CityNet (Lawson e-recruiting) Follow-Up Audit October 2010



Similar documents
Patrice Randle, City Auditor Craig Terrell, Assistant City Auditor Roshan Jayawardene, Internal Auditor. CityNet (Lawson e-recruiting) January 2009

Patrice Randle, City Auditor Craig Terrell, Assistant City Auditor. Group Health Fund Follow-Up Audit April 2012

Convention Center Follow-Up Audit November Craig Terrell, Interim City Auditor Lee Hagelstein, Internal Auditor

Construction Project Management (e-builder) Follow-Up Audit June 2013

June 2008 Report No An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers

Patrice Randle, City Auditor Craig Terrell, Assistant City Auditor Roshan Jayawardene, Internal Auditor. Ambulance Services Audit September 2012

Criminal Warrant Process Audit August Patrice Randle, City Auditor Craig Terrell, Assistant City Auditor Lee Hagelstein, Internal Auditor

Construction Project Management (e-builder) Audit October 2012

FOLLOW-UP OF PERSONAL COMPUTER LICENSING REPORT NO F. City of Albuquerque Office of Internal Audit and Investigations

FOLLOW-UP OF COMPUTER EQUIPMENT TRACKING CONTROLS AND PROCEDURES REPORT NO F

City of Brentwood. Thomas A. Schweich Missouri State Auditor FOLLOW-UP REPORT ON AUDIT FINDINGS. October 2013 Report No

AUDIT REPORT PERFORMANCE AUDIT OF COMMUNITY HEALTH AUTOMATED MEDICAID PROCESSING SYSTEM (CHAMPS) CLAIMS EDITS

Patrice Randle, City Auditor Craig Terrell, Assistant City Auditor. Group Health Fund Audit February 2011

Accounts Payable Outsourcing Audit April 2014

Patrice Randle, City Auditor Craig Terrell, Assistant City Auditor. Police Property Room Follow-Up Audit March 2009

2013 External Audit Follow-Up

Distribution: Sheryl L. Sculley, City Manager Gloria Hurtado, Assistant City Manager Ben Gorzell, Chief Financial Officer Dr.

Internal Audit FINAL INTERNAL AUDIT REPORT. Management Initiated Review of Child Support Master Program Payments

MANAGEMENT AUDIT REPORT ACCOUNTS PAYABLE

Mecklenburg County Department of Internal Audit. Park and Recreation Department Contract Management Investigation Report 1401

Information Technology Operations Audit February 2014

IT Application Controls Questionnaire

Allen Independent School District July 21, 2014

An Integrated Approach to Performing Pre-implementation Reviews. Securities Industry and Financial Markets Association February 29, 2012

Data Warehouse Management Final Audit Report Report Nr. 8/13 November 12, 2013

TTC AUDIT COMMITTEE REPORT NO.

December 2014 Report No An Audit Report on The Telecommunications Managed Services Contract at the Health and Human Services Commission

Judiciary Judicial Information Systems

OFFICE OF INSPECTOR GENERAL. Audit Report

Mecklenburg County Department of Internal Audit. PeopleSoft Application Security Audit Report 1452

Final Audit Report. Audit of the Human Resources Management Information System. December Canada

Contracts Administration Review Conducted by SC&H, LLC. May 2, 2013

Lori Brooks, City Auditor Susan Edwards, Assistant City Auditor. E-Services Follow-Up Audit March 2015

Community Programs Division Audit Parks and Recreation Department December 2008

Solution Brief for ISO 27002: 2013 Audit Standard ISO Publication Date: Feb 6, EventTracker 8815 Centre Park Drive, Columbia MD 21045

FLORIDA DEPARTMENT OF TRANSPORTATION

Why Choose the Oracle Taleo Recruiting Cloud?

Water Meter Reading Process Audit July 2014

Specific observations and recommendations that were discussed with campus management are presented in detail below.

SPECIAL AUDIT REPORT GOLF MANAGEMENT DIVISION POINT-OF-SALE SYSTEM PARKS AND RECREATION DEPARTMENT REPORT NO

Patrice Randle, City Auditor Craig Terrell, Assistant City Auditor. Fuel Costs Audit June 2011

Risk Management and Safety Audit October 2013

INTERNAL AUDIT DIVISION CLERK OF THE CIRCUIT COURT

AUDIT REPORT. Cybersecurity Controls Over a Major National Nuclear Security Administration Information System

Resolution Agreement. Montana School for the Deaf and Blind OCR Reference No

TRUE TITLE BEST PRACTICES

Developing Value from Oracle s Audit Vault For Auditors and IT Security Professionals

Bankcard Transaction Fees and Contract Management

Office of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget

Abila. MIP Fund Accounting. Solution module overview

Treasury Management Services Product Terms and Conditions

Change Management Best Practices

HUMAN RESOURCES PAYROLL

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07

MANAGEMENT LETTER. Nassau Health Care Corporation and Subsidiaries

AUDITOR GENERAL DAVID W. MARTIN, CPA

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

PAYROLL CONTROLS REVIEW 2004 FEBRUARY

CorePortal User Guide E-Recruitment: Short-listing and Interview documentation and process

Information Technology Internal Audit Report

EXPANDING THE USE OF PURCHASING CARDS

Office of the City Auditor. Audit Report. AUDIT OF THE SERVICE LEVEL AGREEMENT OF THE at&t MANAGED SERVICES AGREEMENT (Report No.

Accounts Payable Outsourcing Follow-Up Audit February 2015

Financial Management Information System Centralized Operations

Internal Audit Report DEPARTMENT OF TECHNOLOGY & COMMUNICATION SERVICES COMPUTER INVENTORY AUDIT APRIL Office of the County Auditor

Information Technology Operational Audit DEPARTMENT OF STATE. Florida Voter Registration System (FVRS) Report No July 2015

PCI Compliance in Oracle E-Business Suite

Oracle Data Integrator 12c: Integration and Administration

Oracle Data Integrator 11g: Integration and Administration

Information Technology General Controls (ITGCs) 101

Enterprise Resource Planning (ERP) II Pre-System Implementation Interim Audit Report. Accounts Payable Module. December 5, Mayor.

Transforming Internal Audit: A Maturity Model from Data Analytics to Continuous Assurance

November 2009 Report No An Audit Report on The Department of Aging and Disability Services Home and Community-based Services Program

Office of the Auditor General of Canada. Internal Audit of Document Management Through PROxI Implementation. July 2014

Department of Administrative Services Voyager CardAudit

NASA Financial Management

Office of Inspector General

Department of Public Utilities Customer Information System (BANNER)

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

Understanding It s Me 247 Security. A Guide for our Credit Union Clients and Owners

Software Contract and Compliance Review

Department of Environmental Health & Safety

FINANCIAL ADMINISTRATION MANUAL

Complete Database Security. Thomas Kyte

Accounts receivable/credit & collections audit program

Information System Audit Report Office Of The State Comptroller

KAREN E. RUSHING. AUDIT OF Human Capital Management System (HCMS) Application Controls

October 4, Mr. Peter Kalikow Chairman Metropolitan Transportation Authority 347 Madison Avenue New York, New York Re: Report 2001-F-23

A8.700 TREASURY. This directive applies to all campuses of the University of Hawai i.

Elizabeth City State University Banner Security System

Smart Track s ATS Functionality

INFORMATION TECHNOLOGY CONTROLS

PCI Compliance in Oracle E-Business Suite

CITY OF SAN ANTONIO OFFICE OF THE CITY AUDITOR. Follow-Up Audit of San Antonio Metropolitan Health District Laboratory Operations

Office of Enterprise Technology

Basic Securities Reconciliation for the Buy Side

Customize Bluefin Payment Processing app to meet the needs of your business. Click here for detailed documentation on customizing your application

JOHN CHIANG California State Controller

August 2012 Report No

Review: 4424 Statewide Single Audit Year Ended June 30, 2013 Illinois Department of Transportation. FINDINGS/RECOMMENDATIONS 15 Repeated 12

Transcription:

CityNet (Lawson e-recruiting) Follow-Up Audit October 2010 Patrice Randle, City Auditor Craig Terrell, Assistant City Auditor Roshan Jayawardene, Internal Auditor

CityNet (Lawson e-recruiting) Follow-Up Audit Table of Contents Page Executive Summary...1 Audit Scope and Methodology...2 Status of Prior Audit Recommendations...3

CityNet (Lawson e-recruiting) Follow Up Audit Office of the City Auditor Patrice Randle, CPA City Auditor Project #10-09 October 29, 2010 Executive Summary Five of eight recommendations fully implemented Fully Implemented Test environment Job posting ending dates Applicant Coding Review of e-recruiting setup Documentation of test results Partially Implemented System-generated reports reconciled to source data Not Implemented Lawson Interface Masking applicant social security numbers The City Auditor s Office has completed a follow-up to the January 2009 CityNet (Lawson e-recruiting) audit. The follow-up audit was conducted in accordance with generally accepted government auditing standards, except for peer review. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. The objective of the follow-up was to determine the implementation status of prior audit recommendations. Management concurred with eight of the ten recommendations presented in the initial CityNet (Lawson e-recruiting) Audit. The City Auditor s Office noted that five of the eight recommendations were fully implemented, one was partially implemented and two were not implemented. Management fully implemented recommendations related to establishing an e-recruiting test environment, recording job posting ending dates, and coding applicants upon termination of job postings. Management has also implemented the recommendations to analyze the software to ensure compliance to vendor specifications and to document system testing. The recommendation to reconcile reports to source data has been partially implemented. Workforce Services staff was unable to implement audit recommendations regarding encryption of social security numbers and the interface to Lawson, due to vendor and technical limitations.

Audit Scope and Methodology The City Auditor s Office reviewed activity related to e-recruiting between June 1, 2009 and August 30, 2010. The following methodology was used. Interviewed Information Technology (IT) staff regarding e-recruiting changes and the test environment Interviewed Workforce Services staff regarding the use of e-recruiting Interviewed Workforce Services IT Analyst on enhancements to e-recruiting since the initial audit Generated multiple reports on open and closed positions for all Workforce Services Consultants Validated data to ensure accuracy Accessed production and test Lawson e-recruiting systems Reviewed new reports set up in the Lawson Business Intelligence (LBI) menu. LBI is Lawson s organization-wide reporting suite, and includes a single point of navigation and administration for all Lawson standard reports and customer-developed Crystal Reports. 2

Status of Prior Recommendations The Chief Information Officer, in conjunction with the Workforce Services Director, should consult with the NCTCOG to establish a test environment. Concur. A formal [Lawson] erecruiting TEST environment was established, configured, and deployed by Velocity Technology Solutions, the City s Lawson host provider, during the October- November 2008 timeframe and was made available to the City for use beginning November 25th, 2008. Target Date: Completed - November 2008 Responsibility: Information Technology (IT) Fully Implemented. Velocity Technology Solutions has established the e-recruiting test environment, which requires separate log in credentials from the production environment. The Workforce Services Director should consider an automated or manual control to ensure a posting end date is entered in each job requisition. Concur. This change was recently implemented by Workforce Services staff as a standard operating practice. Target Date: Completed November 2008 Fully Implemented. The City Auditor s Office noted that job posting end dates were entered for a sample of e-recruiting job postings in 2009 and 2010, subsequent to the initial audit report release date. 3

The Workforce Services Director should ensure that applicants are coded appropriately, to reflect consideration for posted positions. Concur. Letters of rejection that are sent to job applicants will be simplified in order to reflect a more generic response, with the specific reasons for rejection to be held by the specific hiring managers. This approach is being taken due to the [Lawson] erecruiting software s inability to list more than one reason for rejection in the response letter. Target Date: March 1, 2009 Fully Implemented. A sample of closed positions posted in e-recruiting in 2009 and 2010, subsequent to the initial audit report release date, consisted of appropriate coding for applicants not selected for the position. The Workforce Services Director, in coordination with the Chief Information Officer, should conduct an analysis to determine if Lawson e-recruiting is set up to vendor specifications and to determine its scalability to future processing volumes. Concur. In November 2008, Information Technology partnered with Workforce Services to begin a complete evaluation of the [Lawson] erecruiting software. As part of the evaluation process, the original system configuration will be reviewed and compared with current business requirements to determine if changes to business processes and/or the software itself are needed. Additionally, the City will consult with the other partner cities in the Shared Services initiative, as well as with other Lawson erecruiting customers, to review their use of the product in order to identify possible opportunities for improvement to our use of the software. Target Date: September 30, 2009 Information Technology (IT) Manager Fully Implemented. The City Auditor s Office noted that that the Information Technology Department has conducted business process analysis on the e-recruiting system and has benchmarked with other e-recruiting users in the metroplex to optimize system setup. 4

The Chief Information Officer and the Workforce Services Director should ensure that system user acceptance test results are documented in detail and retained. Concur. An IT Project Management Office (PMO) was formally established in the fall of 2007. The PMO is responsible for the documentation and retention of software test results at all stages of the formal testing process (unit, system/integration, and user acceptance testing). Target Date: Completed - Spring 2008 Responsibility: Information Technology PMO Manager Fully Implemented. The City Auditor s Office examined samples of e-recruiting test scripts provided by the Information Technology Department. Documentation included test objective, pass/fail information and information on the party conducting the testing. No exceptions were noted. The Workforce Services Director should ensure testing is conducted to assess accuracy of the system-generated reports by reconciling back to source data. The vendor should be required to amend Lawson e-recruiting, based on test results, in order to produce accurate system generated reports. Concur. Custom reports will be created and executed, comparing the results with those of the [Lawson] erecruiting system-generated reports. Discrepancies will [be] identified and reviewed to determine if they are the result of initial report set-up or if they are, in fact, the result of logic problems within the reports themselves. Any issues that are identified as system problems will be reported to Velocity/Lawson for investigation and remediation. Target Date: October 1, 2009 Partially Implemented. Workforce Services staff, with assistance from the Information Technology Department, has created five e-recruiting reports that are used frequently in LBI. However, the report data has not been reconciled to source data within e-recruiting, in order to validate the reports. The City Auditor s Office performed a limited reconciliation of the Applicants by Requisition report and found no exceptions. The new reports are intended to provide applicant EEO information for each advertised position and to list job openings by posted date. 5

The Chief Information Officer should require Lawson to provide a reliable, operational interface between Lawson e-recruiting and the Lawson human resources module. Concur. The City s IT Department is currently working with Velocity Technology Solutions to install an updated version of the [Lawson] erecruiting/lawson interface, recently made available by Lawson, into the City s erecruiting TEST environment. Testing of this updated interface should be able to commence within the late January or early February 2009 timeframe. Target Date: September 30, 2009 Responsibility: Information Technology (IT) Manager Not Implemented. A two-way interface between Lawson e-recruiting and the Lawson human resources module has not been implemented due to limitations imposed by the vendor. Lawson has discontinued its support of the two-way interface. The Workforce Services Director should ensure that applicant social security numbers are masked. Concur. Detailed analysis of the [Lawson] erecruiting set-up will be performed, as it is presently unclear as to whether or not social security numbers can be encrypted or masked. Until such time as the software s ability to perform this function is verified, the [Lawson] erecruiting software setup will be modified to remove the SSN field so that an applicant cannot enter that particular piece of information into the system themselves. Target Date: March 31, 2009 Not Implemented. Velocity Technology Solutions, the vendor that services Lawson applications for the City of Arlington, informed City staff that the social security number data field cannot be encrypted. Velocity states that Lawson does not support encryption in the Oracle 9i database. Information Technology staff was not able to modify the e-recruiting set-up to remove the social security number field from the application. However, Workforce Services staff has begun to exclude social security numbers from applications that are sent to hiring managers. Applicant social security numbers remain subject to exposure, in the event of a data breach in Lawson. 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information