Role Based Security – Payroll

advertisement
KASBO Spring 2015
4B – ROLE BASED
SECURITY - PAYROLL
Brian Pelletier
Tyler Technologies
Intro/Goals
Intro:
• Theft and fraud affect an entire organization.
Secure Munis to reduce the threat
• Focusing on role based security alone is not a
complete solution
Goals:
• Secure Munis through user, menu and role based
security
• Review Payroll Auditing functions
User Access
• Review all enabled user accounts in Cloud Admin
User Access
• Review all enabled user accounts in User Attributes
Note: Keep support roles (983klamb, 983smill,
9XXXschd,
9XXXsupp)
User Roles - Review
• Do your users have roles like this?
User Roles - Review
• Review Munis generated roles (e.g. PO_MNTPOS_FULL,
AP_POST_FULL etc.)
• Remove Munis generated roles from User once you have
reviewed and taken action
• Review remaining roles and determine if they are appropriate
for each enabled user
• As you review roles, remove unneeded modules (use caution)
• Use the Munis Help to get detailed information on fields
• Never share passwords!!! Temporarily assign a role if needed
• Remember to perform a database refresh (mucopy) after
making changes to ensure Train & Test are also secure
Munis/User Roles - Review
• Review settings in Munis generated roles
• Review modules in each role
Menu Security
•
•
•
•
Menu access is assigned to a role(s)
Ensure user has appropriate menu access in each role
Roles do not require menu access (e.g. GL data access)
Very few users need access to System Administration >
Security > User Attributes/Roles
Role Security - Payroll
• The payroll module (found within a role) has many options
• Use Munis Help from within the program to get information
on various fields
Munis Help
Role Security - Payroll
Role Security - Payroll
• Payroll Superuser/Administrator
• Needed to process payrolls
• Not necessary for updating employee information
• If “Yes, no restrictions” this overrides category and other
restrictions
• Other options:
• No: Can update employee info but limited in payroll processing
• Restricted to location: Limits access to employees
• Projections Only: Limited to payroll info in Budget Salary Benefit Projections
• Status/Start/Change Access:
• Full Access
• Restricted – Cannot access Start, Users, Locations and Balloon
buttons
Role Security - Payroll
• View/Maintain deductions: Only in a payroll (Earnings &
Deductions)
• View/Maintain direct deposit accounts: In Employee
Deductions
• Maintain Job/Pay GL: In Employee Job/Salary
Data Access:
• Options in each area are:
• Full – no restrictions
• None – no access
• Limited – you set the specific ranges accessible to this role
• Remember - Restrictions only apply if not Payroll Superuser
Role Security - Payroll
Role Security - Payroll
• Category Access provides 5 options:
• No Access
• Hide SSN (Inquiry Only)
• Hide SSN (Upd/Del)
Inquiry Only
Update/Delete – full access
Monitoring Payroll
• No matter the restrictions in place, someone or some
group must have access to process the payrolls
• Separation of duties and restrictions can reduce the
opportunity of fraud but cannot eliminate it
• Monitoring payroll is a task each organization should
consider performing
• Tyler includes many programs that not only audit
payroll changes to employees but also audit the
payroll process and changes
Monitoring Payroll
Monitoring Payroll Processing:
•
•
•
•
Payroll Start and Status
Earnings and Deductions
Earnings and Deductions Proof
Global Audit Inquiry
Auditing Changes:
• Payroll Audit Inquiry
• Payroll Audit Options
Payroll Start and Status
Payroll Start and Status
• Warrant is typically check date (e.g. 111714)
• Check Date determines where the pays/deductions
are reported/accumulated
• Incomplete steps show green triangle
• Completed steps show grey triangle
• Complete: Shows checked when all required steps
are complete. Set by Munis.
• Check for Period Files Purged
Payroll Earnings and Deductions
• Check for altered deductions in the Earnings and
Deductions program:
Payroll Earnings and Deductions
Earnings and Deductions program:
• Click the Global button
• Click the “Global access to deduction records” button
• Find all deductions where “Changed” > 0
1
2
4
256
512
1024
Sufficiency
Calc Code
Tax Tables, Tax Marital, Exemptions
Deduction Gross
Employee Amount
Employer Amount
• Codes can be combined (e.g. 1536 = 512 + 1024)
Earnings and Deductions Proof
Occasionally run a Totals Only proof after the payroll is
complete and compare to prior Final proof amounts:
Global Audit Inquiry
• Provides an audit trail of payroll processing tasks
• User can see who ran payroll step and precisely when
• Can also see if it was run multiple times
Payroll Audit Inquiry
•Audits changes to:
• Employee data (master, deductions, pay, accruals,
accumulator etc.)
• Setup tables (Pay master, Deduction and Benefit
Master, Accrual Tables etc.)
• Control tables (Payroll Control Settings)
• Information kept in great detail along with all fields
established during an Add or Delete
• The Audit Finder provides an elaborate tool to
navigate the vast audit information
Payroll Audit Inquiry
Payroll Audit Inquiry
Payroll Audit Options
• Program allows user to determine what is audited in Payroll/HR
• Some auditing is optional and others are not
Payroll Audit Options
• Predefined Sets Within Tables
•
•
•
•
•
•
•
Live – Current
Term – Terminated
Proj – Projection
System Gen – System Generated Changes
Other – Uncategorized Data
Actions – Pending Actions
Applicant – Applicant Tracking
Payroll Audit Options
• May want to turn off System Gen options to reduce audit overhead
Download