Segregation of Duties in Sage X3
Segregation of duties is a fundamental principle of many regulatory mandates including the Sarbanes-Oxley (SOX) Act.
Technology may make it simple for one person to do the job of many, but it also increases the risk of concentrating too much power in the hands of a single person. Maintaining tight internal control over technology-enabled processes requires effective division of duties. Organizations must be able to record the presence and enforcement of this division of duties to meet SOX Section 404 criteria.
With the release of Sage X3 2021 R1 (Version 12.0.25), two new features have been introduced to help ensure compliance:
Bank account management – Segregation of duty
To manage segregation of duties and follow the Sarbanes-Oxley (SOX) Act security rules and best practices, two parameters control bank account entry authorization. These parameters are in the TRS chapter, AUZ group, and operate independently of one another.
At the payment level for a given user:
- When BIDPAYENT – Authorize bank acct. no. entry is Yes, the user is authorized to enter a bank account in the Payment entry (GESPAY) or Payment proposals (PAYPROPAL) functions.
At the business partner level for a given user:
- When BIDBPENT – Authorize bank acct. no. entry is Yes, the user is authorized to enter a bank account number for a business partner in the BPs (GESBPR), Customers (GESBPC), and Suppliers (GESBPS) functions.
Note: These parameters are set to Yes by default. Select No to remove user authorization at one or both levels.
Payment remittance approval – Segregation of duty
At the payment type level, you can decide if payment approval is required to process a payment and create a bank file. Approval is authorized at the user level. A bank file can only be created for payments where no authorization is required or for approved payments for manual and automatic remittances.
Outgoing payments can be approved at the payment level or the manual remittance level.
At the remittance level, mass approvals or mass removal of unapproved payments is available.
Payment approval versus payment type is controlled during the import/export process.
To see the full release notes for Sage X3 2021 R1 (Version 12.0.25) please click here.
For more information on segregation of duties or any other Sage X3 question, please contact us.