Establishing the Four Eyes Principle in Data Reporting

TABLE OF CONTENTS

• 1. Start the process
• 2. Collaborator completes entry
• 3. Confirm data
• 4. Controller review
• 5. Higher-level review (optional)
• Alternative Methods
• Auditor access
  • 1. Scope of Auditor Rights
  • 2. Verification Tasks for Auditors
  • 3. Practical Workflow for Auditors
  • 4. Audit Evidence and Reporting
  • 5. Best Practices for Auditors

Follow these steps to apply the four eyes principle in Position Green:

1. Start the process

The reporter (or person responsible for the measure) enters the initial data on a measure.

• Assign one or more Collaborators to complete the entry.
• Do not confirm the measure at this stage.

2. Collaborator completes entry

Collaborators add supplementary data and click Notify Responsible.

• This triggers an email to the responsible person.

3. Confirm data

The responsible person logs in and confirms the measure.

4. Controller review

A controller goes to Review Data, filters on the measure, and checks the data point.

• Last Edited shows the collaborator who entered the latest data.
• Confirmed shows the responsible person.

At this stage, the four eyes principle is achieved.

5. Higher-level review (optional)

One or more higher-level controllers can use Review Data to mark the data as OK or flag that further actions are required.

Alternative Methods

1. The four eyes principle can also be applied by selecting ‘unit reports’ as Reporter to a measure in Company Setup > Measures > Edit measure.
   1. The user listed under Last Edited is not the same as the one listed under Confirmed.
      
      
2. If neither collaborators nor unit reports are used, and Last Edited matches Confirmed, a controller must review the data in Review Data and explicitly mark it as OK.
   

Auditor access

Auditors have full access to Review Data and can use the feature to independently verify that the four eyes principle has been correctly applied. 

1. Scope of Auditor Rights

Auditors can access all measures across units, regardless of their reporting or confirming roles. They can filter and search by measure, reporting period, or unit to focus on specific data sets. 

2. Verification Tasks for Auditors

Auditors can use Review Data to check:

• Whether Last Edited and Confirmed are different users.
• Whether a Controller review or Higher-level review has been completed.
• If data has been explicitly marked as OK or flagged for follow-up.

3. Practical Workflow for Auditors

• Log in and navigate to Review Data.
• Apply filters (e.g., by measure, reporting cycle, or org. units).
• Compare Last Edited vs. Confirmed fields.
• Verify whether the Reviewed step has been performed.

4. Audit Evidence and Reporting

• Auditors can make note of measures where Last Edited equals Confirmed (to ensure an independent review step exists).
• Notes and flags left by controllers provide additional audit evidence.
• If required, auditors can document exceptions and recommend corrective actions.

5. Best Practices for Auditors

• Regularly spot-check high-risk measures or units with frequent data changes.
• Ensure that controllers consistently use the Mark as OK or Needs action functions.
• Review flagged measures first to assess whether proper follow-up has been completed.