AUTHORITY TO SUSPEND OR REVOKE ACCESS TO FINANCIAL INFORMATION SYSTEM: ACG0026
Effective Date: 03/17/04
Last Reviewed: 10/06/2016

Authority to Suspend or Revoke Access to Financial
Information System

(Policy ACG0026)

I. Purpose of the Policy

The Financial Information System (FIS) is used by authorized FIS users to procure, pay, and account for goods and services purchased for the benefit of UCSC. It is also used to maintain the general ledger, produce financial reports, and track inventorial equipment. Authority to access FIS is explicitly delegated to an FIS user by the user’s supervisor or a service center manager. Occasionally, there are situations that require that someone other than the user’s supervisor or service center manager be granted explicit authority to suspend or revoke a user’s access to FIS. This policy provides that authority to specific campus officials.

Please refer to Section III for the definitions of important terms used in this policy.

II. Detailed Policy Statement

A. General Provisions

The following campus officials are given the authority to suspend or revoke an FIS user’s access to FIS based on the criteria described in Section II.B. This authority cannot be redelegated.

1. Chancellor

2. Executive Vice Chancellor

3. Vice Chancellor – Business and Administrative Services

4. Vice Provost, Information Technology

5. Accounting Officer / Assistant Vice Chancellor – Financial Affairs

6. Director, Materiel Management

7. Associate Accounting Officer / Accounting Office Director

B. Criteria

Valid criteria for suspending or revoking access to FIS include, but are not limited to, the following:


1. Policy violation. Using FIS in a way that violates applicable University or campus business or financial policies.

2. Non-UC business use. Using FIS to intentionally process transactions or obtain information for non-University business purposes.

3. Legal breach. Using FIS to engage in an activity that violates state or federal law or the terms of contractual agreements.

4. Gross incompetence. Demonstrating a level of incompetence in using FIS that results or will result in

a. compromising the integrity of campus financial data

b. violating a University business or accounting policy

c. violating a governmental regulation, or

d. breaching the terms of a contractual agreement.

5. Misconduct. Using FIS in a way that is economically wasteful or involves gross misconduct or inefficiency.

6. System misuse. Violating the terms of the UCSC system user agreement, or campus or University computing policies.

7. Unacceptable risk. A situation that creates an unacceptable level of risk, such as

a. allowing continued access to FIS to an employee who has announced his/her decision to terminate and for whom there is a reasonable belief that the employee may misuse the FIS to harm the University, or

b. determining that an FIS user who has record update privileges is not eligible for coverage under the University’s fidelity bond.

8. Lack of demonstrated need. Not having a demonstrated need to have access to FIS.

III. Definitions

FIS user – an individual who is a permanent or temporary UCSC employee, contractor, third-party service provider, or consultant

IV. Getting Help

The Financial Information System Manager can address questions related to FIS access. Please consult the UCSC telephone directory or UCSC Financial Affairs website for contact information.

V. Responsibilities and Authority

The Unit Head and/or Principal Officer (or designee) of the FIS user is responsible for delegating authority to access FIS to the user.

The Financial Information System Manager is responsible for enabling access to FIS.

The Accounting Officer / Assistant Vice Chancellor – Financial Affairs is responsible for maintaining accountability and control over financial processes and for maintaining the integrity and accuracy of the campus accounting data. FIS plays a key role in supporting campus financial processes and processing and maintaining campus accounting data.

The Materiel Management Director is responsible for ensuring transactions involving the procurement of goods and services, including those using FIS, are processed in a manner consistent with University and campus policies and regulations.

The Vice Provost, Information Technology is responsible for ensuring that UCSC computing resources, including FIS and the computing resources supporting it, are used in a manner consistent with University and campus policies and regulations.

This policy will be reviewed every five years.

VI. Related Policies/References for More Information

References

Business and Finance Bulletin


• IS-3 Information Security (http://www.ucop.edu/ucophome/policies/bfb/is3.pdf)
• RMP-7 Privacy of and Access to Information Responsibilities
(http://www.ucop.edu/ucophome/policies/bfb/rmp7.html)

Other

• University of California Policy on Reporting and Investigating Allegations of Suspected

Improper Governmental Activities (http://www.ucop.edu/ucophome/coordrev/policy/10-04-
02whistle.pdf)