Guidelines for Understanding System Access Review
In an effort to streamline the process for our campus users, the BFS team has redesigned the control procedure formerly known as Identity Management. Instead of downloading an Excel spreadsheet and submitting changes through SARA, users can now complete this process within BFS - a far more efficient method. The control objective of the System Access Review is the same. The report is reviewed to ensure that access for employees is accurate and appropriate for current job responsibilities and that the access as defined supports the proper segregation of duties within the division.
The report includes roles and org node access for users of:
- Berkeley Financial System (BFS)
- Berkeley Campus Solutions (SIS: BCS), Financial Aid, Award Entry, and Student Financials
- Campus Deposit System (CDS)
- CashNet (CNET)
- Housing and Dining Services (HDS)
- Human Capital Management System (HCM)
- Payroll (PPS)
- Travel & Entertainment Reimbursement System (T&E)
- Unifier (UNCP)
To improve the effectiveness of this control, the following changes have been established:
- The organization level at which the control is performed will be at the division level;
- The review will be performed within BFS;
- Division Finance Leaders (DFLs) will be required to ensure that system access reports are complete in BFS within thirty (30) days of the quarter end.
Making Corrections to Employee Access
The System Access Review module assigns a user one of three roles: Inquire, Review, or Approve. Those with the Inquire role can view the System Access Review report but not make any changes to the data. Reviewers can view AND request changes to someone's level of system access. And finally, Approver's can view, make changes AND approve. Approval indicates:
“I am responsible for and acknowledge that I have performed the System Access Review. As of the Approved On date, access for employees in my division is accurate and appropriate for their current job responsibilities and supports proper segregation of duties within my division.”
Keep in mind that only DFLs will be granted the Approve role.
If the user is granted the Review or Approve role, they will be able to request a change to a user's system access by using the Review Action pull-down menu and selecting one of the review actions. For most systems, that is the only action that is required since the rest of the process is done behind the scenes. For CDS, users will still need to complete a request via the Systems Access Request Application (SARA) for corrections to an employee’s system access. Once a DFL approves the report, corrections and updates for all other systems will be automated.
Updating Reviewers and/or Inquirers in SAR
The list of current reviewers/inquirers can be found in the SAR Distribution List spreadsheet. If you need to add a reviewer or inquirer to a distribution list, please send an email with your request to the following email email@example.com. Please be sure to include the employee name, employee ID number, and the report distribution code. The request must include approval from the DFL before it can be processed. Removals from the list should follow the same procedure.
For questions or comments, please contact BFS Security at firstname.lastname@example.org.