HUMAN RESOURCES PAYROLL



Similar documents
Manage Third Party Information Technology Services

Insurance Administration

LONG-TERM DEBT MANAGEMENT

KAREN E. RUSHING. AUDIT OF Human Capital Management System (HCMS) Application Controls

INFORMATION TECHNOLOGY RISK ASSESSMENT COBIT Processes PO2, AI3, & DS12

Auditor General s Office. Governance and Management of City Computer Software Needs Improvement

GOVERNANCE AND MANAGEMENT OF CITY COMPUTER SOFTWARE NEEDS IMPROVEMENT. January 7, 2011

KAREN E. RUSHING. Ghost Employee Audit

Payroll Process Final Audit Report Report Nr. 13/12 August 30, 2012

Community Ambulance Service District

SUFFOLK COUNTY OFFICE OF THE COMPTROLLER AUDIT DIVISION. Joseph Sawicki, Jr. Comptroller

FY16 BUDGET PRESENTATION

Department of Transportation Office of Transportation Technology Services

AUDIT OF THE HUMAN RESOURCES PROCESS

Texas A&M University - Commerce: Review of Faculty Human Resources Processes PROJECT SUMMARY. Summary of Significant Results

Citywide Identity Management Follow up Report

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT PAYROLL AUDIT PROGRAM

D.C. Department of Human Resources

COMPUTER OPERATIONS - BACKUP AND RESTORATION

Office of the Auditor General Performance Audit Report. Clarety Office of Retirement Services Department of Technology, Management, and Budget

Specific observations and recommendations that were discussed with campus management are presented in detail below.

INVITAE CORPORATION CORPORATE GOVERNANCE GUIDELINES

How To Manage A Board In The Kandijan Germany

General Finance Corporation Corporate Governance Guidelines

FOLLOW-UP OF HUMAN RESOURCES DEPARTMENT PAYROLL REPORT NO F. City of Albuquerque Office of Internal Audit and Investigations

Software Licenses Managing the Asset and Related Risks

Procure to Pay Process Audit

OFFICE OF AUDITS & ADVISORY SERVICES BEHAVIORAL HEALTH SERVICES CONTRACT MONITORING AUDIT FINAL REPORT

May 2012 Report No

PRUSAGE. Human Resource BPO ˡˡ ˡˡ. Prudent and Sage. Advisory Automation Outsourcing

RISK AND COMPLIANCE COMMITTEE CHARTER

Fee disclosure Q&A: Answering plan sponsor questions about Department of Labor regulations

COMPUTER OPERATIONS AUDIT

PAYROLL. Prepared By: Craig Hametner, CPA, CIA, CMA, CFE City Auditor. Elizabeth Romero Audit Specialist INTERNAL AUDIT DEPARTMENT.

Payroll Review. November 13, Report #

AUDIT COMMITTEE CHARTER IRADIMED CORPORATION

Data Warehouse Management Final Audit Report Report Nr. 8/13 November 12, 2013

Governance Guidelines

Maryland Transportation Authority

Leveraging Your ERP System to Enhance Internal Controls

G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING

Financial Audit Division Office of the Legislative Auditor State of Minnesota

ORGANOVO HOLDINGS, INC. CORPORATE GOVERNANCE GUIDELINES

Financial Statement Closing Process Audit Report Report Nr. 3/14 August 26, 2014

Woodward County Emergency Medical Service District

DIPLOMAT PHARMACY, INC. Corporate Governance Guidelines

OFFICE OF AUDITS & ADVISORY SERVICES SUNGARD TREASURY MANAGEMENT SYSTEM CONTRACT COMPLIANCE FINAL AUDIT REPORT

Information Technology Security Review April 16, 2012

HUDSON RIVER-BLACK RIVER REGULATING DISTRICT ELIGIBILITY FOR HEALTH INSURANCE COVERAGE. Report 2008-S-51 OFFICE OF THE NEW YORK STATE COMPTROLLER

Trade Finance Obligations (TFO) Credit Granting, Underwriting and Monitoring Final Audit Report Report Nr. 19/13 May 1, 2014

Data Security and Identity Management

Branch Human Resources

SBERBANK OF RUSSIA. Regulations on Sberbank Supervisory Board Committees

WAL-MART STORES, INC. CORPORATE GOVERNANCE GUIDELINES

Moller Financial Services

Disability Discrimination Act 2005

OVERALL RATING: PARTIALLY SATISFACTORY

RIGHT FROM THE START: RESPONSIBILITIES of DIRECTORS of N0T-FOR-PROFIT CORPORATIONS

INTERNAL AUDIT FRAMEWORK

HEWLETT-PACKARD COMPANY BOARD OF DIRECTORS AUDIT COMMITTEE CHARTER

Fraud Risk Management Program Review

Transcription:

HUMAN RESOURCES New Hires, Promotions, PAYROLL and Terminations City of Tulsa Internal Auditing November 2013

HUMA AN RESOURCES PAYROLL New Hires, Promot tions And Terminations City of Tulsa Internal Auditing Ron Maxwell, CIA, CFE Chief Internal Auditor Clift Richards, CPA City Auditor AUDIT TEAM: : Cecilia Ackley, CPA, Internal Audit Manager Mary Ann Vassar, CPA

Page 1 of 4 INTRODUCTION The City of Tulsa Human Resources department conducts personnel related activities on behalf of the City, including: Soliciting and evaluating position applications from internal and external candidates. Facilitating the hiring and employee onboarding processes. Authorizing and maintaining employee file records for job transfers and promotions. Monitoring significant long term leave. Creating and retaining appropriate documentation for terminations and employee retirement. The department has recently streamlined and centralized hiring and onboarding processes. In addition, revisions to multiple Personnel Policies have been drafted, and are under review by the City Legal department. The department also has plans to implement an automated information system which will further improve the completeness and efficiency of the above tasks. When creating its annual plan Internal Audit will consider reviewing the state of the above tasks in an effort to assist the Human Resources group in preparing for its planned automated system conversion and implementation. SCOPE The scope of this audit is to review controls related to hires, transfers and terminations to ensure that these employment activities are: Authorized. Effectively, accurately, and completely processed. Secured with respect to sensitive data/information. Documented to limit legal, regulatory and/or reputational exposure. Conducted in accordance with City procedure and/or relevant Federal regulations. The scope of this audit was limited to only the above activities performed and/or documented by the City Human Resources department. Some of the above activities for sworn employees and/or elected officials are not performed by Human Resources, but instead are conducted by Police, Fire, or Mayoral management. OBJECTIVES The objectives of the new hire, transfer and termination audit included the following: Determine whether hiring, transfers, promotions and terminations are appropriately authorized. Determine whether hiring, transfers, promotions and terminations are accurately and completely recorded and documented. Determine whether employee sensitive data has restricted access and is secured. Determine whether required regulatory activity for hiring, transfers/promotion and terminations is occurring.

Page 2 of 4 CONCLUSION Hires, transfers and terminations reviewed were authorized, complete, accurate, and documented. Federal equal employment opportunity reporting is occurring as required. However, control weaknesses were noted in our review. Human Resources department access to the INFOR employee pay system cannot be monitored using current reporting tools. Revocation of access to the City s network when employees transfer or terminate appeared to be occurring, but did not utilize existing required procedures and documentation. Employee access changes needed at the application level lack fully developed processes to monitor authorization and required documentation. This weakness means that there is little way to track or verify that such changes are appropriately authorized and ultimately made. See additional discussion in the following observation section of this report.

Page 3 of 4 OBSERVATIONS SYSTEM ACCESS PROCEDURES, MONITORING AND MAINTENANCE Ensuring access to the City s network and automated applications is restricted and extended only to authorized personnel is a key element of internal control. Access restrictions protect against data security breaches and financial loss. This audit reviewed controls over significant employee recordkeeping systems which Human Resources (HR) personnel have access to, as well as HR policies and procedures in place to control City employee system access levels when hires, transfers, and terminations occur. Human Resources management is aware of several access monitoring weaknesses, and is working jointly with Information Technology Department (ITD) to develop processes and tools to eliminate some challenges in this area. Our review noted the following weaknesses: 1. Access to INFOR payroll system data. Human Resources personnel access to the INFOR system, in which employee pay information is ultimately recorded and maintained, cannot be monitored using existing tools. This creates the risk that unauthorized or unintended changes to INFOR employee pay related data might occur outside HR management s intent and remain undetected. This could create the opportunity for City data security breaches, unauthorized transaction processing, or financial loss exposure. 2. Employee network level access change procedures. Needed termination of former employees network access occurred in the instances reviewed, but procedures and documents established to communicate and authorize these changes were not consistently used. This creates the risk that such changes may occur outside management authorized requests, and/or that needed requests to ITD for access revocation may not occur. Omitted authorization or requests for access changes can lead to potential for data security breaches or financial loss exposure. 3. Employee application level access change procedures. Per our review and discussion with ITD personnel, required application level access changes are not consistently occurring upon employee transfer, promotion and termination. This creates both the risk that transferred or promoted employees could continue to perform tasks related to their former roles, and terminated employees could use any knowledge of other employees valid network user credentials to continue to perform tasks with system applications. Any continued unauthorized use of applications can allow unintended and undetected transaction processing, funds transfer or data access. Overall, the weaknesses noted are caused by the lack of a standardized City wide process and tools to facilitate access monitoring. IT forms have been created for department managers which detail how and when to request access changes, but formal responsibility for monitoring the progress of the changes is not defined. Additionally, no method to track all areas and types of access granted to employees exists. Employee access often spans multiple applications and locations, and without a tool to determine what City wide accesses an employee has, efforts to monitor and maintain such access cannot effectively occur.

Page 4 of 4 MANAGEMENT RESPONSE Two of the three major weaknesses listed in this report, employee network level access change procedures and employee application level access change procedures, are currently under review by IT and Human Resources and some general solutions to these issues have been identified. However, due to current multiple high priority projects ongoing in both departments, progress in finalizing these solutions has been slow. HR management does not fully agree with the conclusion of the third listed weakness; the inability to monitor INFOR payroll system data. In fact, it is possible to identify the username of an employee who makes changes in the payroll system. But, since it is possible for a formerly authorized employee to still access INFOR if their authorization is not revoked if they change positions in the City, the overall point about possible security breaches and unauthorized transaction processes is still accurate. Solutions to this issue are also under review but it is hoped that future changes to the financial system will further address all these weaknesses. AUDITOR S COMMENT The Internal Auditing Department will review the status of these observations as part of its annual Report of Management Actions project.

Distribution List Mayor Councilor, District 1 Councilor, District 2 Councilor, District 3 Councilor, District 4 Councilor, District 5 Councilor, District 6 Councilor, District 7 Councilor, District 8 Councilor, District 9 City Auditor Mayor s Chief of Staff City Manager Press Secretary MRO Director Director of Finance Senior Administrative Services Officer Personnel Director Compensation & Policy Manager Council Administrator Council Secretary External Auditor Mayor s Advisory Audit Committee Internal Auditing Staff

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information