Issue Source: OFA, OPB, Bureau Interviews, CEDAR Report
Affected Parties: Country Offices, Headquarters
Currently there is no control over the override of budget exceptions. Budget exceptions occur for a variety of reasons. However, the most common exception that can be overridden is when budget is no longer available (i.e. tolerance exceptions). According to the Internal Control Framework, these exceptions should only be overridden with approval from the senior manager in the office. However, all users can override the exceptions within Atlas. This has often led to cost sharing and trust fund deficits, as described in the separate user issue on deficits. It is evident that country offices are often not following the approval procedures described in the Internal Control Framework.
The capability to restrict override budget exceptions is part of Commitment Control Security. The implementation of Commitment Control Security was deferred during Atlas go-live due to priorities and resource constraints. The intent was to implement Commitment Control Security at a later time. There have been various initiatives in the past to define the Commitment Control Security requirements, but at this point it has not been implemented. The Atlas Wave II audit and security project included a component on Commitment Control security, but the funding was not available for resources to implement the actual security.
Commitment Control security can also restrict access to enter budget journals based on fund, allow fund managers to post budget adjustments for their own funds without allowing them to adjust funds for which they have no responsibility. This has also been a capability that OPB would like to see put in place as soon as resources permit.