In order to ensure that different modules are secured by agreements, you may enable "Confidentiality agreements" under Financial Settings (in the "Enhanced Security" section). This will require that a user is required to acknowledge that he/she is allowed to access this module and its data. The main reason for doing this is to protect sensitive data (like financial data) from accidental User Administration mistakes (like assigning the wrong privilege to a user). It gives the employee a heads-up to realise they are seeing sensitive data and allows them to report if they should not see this. At the same time the manager is informed when agreements are signed that she/he can verify the correctness of this agreement.