Supplier Administrator Role Governance and Oversight (Workday Finance)

Overview

The Supplier Administrator (SA) security role in Workday Finance provides the ability to create, modify, and delete supplier records within the University's enterprise supplier data. Because this role provides broad access to sensitive supplier information, the University has established governance controls to protect data integrity, reduce the risk of unauthorized access, prevent conflicts of interest, and help safeguard against fraud.

This page summarizes how the Supplier Administrator role is governed, how access requests are reviewed and approved, and the responsibilities of individuals and departments involved in managing this access.

Effective Date: July 1, 2026

Why This Role Is Tightly Controlled

Supplier records support critical University business functions, including:

  • Issuing purchase orders and supplier payments
  • Managing supplier onboarding and maintenance
  • Supporting financial reporting, compliance, and audit activities

Because supplier information directly impacts University financial operations, access to maintain supplier records is restricted and continuously monitored.

Scope

This governance applies to:

  • All UW Academy and UW Medicine departments using Workday Finance
  • Individuals who request, approve, hold, or oversee the Supplier Administrator role
  • Governance and support partners, including:
    • UW Procurement Services - Business Systems
    • UW Information Technology (UW-IT)
    • Finance Data Domain Council

Governance Requirements

1. Role Assignment Is Restricted

The Supplier Administrator role is limited to authorized personnel within UW Procurement Services – Business Systems whose responsibilities include enterprise supplier data stewardship.

Exceptions are expected to be rare. Individuals outside Business Systems, such as UW-IT personnel with a documented operational or technical need, may receive access only through a formally approved written exception.

2. Elevated Approval Is Required

All Supplier Administrator access requests must follow the University's elevated security role approval process to ensure:

  • A legitimate business need exists
  • Appropriate governance and oversight bodies review the request
  • Access is granted consistently and documented appropriately
3. Quarterly Access Review

Business Systems conducts quarterly reviews of all Supplier Administrator assignments using Workday security reports to verify that:

  • Each role holder remains an active employee with Business Systems.
  • No role holder possesses conflicting security roles.
  • Any unauthorized or unexpected assignments are promptly investigated and escalated.

Review results are documented, approved by the appropriate Business Systems leader, and retained for three (3) years in accordance with University recordkeeping requirements.

4. Segregation of Duties

To reduce the risk of fraud and conflicts of interest, individuals assigned the Supplier Administrator role may not simultaneously hold security roles that allow them to:

  • Create or submit requisitions for goods or services
  • Approve purchase orders
  • Approve supplier invoices
  • Initiate or approve payment transactions

If a conflicting role assignment is identified, it must be resolved within 30 days by removing the conflicting access in coordination with UW-IT and the appropriate business owner.

5. Legacy Role Assignments

Supplier Administrator role assignments that predate the University's current elevated approval process—including assignments made during the Workday Finance implementation in July 2023—must be reviewed within 60 days of this policy's effective date.

Each review must document whether the assignment:

  • Remains operationally necessary,
  • Meets current governance requirements, or
  • Requires modification or removal.

Documentation of each review must be retained.

Requesting Supplier Administrator Access

Because the Supplier Administrator role is considered elevated access, requests must follow the University's formal approval workflow.

The approval process includes:

  1. Submission of a Workday security role request by a manager (or higher-level authority).
  2. Initial review by the Workday Finance Application Management (FAM) team.
  3. Review by the appropriate DataGroup and escalation to the Finance Data Domain Council Chair and the University Data Officer.
  4. Consultation with UW Procurement Services – Business Systems to validate the operational need.
  5. Executive approval or denial.
  6. If approved, assignment of the role and notification to Business Systems.

Important: Requests for individuals outside UW Procurement Services – Business Systems are generally denied unless a documented written exception is approved by the Chief Procurement Officer (CPO).

Need Help?

For questions about Supplier Administrator governance, elevated security access, segregation of duties, or role requests, contact pcshelp@uw.edu