Umoja Release Note: 30 June 2018

Umoja Release Note # 2018-055
For the period 01 June – 30 June 2018

Umoja System Changes

OICT identified a phishing campaign that uses forged “Payment Advice notices from Umoja” to infect the computers of recipients with malicious software.

These fraudulent payment notification messages, with the subject line “Payment Advice generated on [date]” contain an image of “attachments” that appear to be PDF files, but actually are links to malicious websites. When users attempt to open the “attachment”, they will be transparently redirected to a website from which malicious software will be downloaded to their computer. Such attacks are very difficult to detect by unsuspecting users as the links in the forged emails look like PDF files and the downloads open as PDF files.

The following steps should be taken to verify that a payment advice notification from Umoja is genuine:

  • Verify that the attachment on the email message is indeed a PDF file and not a malicious link by hovering the mouse over the attachment; if it shows “http… or https…”, it is a link and not a file
  • Check for typos and misspellings on subject lines – legitimate messages usually do not have major spelling mistakes or poor grammar
  • Check for incorrect ‘reply to’ or sender email addresses – some phishing attempts use a sender’s email address that is similar to, but not the same as, a company’s official email address;  An attacker can also forge email addresses already in use, so if the phishing email appears to come from DoNotReply@un.org, send the email header to OICT for verification (download a guide on how to do this).
  • Check and read the 'warning' message included at the bottom of the genuine payment notification email message:

WARNING: The United Nations Office of Information and Communications 
Technology (OICT) has identified a phishing campaign forging “Payment 
Advice” notices from the United Nations, to infect the computersof 
recipients with malicious software.  These fraudulent emails contain 
images that appear to be PDF file attachments but actually contain links
to websites that download malicious software to the users’ computers. 
This attack is very difficult to detect by unsuspecting users as the 
link looks like a PDF file and the download also opens as a PDF file.
The following steps should be taken to verify that a Payment Advice 
notification from the United Nations is genuine:

(a) Verify that the attachment on the email message is indeed a PDF file
and not a malicious link by hovering the mouse over the attachment;the 
file type should show as a “.pdf file”. If it shows “http://… or 
https://…”, it is a link and not a file. DO NOT CLICK ON THE LINK and 
delete the message right away.

(b) Check for typos and misspellings on subject lines – genuine messages
from the United Nations do not have spelling mistakes or poor grammar.

Always be cautious about opening attachments that you receive, particularly when you are not familiar with the sender of the message and/or not expecting the message. If an email looks suspicious, DO NOT open the attachment and immediately report it to abuse@un.org.

 

CS: SD - Sales and Distribution

INTTRK-10906        (22 June)
WO/CCBREQ#        CCBREQ-4699, WO-IM-1-3781012003
Description
The new Sales Order Invoice layout has been changed in a number of significant ways: 
The new Sales Order Invoice layout will now print Bill to Party and the Information boxes formatted to align with the Real Estate Invoice layout; 
The new layout will group the invoice items by Sales Order and print the Sales Order Number, Sales Order Document Date, PO Number and PO Date at the Sales Order (group) level; 
When the Invoice is created from one Sales Order, the new layout will display the Sales Order Number, Sales Order Document Date in the "Sales Order No./ Date" field of the header (Information section), else if the Invoice is created with multiple Sales Orders, display "MULTIPLE" in this field; 
The Unit Price will be converted to the Document Currency, thereby printing all the prices in the Document Currency. Also printing the Document Currency under the column heading "Value" (last column on the Invoice); 
The 'Payment Instructions' printed at the bottom of the page will have one generic set of instructions and print the bank details dynamically based on the House Bank Number(s) & Account ID(s) that is maintained in the Sales Order Header(s).

CS: TV - Travel Management

INTTRK-13291        (07 June)
WO/CCBREQ#        CCBREQ-5567
Description
The request for cancellation functionality has been disabled for scenarios for which it should not apply: previous request for cancellation already made; trip in partial cancellation; trip in complete cancellation; trip rejected; trip closed by the year end process; expense report already created; housekeeping program ran on the trip.

INTTRK-15637        (22 June)
WO/CCBREQ#        CCBREQ-6282
Description
The 'Org Unit' field is now mandatory in the mini master fast entry. An error "Fill in all required entry field." is displayed when this field is empty.

INTTRK-15484        (07 June)
WO/CCBREQ#        CCBREQ-6211
Description
Processing Office Service Provider Assignment Report is now available that displays details of assignment of service providers to processing offices. Report is searchable by processing office type, processing office ID/name and service provider ID/name. 

INTTRK-15100        (08 June)
WO/CCBREQ#        CCBREQ-6092, CCBREQ-5925
Description
Quotation option has been disabled for Travel Processing Offices.

INTTRK-8840            (14 June)
WO/CCBREQ#        IM-1-4616025001 / WO-IM-1-4616272350 and IM-1-3761695746 / WO-IM-1-3779885504
Description
The current mappings in the configuration will allow Travel Requests for Special Staff under category. 

INTTRK-7674            (07 June)
WO/CCBREQ#        CCBREQ-4059
Description
Copy functionality has been extended. Travelers can use any existing trip/claim as copy to submit any new trip/claim. Travel administrators can use any trip to create new trips for other employees.

    
FI: AP - Accounts Payable

INTTRK-15724        (22 June)
WO/CCBREQ#        RFS-1-5931589811
Description
For UNIC, we have created the following 27 cash Journals: 
#CJ (Currency) 
#5872 (CDF) 
#5873 (EGP) 
#5874 (XOF) 
#5875 (SDG) 
#5876 (UAH) 
#5877 (BHD) 
#5878 (BYN) 
#5879 (CFA) 
#5880 (ZAR) 
#5881 (MAD) 
#5882 (UZS) 
#5883 (GEL) 
#5884 (TND) 
#5885 (NAD) 
#5886 (XAF) 
#5887 (AMD) 
#5888 (GHS) 
#5889 (DZD) 
#5890 (TRY) 
#5891 (MGS) 
#5892 (ERN) 
#5893 (AZN) 
#5894 (BIF) 
#5895 (TZS) 
#5896 (NGN) 
#5897 (XOF) 
#5898 (ZMW)

INTTRK-15649        (14 June)
WO/CCBREQ#        RFS-1-5870881751, RFS-1-5874929926
Description
For ITC we have created Cash Journal #5868 (TND). 
For OCHA we have created Cash Journals #5869 (SSP), #5870 (SSP), #5871 (USD).

INTTRK-15615        (22 June)
WO/CCBREQ#        IM-1-5452647371
Description
The following payment term has been created in Umoja as requested by UNAMI: 
-Z074 – 20 days 0.4%, net 30

INTTRK-15585        (01 June)
WO/CCBREQ#        RFS-1-5860617328
Description
Cash Journal #5867 (USD) has been created for UNOCHA-DRC with Fund 32DDN and Business Area S200. Cash Journal #5588 (COP) has been updated for UNODC to reflect new cash journal name as UNODC - COLOMBIA – YARUMAL.

FI: TR - Treasury and Cash Management

INTTRK-13548        (18 June)
WO/CCBREQ#        CCBREQ-3736
Description
This change enables the sensitive field confirmation process for banking data updates. With this change all banking data related changes need to be confirmed by a designated approver. Until the change is confirmed, no payments can be made on the BP. This applies to all banking data maintained for customers and vendors in the BP transaction directly. It does not apply to changes to individuals maintained in HCM/ESS.

HR: PA - Personnel Administration including Workforce 

INTTRK-15678        (13 June)
WO/CCBREQ#        CCBREQ-6327
Description
Addition of new nationality "OTH-Kosovo1244 " and country name "OTH-Kosovo1244" per MEU decision.

INTTRK-15663        (08 June)
WO/CCBREQ#        WO-RFS-1-5922543553
Description
If for any reason, the date of birth is updated in the Personal Data infotype (IT0002), the Mandatory Age of Separation (UM) on the Date Specifications infotype (IT0041) will be recomputed and updated automatically relative to the new date of birth.

INTTRK-15590        (29 June)
WO/CCBREQ#        CCBREQ-6336
Description
New transaction codes added for maintenance of Global Index Database including loading of index number data from non-Secretariat entities that use the same pool of index numbers.

INTTRK-15332        (14 June)
WO/CCBREQ#        N/A
Description
As part of C5 travel go live, over 7,500 Business Partners for Consultants and Individual Contractors were flipped onto HCM mini master, which allows them to initiate travel requests. 

HR: TM - Time Management

INTTRK-15631        (22 June)
WO/CCBREQ#        WO-RFS-1-5840963978
Description
Configuring Work Schedule rules for Vienna to adhere to summer work hours. 

INTTRK-15766        (22 June)
WO/CCBREQ#        WO-RFS-1-5954187741
Description
Establishing Floating Holiday 2018 for staff in Nepal. 

IN: ES - Enterprise Structure

INTTRK-15680        (01 June)
WO/CCBREQ#        N/A
Description
In accordance with communication from their Permanent Mission to the UN, Business Partner fields for Country selection, in Umoja, was updated from Swaziland to Eswatini. Change of names for individual vendors/customers must be individually addressed following procedures for BP Master data Maintenance outlined on iSeek where necessary. 

SC: PM - Plant Maintenance

INTTRK-15507        (01 June)
WO/CCBREQ#        CCBREQ-6244
Description
There are several reports like IE05, IE06, IH08, IH10, IE37, IE36 that also report out on the Partner Assignment (ZV-User Responsible, VN Vendor and ZP-Implementing Partner) of equipment master data record. 
However, previously, the "deleted" partner records were being considered, whereas they should be excluded. This led to a great number of queries as to why the report was showing "*" value when there only is ONE partner record against the equipment for that partner type. With a fix to the report, now only the current partner record per partner type is displayed or an “*” value when there are multiple partners assigned to the equipment record.

SC: PM - Plant Maintenance, SC: SA - Source to Acquire

INTTRK-14962        (14 June)
WO/CCBREQ#        WO-RFS-1-5282029170
Description
Update Plant Name IT01 to "Global Service Centre Brindisi" and Search Term to "UNGSC". 

SC: SA - Source to Acquire

INTTRK-15589        (01 June)
WO/CCBREQ#        WO-RFS-1-5875153957
Description
The ZFO Purchase Requisitions has been removed from being transferred from ECC to SRM.

INTTRK-15439        (04 June)
WO/CCBREQ#        WO-RFS-1-5749493821, WO-RFS-1-5796167863
Description
New Low Value Acquisitions purchasing groups are created for Department of Public Information. 
437 DPI LVA - Dar es Salaam 
438 DPI LVA - Tripoli 
439 DPI LVA - Antananarivo 
440 DPI LVA - Brazzaville 
446 DPI LVA - Ouagadougou 
447 DPI LVA - Bujumbura 
448 DPI LVA - Khartoum 
449 DPI LVA - Pretoria 
450 DPI LVA - Windhoek 
451 DPI LVA - Algiers 
452 DPI LVA - Yaounde 
453 DPI LVA - Harare 
454 DPI LVA - Luanda 
455 DPI LVA - Lusaka 
456 DPI LVA - Manama 
457 DPI LVA - Maseru 
458 DPI LVA - Sana'a 
459 DPI LVA - Tehran 
460 DPI LVA - Accra 
466 DPI LVA - Cairo 
467 DPI LVA - Dakar 
468 DPI LVA - Lagos 
469 DPI LVA - Rabat 
470 DPI LVA - Tunis 
476 DPI LVA - Lome 
477 DPI LVA - Ankara 
478 DPI LVA - Azerbaijan 
479 DPI LVA - Kazakhstan 
480 DPI LVA - Uzbekistan 
490 DPI LVA - Belarus 
491 DPI LVA - Eritrea 
492 DPI LVA - Georgia 
493 DPI LVA - Ukraine 
494 DPI LVA - Armenia 
New HRP CIC purchasing group for OHCHR 
356 - OHCHR HRP CIC

INTTRK-15356        (14 June)
WO/CCBREQ#        CCBREQ-6127
Description
Purchasing Group UNLB has been renamed to UNGSC. 

INTTRK-14961        (14 June)
WO/CCBREQ#        WO-RFS-1-5282029170
Description
Update Plant Name ES01 to "United Nations Information and Communication Technology Facility, Valencia".