One of your accounting clerks just left on maternity leave (congratulations to Sally). Another employee is replacing her and thus has the new responsibility of performing Invoice Reconciliation (good luck to John). To perform this task, John needs to open a new request in the portal for the proper authorization. Then he must browse through the business process list and select Invoice Reconciliation, add an explanation for the request and submit it. The financial top-user receives the request and approves/disapproves it. Upon approval, John is automatically assigned the required authorization role, and even receives and email indicating this.
Sounds too simple to be true? Not necessarily, that is if you have a well-planned role catalog in your company. Some of our customers have already managed this successfully and the scenario above is actually their business routine when it comes to allocating authorizations.
A role catalog is essentially a structured list of business processes including all the authorization roles that enable each process. Business processes and business roles are created by business analysts; and authorization roles by technical authorization consultants. Hence a role catalog enables end users to communicate easily with the technical authorization team, saving valuable time in the authorization-allocation process.
Learn what the basic elements of creating a role catalog are
The first step in creating a role catalog is to define the list of business processes in an organization. Remember that most of the authorization requests will now be handled by end users and will include the business role name instead of free text; therefore defining the business process list is of great significance. The list of business roles shouldn’t be too broad or too narrow; this way the amount of business roles is reasonable and easy to manage. If your list is very large (don’t panic), simply split it into areas such as Finance, Human Resources, and into sub-areas like Vendor/Master Data and Finance/Assets.
The next step is to define the activities in each business process and the authorization roles required for each activity. The authorization roles should be master roles, meaning they do not include company codes, plant numbers and other organizational objects; these will be added according to employees’ positions.
The final step is to define the required roles as sensitive, and then define the workflow of authorization request approvals for sensitive and non-sensitive roles. For example, if the role is sensitive you might want to demand additional approval from the security manager before the role is granted. Don’t forget to verify that there are no SoD (Segregation of Duties) conflicts in the roles, per each business process. If SoD conflicts exist, each user that requests this business process is sure to create an SoD violation.
Sit back and let your role catalog start rolling
Upon completing the role catalog, you can integrate it into your organizational portal and concentrate on managing it. Believe me, I know that defining the role catalog is not a simple process technically (and politically), yet once the role catalog is in place the focus is shifted from granting authorizations to managing business processes effectively. Well-built role catalogs enable organizations to automate authorization management, focus on what really needs attention and overall free up valuable time.