Ariba Functional Audits, Rules and Roles – What are they?

Types of Audit Rules:Financial – Requested by the finance department, based primarily on account numbers.General – Requested by anyone to capture a specific type of spend.Commodity – These special audit types assign commodity buyers based on commodity codes onlyCheck Request Audits – Used to monitor check requests

Types of RolesFunctional – User created positions used to group and assign Functional audit Rule to a specific user or users.System – Roles created in Ariba to perform a specific systems function. They can not be modified by the user.

What is a Functional Audit?A trigger that routes an Ariba Request to a specific user for review or approval. Audits allow us to provide oversight to specific categories of spend based on a field/fields in the request.

What is a Functional Audit Rule?A condition or set of conditions based on Boolean Logic (And/Or) applied to fields within the Request.

How do Functional Audit Rules work?When all the conditions are met (True) the audit adds the assigned Ariba Role to the approval flow.

What is an Ariba Role?A position to which Audit Rules are assigned. An Ariba User/Users is assigned to the role to perform the required action.

Can you give me some examples of why I need Functional Audits? You need to review all spend for cost centers 12345 and 98765 over $10,000.00 You want to see any requests opened for a specific supplier. You want to see all requests for hazardous materials going to your site.

Need a visual? Go to Slide 11

?!?

Watcher vs. Approver

Watcher = Auditors are informed of the request, but their approval is not required for request to progress to the next step in the approval flow.

Approver = Approval is required for the request to progress to the next step in the approval flow. Approvers also have the ability to deny a request.

Order of ApprovalOrder of approval determines where the auditor is inserted in the approval flow. Options are: Parallel to Supervisor Before Supervisor After Supervisor

Who can request a Rule or Role?

Anyone with a valid business requirement can request a Functional Audit Rule or an Ariba Role. Ariba Site Coordinators will question any request that don’t make sense and may suggest alternatives.

Review and MaintenanceBoth FA Rules and Ariba Roles should be reviewed yearly by the department responsible, to ensure they are still valid and the need still exists.

Users responsible for maintaining FA Rules and Ariba Roles can request the ViewFAReport Role which will allow them to pull audit reports in Ariba. Auditor Responsibilities

As an auditor you are responsible for: Approving/Denying requests in a timely manner (24 hours). Assigning a Delegate when you are not available to make approvals or having a back-up assigned to role. Ensuring that a replacement is assigned before leaving the Ariba Role.

Ariba Functional Audits - Definitions

Creating, modifying or deleting Roles

Before creating an FA Rule, the Ariba Role must be created and assigned to an auditor.

Role names should be short, but descriptive.

Finance 1

Finance_MKtg_Coupon_Watcher

Names should begin with the BU, include a department or position and indicate watcher or approver.

The Role Name Generator will help you create role names.

Creating Roles

There are no modifications that can be made to Roles. If you need to change the name, create a new Role and delete the old one.

Reassigning FA Rules to Ariba Roles is done by modifying the FA Rule.

To move an FA Rule from one auditor to another the Ariba Role needs to be moved by updating the user.

Modifying Roles

Removing inactive roles during the maintenance process is important to streamlining audits.

Remember that when you delete an Ariba role you automatically delete any FA Rules which are attached.

Deleting Roles

Creating Names, modifying or deactivating FA Rules

Move the Role or the Rule?Move the Ariba Role to a new User Move the FA Rule to a new Role

if the current auditor no longer has responsibility for this area

if the conditions in the audit fall under the responsibilities of a new auditor

i.e. Rhoda Rhunner moved to a new position as Will E. K. O’Tay is taking her position

i.e. Cost Center 12345 is no longer part of R&D (123Z_R&D_Fin_Approver), but part of Strategic Marketing (123Z_StratMkt_Fin_Approver)

FA Rule names should be expansions of the Ariba Roles they are attached to.

They should then also include more specific information about the conditions in the rule.

The FA Rule Name Generator will help you create rule names.

Creating FA Rule Names

Deactivating FA rules will remove them from the Role they were assigned to, but not delete them from Ariba.

Deactivating Rules

Any part of an FA Rule can be modified: Basic Information: Name, Watcher/Approver, Change Conditions: Add/remove field, Increase $ value Move FA Rule to a new Ariba Role

Note: FA Rules cannot be moved from one BU to another.

Modifying Rules

Creating Functional Audit RulesFunctional Audit Rules are made up of three sections: Field, Condition, Value

The Field is the item you want the condition to compare:Example: Accounting: Cost Center

Non-Standard ShippingSupplier ID

The Condition is how you are comparing the field to the value:Example: Is Equal to

Is greater thanIs NOT Equal to

The Value is the standard you are comparing the field to:Example: “YES”

12345 OR 98765Acme Fireworks$10,000.00

Yes/No ConditionsCondition is always “EQUALS” Check “Yes” to see all requests that have split accounting only. Check “No” to see all request that do not have split accounting only.

Multiple Value ConditionsEach row can have multiple values treated as “ORs” Rows are connected with “AND” and all rows must contain at least one “True” value. i.e. This example will audit any request that is NOT using cost center 98764 OR 65432 OR 45675 AND is for Acme Fireworks OR FedEx.

Single Value ConditionsOne Value per row. Multiple Rows are connected with “AND”Values in all row must be “True”. If one condition fails the entire audit fails. i.e. This example will audit all requests that are for D/L 12345 AND are ≥ $10,000.00

Functional Audit Conditions

For more information on Boolean “Yes/No” logic see “What is Boolean (And/Or) Logic at the FA Audit Resource Center : http://sourceplanet.jnj.com/TeamSites/ProcurementOperations/TEHelpDesk/Functional%20Audits%20Resource%20Center/Home.aspx

Functional Audit Conditions – Special ConditionsRangesTo group of consecutive values, use two rows to create a range. For Example If you want to see cost centers 67000, 67001, 67002, 67003, 67004…. 67010

The numbers you want to see must be consecutive. You’ll see 67005 even if you don’t need it.

Exclusions:To exclude a value from a condition use the NOT command. For example. To show all the numbers EXCEPT 67005 in our first example

This will show you all the values in the range as long as they are NOT 67005

Has a Value/Is NullWith this condition, the exact information in the field is not important, only that there is or isn’t something there.

In this example, the auditor will see any request that has a plant number listed in the accounting field, regardless of what that value is AND any request that does NOT have anything in the Part Number field.

Putting it all together – Real Life Examples Situation: Requestors are not changing their default account number when opening POs that are not related to supplies.

Remedy: The Finance manager wants to see all POs for his cost center, 12345, using the default “Supplies” account number, 62501001 so he can deny those using the wrong account.

Since we know that most order going to Guy Brown SHOULD use account 62501001 we can remove those from the audit.

Audit: All POs for CC 12345, with Acct 62501001, but not for Guy Brown.

Situation: Sometimes Tax is not applied correctly for orders over $1,000.00 causing extra work later.

Remedy: The Tax Manager needs to ensure that proper taxes are applied to all supply orders, account number 62501001 over $1,000.00 where the cost center is between 81703 and 81850.

Audit: All POs over $1,000 with cost center 62501001 where the cost center is greater than or equal to 81703 AND less than or equal to 81850.

Situation: Finance needs to review spend over $5K for account 160300, but only those using cost centers and not profit centers.

Remedy: We only want those items with cost centers, but we don’t care what the exact value is. Also, if it doesn’t have a cost center, we don’t want it.

Audit: All POs with Acct 160300, and a value in Cost Center.

Putting it all together – Real Life Examples Situation: Consultants and Temps are being hired without the proper Statements of Work (SOW)

Remedy: Create an audit for the suppliers who could be used and make Auditor an approver. If correct SOWs are not attached, request can be denied.

Audit: All POs for suppliers, Kelly Services, ConsultantsRUs, Temp&Time, TST Temps, Manpower

Note: This audit could also be pulled using commodity codes.

Situation: SOX requires that justification be provided anytime a non-standard ship to address is used.

Remedy: Ariba Site Coordinator receives any requests where a Non-Standard Ship To Address is used to review for justification

Audit: All POs where “Non-Standard Ship To Address is Used = “YES”

Situation: Requestors are using Materials requests for Services.

Remedy: We want see all Material orders so we can reject requests where the requestor is using the Material Format for Service Orders. But we don’t want to see orders for Guy Brown because all supply order should be Material.

Audit: All POs where the Requisition type is Material, but not if they are equal to Guy Brown

Putting it all together – Real Life Examples Situation: Requestors are ordering materials that should not be entering the plant site 127001.

Remedy: Review all material orders going to the plant site to ensure the materials are permitted at that location.

Audit: All Request where the request type is Material and the site is 127001

Situation: Users from Janssen are making requests under the wrong Business Unit.

Remedy: Create an audit for BU 1270 that screen out anyone whose site is 199401 or 620301 and has a shipping address of Janssen

Audit: All POs over where the requestor site is 199401 OR 620301 AND the shipping address = Janssen

Situation: Rhoda is a new Ariba User. She is still learning and submits PO requests with lots of errors. As her trainer, you don’t see these requests before Rhonda’s supervisor gets them. You want to see the requests and send them back to Rhonda for correction before her supervisor sees them.

Remedy: Create and audit that sends you every request Rhonda enters so you can review them and have corrections made.

Audit: All POs where the Requestor is Rhonda Rhunner.

Need a visual?Think of a Functional Audit (FA) Rule like an apple. Inside the apple are seeds or conditions that contain instructions. There could be a few or a lot, but they all relate to the same apple.

FA Rules, like apples, have to hang on something. Apples hang on apple trees, and FA Rules hang on Ariba Roles. We group similar FA Rules together on the same “Tree/Role”, just as the same types of apples grow on the same tree. An Ariba Role can have one FA Rule assigned to it or many. Rules can only be assigned to one Ariba Role.

Apple trees are pretty useless if they don’t have someone to care for them. The apples fall to the ground and rot. They need gardeners.

Similarly, Ariba Roles that are not assigned to anyone are pretty useless. So Ariba Roles are assigned to Ariba Users called Auditors.

Finally, apple trees are grouped on orchards with other types of trees. In Ariba, Roles are grouped also, generally by BU.

BU 123Z

Some Gardener/Auditors have several Ariba Trees/Roles and some Ariba Roles have several Auditors

How does this apply to FA Rules and Ariba Roles again?

Let’s start at the top this time:

Business Unit 123Z has a group of Roles and Users:

BU 123Z123Z_Fin_Ops_Watcher 123Z_Catering_Approver

123Z_R&D_TestTube_Watcher

Any requests opened for Cost Center 12345 OR 98765

Rhoda Rhunner

Finally, the FA Rule has a number of conditions that must be True before Rhoda Rhunner will see the Request.

123Z_Catering_Approver_Marketing

123Z_Catering_Approver_ Marriott

123Z_Catering_ Approver_Over_$10K

The 123Z Catering Approver Role has a number of FA Rules hanging off of it.

Any Requests opened for the Supplier Marriott

AND

Will E. K. O’Tay

123Z_Catering_Approver

123Z_Catering_Approver_ Marriott