Brian Pelletier Tyler Technologies 4B – ROLE BASED SECURITY - PAYROLL KASBO Spring 2015

Intro/Goals Intro: Theft and fraud affect an entire organization. Secure Munis to reduce the threat Focusing on role based security alone is not a complete solution Goals: Secure Munis through user, menu and role based security Review Payroll Auditing functions

User Access Review all enabled user accounts in Cloud Admin

User Access Review all enabled user accounts in User Attributes Note: Keep support roles (983klamb, 983smill, 9XXXschd, 9XXXsupp)

User Roles - Review Do your users have roles like this?

User Roles - Review Review Munis generated roles (e.g. PO_MNTPOS_FULL, AP_POST_FULL etc.) Remove Munis generated roles from User once you have reviewed and taken action Review remaining roles and determine if they are appropriate for each enabled user As you review roles, remove unneeded modules (use caution) Use the Munis Help to get detailed information on fields Never share passwords!!! Temporarily assign a role if needed Remember to perform a database refresh (mucopy) after making changes to ensure Train & Test are also secure

Munis/User Roles - Review Review settings in Munis generated roles Review modules in each role

Menu Security Menu access is assigned to a role(s) Ensure user has appropriate menu access in each role Roles do not require menu access (e.g. GL data access) Very few users need access to System Administration > Security > User Attributes/Roles

Role Security - Payroll The payroll module (found within a role) has many options Use Munis Help from within the program to get information on various fields

Munis Help

Role Security - Payroll

Payroll Superuser/Administrator Needed to process payrolls Not necessary for updating employee information If “Yes, no restrictions” this overrides category and other restrictions Other options: No: Can update employee info but limited in payroll processing Restricted to location: Limits access to employees Projections Only: Limited to payroll info in Budget Salary Benefit Projections Status/Start/Change Access: Full Access Restricted – Cannot access Start, Users, Locations and Balloon buttons

Role Security - Payroll View/Maintain deductions: Only in a payroll (Earnings & Deductions) View/Maintain direct deposit accounts: In Employee Deductions Maintain Job/Pay GL: In Employee Job/Salary Data Access: Options in each area are: Full – no restrictions None – no access Limited – you set the specific ranges accessible to this role Remember - Restrictions only apply if not Payroll Superuser

Role Security - Payroll

Category Access provides 5 options: No AccessInquiry Only Hide SSN (Inquiry Only) Update/Delete – full access Hide SSN (Upd/Del)

Monitoring Payroll No matter the restrictions in place, someone or some group must have access to process the payrolls Separation of duties and restrictions can reduce the opportunity of fraud but cannot eliminate it Monitoring payroll is a task each organization should consider performing Tyler includes many programs that not only audit payroll changes to employees but also audit the payroll process and changes

Monitoring Payroll Monitoring Payroll Processing: Payroll Start and Status Earnings and Deductions Earnings and Deductions Proof Global Audit Inquiry Auditing Changes: Payroll Audit Inquiry Payroll Audit Options

Payroll Start and Status

Warrant is typically check date (e.g ) Check Date determines where the pays/deductions are reported/accumulated Incomplete steps show green triangle Completed steps show grey triangle Complete: Shows checked when all required steps are complete. Set by Munis. Check for Period Files Purged

Payroll Earnings and Deductions Check for altered deductions in the Earnings and Deductions program:

Payroll Earnings and Deductions Earnings and Deductions program: Click the Global button Click the “Global access to deduction records” button Find all deductions where “Changed” > 0 1 Sufficiency 2 Calc Code 4 Tax Tables, Tax Marital, Exemptions 256 Deduction Gross 512 Employee Amount 1024 Employer Amount Codes can be combined (e.g = )

Earnings and Deductions Proof Occasionally run a Totals Only proof after the payroll is complete and compare to prior Final proof amounts:

Global Audit Inquiry Provides an audit trail of payroll processing tasks User can see who ran payroll step and precisely when Can also see if it was run multiple times

Payroll Audit Inquiry Audits changes to: Employee data (master, deductions, pay, accruals, accumulator etc.) Setup tables (Pay master, Deduction and Benefit Master, Accrual Tables etc.) Control tables (Payroll Control Settings) Information kept in great detail along with all fields established during an Add or Delete The Audit Finder provides an elaborate tool to navigate the vast audit information

Payroll Audit Inquiry

Payroll Audit Options Program allows user to determine what is audited in Payroll/HR Some auditing is optional and others are not

Payroll Audit Options Predefined Sets Within Tables Live – Current Term – Terminated Proj – Projection System Gen – System Generated Changes Other – Uncategorized Data Actions – Pending Actions Applicant – Applicant Tracking

Payroll Audit Options May want to turn off System Gen options to reduce audit overhead