Compliance Check for Originator Approval

To further strengthen SOX compliance for processes created with Winshuttle products, we introduced a compliance check for originator approval. The compliance check ensures that an originator is unable to approve their own tasks (unless dictated by the workflow solution design).

Description

We introduced the “ComplianceCheck” key to implement this compliance check. The key will have one of the following two values:

Value: 1 (Default) – Originators will never be reassigned to their own tasks.

Value: 0 – The feature is turned off.

The following scenarios will be checked for compliance:

  1. Approval type tasks cannot be reassigned to the originator from task assignment features such as Workflow Participant control, Process control, Excel Add-in reassignment, standard workflows, and Out of Office Delegation.

  2. If the admin is the originator:

    • They cannot Complete, Approve, Reject, and/or Reassign a process’s open assignments from the Edit Assignment page. They can however perform these actions on their own open tasks, from the My Tasks page.
    • They cannot change future assignments of this process from the Edit Assignment page.
    • They cannot Reassign a process’s open assignments from the Operation > Tasks Page. They can however perform that action on their own open tasks, from the My Tasks page.
Note:

If the admin is an originator, they can still Force Approve or Force Reject these processes – just not the tasks (as mentioned above). And if the admin is not a process originator, they can reassign a process’s open assignment (including their own task) to anyone – including an originator.

Compliance check for delegations

  • When a delegated user is an originator, the task will be created for the original user during reassignment. An “OOODComplianceCheckFail” notification is sent to the admin.
  • When a delegated user does not have access to the app within which a task is being assigned, the task will be created for the original user only upon reassignment. An “InsufficientPermissionforDelegation” notification will be sent to the admin for the same.