Business Operations Project

HR, Data Stewards, Bus Ops IT, Student Information Systems access, Central IT (Institutional Analytics & Reporting, Enterprise Computing Systems, Identity management), Foundation, Users, Audit Office, Grantor Administrators (e.g. Fee Book, eprocurement), end users, Audit Risk and Compliance, Business Operations Information Technology, access requestors, Beaver Works Core Group

This project stems from comments collected in the focus groups about systems access processes from the perspectives of those requesting and granting user access to business operation systems. The purpose is to identify and address challenges and pressure points specifically related to processes associated with identifying, requesting, and granting user access to business operation systems.

There is a lack of transparency, efficiency, consistency, and understanding associated with granting access that results in incomplete information, and/or excessive manual processing due to multiple system grantors, interfaces, and information inconsistency. Access is inadequate or inappropriate for the end user’s role/needs due to the problems noted above and/or due to varying methods/criteria required by policy or specific system limitations. New employees or current employees transferring to other roles experience delays in gaining necessary access to systems.

• Balance the business needs with security/compliance considerations (apply accepted risk tolerances)
• Identify and design consistent tasks, forms, processes, and systems
• Define ideal state roles and responsibilities and individualized training plans for those roles
• Identify and recommend an ongoing, structured, and consistent training plan that incorporates the full systems access cycle
• Assess current policies against proposed processes and make policy recommendations for modified or new policies that are easily accessible
• Propose possible IT/IS solutions to Steering Team for improved system functionality and multi-system integration
  • Note: if an IT/IS solution is to be proposed, the team MUST still re-design processes, revise policies, and propose a plan to implement consistent processes before an IT solution is adopted.
• Develop training and communication plans for the implementation of the proposed solution(s)

• Identify who should request, determine, and grant access
• Explore tools and methods to facilitate the identification of access needs
• Inventory existing business operations systems, current training requirements, tracking mechanisms, and investigate a universal access request/monitoring platform (new jobs, transfers, terminations/separations)
• Improve transparency of process status through tracking mechanisms and/or improved communication