4 Eyes Principle: Core Principles for Effective Supervision in Finance
It has been a while since I published last blog. In case you do not remember, I have written about Tax Calculation and Reporting. Please follow link to Part 1 and link to Part 2 in order to refresh your memory, as we will talk about tax in this blog as well.
As I have spent more than ten years on finance and tax dedicated topics, I can claim with great confidence, that careful audit and review process are essential for the tax certainty and avoiding imposed penalties.
Having said that, I am introducing and dedicating this blog to 4 Eyes Principle as one of the Core Principles for Effective Supervision in Finance.
Therefore, lets handle this topic together in more detail.
What Does 4 eyes review stand for?
Business leaders recognize the importance to have accurate financial data to drive operations and measure success. However, without the proper controls in place – errors, frauds, and other issues can occur, hindering operational efficiency and growth. That is where 4 eyes principle comes into the picture.
The four eyes principle is a widely known mechanism that requires that any activity within organization should be reviewed by another competent person. The four eyes principle is sometimes called the two-man rule or the two-person rule.
As already mentioned, this requirement is undertaken to reduce the risk of business execution and internal fraud. Business execution refers to reducing and eliminating risk of negative outcomes due to the mistakes, whereas internal fraud related to the fraudulent activities. Potentially, other types of the risks may be mitigated by dual controlled, but those two are most frequent ones.
Practical need for 4 eyes review?
Now we have come to the question, which transactions could be seen as risky ones and where we should have 4 eyes review?
Well, this principle is something you can see in the different industries. For example, in the legal profession, two signatures are usually required for document verification. Even some data management systems require two people to approve updates to documents before those changes are committed to the data. A classic example of implementing “Four Eyes” is in the Credit Approval Process where any Credit Decision must be reviewed and signed by a second independent person.
Regardless in which industry you are operating, you are only trying to increase accountability across the board. The role of the second person is to catch up the error that first person has missed, but because of the data spread it could be trickier in some cases as leaders may lack visibility.
Luckily, there SAP Profitability and Performance Management has solution that will allow end user to leverage the full benefits of the 4 eyes principle. Simple workflow process, like we have in SAP Profitability and Performance Management, will make review process simplified and more efficient.
4 eyes principle and SAP Profitability and Performance Management: Two peas in a pod!
Prior to starting the review process, pre steps related to technical configuration in SAP Profitability and Performance Management are explained in detail in the following blogs: The Impact of Teams on PaPM Process Management and Execution and SAP Profitability and Performance Management – Dual Control Overview. It is very important to get familiar and to understand content of the blogs, as they will give you overview how authorization is defined for different user roles. Also, you will benefit by understanding how performer and reviewer roles are defined in the Teams application and the impact it has on other sections.
After getting familiarized and setting everything in a system, we can start with the four eyes review process. Example that we will consider today is finalization of corporate tax return in the Tax Calculation and Reporting sample content and we will use My Activities application for this purpose.
As visible on the picture below, update assumption activities, according to the timeline schedule should be performed prior to execution function. Upon finalizing update assumption activities, overall calculation should be triggered by executing function. At the end, review results are available. All activities and changes are restricted by time frame (Start Date and Due Date), meaning after due date expires, activity will be locked for editing and user will not be able to make any changes.
Hereby, predefined process look incorporates example showing dual control of the process activities, meaning that users from performer team are assigned to perform activity, whereas users assigned in reviewer team can review and approve or reject activity. This is important because of the four eyes principle and minimizing possibility of the errors.
Having said that, performer will start from Tax Master Data activity, launch activity, and checks if any changes need to be done. Performer only has possibility to “Submit Activity”, whereas “Approve” and “Reject” buttons are disabled for that role. Upon submitting activity status will change to “In Approval”.
Performer will undertake changes Reviewer has indicated in the comments and submit activity once again.
Regardless of the role they have in the system, all users have possibility to trace the changes that have been made on each activity by selecting activity and clicking on the Workflow Log. As from the screen shot below, it gives information about status of the activity, person who changed it and specify date and time when changes are made. If we are observing this from the auditing perspective, it surely increases traceability and accountability.
Upon Performer has made all necessary changes and Reviewer has approve activities under Update Assumption node, then Execution function can be run. By triggering this executable function Prepare Input for Accounting Entries, end user will collect all changes made and Results of the executable function will be available in the reporting queries under the Reporting Node.
Last step in finalization of the corporate tax return is reporting part. Same practice as in Update Assumptions will be followed. At this stage, neither Performer nor Reviewer has possibility to amend the reports. Performer will check report by report individually and submit to approval. As already stated, Approver can either accept or reject the calculation results.
Finally, there are different possibilities to check the data. Regardless of the role, there is possibility of analyzing the data by launching the Activity and then end user will get data grid overview as on left screenshot presented below. On the other hand, there is a possibility to jump directly into the modeling environment, as presented on the screenshot on the right side of the screen.
As you could see, four eyes principle brings security element into the decision-making process. Despite workflow is reliable, overall effectiveness depends on the ability, integrity and diligence of the individuals involved (performer and reviewer), therefore it is advisable authorizations to be changed from time to time.
Anyhow, finance and tax are wide area, therefore we are preparing something new related to Base Erosion and Profit Shifting topic. In case you stay tuned, you will benefit from extension of the tax knowledge and implementation of four eyes principle there as well, as one of the core principles for effective supervision in finance.
Until next time,