 | ||
Introduction
Auditing requires precise handling of documents and data. For organizations using databases to store such information, granting auditors appropriate access is crucial. There are two main methodologies to facilitate an auditor's access to the database: providing full search permissions or restricted workflow access. Each method serves different needs based on the scope and requirements of the audit.
A. Problem Statement
During audits, organizations face the challenge of providing auditors with sufficient access to documents while maintaining control over sensitive information and minimizing disruption to regular workflows. Full search access may expose unnecessary information, while workflow access demands additional manual input from staff, restricting the efficiency of the process.
B. Solution
The use of robust user access management settings in database systems can resolve these issues. Granting full search access is suitable for comprehensive audits where auditors need to see various document types without restrictions. Alternatively, creating specialized workflows is ideal for targeted audits, limiting auditors to specific documents and enhancing data security.
When an auditor does an audit at your location, there are two different ways you can give them access to your database.
- Give them full search permissions for whichever doc type they request
- This will allow them to search for anything in the doc type.
- Give them access to a special workflow
- This will allow them to only see what you send to the workflow. This way does require extra work on your part as you will need to send items to workflow as they request. You can only send 1 item at a time to workflow. Cannot do them in batches.
We do recommend disabling the auditor account once the auditor has left by following this guide. When audited again, enable account and change password.
Full Search Access For Auditor
1. Go to Admin->Users
2. Click "Add"
3. Fill in User ID, First Name, Last Name, Password, Confirm Password, and Email Address, and check the Force Change Pass. box and click "Save".
- For email address, we recommend putting the Treasurer's email address.
- For the Password, you can enter anything you like and then provide the auditor with that temporary password. When they first log in, it will ask them to change their password.
4. Click "Edit" while auditor account is highlighted
5. Click "Doc Types" tab and add Search, View, and Unrestricted to any doc type you wish for the auditor to view and click "Save". In this example, we are doing Financial Packet (this includes req, PO, invoice, and checks)
Give the auditor the username and password you created and they will now be able to login and search for whichever document types you've given them access to.
Workflow Only Access
1. Go to Admin->Users
2. Click "Add"
3. Fill in User ID, First Name, Last Name, Password, and Email Address and click "Save". For email address, we recommend putting the Treasurer's email address. Click Workflow and change Home Screen to Workflow
4. Click edit while auditor account is highlighted
5. Click "Doc Type" tab and give View to the doc types you wish for the auditor to have access to and click "Save". In this example we will use Financial Packet. 
6. Go to Admin-> Workflows
7. Bottom left hand corner, click "Add Workflow". You may have to scroll a bit depending on how many workflows and queues you have. 
8. Fill out Workflow Name, Workflow Desc, set Image Page Load Mode to "All" and History Display Mode to "All" and select the doc types you wish to be able to send to the workflow. Then click "Save" In this example, we are doing Financial Packet.
9. Under the Auditor workflow you created, click "Add Queue"
10. Fill out Queue Name, Queue Desc. Put check marks in "Allow Start", "Lock Edits", "In Summary", "In Calculations". Give access to anyone you wish to view the queue and click "Save".
11. Click on the queue you just created and click "Add Action"
12. Fill out Action Text and Action Desc. Change Target Queue to (Un-Queue) and click "Update" and then "Save".
To send items to Workflow, follow the following guide by clicking here
C. Best Practices
- Secure User Management: Always create temporary auditor accounts with restricted permissions tailor-fitted to the audit's scope.
- Clear Permission Settings: Specify and double-check the permissions - whether search or view - to ensure alignment with audit requirements and security protocols.
- Efficient Workflow Design: If opting for workflow access, ensure the workflow is streamlined and only includes necessary documentation to facilitate quick reviews while limiting data exposure.
- Regular Account Maintenance: Disable auditor accounts immediately after the audit to prevent unauthorized access and re-enable only when required, updating credentials each time.
D. Troubleshooting
- Issue with Account Access: If auditors cannot access given accounts, verify user credentials and permissions settings for any misconfigurations.
- Delays in Workflow Processing: Should there be delays in item transfers to the workflow, check for system performance issues or bottlenecks in queue settings.
- Data Over-Exposure in Full Search Access: If sensitive data is being unnecessarily exposed, reevaluate the document types linked to the auditor's access and adjust accordingly.
E. Related Articles
General: SCView Quick Tutorial
General: How To Make a Row Selection in SCView
Conclusion
Choosing the right access method for auditors — whether full search permissions or workflow-based restrictions — depends on the specific needs of the audit and the organization’s operational security requirements. By adhering to best practices for managing access and leveraging efficient troubleshooting strategies, organizations can ensure that audits are conducted smoothly, securely, and with minimal interruption to their ongoing operations. Properly managed access not only aids in achieving compliance and transparency during audits but also protects sensitive company data.