What: when changing significant system settings or parameters in the "Administration" section, a 4-eye principle should be applied, in the sense that a change made by a user needs to be approved/ authorized by another user before becoming effective. In other words:
- whenever a change is made, the status of this change should be “authorization pending”
- there needs to be a screen where a designated user with an "authorizer" role has an overview of the pending changes that need to be approved
- when clicking on any of the changes pending approval, the system should display the information about the change made (originial value versus new value - similar to what is currently displayed when a loan or deposit product is edited, for example) and give the "authorizer" user the possibility to reject or accept the change
- if rejected, the setting/ parameter should revert to what it was before (audit trail should be available of this).
- if accepted, the setting/ parameter should be changed (also with audit trail)
Ideally, the "4-eyes" option should be parameter-driven - i.e. tenants who don't want to apply it should have the possibility to disable it.
This option should be available for all changes possible under the "Administration" section, but most importantly for all changes (create or edit) in the following:
- Loan & Deposit Products
- User Roles and Permissions
- Branches and Centers
- Risk Levels
- Communications (Settings and Templates)
- Internal Controls
- Data Import (Approval) & Export
Why: any critical action that could affect how products behave, how fees are calculated, what permissions user have etc. etc. should be reviewed and authorized before it becomes effective; this is a best practice workflow recommended (and often required) by auditors and IT Policies.