Jump to content

Don't allow approval of own requests


Keith

Recommended Posts

Some of our BPM's have an approval step which we use in relation to compliance activities. Under the compliance guidelines, an approver must NOT approve any requests for which they are the customer, owner, or member of the request. To date, we have entrusted our approvers not to approve such requests where they are involved. However, our auditors have found a number of instances where this rule has not been adhered to.

Would it be possible to introduce a feature/setting whereby an approver cannot approve a request where they are the customer, owner or member?

 

I have considered trying to build something into the BPM whereby we check the customer/owner and have branching to different approval steps containing different approvers, but this is complex and liable to cause significant issues when approvers change. Currently, we have 6 approvers whom can approve these requests.

 

Regards

Keith

Link to comment
Share on other sites

Hi @Keith

Thanks for the scenario

A couple of questions if i can

1. What would you see happening to the business process if the business process had an approval action and the approver was one of the customer / owner / member?  I am thinking if the approver was not allowed to complete the approval, how would you see the process being able to be moved forward?

2. If the approver, was not the owner, member, customer at the point the approval task was added, but they subsequently are added as a member, the customer is changed to them, or as being in a supporting team for the request, the request is then assigned to them after the approval has been created but not completed

We are just trying to understand the considerations here.  

Thanks

Steve

 

Link to comment
Share on other sites

Hi @Steven Boardman

Thanks for the response.

In answer to your questions in order...

1. In our scenario, our approval step has six approvers listed. Therefore the approval step is still valid but the BPM would not progress until one of the "other" approvers approved the step. I can see this would be a problem for you if the approval step only had one approver. Perhaps you could make this option only available where there is more than one approver. - In honesty, I am less concerned about the member function, I only added that for completeness.

2. This is a problem. Let's leave the member out of the equation for now. The auditors will have a problem if the requests is approved by someone who is shown as the customer or the owner at time of checking. However, I think they are unlikely to check the timing of these partner changes, but can see why this is an issue if the customer or owner changes to be someone who is one of the designated approvers. Not sure what can be done about that, but I take that over what we have today.

Let me know if you need any further detail.

Regards

 

Keith

Link to comment
Share on other sites

@Keith we have raised a story to look to address the main concerns here which would be options to exclude users who are either the owner or the customer of a request from receiving an approval task.  We are looking at making this configurable within approval nodes so could be applied / used where appropriate in business processes. 

Once this is scheduled and a firmer date is know we will post back here

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...