Our new auditors recommended to our Audit Committee that we limit the access of our IT consultant as his work relates to the Financial Edge. Our consultant does most of his work via our VPN and many times, it is done after hours. The auditors suggested different levels of passwords for the consultant, which may become cumbersome, particularly if it keeps him from completing his task at night because he does not have the rights. Has anyone else dealt with this situation? I need to come up with some ideas for the Committee. thanks! Michael Bankert VP, Finance & Administration California State Parks Foundation

Michael - It really depends upon what work the IT consultant does for you. Is he responsible for updating Financial Edge? If so, then his direct access to FE can be limited to viewing only the GL home page and nothing more. He merely needs that small amount of access in order to launch FE after an update has been applied in order for the actual database to be upgraded. Remember, it is the first person who logs into FE that will trip the database update to occur. I always do that at the server as I don't want a workstation that also need to be updated to have to update the data as well. Your IT guy should not be responsible for duties within FE, such as user creation or group assignments. Those duties should remain with a supervisor who is part of the finance department. Of course, if the IT guy is also your FE consultant, then he would of course require much greater access. It really depends on what role he is playing for your organization. - George Envision For Non-Profits Consultant for Blackbaud products [Email Removed] 727/442-1996 www.EnvisionFNP.com

This has been a huge issue for me because of the IT's need when working on problem areas especially in EE but if they have administrator's rights that allows them access to the whole FE system and passwords, etc. I have called support and created cases relative to this but have not really received a resolve. Would love to know how others are handling this problem. As you stated because of their need to sometimes work nights and weekends it creates a problem if they don't have administrator's rights. Foxie Castelow Greenbrier Christian Academy [Email Removed]

I appreciate your responses, Foxie and George. The issue of administrator's rights is exactly the issue we face. Our auditors raised the issue, so I have to address it. If you hear anything from BB, please let me know. Michael Bankert VP, Finance & Administration California State Parks Foundation

I have had exactly the same concerns. Our Director of Technology, who is a fulltime employee, has supervisor rights to all of Education Edge, including Admissions, Registrar, and all the accounting modules. To my way of thinking, she shouldn't have access to the financial information, especially payroll. I wrote Blackbaud and expressed my concerns at least a year ago. I believe that they should provide a way for the IT people to have the access they need for updates, etc. and still maintain Business Office confidentiality. I did get a response from them, but no effective action.

I think the issue here is an outside consultant. If your IT director is a full time employee, he or she must have full access. This takes away several headaches of installing, updating and maintaining software. If BB provides an audit log consisting active users with some basic information of logon timings, what modules accessed etc. that may be sufficent for auditors. The permission to truncate that log may be given to responsible functional user so that IT director cannot truncate the log.

Has anyone come up with a resolve to this problem? Foxie Castelow

I'm an IT manager and I have full rights to FE and RE. I've been in IT for a long time. I don't see a way you can have an application and not have someone with supervisor rights. To me, it's a matter of position and trust. As an IT manager, I would never look at payroll information unless my manager requested me to help with something that required me looking at it. I need to be able to allow access to information in accordance with the company policies. As for a solution - I've seen some companies only give supervisor access to a certain trusted consultant who signs an agreement of confidentiality. Otherwise, someone in the company has to have supervisor rights, I think. Nora Isaac Manager, Information Technology The ALS Association, Greater Phila. Chapter [Email Removed] [i]--- Edited at 5/24/2006 8:08:05 AM by Nora Isaac[/i]