Audit of Employee Self-Service Payroll System Access



Similar documents
CORE Oklahoma. State of Oklahoma Department of Corrections Employee Self Service Manual

North Dakota University System

Audit of System Backup and Recovery Controls for the City of Milwaukee Datacenters MARTIN MATSON City Comptroller

Audit of Cell Phone Device Management and Utilization Controls

Payroll Direct Deposit

Employee Self Service Adding and Modifying Direct Deposit Information

Audit of Milwaukee Fire Department Fixed Assets Controls

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT PAYROLL AUDIT PROGRAM

H U M A N R ES O U R C ES Direct Deposit Online Instructions

Employee Instructions for Setting up Direct Deposit

Development of Essential Features for a Human Resource Management System

If you experience any trouble, please contact the Campus Help Desk at or

University of Northern Colorado Charting the Future. Unit Report: PAYROLL Submitted by: Krystal Dilka Date: November 24, 2003

Employee Instructions for Setting up Direct Deposit

CPS HR4U Employee Self-Service - Updating Direct Deposit

Information Technology General Controls (ITGCs) 101

OVERVIEW AND TERMINOLOGY

PEOPLESOFT ENTERPRISE PAYABLES

Running, Viewing, and Printing Reports Table of Contents

WORKDAY CONCEPT: EMPLOYEE SELF SERVICE

STATE OF NEVADA DEPARTMENT OF PERSONNEL STATEWIDE PAYROLL SYSTEM AUDIT REPORT

Human Resource Information System (HRIS) Post Implementation Review

Audit of the Office of Emergency Management and Homeland Security: FEMA Urban Area Security Initiative Grant Management 2012 through 2014

North Dakota University System

PeopleSoft Employee Self Service User Guide

Company DBA: Company Legal Name: Company Federal EIN: Company State Unemployment ID Number:

PEOPLESOFT HELPDESK FOR HUMAN RESOURCES

EMPLOYEE SELF SERVICE: ACCESSING YOUR INFORMATION

How To Create Employee Review Documents In Peoplesoft

JD Edwards EnterpriseOne Payroll for Canada Rel 9.x

Payroll Direct Deposit Self Service Guide

HelpDesk for Human Resources. Linda Hartford ShopKo Norm Wold -- Oracular

The Complete Buying Guide For Payroll Software

NASCIO. Improving State

Technical Support Policies Effective Date: 25-OCTOBER-2006

TELUS Frontline Customer Care Guide

OFFICE OF AUDITS & ADVISORY SERVICES ACCOUNTS PAYABLE VENDOR MASTER FILE AUDIT FINAL REPORT

SAMPLE FINANCIAL PROCEDURES MANUAL

Approve Time Manager Self Service > Time Management > Approve Time and Exceptions > Payable Time (Payroll Processors/Approvers)

Simplify the HR systems integration and provide a single version of employee data. C

PeopleSoft Version 9.2

Class Specification Accounts Payable/ Receivable Supervisor

Doing more for less with HR technology tools. Improving results and lowering costs with a Human Resource Management System

4 Testing General and Automated Controls

Department of Public Safety and Correctional Services Criminal Injuries Compensation Board

How to Use ADP Self Service

PeopleSoft 9.0 Employee Self Service User Guide

Privacy Impact Assessment

EMPLOYEE SELF-SERVICE DIRECT DEPOSIT PROCEDURES

IT Project Co-Sponsor: John Scoville Project Dependencies:

STAFF ADDITIONAL COMPENSATION - REJECT RULES

Overview of Fiscal Intermediary Services

Teleran PCI Customer Case Study

Comptroller of the Treasury. Central Payroll Bureau

ACCOUNTING POLICIES AND PROCEDURES

How to set up a people based. accounting system that makes your. small business work for you. Thomas G. Post. Certified Public Accountant

ACQUISITION OF SOFTWARE AND SERVICES TO SUPPORT THE CORPORATE HUMAN RESOURCES INFORMATION SYSTEM

Adding a Direct Deposit Account in Employee Self-Service

New York State Office of the State Comptroller. PayServ Navigation Paths

State Accounting Office

IT Investment and Business Process Performance: Survey Questionnaire

Working With Direct Deposit Accounts and Your Payment Elections

Sage Abra HRMS. Evaluating Payroll Options For Your Mid-Sized Business: In-house, Outsourced, or a Blend of Both?

DEPARTMENT OF CIVIL SERVICE HEALTH INSURANCE PREMIUMS FOR PARTICIPATING EMPLOYERS. Report 2007-S-83 OFFICE OF THE NEW YORK STATE COMPTROLLER

Viewing Paycheck Information Online - LSU Health New Orleans - On Campus

The Executive Buying Guide to Employee Self-Service

Fiscal Procedure Sequence page number

Accounts Payable Audit

U.S. Nuclear Regulatory Commission

PeopleSoft HR 9.1 PeopleBook: Plan Careers and Successions

Sage Abra HRMS. HR Technology Tools: What You May Be Missing Improving results and lowering costs with a Human Resource Management System

Online Check Stub Enrollment. from Dominion Payroll Services

UCLA Policy 360: Internal Control Guidelines for Campus Departments

Office of Contracting & Procurement and Support Service Center Desk Reference

AP and AR Corrections Handout

Sage Abra HRMS. Abra HRMS Security Considerations

Accounts Payable. Best Practices: Existing Control: Control Gap: Controls Evaluation and Gap Analysis. Purchasing

PAYROLL 8.9 TRAINING GUIDE ONLINE CHECKS

Welcome to CEFCU Bill Pay

An Introduction to Continuous Controls Monitoring

February 2, 2012 ACCOUNTS PAYABLE BEST PRACTICES

Transcription:

Audit of Employee Self-Service Payroll System Access MARTIN MATSON City Comptroller STACEY MAZMANIAN Audit Manager City of Milwaukee, Wisconsin September 2015

TABLE OF CONTENTS Transmittal Letter..1 I. Audit Scope and Objectives.. 2 II. Human Resources Management System........ 4 III. Audit Conclusion........4 A. Root Cause of Inaccurate Information on Payroll Advices.....4 B. Audit Test Results... 5 i

I. Audit Scope and Objectives The Human Resources Management System (HRMS) includes a component for Employee Self- Service, which provides employees the functionality to view payroll information from any personal computer. Internal Audit was informed of a City employee who, upon signing into HRMS, repeatedly observed inaccurate information displayed on the payroll advices (for example, the amount, job title, and bank account information displayed were incorrect and would change from paycheck to paycheck). These incidents were reported by the employee ( impacted employee ) and confirmed by the employee s manager, as well as the Information and Technology Management Division (ITMD). The audit focused on determining the root cause of the inaccurate information that was displayed whenever the impacted employee tried to view the pay advice in HRMS Employee Self-Service. Additionally, Internal Audit performed procedures to determine whether this was an isolated incident or affected other employees. Since a primary function of HRMS Employee Self-Service is to provide employees with the opportunity to view payroll advices, it should be noted that this system component does not perform any payroll calculations, processing, or make payroll payments. While the information presented on the pay advice screen was not accurate for the impacted employee, the direct deposits have been accurate. The audit included an evaluation of access to HRMS, with regard to Employee Self-Service, security configurations, and the integrity and source of the payroll information available for employee viewing. The scope of the audit included Employee Self-Service payroll system access and payroll data integrity for all City employees. This included how employee account access is granted in Employee Self-Service, proper system screen availability, and accuracy of payroll information that can be viewed by employees. The scope of the audit did not include the accuracy of payroll calculations. 2

The objectives of the audit were to: 1. Determine whether employee access to the HRMS Self-Service payroll and compensation system is configured appropriately and consistently; 2. Determine whether the Self-Service View Paycheck function displays accurate, historical payroll data; and 3. Verify whether the payroll is accurately disbursed. Audit methodology included developing an understanding of the Employee Self-Service payroll system, access roles, and the payroll information created, recorded, and stored by the Oracle PeopleSoft Enterprise payroll application. The audit procedures were developed with the aim of evaluating the process and system configuration, in order to meet the audit s objectives. They included process walk-throughs, inspection of relevant documentation, review of the Employee Self-Service role configurations, and tests of transactions. Specific tests were conducted with a sample of employees that: Reviewed payroll advices to determine the accuracy of compensation; Reviewed payroll advices for proper employee ID, department name, and job title; Confirmed authorized users could view only their payroll information; and Reviewed all Employee Self-Service account roles for consistent coding. Occasionally, when viewing HRMS Employee Self-Service, it appeared that the paycheck for the impacted employee was deposited three times. For Objective 3, noted above, Internal Audit reviewed the disbursement account to confirm that each paycheck was disbursed only once. The audit was conducted in accordance with generally accepted government auditing standards. Those standards require that the audit obtain sufficient, appropriate evidence to provide a reasonable basis for the findings and conclusions based on the audit objectives. Internal Audit believes that the evidence obtained provides a reasonable basis for the audit s findings and conclusions based on the audit objectives. 3

II. Human Resource Management System The HRMS system is administered by the ITMD and comprised of the Oracle PeopleSoft Enterprise payroll application, which is third-party software, provided and operated by an external vendor. The employee pay advice viewing component of the system is called Employee Self-Service. The Employee Self-Service is a repository for employee payroll advices, while the Oracle PeopleSoft Enterprise payroll application is the source of payroll data and computations. The Enterprise Systems Section of ITMD manages and maintains the system, including payroll, benefits administration, and Employee Self-Service. It is critical that access to the Employee Self-Service system is properly restricted and that the payroll information available for employee viewing is accurate. III. Audit Conclusion Overall, the audit concluded that access to Employee Self-Service is configured appropriately and consistently, and the system provides accurate, historical payroll data. A. Root Cause of Inaccurate Information on Payroll Advices A technical representative from the ITMD, with input from vendor personnel, diagnosed the root cause of the problem as a corrupt operator ID. Furthermore, the ITMD representative advised that the corruption of an employee operator ID account is a rare occurrence and a non-critical software condition. Most importantly, the underlying payroll computations generated by the Oracle PeopleSoft Enterprise payroll application and the related payroll payments, as listed in the City payroll register, are not affected by the individual account corruption in the Employee Self- Service payroll system. The impacted employee operator ID was deleted during non-production business hours and added back to the system, with the same Self-Service user roles as before. The solution was first implemented in the test environment and proved to be successful. The solution was then implemented in the production environment, during non-business hours, and the impacted 4

employee s Self-Service is now functioning properly. Thus, the display of inaccurate payroll information has been corrected for the impacted employee. B. Audit Test Results Review of Employee Self-Service Access Roles Internal Audit performed a review of all Employee Self-Service users and the access roles on the system master file. The review searched for inconsistent coding. The purpose of system roles is to create both individual and authorized employee read-only account access on the Employee Self-Service payroll system, while system records are maintained by employee number and name. Based on the review, the Employee Self-Service payroll system roles are configured appropriately and consistently. No exceptions were noted. Review of Historical Payroll Data Internal Audit also tested a small, judgmental sample of active employees for accurate, historical payroll advice data. The employees selected were asked to review their own pay advice in the Employee Self-Service payroll system to determine that: 1) employee compensation is accurate, 2) the proper employee ID, department name, and job title are listed on the advice; and 3) the user could only view their own payroll information. Based on the review, the Employee Self- Service payroll system provides accurate, historical payroll data. No exceptions were noted. Duplicate Payment Test Internal Audit reviewed the City payroll register and the ACH payroll disbursement account, and confirmed the impacted employee s paycheck was only disbursed once. No exceptions were noted. 5