Conflicts
At the top of the list as THE most commonly used report in our Fastpath tools is User Conflicts.
User Conflicts is at heart of what we do at Fastpath. With segregation of duties reporting, we use our included ruleset to identify areas where users have access to more than one part of a process in a way that would allow them to manipulate the financial statements. The User Conflicts report shows every segregation of duties conflict for each user in the accounting system. It’s commonly used to address conflicts remaining after role cleanup, to identify cross-role conflicts, and to document mitigations for conflicts that aren’t being addressed by system security.
User Conflicts includes a description of the conflict, the risk level (High, Medium, Low), and the company affected. Selecting a conflict activates a pane on the right to display additional details. These details answer questions about how this user is getting access to each element of the conflict, including the role and security objects involved. These details can be used to adjust security in the ERP system to eliminate the conflict.
If a conflict is not going to be resolved using system security, but the organization has identified a mitigating control, the Status field in User Conflicts is used to document the mitigation.
For example, if a user can maintain the chart of accounts and enter journal entries, the user could create false accounts and enter related transactions to manipulate the financial statements. That’s obviously a conflict, but an organization may choose to use an approval process or workflow around all changes to the chart of accounts, instead of restricting a user’s access. That mitigation is documented using the Status field and is available for review.
Mitigations can be ad hoc, where a mitigation type is selected and the mitigating control is described, or they can be predefined controls available to select from a library of controls. The dashboard also shows progress made addressing conflicts via mitigation. Like all Fastpath reports, User Conflicts can be filtered, scheduled for email delivery, and exported to Excel, PDF, or CSV formats.
The User Conflicts report is a foundational element of segregation of duties reporting, and it makes addressing segregation of duties clear and easy to understand.