Managing Risk in Microsoft Dynamics 365 Finance and Operations

Matt Treadway takes a look at how you can manage risk in Microsoft Dynamics 365 Finance and Operations and how your organisation can have complete confidence that the business is running the way you need it to with results you can depend on.

The famous saying goes that two things in life are inevitable; death and taxes. However, I would like to add a third item to that list and include the word ‘Risk’. When we think about the word risk, many things pop into our minds. From crossing the road to buying a house, each and every action we take in life has an element of risk attached to it. But we are clever, and we do things to minimise the risk according to our own values, desired outcomes and appetite. For example, I am perfectly happy crossing the road because my mum taught me the green-cross-code. I have taken steps to minimise the risk of being run-over by using tools and experiences to make sure I can achieve my desired objective (getting to the other side) and being able to carry on my journey to the pub. Getting home again may have a higher amount of risk associated with it, in which case I might prefer to take a taxi.

The world of business is no different. The risks each business face can change from year to year, or even from day to day in some instances. In fact, auditors will consider many types of risk when planning their annual audit work, tests and strategies. So risk is and, should be, high on the agenda of all business managers.

So now let’s show you how Microsoft Dynamics 365 Finance and Operations (D365 FinOps) can help business leaders manage and mitigate the risk associated with everyday operational activities.

D365 FinOps provides tools and features to assist each business in firstly identifying potential areas of Risk and then, methods of reducing them to an acceptable level. A selection of these tools is shown below:

Security and Roles:

The first level of security offered in D365 FinOps are the Role profiles provided as standard. Out of the box, there are 137 unique Roles that each offer a specific combination of duties, privileges and access to certain tables of data and reporting options.

Each standard role has the ability to be customised, to add in additional duties or perhaps remove access to a particular report, all based upon the specific needs of each business.

This allows each business to manage how and what their employees are able to do and see within the system, according to the organisation’s exact appetite to control what employees are doing.

Workflow approval:

Next in line for reducing risk is the embedded Workflow approval engine. At the last count, there are over 140 processes in D365 FinOps with an associated Workflow approval process associated to it.

The Workflow can be seen as a tool to define how a document or transaction flows through the system on its journey from beginning to end. The Workflow engine controls who can start a task, who can approve it and who can post it to the system.

Workflow offers full audit trail capability whilst making use of the Role profiles mentioned above. It also ensures consistency in each and every transaction, with defined rules about what level of approval is required on a transaction by transaction basis.

All of this functionality is easily configured using a drop and drag user interface, with clear instructions on how to configure each stage. The benefit of this is that the configuration and design of Workflow approval becomes a business-led activity, rather than a technical process requiring specialist technical know-how.

Policies:

Policies are embedded within many aspects of D365 FinOps but the one to focus on here is the Travel and Expenses policies. These polices prevent an employee from entering any expenses which are against the policies defined by the business.

Policies can take many forms, but one of the most common is the enforcement of attaching receipts against each expense line. Another common example is the application of maximum rates for overnight stays based upon specific locations. ie: up to £100 per night in London, and a maximum of £80 outside of London.

This reduces the risk of breaching obligations for claiming VAT correctly or being unable to recover costs from your client for non-compliance with their own policies.

As with the Workflow approval mentioned above, the interface for prescribing policies can be defined, managed and controlled by the business rather than the IT function by using the intuitive user interface.

Audit workbench:

A very under-used aspect of D365 FinOps, yet one of the most important from a Financial Control perspective is the Audit workbench.

This module is dedicated to the identification of transactions where the potential for breaching policy or human-error is relatively high.

Just some of the instances where this can be used are as follows:

• Keywords in Expenses claims: We can configure the system to identify certain words in expenses that breach our policies, such as “Gifts” or “Cigars”.
• Duplicated PO or Invoice details: Amounts, dates and items can be identified and compared against previous transactions to identify if a potential duplicate could have been entered in error.

If a potential issue has been identified, a Case is created and allocated to a user to trigger further investigation.

Segregation of Duties:

A fundamental tool to enable better financial control and therefore reduce risk from an audit perspective. This part of the system allows us to specify two processes which should not be performed by the same user.

For example, it would be sensible to prevent a single user from being able to amend a supplier’s bank account details and for that same user to then be able to process bank payments to that supplier.

We simply enter in the two processes and the D365 system will then identify any users who have the ability to perform both tasks.

This information can then direct us to amend a user’s permissions to remove this potential risk.

Duplicated Invoice Numbers:

Upon entry of a purchase invoice, D365 FinOps will validate the invoice number against that supplier to ensure that each invoice is unique. The D365 FinOps system is able to either provide a simple warning or prevent the document from being posted – the behaviour can be decided by the organisation.

VAT registration number validation:

When HMRC issue a VAT registration number to an organisation, they use a complex algorithm to create a unique number. D365 FinOps also includes this algorithm, which is used to validate that a VAT number supplied by a supplier agrees to these rules.

Summary:

The moral of this story is that D365 FinOps is a fantastic tool to help us manage risk in a variety of different scenarios. The first benefit is that only transactions that meet each organisation’s policies and appetite for risk and control can be entered into the D365 FinOps system. The end result is that managers have complete confidence that the business is running the way they need it to, with results that they can depend on, with the added benefit that at any point in time they can be amended to suit the ever-changing needs of the business.

For more information on how Microsoft Dynamics 365 can transform your business, get in touch with our experts.

Contact us today!