Finance Controls Hub
Approvals, segregation-of-duties, and control evidence — every decision attributed and audited. Shows control health, not a SOX attestation.
Approval queue
| Event | Reference | Requested by | Dual | Status | Decision |
|---|
Approving requires the controller (or platform admin) role; other roles are rejected (403) and the attempt is not recorded as a decision.
Segregation-of-duties violationsDetective control — surfacing conflicts is not preventing them. Risk ranks per PRD_AUDIT §13.8.3.
| Risk | Rule | Process | Duty | Source | User | Status | Detected |
|---|
Named conflict pairs are synthesized (vendor/specialist) defaults; the duty logic and risk rationale are auditor-authoritative (ISACA 4-duty model, PCAOB AS 2201). Validate with Internal Audit before treating as authoritative.