What does Sarbanes say about internal controls and Financial Software access? Do you have a guide to separation of duties within an AP module such as PeopleSoft Financial 8.8?


Sarbanes-Oxley does not address "how to" do a separation of duties. It refers to the fact that elements of a good internal control environment which includes separating out conflicting duties as a good practice for financial reporting.

TAPN has an Internal Control manual. These policies outline good internal control practices within your A/P organization. Keep in mind that what may be a good control in one organization may not be possible in another based on resources, personnel, etc...

Here are some thoughts to consider regarding the purpose of the separation of duties:

  • Data entry personnel should not have access to set up new vendors in the data base
  • Personnel who write the disbursement checks should not be the same personnel who enter the vendor invoices
  • The personnel assigned to reconciling the sub-ledger systems should not have access to check disbursement functions
  • Reconciling vendor statements to your accounting records should be separated from personnel who can enter or issue a vendor credit adjustment

In regards to the specifics of what Peoplesoft Financial 8.8 can allow is best to run by your account rep. Our understanding is that Peoplesoft along with other ERP systems have the ability to limit access to sensitive areas within a system module such as an A/P module. In some instances it can restrict the user to only certain fields in a entry screen. There are also audit reports that allow the system administrator to check on unauthorized access attempts or entries removed from the system.

Have more questions? Submit a request