For SOX compliance I have been told that our method of registering prices in our purchasing database is insecure. Here's the current process, handled in Excel. We have about 5 Buyers, two managers, and one clerk, and this process is repeated at most 10 times in any given day. (and never simultaenously.)
1) Buyer creates a data-entry form in excel and includes as an OLE object a .pdf scan of the quote. Relevant data (price, part number, etc) is entered. Buyer types name as initiator and uses the "routing" function of Excel to send to Managment.
2) Management opens the pdf file and confirms that the quote data is accurate and approves. Manager types name as 'approval' and uses the routing function to send to clerk.
3) Clerk enters data from the form into the purchasing system. Clerk then types name and sends the file back to Buyer using routing.
4) Buyer compares the data on the request form to the data in the purchasing system for data-entry errors. Buyer types name on the form and routes back to clerk for filing.
5) Clerk files the digital copy in a shared folder, as well as a hard copy in file folder.
Only the clerk has access to the data entry screen in the main purchasing system, but we've been asked to avoid the possibility of the clerk completing the whole registration process by forging signatures. I would like to create a simple workflow system that assigns users a password and allows them to actually "approve" the form as it goes through the process. I don't need anything super-robust; we're talking more here about showing an ounce of protection in case the auditors notice the possibility of a clerk forging the whole process. Best would be the buyer enters the data into the form, chooses the apppropriate manager and clerk, and hits a button. Ideally, emails would be sent in tern to the user when their input is needed, and the application would allow the final process to be printed, searched and stored at a central location.
So the questions:
Is Access the best vehicle to develop this solution? Are there add-ons to simplify the development? Is a third-party solution a better choice? Note: we do not have access to any back-end server capabilities, so the solution must be able to run from each individual work station.
Thanks for any advice.