RPM | REQUIREMENTS AND POLICIES MANUAL

Viewable by the world

    Title:

    Business System Ownership

    Publication date:

    2/1/2024

    Effective date:

    3/28/2018

    BRIEF

    Policy Summary

    This policy establishes responsibilities for the accountable ownership and management of the Office of the Chief Financial Officer (OCFO) business and financial systems. It applies to all major OCFO purchased (commercial, off-the-shelf) and Lawrence Berkeley National Laboratory (Berkeley Lab) internally developed systems involved in support of the day-to-day operations, financial data analysis, and reporting needs of the OCFO and the Berkeley Lab community.

    Who Should Read This Policy

    Any Berkeley Lab employee responsible for the ownership and management of OCFO business and financial systems.

    To Read the Full Policy, Go To:

    The POLICY tab on this wiki page

    Contact Information

    Controller

    Deputy Controller, Accounting and Business Systems

    Title:

    Business System Ownership

    Publication date:

    2/1/2024

    Effective date:

    3/28/2018

    POLICY

    A. Purpose

    This policy establishes responsibilities for the ownership and management of the Office of the Chief Financial Officer (OCFO) business and financial systems.

    B. Persons Affected

    Any Lawrence Berkeley National Laboratory (Berkeley Lab) employee responsible for the ownership and management of OCFO business and financial systems.

    C. Exceptions

    None

    D. Policy Statement

    1. The OCFO is responsible for managing the process controls of its business and financial systems. The responsibilities include overall procurement, development, implementation, integration, modification, operation, maintenance, and retirement of the business and financial systems. The Lab's Information Technology (IT) Division has primary responsibility for cybersecurity aspects of the systems.
    2. The OCFO will designate a functional manager (see OCFO Governance Framework Including System Ownership and Support) with overall accountability for each of its business and financial processes and related business and financial system(s). The assigned system owner must:
      1. Ensure that the system's capabilities meet Berkeley Lab's business needs.
      2. Provide leadership and direction for the responsibilities listed in 1, above, including ensuring that appropriate controls are in place. The execution of these responsibilities requires resources and support from the OCFO Business Systems Group (BSG), Financial Policy and Assurance, Training, and the IT Division.
    3. This policy applies to all major OCFO purchased (commercial, off-the-shelf) and Berkeley Lab internally developed systems involved in support of the day-to-day operations, financial data analysis, and reporting needs of the OCFO and the Berkeley Lab community. Specific roles and responsibilities are detailed in section E, below.

    E. Roles and Responsibilities

    Role

    Responsibility

    Business system owner — general

    • Approves the scope and strategic objectives of the business system. Approves objectives and plans for the ongoing support, maintenance, and enhancement of the system. Directs the day-to-day business usage of the system. When production issues arise — with the support of the BSG and IT division— ensures appropriate root-cause problem resolution has occurred and that system issues are addressed in a timely manner and communicated accordingly.

    Business system owner — system changes and enhancements

    • Defines, prioritizes, and provides the BSG with written system enhancement requests. A sample template for providing enhancement requests is attached in section H, "Implementing Documents," below.
    • Considers business process re-engineering opportunities prior to requesting a system change.
    • Serves as the primary functional point of contact with whom the BSG can consult in defining more detailed functional specifications.
    • Coordinates with the BSG to ensure functional specs are complete, documented, and consistent with business requirements, and an adequate test plan is prepared and executed.
    • Conducts user acceptance testing and provides final approval for implementing changes to the production system (i.e., formally accepts the system as complete and ready for production).
    • Participates in planning for system upgrades that will result in changes to the owner's system(s).

    Business system owner — user access control

    • Establishes criteria for controlling user access to various features of the system, including prerequisites to be met prior to granting user access to specific system roles.
    • With the support of the BSG, validates that user access and assigned roles and permissions are consistent with business needs.
    • Approves access controls to personally identifiable information (PII), coordinating with BSG.

    Business system owner — user training and support

    • Ensures that those who need to use the system for entering and/or retrieving information have access to user training and system documentation.

    Business system owner — data integrity

    • Ensures the availability and reliability of the business data stored in the system.
    • Ensures data-input controls are documented, effective, and tested periodically.
    • Documents processes using PII.

    OCFO BSG — general

    • Defines the scope and strategic objectives of the business system.
    • Establishes objectives and plans for the ongoing support, maintenance, and enhancement of the system.
    • Monitors system operations and provides end-user support.
    • When production issues arise, partnering with IT, conducts root-cause analysis of problems, evaluates options, resolves system issues in a timely manner, and informs stakeholders on system problems and resolutions.
    • Coordinates with the business system owner and IT to ensure that system training documentation, if needed, is developed, accurate, and available to those who need it.

    OCFO BSG — system changes and enhancements

    • Manages OCFO systems projects and enhancements prioritization process coordinating with business system owners, subject matter experts, IT, and Systems Council; recommends options, feasibility, and considerations for system change requests.
    • Provides project-management leadership and services, including development of project proposals and project and resource plans for system enhancements wherever necessary.
    • Develops and coordinates system upgrade and enhancement plans; identifies opportunities for process/system improvements; assists owners in defining business requirements for system enhancements; develops functional specifications that are complete, documented, and consistent with business requirements; and validates technical specifications developed by IT.
    • When a complex process changes (e.g., a Department of Energy [DOE] mandated change) or a system upgrade or implementation project requires modifications to multiple OCFO business systems, coordinates the communication with, and involvement of, the functional organizations needed for the timely implementation of the change.
    • Develops and executes test plans to ensure the requested system changes fulfill business requirements. Partners with the OCFO and IT to plan, develop, and execute system upgrades and enhancements; ensures changes are adequately documented and tested; and coordinates with the system owner and functional staff in execution of user acceptance testing. Owner approval wherever necessary is obtained before moving the changes to production.
    • Communicates the implementation of system enhancements to stakeholders.

    OCFO BSG — user access control

    • Establishes and maintains policy-related procedures for controlling user access to OCFO systems, including a process for coordinating and conducting regularly scheduled reviews of user access.
    • Identifies and makes recommendations for controlling access to sensitive data, including PII.
    • Implements user access controls to PII.
    • Identifies possible segregation-of-duty access conflicts and works with the functional manager to develop an appropriate resolution.

    IT Business Systems — general

    • Provides technical project-management leadership and services, including development of project proposals and project and resource plans for technical system upgrades or new system implementations.
    • Ensures the business and financial systems are cyber secure.
    • Implements controls in the system to PII.
    • Provides input to customers on options, feasibility, and considerations for system change requests.
    • Develops system enhancements to accommodate DOE mandates, regulatory/policy changes, interface changes, and business process changes.
    • Prepares written documentation of system changes, and exerts software change control as required by department standards.
    • When production issues arise, partnering with BSG, contributes to root-cause problem analysis, resolves system issues in a timely manner, and provides input on clear, accurate, and timely communication.
    • Conducts major system development based on customer specifications.
    • Performs system maintenance to accommodate vendor upgrades, software fixes, and security patches.

    F. Definitions/Acronyms

    Term

    Definition

    Business system

    A computerized information system or business and financial system that provides the end-to-end delivery of information. Data is an integral part of running the business, including all computerized processes and software needed to satisfy business requirements. A business system comprises computerized processes, input controls, the stored business data, and reports and other output formats.

    Business system owner

    A unit or individual with overall accountability for each of its business and financial systems or portions of the system. The system owner must ensure that system's capabilities meet Berkeley Lab's business needs. The system owner must provide leadership and direction for system development, enhancement, and ongoing operations, including ensuring that appropriate controls are in place.

    Business Systems Group (BSG)

    A unit that is responsible for ensuring that OCFO business systems are responsive to the needs of Berkeley Lab, and that systems strategies and plans are effectively communicated. The BSG partners with OCFO functional units and IT Division professionals in the planning, design, testing, implementation, and maintenance of automated information systems.

    IT-Business Systems

    The group that manages the day-to-day technical operation of the business system: database management, software distribution and upgrading, version control, backup and recovery, virus protection, and performance and capacity planning. IT performs this service for Berkeley Lab. User access management is performed by the BSG.

    User

    An individual (e.g., an employee of an OCFO functional unit) who interacts with the system. Programmers, system administrators/ managers, other technical personnel, and the BSG are not considered users when working in a professional capacity on the computer system. System users must use the system in the manner and for the business purpose it was designed, and comply with all specified control and security requirements.

    G. Recordkeeping Requirements

    None

    H. Implementing Documents

    Document number

    Title

    Type

    11.04.002.001

    OCFO Governance Framework Including System Ownership and Support

    Process (Excel spreadsheet)

    11.04.003.000

    Financial Management System (FMS) User Access Control

    Policy

    11.04.002.002

    OCFO Systems Projects — Enhancement Requests Template

    Template (Excel spreadsheet)

    I. Contact Information

    Controller

    Deputy Controller, Accounting and Business Systems

    J. Revision History

    Date

    Revision

    By whom

    Revision description

    Section(s) affected

    Change type

    1/2/2012

    1

    Axthelm

    Reformat for wiki

    All

    Minor

    1/9/2013

    1.1

    Axthelm

    Updates to "Roles and Responsibilities" section

    E. Roles and Responsibilities

    Minor

    2/1/2013

    1.2

    Axthelm

    Updated "Roles and Responsibilities" section and added accountability as appropriate

    E. Roles and Responsibilities

    Minor

    3/28/2018

    1.3

    U.K.

    Updates to the Policy

    E,F,H

    Minor

    01/25/2021

    1.4

    U.K.

    Periodic review. Minor edits

    Brief, D,E,F,H

    Minor

    2/1/2024

    1.5

    U.K.

    Periodic review. Formatting changes. 

    D

    Editorial 

    DOCUMENT INFORMATION

    Title:

    Business System Ownership

    Document number

    11.04.002.000

    Revision number

    1.5

    Publication date:

    2/1/2024

    Effective date:

    3/28/2018

    Next review date:

    1/31/2027

    Policy Area:

    Financial Business Systems

    RPM Section (home)

    Financial Management

    RPM Section (cross-reference)

    Section 11.36

    Functional Division

    OCFO

    Prior reference information (optional)


    Source Requirements Documents

    • This is an internal process only.

    Implementing Documents

    Document number

    Title

    Type

    11.04.002.001

    OCFO Governance Framework Including System Ownership and Support

    Process (Excel spreadsheet)

    11.04.003.000

    Financial Management System (FMS) User Access Control

    Policy

    11.04.002.002

    Template (Excel spreadsheet)



    • No labels