Quick Launch Checklist
Provision Environments
Set up DEV/TEST/STAGE/PROD with identical addons and configs; enable automated backups + audit logs
Create Database
One Odoo 19 database with multi-company (Bethlehem HQ, Ramallah, Jerusalem, Amman, Egypt)
Configure Accounting
Apply IFRS/NGO-ready Chart of Accounts, taxes, and currencies (ILS, JOD, EGP, USD); enable multi-currency
Security & SOD
Lock down security with branch-aware access groups and record rules; implement segregation of duties
Base Settings
Configure languages, time zones, sequences, email, document storage, chatter, and attachments
Intercompany Features
Turn on reciprocal partners, automated journals, and elimination accounts for intercompany transactions
Seed Master Data
Load templates for partners, products/services, COA segments, cost centers, and projects
A. Environments (Identical Topology)
Option A: Odoo.sh (Recommended)
Default Choice
Pros:
- Faster CI/CD pipeline
- Automated backups
- One-click staging environments
- Lower operational burden
Cons:
- Less infrastructure control
- Dependency on Odoo SaaS
Option B: Self-Hosted Docker/K8s
Alternative
Pros:
- Full infrastructure control
- On-premise data options
- Network-level control
- Hybrid cloud capabilities
Cons:
- Requires DevOps expertise
- Higher maintenance overhead
Environment Configuration
| Environment | Purpose | Access | Data |
|---|---|---|---|
| DEV | Feature development and testing | Developer access only | Dummy/synthetic data |
| TEST | Integrated module testing | QA team + developers | Nightly refresh from STAGE |
| STAGE (UAT) | User acceptance testing | Business users only | Production-like data (sanitized) |
| PROD | Live operations | Restricted; authorized users only | Real operational data |
Foundational Operations
Backup Policy: Automated daily full backups (retain 35 days) + hourly diffs (retain 72h); encrypt at rest
- Audit Logging: Enable server logs + audit logs (sudo/user actions, model create/write/unlink, login events)
- CI/CD Pipeline: PR → run tests (lint, unit, data-load smoke) → build → deploy to TEST → manual promote to STAGE/PROD
- Version Control: All custom modules + data templates in git monorepo
B. Database Creation (Single DB, Multi-Company)
Database Configuration
- Database Name:
alshayeb_group_prod(with suffixes:_dev,_test,_stage) - Languages: Arabic (ar), English (en), French (fr) [optional]
- Time Zones: Company default = Asia/Hebron; per branch override (Amman, Cairo)
- Multi-Company: Enabled
- Multi-Currency: Enabled with automatic FX rate updates
Initial Module Installation
C. Multi-Company Model & Naming
| Code | Legal Entity | Location | Currency | Role |
|---|---|---|---|---|
| ALP-HQ | AlShayeb Partners | Bethlehem | ILS | Parent Company |
| ALP-RAM | AlShayeb Partners - Ramallah | Ramallah | ILS | Branch |
| ALP-JRS | AlShayeb Partners - Jerusalem | Jerusalem | ILS | Branch |
| ALP-AMM | AlShayeb Partners - Jordan | Amman | JOD | Branch |
| ALP-EGY | AlShayeb Partners - Egypt | Cairo | EGP | Branch (AI Helpdesk Hub) |
Intercompany Policy
- Parent Company: ALP-HQ (Bethlehem)
- Inheritance: Children inherit default fiscal settings from parent
- Shared Resources: Partners and products shared across all companies
- IC Transactions: Automated Purchase↔Sale with mirror partners (e.g., "ALP-AMM (Internal)")
- Clearing Accounts: 1399/2399 per company pair
- Consolidation: Elimination company for consolidated reporting (Phase 2)
D. Base Settings (Global Configuration)
Document Sequences
Format: COMP-DOC-YYYY-#####
Example: HQ-INV-2025-00001
Document Types:
Email Configuration
- Outgoing: SMTP per domain with DKIM/SPF
- Incoming: Catch-all aliases mapped to models
helpdesk@→ Helpdesk Ticketsprojects@→ Project Tasksap@→ Vendor Billsar@→ Customer Invoiceshr@→ HR Requests
Documents App Structure
Workspace Tree:
- /Finance
- /HR
- /Projects
- /Audit
- /Intercompany
- /Contracts
Knowledge Base
Space: "Odoo SOPs"
Categories:
- Finance Procedures
- HR Policies
- Intercompany Workflows
- Helpdesk Playbooks
- Education & Healthcare
Attachments & Storage
- Storage: Filestore (disk-based)
- Size Limit: 25MB per file
- OCR: Auto-OCR on PDFs (Enterprise)
- Retention: Per document type policy
Currency Configuration
| Currency | Role |
|---|---|
| ILS | Primary (HQ) |
| JOD | Jordan operations |
| EGP | Egypt operations |
| USD | International contracts |
| EUR | European clients |
Auto-rate update: Daily at 08:00 Asia/Hebron
E. Chart of Accounts (IFRS/NGO-Ready)
Approach: Start from IFRS base COA, extend with NGO segments (projects/grants). Use analytic accounts for projects/grants; analytic tags for donor/fund/cost category.
COA Structure (High Level)
| Range | Category | Description |
|---|---|---|
| 1000–1999 | Assets | Current assets, fixed assets, intangibles |
| 1399-XXX | IC Receivables | Intercompany clearing (per counter-company) |
| 2000–2999 | Liabilities | Current liabilities, long-term debt |
| 2399-XXX | IC Payables | Intercompany clearing (per counter-company) |
| 3000–3999 | Equity | Share capital, retained earnings, reserves |
| 3790 | FX Revaluation | Unrealized FX Gain/Loss |
| 3990–3999 | Eliminations | Consolidation eliminations (future) |
| 4000–4999 | Income | Revenue from services, grants, other income |
| 5000–5999 | COGS | Cost of goods/services sold |
| 6000–7999 | Operating Expenses | Salaries, rent, utilities, professional fees |
Journal Configuration (Per Company)
Accounting Controls
- Lock Dates: Monthly close at T+5 business days; user groups for period lock vs. final lock (Accounting Manager only)
- Analytic Requirement: Mandatory analytic account on spend lines for NGO projects; enforce via Studio rule or server action
- Reconciliation: Bank reconciliation models for common transactions; monthly IC reconciliation
- Audit Trail: All journal entries logged with user, timestamp, and approval chain
F. Tax, Localization, and Currencies
Palestine/Israel (ILS)
- VAT: Standard rates as applicable
- Tax Groups: AR/AP configured
- Tax Tags: Reporting categories
- Reverse Charge: Cross-border if needed
Jordan (JOD)
- VAT/Sales Tax: Per Ministry of Finance
- Withholding: As required by law
- Reports: Local tax reports configured
Egypt (EGP)
- VAT: Egyptian VAT rates
- Withholding: 1–5% scenarios
- E-Invoice: Readiness for API connector (Phase 3)
Note: Exact statutory rates to be parameterized during Phase 2 with local accountant sign-off. FX gains/losses realized at payment; monthly FX revaluation scheduled action for open items.
G. Master Data Seeding (Golden Templates)
Partners
- Single contact per legal entity
- Multi-company shared enabled
- Internal companies as vendors/customers for IC
- Complete contact hierarchy
Products/Services
- Service SKUs: Audit, Tax, Advisory
- Odoo Implementation & Support
- Helpdesk services
- Revenue accounts mapped per service
Banks & Payment Terms
- Bank accounts per company
- Default journals with IBAN/SWIFT
- Payment terms: Net 0/15/30/45
- NGO milestone-based terms
Analytic Structure
Template: PRJ-[Donor]-[Country]-[YY]-[Seq]
Example: PRJ-UNICEF-PS-25-001
Cost Centers:
- Finance
- HR
- Audit
- Odoo Services
- Education
H. Security, Access Groups & Segregation of Duties
Principles: Least privilege, need-to-know, company-aware access. No cross-company posting except designated roles. Record rules restrict by company_id and branch analytic.
Key Access Groups
| Group | Permissions | Restrictions |
|---|---|---|
| Group_Finance_Admin | Full accounting, period lock, configuration | Per company assignment |
| Group_Finance_Clerk | Vendor/customer entries | No lock, no configuration |
| Group_HR_Admin | HR configuration, contracts, payroll | Company-specific |
| Group_HR_Officer | HR operations, employee records | Read-only on payroll |
| Group_Project_Manager | Project creation, planning, budgets | Own projects + assigned |
| Group_Project_User | Task management, timesheets | Assigned tasks only |
| Group_Audit_ReadOnly | Read accounting, journals, documents, logs | No write access (internal auditors) |
| Group_IC_Controller | Intercompany postings + reconciliation | Cross-company access limited to IC |
| Group_Helpdesk_Agent | Ticket management, KB access | Egypt hub assignments |
| Group_Helpdesk_Manager | Team management, SLA configuration | Egypt hub oversight |
Segregation of Duties (SOD) Examples
❌
AP Invoice Entry ≠ Vendor Payment Approval
❌
Journal Configuration ≠ Journal Posting
❌
HR Contract Admin ≠ Payroll Validation
Admin Controls
- 2FA: Required for all admin accounts
- IP Allowlisting: Production back-office access restricted by IP
- Password Policy: Rotation every 180 days; complexity requirements enforced
- Audit Export: Weekly export to /Audit/Logs for compliance
- Session Timeout: 30 minutes inactivity; force logout on sensitive operations
I. Intercompany Automation (Minimal Viable Config)
Configuration Steps
- Create internal customer/supplier card per company with dedicated IC pricelist (zero margin)
- Enable Auto-Create IC Orders: Sale in ALP-HQ → auto Purchase in ALP-AMM
- Configure mirrored delivery and invoicing workflows
- Map IC accounts to 1399/2399 clearing accounts
- Set tax exempt status for IC flows
- Implement monthly IC reconciliation report
- Setup elimination models (Phase 2) for consolidated P&L/BS
See Intercompany Controls Page: For detailed control matrix, reconciliation procedures, and out-of-balance detection mechanisms, see Intercompany Controls.
J. Operational Modules (Baseline Switches)
Accounting
- All companies active
- Bank journals configured
- Payment acquirers (online collections)
- Reconciliation models
HR & Payroll
- Company structures defined
- Jobs and contracts
- Leave management
- Payroll rules per country (progressive)
Projects
- Templates: Audit, Odoo deployment, NGO grant
- Task stages configured
- Timesheets required
- Budget tracking enabled
Helpdesk
- Teams: Odoo-Internal, Client-Odoo, Finance-Support
- SLAs: First response ≤ 4h, Resolve ≤ 2 days
- Email aliases configured
- Egypt hub operations
Documents & Knowledge
- SOP library structure
- Approval flows for finance docs
- Threshold-based routing
- Version control enabled
K. Email, Notifications, and SLA
Email Configuration
- Outgoing: SMTP per domain
- Authentication: DKIM/SPF configured
- Bounce Handling: Automated processing
- Queue Management: Retry logic for failures
Helpdesk SLAs (Phase 1)
- First Response: ≤ 4 business hours
- Resolution: ≤ 2 business days (internal)
- Escalation: Auto-escalate at 80% SLA
- Tracking: Dashboard monitoring
Notification Strategy
- Manager Digest: Weekly summary (open items, IC mismatches, overdue tasks)
- Real-time Alerts: Critical issues, SLA breaches, approval requests
- Monthly Reports: KPI summary, risk register updates, audit findings
- User Preferences: Configurable notification channels (email, in-app, SMS)
L. Backups, Disaster Recovery, and Monitoring
1 hour
RPO (Recovery Point Objective)
4 hours
RTO (Recovery Time Objective)
35 days
Full Backup Retention
72 hours
Differential Retention
Backup Strategy
- Daily Full Backups: Encrypted, off-site storage (object storage + cross-region)
- Hourly Differentials: 72-hour rolling window for rapid recovery
- Monthly Testing: Documented restore tests (compliance requirement)
- Encryption: AES-256 encryption at rest and in transit
Monitoring & Alerts
- Uptime Monitoring: 24/7 external service checks
- Performance Metrics: Response time, database load, worker health
- Security Alerts: Failed login spikes, mass deletes, privilege escalation
- Log Anomaly Detection: ML-based pattern recognition
- Disaster Runbook: Stored in /Audit/DR with role assignments
M. Sample Data & Templates (Import Order)
Critical: Follow this exact import sequence to avoid dependency errors.
- Currencies & Rates - Base currencies and initial exchange rates
- Chart of Accounts & Taxes - Full COA with tax configurations
- Companies & Journals - All entities and their journals
- Partners - Customers, vendors, internal companies
- Products/Services - Service catalog with revenue mapping
- Banks - Bank accounts and payment methods
- Payment Terms - Standard and custom terms
- Analytic Accounts - Projects, cost centers, tags
- Opening Balances - Initial balances (last step)
CSV Import Templates
| Model | Key Fields |
|---|---|
| res.partner | name, company_type, street, city, country_id, vat, email, phone, is_company, parent_id, company_ids/id |
| product.template | name, type, categ_id/id, list_price, standard_price, taxes_id/id, property_account_income_id/id |
| account.account | code, name, user_type_id/id, company_id/id, reconcile, deprecated |
| account.journal | name, type, code, currency_id/id, company_id/id, bank_account_id/id |
N. Human-Taught AI Helpdesk (Egypt Hub) – System Hooks
Knowledge Curation Workflow
1
Draft
Curator creates KB article
→
2
Peer Review
Second curator validates
→
3
Approved
Manager approval
→
4
Published
Available to AI system
AI Integration (Phase 4)
- KB Categories: Linked to Helpdesk categories for auto-suggest
- RAG Endpoints: Read-only API for LangChain (article title, body, tags, version, approvals)
- Citation Tracking: Every AI answer cites KB article ID + version
- Escalation Logic: Unresolved queries automatically escalate to human curator
- Audit Trail: All AI interactions logged for quality review
Learn More: See AI Helpdesk Architecture for complete implementation details.
O. Acceptance & Quality Gates
✅
DEV/TEST/STAGE/PROD created with automated backups, logging, CI/CD
✅
Single DB with five companies configured; sequences and email aliases working
✅
IFRS/NGO COA, journals, taxes stubbed per country; multi-currency enabled
✅
Security groups + SOD implemented; intercompany accounts/journals present
✅
Base modules installed; master data templates prepared; imports tested on TEST
✅
DR plan, RPO/RTO documented; monthly restore test scheduled
Error Handling & Admin Notes
| Error Scenario | Resolution |
|---|---|
| Import Errors | Capture .log files; fix mapping (external IDs), re-run; never import directly into PROD |
| FX Sync Failures | Fall back to manual rate entry; flag in month-end checklist |
| Email Bounces | Verify SPF/DKIM; queue reprocess; disable faulty aliases |
| Access Denials | Check company context (user menu) and group membership; avoid granting multi-company unless necessary |