Identifying Segregation of Duties Issues in a PeopleSoft Environment

Slides:



Advertisements
Similar presentations
EPM Intermediate EPM Database Enterprise Warehouse Data Sources Ascential (ETL) Staging Metadata PeopleTools PeopleSoft HRMS Reporting Data Loader.
Advertisements

Overview This session is aimed at both PeopleSoft Financials users and Security Administrators. We will discuss plans for the 9.2 upgrade including.
Massachusetts Department of Elementary & Secondary Education
Shopper Training. 2 Welcome to BuzzMart One-stop Online Shopping Electronic Approval Workflow Quantity and Cost Receiving Better, more efficient Procure.
UT San Antonio PeopleSoft Project September 2010.
University of Missouri System PeopleSoft Financials Reporting for Today and Tomorrow.
SISFin and the HR Portal. Click Select an Account to explore in either module The Fund Accounts and Budget Preparation modules are much the same.
School Board Workshop ERP Update January 25, 2006.
A look at the Road of Integration Winter 2008 User Group Presentation.
Senior Fiscal Officer Meeting May 27, PeopleSoft Certification Deadline: Friday, June 4, 2010.
1 State of Connecticut Core-CT Project HRMS Training Registration July, 2003.
Microsoft Dynamics SL. Agenda Why Dynamics SL Microsoft Dynamics SL Roadmap Review Business Portal 3.0 Features Review & Demonstrate new 6.5 Features.
Leveraging Purchasing Technologies and Strategic Initiatives to Produce ROI The Next Level Conference March 3, 2003.
The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.
1 PeopleSoft Financials version 8.8 Coming Soon. 2 When will the Conversion Happen? Target Date – November 9, 2005 Target Date – November 9, 2005 Several.
Copyright ©2010 Michigan State University ebsp.msu.edu 1 Get Ready for Enterprise Business Systems from an IT Perspective A panel discussion with EBSP.
1 Segregation of Duties APM Learning Objectives Attain an understanding of: –Concept of Segregation of Duties –How the concept is applied at.
Principles of Information Systems, Seventh Edition2 An organization’s TPS must support the routine, day-to- day activities that occur in the normal course.
M ERP (Enterprise Resources Planning) M ERP (Enterprise Resources Planning) Session 8 - ERP Modules Ir. Ekananta Manalif, MM, MKom (D2664)
SAP R/3 Materials Management Module
Chapter 9 THE ACQUISITION CYCLE— PURCHASING AND RECEIVING
Microsoft Office PerformancePoint Server 2007 Planning Module Sony Jose
Chapter 9 THE ACQUISITION CYCLE— PURCHASING AND RECEIVING.
Controller’s Office Departmental Information Session Financial Systems May 25, 2004 Modified November 2009.
BA 427 – Assurance and Attestation Services Lecture 5 Internal Controls: Purchases, Inventory and Payroll.
GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123 Dotting Your I’s and Crossing Your T’s: Preparing for an IT Audit David.
+ Introduction to Tax Levy and CUNYfirst. + Training Goals What is the Tax Levy Budget? How are Tax Levy transactions processed? Who is available to help?
For Sage MIP Fund Accounting
Slide 1 Session 15 – ERP Security 1.Objectives 2.Oracle ERP Overview 3.Oracle ERP Security 4.Oracle Workflow and Security 5.How to Secure Oracle Applications.
Oracle Finance Overview for IT Advisory Group September 2004.
Simplify your work Enterprise Services Center Oracle E-Business Asset Lifecycle Management: Maximize Your Return on Assets.
Rutgers Integrated Administrative System RIAS Phase III – HRMS, Budgeting, and Enterprise Reporting Treasurer’s Luncheon December 2, 2008.
Mandatory Annual ACE Training Fiscal Year 2011 – 2012.
Fiscal Officer Meeting Thursday, January 15, 2009.
Auditing Purchases, Trade Payables and Payroll
Financials – Phase II Kick-Off Meeting September 11, 2008 Brenda Bolander, State Comptroller Michael Grisser, Project Manager.
Cost Center Reconciliation - Workshop. Prerequisites  Introduction to SAP training workshop  Requisitioning – Part I and Part II  Budget Transfers.
Kuali Financial System 2008 Update Kathleen McNeely Chairperson Kuali Functional Council Mark McGurk Functional Council Representative.
Security Management System for Department Sponsors Session #20244 March 15, 2006 Alliance 2006 Conference Nashville, Tennessee.
PeopleSoft Financials Basic Query Training Financial Information Systems and Reporting Controller’s Division.
Mandatory Annual ACE Training Fiscal Year 2010 – 2011.
Cash Handling Cash Handling Policies and Procedures May 27, 2015.
PeopleSoft Proprietary and Confidential, Copyright 2004 PeopleSoft, Inc. For Internal Use Only, Do not distribute outside of PeopleSoft.
Overview of PeopleSoft PeopleSoft Training
Copyright © 2007, Oracle. All rights reserved. Oracle General Ledger Process R12 General Ledger Management Fundamentals.
Canadian National Railway
IT Service Delivery And Support Week Eleven – Auditing Application Control IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA.
Sentry’s Implementation and Use of the Supplier Contract Module Presented by: Barry Estes - Director of Procurement and Contracts Blake Barron - Contract.
Put your company logo here Confidential Data Upgrade from 8.x to 9.0.
Banner Finance Implementation Project Information Session Introduction to Banner Finance December, 2001.
IT Services April 7, 2015 Access Request Process.
© State of South Carolina. All rights reserved. Procure to Pay Process in SCEIS SCGFOA CONFERENCE 2015 SCEIS Materials Management & Finance Team.
BGSU/PeopleSoft Introducing Financial Management Solutions & Enterprise Performance Management.
Oracle General Ledger Process
Oracle apps functional financials training in Dubai Training on oracle Apps & Fusion Contact for free demo session : Specto Training
Oracle apps financial Online Training in Alaska CONTACT US: USA: , INDIA: ,
Welcome. Contents: 1.Organization’s Policies & Procedure 2.Internal Controls 3.Manager’s Financial Role 4.Procurement Process 5.Monthly Financial Report.
Tuesday, May 10, :00 -11:30 am P2P School / Unit Representative Meeting.
CITY OF MINNEAPOLIS Audit Committee Meeting September 20,
Customer Order and Account Management Business Processes Chapter 7.
Purchasing Goods and Services Using UTShare PeopleSoft
KULIAH 12 SISTEM PENGURUSAN KOS.
GPUG Seattle Chapter Meeting
Microsoft Implements Your Vision
Wide Area Workflow (WAWF) Overview
eProcurement Breakout Session
Proposal Processing Wake Forest University Health Sciences
Travel & Expense Workshop
EPM Intermediate 2010.
Design Secure & Compliant Roles for Oracle ERP & HCM Cloud
Presentation transcript:

Identifying Segregation of Duties Issues in a PeopleSoft Environment Central Ohio Chapter Information Systems Audit and Control Association February 8, 2007 1

Your Presenters Brian O’Brien Manager - Data Security 10 years of PeopleSoft experience with Ohio State’s 1,300 user HRMS and 2,400 user Financials environments Pat O’Connor Senior Systems Engineer Ohio State’s leading technical security expert, has 8 years of PeopleSoft experience, ranging from configuration management and control to security administration Sharing Information: Audience Demographics: Auditors Sec Admin DBA Functional Technical 2

Overview We have created a process for Defining, Identifying and Reporting Segregation of Duties issues. Ideas from HEUG Conference Our own External Auditors were doing it “manually” Our security knowledge of the system (i.e. Who has access to what) No Dirty Laundry!! 3

Ohio State’s Environment 7 Campuses 58,000 Students 35,000 Employees $3 Billion Budget 300,000+ Alumni 4

Database Environment Oracle9i Release 9.2.0.5.0 - 64bit HP Hardware – HP-UX 11.0 N Class Over 50 PeopleSoft Databases 5

Ohio State and PeopleSoft HRMS App: 8.00.01 Tools: 8.18.07 Benefits Admin Time and Labor Payroll eRecruit eProfile Flexible Spending Financials University App: 8.42.01 Tools: 8.45.07 Asset Management Accounts Payable General Ledger Budgeting Inventory Purchasing Grants Suite Financials Medical Center App: 8.42.01 Tools: 8.45.07 Inventory eProcurement Decentralized 6 6

Enterprise Performance Management (EPM) Where We’re Headed Student Admin 8.9 Enterprise Performance Management (EPM) Upgrade HRMS 8.0 -> 8.9 eProcurement Module Financials 8.42 -> 8.9 5 Major PS Projects planned 4 Concurrently AMBITIOUS!! 7 7

Identifying Segregation of Duties Issues What Duties Should be Segregated? Identify the Duties in PeopleSoft Building the SoD Reports Begin the Meat of the Presentation 8

What is Segregation of Duties? …no single individual should have control over two or more phases of a transaction or operation… (University of Utah Department of Internal Audit Identify the Duties) …no one individual employee can complete a significant business transaction in its entirety… (UCSD Audit & Management Advisory Services) To minimize Error and Fraud Why Segregation: CONTROL Deter Dishonest People Not Tempt Honest People Regulatory Compliance 9

Examples of Segregation of Duties? Those responsible for physical receipt of goods should not be responsible for paying for the goods. Those responsible for custody of goods should not be responsible for maintaining the records of the assets. Those responsible for collection of receivables should not be responsible for entries in the book of accounts. Source: Sawyer’s Internal Auditing 5th Edition, page 1198 Note Page Number of source on slide 10

Recent Ohio State Experience Ex-OSU worker charged in $312,000 theft The Columbus Dispatch,Thursday, March 30, 2006 “…job allowed him not only to tally and submit the payroll in his department, but also to hand out the checks. “He would prepare the payroll, submit the payroll and distribute the checks,” O'Brien said…

What Duties Should be Segregated? Purchase an Item PO Initiator PO Approver PO Receiver 12

What Duties Should be Segregated? Web Searches HEUG Contacts Ohio State’s Internal Auditors Sawyer’s Internal Auditing ISACA HEUG Contacts Brad Hamilton City of Tallahassee Show Docs (Kitty Aggelis from FSU SoD Matrix) OSU Doc OSU IA Analysis 13

What Duties Should be Segregated? Financial Duties Requisition Initiator Requisition Approver P.O. Initiator P.O. Approver Procurement Functions 14

Identify the Duties in PeopleSoft Identify the Security Controls Page Access (not Role) Operator Preferences Table Data Values End Result is a SQL query How do we identify these duties in PS? Examples: Oper Pref: Table Data Values: Buyer Setup Table Show Spreadsheet used to Upload Permission Lists Show some SQL Discuss pseudo-code ex.: page access oper pref WF Role … 15

Build the SoD Reports Sample Reports Creation Process Create the SQL Program Create a Formatted Spreadsheet Paste the SQL Output to a Spreadsheet Show Job Aid Discuss SoD Module? Lack of “or” logic More complicated 16

Build the SoD Reports Sample Reports Procurement SoD Reports Workflow by User by Organization Counts by Departments Procurement Without SoD by Money Value Reverse Hill-Climber 17

Build the SoD Reports Sample Reports Delivery Mechanisms Enterprise Web Based Email Hard Copies 18

Questions?

Contacts Brian O’Brien Patrick O’Connor Manager, Data Security Office of Information Technology The Ohio State University E-mail: obrien.9@osu.edu Patrick O’Connor Sr. Systems Engineer E-mail: oconnor.33@osu.edu

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.