Wednesday, December 4, 2024

AI Summary in Dynamics 365 Finance and Operations (Copilot - D365FO)













AI SUMMARY IN DYNAMICS 365 FINANCE AND OPERATIONS (COPILOT - D365FO)

CONTENT

Introduction
Upcoming D365FO copilot features
AI summary (Context-Aware summarization)
Conclusion

Microsoft continues to innovate, expanding Copilot's feature set to simplify complex processes, improve decision-making, and boost operational efficiency. In my previous article series on Microsoft Copilot, I provided an overview of its fundamental capabilities and how it integrates with Dynamics 365 Finance and Operations apps. From introducing core concepts like conversational AI and embedded intelligence to exploring installation processes and practical applications, the series highlighted how Copilot revolutionizes ERP functionality. 

After building that foundation, this article dives deeper into some of the additional and upcoming Copilot capabilities that further enhance the Dynamics 365 Finance and Operations experience. We’ll explore contextual summaries that provide actionable insights across key areas such as products, vendors, purchase orders, customers, sales orders, workflow history, and collections.

Let’s dive into the details.

UPCOMING D365FO COPILOT FEATURES

Microsoft is adding new features to Copilot in Dynamics 365 Finance and Operations to make tasks easier and more efficient. These updates will help automate work in areas like procurement and finance, saving time and improving productivity. Some important upcoming features are as follows:

Automate procure-to-pay tasks with the supplier communications agent (SCM): Purchasers spend significant manual effort checking incoming emails, assessing the status of each purchase order, replying to and following up with suppliers, and updating systems. The supplier communications agent can help purchasers by identifying and understanding email correspondences related to purchase orders, analyzing them together with organizational data, identifying both purchase order confirmations and change requests, and carrying out automated tasks based on user-defined rules. For example, the agent can automatically send reminders to suppliers that haven’t yet responded to a purchase inquiry. It brings incoming change requests to the attention of purchasers when a vendor can't deliver on time or in full and offers the option to update a purchase order according to a change request. (Public review February 2025 - subject to change).

Reconcile with subledger to general ledger reconciliation agent (FINANCE): Reconciliation of data is a time-consuming process, often deferred until the end of a period. This can add time and headaches to the completion of the period end tasks. The subledger to general ledger reconciliation feature will change this process to be proactive, rather than reactive, when a difference is identified. Copilot will be used to notify the user of a difference between the subledger and the general ledger, provide options for how to resolve the issue, and eventually resolve the issue on behalf of the user. Reconciliation should no longer be a bottleneck, but instead, is always in a continuous state of readiness. (Public review March 2025 - subject to change).

AI SUMMARY (CONTEXT-AWARE SUMMARIZATION)

AI Summary aka Context-aware summarization brings tailored insights directly to users, streamlining data interpretation and decision-making across various areas in Dynamics 365 Finance and Operations.

PRODUCTS

The Released product details page contains a Summary by Copilot FastTab, providing a tailored product overview that adapts to the user's frequently accessed pages and current context.

Go to Product information management >> Products >> Released products to open released products list page. Select an item and go to item details.











This form provides a detailed summary of the released product, including general inventory data as well as procurement and sales information.

Additionally, when you hover over an item number in any form, the system displays a summary of the product based on the most used forms and the relevant context. The content displayed is tailored to your security role, ensuring access to appropriate information.

Go to Sales and marketing >> Sales orders >> All sales orders to open sales orders list page. Select an order and go to order details.

Hover over the item number.











When you hover over an item number in any form, the system displays a summary of the product based on the most used forms and the relevant context. The content displayed is tailored to your security role, ensuring access to appropriate information.

VENDORS

Go to Procurement and sourcing >> Vendors >> All vendors to open vendors list page. Select a vendor and go to vendor details.











Vendor summary provides a comprehensive overview of key vendor details, including on-hold status, rebates, and open purchase orders. It consists of two fields:

Status: This field summarizes essential vendor information, including order, invoice, and payment statuses.

Insights: This field highlights notable outlier events, such as risks associated with overdue purchase lines, delivery trends, vendor history, and potential foreign exchange losses from outstanding invoices.

PURCHASE ORDERS

Go to Procurement and sourcing >> Purchase orders >> All purchase orders to open purchase orders list page. Select an order and go to order details.












Each purchase order summary shows an overview of a selected purchase order's status.

The purchase summary provides a comprehensive overview of key order details, including on-hold status, rebates, and open purchase order lines. It consists of two fields:

Status: This field includes generic summary of the order, including total number of lines, received lines and invoiced lines.

Insights: This field highlights notable outlier events, such as backordered lines, lines about to be backordered, lines with missing confirmed receipt dates.

CUSTOMERS

Go to Sales and marketing >> Customers >> All customers to open customers list page. Select a customer and go to customer details.











When a customer is selected, the AI-generated content appears on the Summary FastTab. Azure OpenAI generates the results based on data in Finance and the provided prompts.

It uses the following transaction data as inputs: Customer invoices, Customer payments, Sales orders, Sales agreements, Rebates, Outstanding invoices, Delayed order lines.

Summary FastTab consists of two fields:

Status: This field summarizes essential customer information, including order, invoice, and payment statuses.

Insights: This field highlights notable outlier events, such as risks associated with overdue invoices, highest overdue invoice, overdue order lines, and orders shipped but not invoiced.

SALES ORDERS

Go to Sales and marketing >> Sales orders >> All sales orders to open sales orders list page. Select an order and go to order details.










The Sales order details page includes a Summary by Copilot FastTab that shows an overview of the selected sales order's status.

Summary FastTab consists of two fields:

Status: This field includes generic summary of the order, including total number of lines, shipped lines and invoiced lines.

Insights: This field highlights notable outlier events, such as backordered lines, lines about to be backordered, lines with missing confirmed ship dates and lines to be shipped at the current date so that you are aware of order shipments.

WORKFLOWS

Navigate to Workflow history to review detailed records of workflow submissions. Go to Organization administration >> Workflow >> Workflow history. The page shows the list of all submitted workflows.










Change the ‘Status’ filter if necessary.

Click Instance ID to see the workflow history.








The Summary by Copilot field leverages Azure OpenAI to provide concise, context-driven insights, ensuring a clear and actionable summary of workflow activities.

The Summary by Copilot field appears at the top of any Workflow history page if the workflow was submitted. The first line shows the submitter, submitted date, current status, and comments. The next lines show the most recent workflow actions. Workflow actions include approvals, delegations, rejections, and change requests. The workflow action dates and the user who performed each action are shown together with any comments that were entered.











COLLECTIONS

Go to Credit and collections >> Workspaces >> Collections coordinator to open the Collections coordinator workspace. The page shows an overview of the activities that are assigned to a collections coordinator (collections agent), the customers who have the highest balances, and the customers who have the most overdue amounts.












To get to the Collections coordinator details page, select any customer name. Alternatively, when a Customer account is selected at the top of the page, click View customer detail. The Collections coordinator details page includes the Summary by Copilot field. 












Azure OpenAI is used to generate the results in Balances and payment history, based on data in Finance and the provided prompts. All calculations are done in Finance. The summary is based on the amounts for the selected customer's payment history for the past year, outstanding debt amount, and invoices for the last six months.

To have AI generate a draft email in the form of a reminder letter, select Create reminder email.

CONCLUSION

Microsoft's Copilot is transforming Dynamics 365 Finance and Operations by making daily tasks simpler and more efficient. With features like automated processes, smart notifications, and tailored summaries, Copilot helps users save time and focus on what matters most. Whether it’s managing vendors, reconciling financial data, or handling sales and purchase orders, these tools reduce manual work and make decision-making easier. By using Copilot, businesses can work smarter, improve accuracy, and adapt quickly to changing needs in today's fast-paced world. 

Tuesday, November 26, 2024

Performing Segregation of Duties (SOD) Risk Analysis in Dynamics 365 Finance and Operations (D365FO) - PART 1: Using D365FO











PERFORMING SEGREGATION OF DUTIES (SOD) RISK ANALYSIS IN DYNAMICS 365 FINANCE AND OPERATIONS (D365FO)

CONTENT

Introduction
Solution Components for SOD in Dynamics 365 Finance and Operations (D365FO)
Solution Configuration in Dynamics 365 Finance and Operations (D365FO)
SOD Violations Detection and Analysis
Summary

This article series explains how to perform a Segregation of Duties (SOD) analysis using 3 different tools for Dynamics 365 Finance and Operations. The purpose is to provide various options. The entire series will consist of 3 parts, as follows:

Performing Segregation of Duties (SOD) Risk Analysis in Dynamics 365 Finance and Operations (D365FO)

PART 2: Using RSM's Guardian Power App (to be published at 12/6)
PART 3: Using Fastpath (to be published at 12/20)

Let's get started with PART 1.

Introduction

In today’s business landscape, ensuring compliance and safeguarding financial systems against fraud and errors are critical objectives for organizations. One of the key practices to achieve this is implementing Segregation of Duties (SOD)—a control measure that prevents a single individual from managing multiple critical tasks within a business process.

Dynamics 365 Finance and Operations (D365FO) provides a tool to help organizations analyze and manage SOD risks effectively. By leveraging its built-in security framework, role-based access controls, and analytical capabilities, businesses can identify potential conflicts and enforce appropriate control measures to maintain compliance.

This article marks the first in a three-part series exploring how to perform SOD risk analysis using different tools. Here, we focus on how Dynamics 365 Finance and Operations can streamline the process, ensuring your financial system remains secure and compliant with industry standards like SOX and COSO.

Solution Components for SOD in Dynamics 365 Finance and Operations (D365FO)

In Dynamics 365 Finance and Operations (D365FO), Segregation of Duties (SOD) revolves around managing duties—a fundamental concept within the security framework. Duties represent a collection of related privileges that define what a user can do within the system, ensuring their access aligns with their responsibilities. Here are the key solution components that support SOD in D365FO:

Security Roles, duties and privileges

Security roles are the top-level entities in D365FO's security model. They are designed to group duties and privileges required to perform specific business tasks. Roles such as "Accounts Payable Manager" or "Inventory Clerk" ensure users can only access features relevant to their job functions.

  • Roles are assigned to users, directly linking them to duties and privileges.
  • SOD is managed by ensuring that roles do not encompass conflicting duties.

Duties are granular groups of related privileges that correspond to specific responsibilities, such as approving invoices, processing payments, or creating purchase orders. They are key to managing SOD conflicts, as risks often arise when users are assigned duties that conflict with each other.

  • Duties allow fine-grained control of system functionality.
  • The system's built-in SOD rules help detect when conflicting duties are assigned to the same user or role.

Privileges are the lowest level of access definitions in the security hierarchy. They control access to individual forms, menu items, or actions within the application. By combining privileges into duties, D365FO creates a layered approach to access control.

Segregation of Duties Rules

D365FO includes a framework for defining and enforcing SOD rules. These rules specify which combinations of duties are considered incompatible and must not be assigned to the same user. For example:

Conflict Example: A user assigned to both "Maintain Vendor Invoices" and "Approve Vendor Invoices" duties creates a risk of unauthorized transactions.

The list of these conflicts forms Segregation of Duties (SOD) Framework. It's also known as SOD ruleset.

SOD Violations Detection and Analysis

The system offers tools for detecting and resolving SOD conflicts. Administrators can run diagnostics to identify violations to support compliance with regulatory standards such as SOX.

Conflict Resolution: D365FO provides workflows and configuration options to address identified conflicts, such as reassigning duties or splitting responsibilities across multiple users.

Mitigation / Remediation Tools: Workflows and ITACs

SOD enforcement is closely tied to workflows in D365FO. Approvals and reviews are built into workflows, ensuring that no single individual has control over critical processes.

By leveraging these components, D365FO allows organizations to establish a secure environment that supports operational efficiency while maintaining compliance with internal and external regulations. The next section will delve into the process of configuring these components for effective SOD risk analysis.

ITACs are not separate concepts but complementary mechanisms that enforce Segregation of Duties (SOD) and other security principles in Dynamics 365 Finance and Operations (D365FO). While workflows focus on approvals, ITACs enforce transactional integrity. 

Solution Configuration in Dynamics 365 Finance and Operations (D365FO)

Security Roles and their user assignments

Security roles are designed to group related duties and privileges. 

System administration >> Security >> Security configuration


Users are assigned to specific security roles.

System administration >> Users >> Users


This screen shows user and their security role assignments.


The SOD framework incorporates security role access and user assignments into the risk analysis algorithm.

Segregation of Duties Framework

For demo purpose, our rule is that A user CANNOT perform both "Maintain Vendor Invoices" and "Approve Vendor Invoicesduties at the same time.

Let's create that Segregation of Duties (SOD) rule in the system.

Go to System Administration >> Security >> Segregation of duties >> Segregation of duties rules


Click + New.

Select the first duty.

Select the second duty.

Select the risk rating.


Populate the risk definition: 'Registering unapproved invoices.' The Security Mitigation column contains ITAC(s) that mitigate/remediate the identified risk. This column can remain empty for now. The first SOD rule is ready.


SOD Violations Detection and Analysis

Identifying Internal Role Risks

D365FO offers a tool for detecting and resolving SOD conflicts. You as an admin can run diagnostics to identify violations and generate reports to support compliance with regulatory standards such as SOX.

Go to Security administration >> Security >> Segregation of duties >>  Segregation of duties rules

Open the form and click 'Validate duties and roles' to run the analysis.



An error message appears:

Role "Accounts payable manager" is in violation of segregation of duties rule "New Segregation of duties rule": The role contains duties "Maintain vendor invoices" and "Approve vendor invoices".

SOD risk analysis tool identifies that and notifies you. Please note this is an internal role risk.

User Risk Analysis: Scenario 1

Let's assign "Accounts payable manager" to a user.

System administration >> Users >> Users.


The system throws an error as shown below:

Cannot create a record in Security user role (SecurityUserRole). The corresponding AOS validation failed.
Note that a series of actions are taken:

  • The system identifies the conflict and does not allow this role assignment until the message is addressed.
  • System asks whether you want to solve this conflict now or not.

Click 'Yes', system takes you to 'Segregation of duties unresolved conflicts form' and asks you to decide:

  • Denny assignment: Role assignment is rejected.
  • Allow assignment: Role assignment is done. This is an exceptional situation and user needs that role assignment in order not to disrupt business processes.


Click 'Denny assignment'.


Role assignment is rejected and conflict line is moved onto 'Segregation of duties conflicts' as shown below.


User Risk Analysis: Scenario 2

Let's assign "Accounts payable manager" to a user and accept the conflict.

System administration >> Users >> Users


System throws an error as shown below.

Note that a series of actions are taken:

  • The system identifies the conflict and does not allow this role assignment until the message is addressed.
  • System asks whether you want to solve this conflict now or not.

Click 'Yes', system takes you to 'Segregation of duties unresolved conflicts form' and asks you to decide:

  • Denny assignment: Role assignment is rejected.
  • Allow assignment: Role assignment is done. This is an exceptional situation and user needs that role assignment in order not to disrupt business processes.
Click 'Allow assignment'.


Enter the reason for overring the SOD rule.


Note that the role is now assigned.


Note that this violation is recorded on the Segregation of duties conflicts screen as below.


ITAC documentation

The last step is to do ITAC Documentation for mitigation/remediation purpose.

ITACs are not separate concepts but complementary mechanisms that enforce Segregation of Duties (SOD) and other security principles in Dynamics 365 Finance and Operations (D365FO).

SOD enforcement is closely tied to workflows in D365FO. Approvals and reviews are built into workflows, ensuring that no single individual has control over critical processes. The next step is the process of assigning ITACs to SOD risks.

Go to the risk.

Define the risk and enter mitigating control information as below.


User Risk Analysis: Scenario 3

Let's now assign 2 different roles violating the SOD rule together.



An error message appears:

Cannot create a record in Security user role (SecurityUserRole). The corresponding AOS validation failed.

Please note that system notifies you that the role assignment cannot pass the validation.

System only assigns one of the conflicting roles.


Attention: Please note that system does the risk analysis only after completing SOD ruleset setup.

Summary

Dynamics 365 Finance and Operations (D365FO) provides robust tools to manage Segregation of Duties (SOD) by leveraging its security framework, including roles, duties, privileges, and SOD rules. These components allow organizations to identify and resolve access conflicts, enforce regulatory compliance, and document mitigations through workflows and ITAC integration. By configuring SOD rules and analyzing conflicts, businesses can ensure that critical tasks are segregated effectively, safeguarding operations and minimizing the risk of fraud or errors.

AI Summary in Dynamics 365 Finance and Operations (Copilot - D365FO)

AI SUMMARY IN DYNAMICS 365 FINANCE AND OPERATIONS (COPILOT - D365FO) CONTENT Introduction Upcoming D365FO copilot features AI summary (Conte...