Hubbell Policies

First page Table of contents Previous page 97 Next page Last page

HFM USER ACCESS POLICY

English

Owner : Vice President, Controller

Last Review: 2016.06.03

FIN - 28

Department: Finance

POLICY This policy requires that a control process exists and is followed to review and confirm user access rights to Hyperion Financial Management (“HFM”) in accordance with established procedures and guidelines. SCOPE This policy applies to all Hubbell business units. PURPOSE The purpose of this policy is to ensure user access reviews are performed to verify and validate that user access to systems and applications is appropriate given users' roles and responsibilities within the organization. PROCEDURE Access to HFM is requested through a System Access Request Form (“SARF”) that can be found on the Wire. Contained within the SARF are dropdown menus specifying which entities and type (modify or view) of access to be requested. The manager of the employee requesting access submits the SARF to the Service Desk located at servicedesk@hubbell.com. A service ticket is created which is routed to the Hyperion Administrator. The Hyperion Administrator makes the specified changes, closes the service request ticket and notifies the employee requesting access via email. The Hyperion Administrator removes access from terminated employees via notification from the Service Desk. ADMINISTRATION Roles and Responsibilities. The requesting manager must submit the SARF to the Service desk. Before user access is added or changes, the HFM Administrator reviews the request to ensure it is appropriate, taking into consideration the user’s role and location. The Hyperion Administrator will solicit the input of the requesting manager if there are questions regarding the access being requested. Monitoring, Evaluation and Review. 1) Internal Audit reviews are performed on a discretionary basis.

2) SOX key controls relevant to HFM are reviewed and tested bi-annually. 3) User access is reviewed quarterly by each platform & Corporate.

After three consecutive months of inactivity in the Hyperion consolidation system, FDM or Planning, as determined by system reports, users will have their access removed by the Hyperion Administrator. The affected user will not be notified of this action. If a user whose access was revoked needs to once again use the system, a SARF must be completed.

Exceptions. None

97

Made with FlippingBook. PDF to flipbook with ease