Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identifying Segregation of Duties Issues in a PeopleSoft Environment

Published byLeona Jefferson Modified over 8 years ago

Similar presentations

Presentation on theme: "Identifying Segregation of Duties Issues in a PeopleSoft Environment"— Presentation transcript:

1 Identifying Segregation of Duties Issues in a PeopleSoft Environment
Central Ohio Chapter Information Systems Audit and Control Association February 8, 2007 1

2 Your Presenters Brian O’Brien Manager - Data Security
10 years of PeopleSoft experience with Ohio State’s 1,300 user HRMS and 2,400 user Financials environments Pat O’Connor Senior Systems Engineer Ohio State’s leading technical security expert, has 8 years of PeopleSoft experience, ranging from configuration management and control to security administration Sharing Information: Audience Demographics: Auditors Sec Admin DBA Functional Technical 2

3 Overview We have created a process for Defining, Identifying and
Reporting Segregation of Duties issues. Ideas from HEUG Conference Our own External Auditors were doing it “manually” Our security knowledge of the system (i.e. Who has access to what) No Dirty Laundry!! 3

4 Ohio State’s Environment
7 Campuses 58,000 Students 35,000 Employees $3 Billion Budget 300,000+ Alumni 4

5 Database Environment Oracle9i Release 9.2.0.5.0 - 64bit
HP Hardware – HP-UX 11.0 N Class Over 50 PeopleSoft Databases 5

6 Ohio State and PeopleSoft
HRMS App: Tools: Benefits Admin Time and Labor Payroll eRecruit eProfile Flexible Spending Financials University App: Tools: Asset Management Accounts Payable General Ledger Budgeting Inventory Purchasing Grants Suite Financials Medical Center App: Tools: Inventory eProcurement Decentralized 6 6

7 Enterprise Performance Management (EPM)
Where We’re Headed Student Admin 8.9 Enterprise Performance Management (EPM) Upgrade HRMS 8.0 -> 8.9 eProcurement Module Financials > 8.9 5 Major PS Projects planned 4 Concurrently AMBITIOUS!! 7 7

8 Identifying Segregation of Duties Issues
What Duties Should be Segregated? Identify the Duties in PeopleSoft Building the SoD Reports Begin the Meat of the Presentation 8

9 What is Segregation of Duties?
…no single individual should have control over two or more phases of a transaction or operation… (University of Utah Department of Internal Audit Identify the Duties) …no one individual employee can complete a significant business transaction in its entirety… (UCSD Audit & Management Advisory Services) To minimize Error and Fraud Why Segregation: CONTROL Deter Dishonest People Not Tempt Honest People Regulatory Compliance 9

10 Examples of Segregation of Duties?
Those responsible for physical receipt of goods should not be responsible for paying for the goods. Those responsible for custody of goods should not be responsible for maintaining the records of the assets. Those responsible for collection of receivables should not be responsible for entries in the book of accounts. Source: Sawyer’s Internal Auditing 5th Edition, page 1198 Note Page Number of source on slide 10

11 Recent Ohio State Experience
Ex-OSU worker charged in $312,000 theft The Columbus Dispatch,Thursday, March 30, 2006 “…job allowed him not only to tally and submit the payroll in his department, but also to hand out the checks. “He would prepare the payroll, submit the payroll and distribute the checks,” O'Brien said…

12 What Duties Should be Segregated?
Purchase an Item PO Initiator PO Approver PO Receiver 12

13 What Duties Should be Segregated?
Web Searches HEUG Contacts Ohio State’s Internal Auditors Sawyer’s Internal Auditing ISACA HEUG Contacts Brad Hamilton City of Tallahassee Show Docs (Kitty Aggelis from FSU SoD Matrix) OSU Doc OSU IA Analysis 13

14 What Duties Should be Segregated?
Financial Duties Requisition Initiator Requisition Approver P.O. Initiator P.O. Approver Procurement Functions 14

15 Identify the Duties in PeopleSoft
Identify the Security Controls Page Access (not Role) Operator Preferences Table Data Values End Result is a SQL query How do we identify these duties in PS? Examples: Oper Pref: Table Data Values: Buyer Setup Table Show Spreadsheet used to Upload Permission Lists Show some SQL Discuss pseudo-code ex.: page access oper pref WF Role 15

16 Build the SoD Reports Sample Reports Creation Process
Create the SQL Program Create a Formatted Spreadsheet Paste the SQL Output to a Spreadsheet Show Job Aid Discuss SoD Module? Lack of “or” logic More complicated 16

17 Build the SoD Reports Sample Reports Procurement SoD Reports
Workflow by User by Organization Counts by Departments Procurement Without SoD by Money Value Reverse Hill-Climber 17

18 Build the SoD Reports Sample Reports Delivery Mechanisms
Enterprise Web Based Hard Copies 18

19 Questions?

20 Contacts Brian O’Brien Patrick O’Connor Manager, Data Security
Office of Information Technology The Ohio State University Patrick O’Connor Sr. Systems Engineer

Download ppt "Identifying Segregation of Duties Issues in a PeopleSoft Environment"

Similar presentations

EPM Intermediate 2010. EPM Database Enterprise Warehouse Data Sources Ascential (ETL) Staging Metadata PeopleTools PeopleSoft HRMS Reporting Data Loader.

EPM Intermediate EPM Database Enterprise Warehouse Data Sources Ascential (ETL) Staging Metadata PeopleTools PeopleSoft HRMS Reporting Data Loader.
Overview This session is aimed at both PeopleSoft Financials users and Security Administrators. We will discuss plans for the 9.2 upgrade including.

Overview This session is aimed at both PeopleSoft Financials users and Security Administrators. We will discuss plans for the 9.2 upgrade including.
Massachusetts Department of Elementary & Secondary Education

Massachusetts Department of Elementary & Secondary Education
Shopper Training. 2 Welcome to BuzzMart One-stop Online Shopping Electronic Approval Workflow Quantity and Cost Receiving Better, more efficient Procure.

Shopper Training. 2 Welcome to BuzzMart One-stop Online Shopping Electronic Approval Workflow Quantity and Cost Receiving Better, more efficient Procure.
UT San Antonio PeopleSoft Project September 2010.

UT San Antonio PeopleSoft Project September 2010.
University of Missouri System PeopleSoft Financials Reporting for Today and Tomorrow.

University of Missouri System PeopleSoft Financials Reporting for Today and Tomorrow.
SISFin and the HR Portal. Click Select an Account to explore in either module The Fund Accounts and Budget Preparation modules are much the same.

SISFin and the HR Portal. Click Select an Account to explore in either module The Fund Accounts and Budget Preparation modules are much the same.
School Board Workshop ERP Update January 25, 2006.

School Board Workshop ERP Update January 25, 2006.
A look at the Road of Integration Winter 2008 User Group Presentation.

A look at the Road of Integration Winter 2008 User Group Presentation.
Senior Fiscal Officer Meeting May 27, 2010. PeopleSoft Certification Deadline: Friday, June 4, 2010.

Senior Fiscal Officer Meeting May 27, PeopleSoft Certification Deadline: Friday, June 4, 2010.
1 State of Connecticut Core-CT Project HRMS Training Registration July, 2003.

1 State of Connecticut Core-CT Project HRMS Training Registration July, 2003.
Microsoft Dynamics SL. Agenda Why Dynamics SL Microsoft Dynamics SL Roadmap Review Business Portal 3.0 Features Review & Demonstrate new 6.5 Features.

Microsoft Dynamics SL. Agenda Why Dynamics SL Microsoft Dynamics SL Roadmap Review Business Portal 3.0 Features Review & Demonstrate new 6.5 Features.
Leveraging Purchasing Technologies and Strategic Initiatives to Produce ROI The Next Level Conference March 3, 2003.

Leveraging Purchasing Technologies and Strategic Initiatives to Produce ROI The Next Level Conference March 3, 2003.
The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.

The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.
1 PeopleSoft Financials version 8.8 Coming Soon. 2 When will the Conversion Happen? Target Date – November 9, 2005 Target Date – November 9, 2005 Several.

1 PeopleSoft Financials version 8.8 Coming Soon. 2 When will the Conversion Happen? Target Date – November 9, 2005 Target Date – November 9, 2005 Several.
Copyright ©2010 Michigan State University ebsp.msu.edu 1 Get Ready for Enterprise Business Systems from an IT Perspective A panel discussion with EBSP.

Copyright ©2010 Michigan State University ebsp.msu.edu 1 Get Ready for Enterprise Business Systems from an IT Perspective A panel discussion with EBSP.
1 Segregation of Duties APM 2.25.55. 2 Learning Objectives Attain an understanding of: –Concept of Segregation of Duties –How the concept is applied at.

1 Segregation of Duties APM Learning Objectives Attain an understanding of: –Concept of Segregation of Duties –How the concept is applied at.
Principles of Information Systems, Seventh Edition2 An organization’s TPS must support the routine, day-to- day activities that occur in the normal course.

Principles of Information Systems, Seventh Edition2 An organization’s TPS must support the routine, day-to- day activities that occur in the normal course.
M0254 - ERP (Enterprise Resources Planning) M0254 - ERP (Enterprise Resources Planning) Session 8 - ERP Modules Ir. Ekananta Manalif, MM, MKom (D2664)

M ERP (Enterprise Resources Planning) M ERP (Enterprise Resources Planning) Session 8 - ERP Modules Ir. Ekananta Manalif, MM, MKom (D2664)
SAP R/3 Materials Management Module

SAP R/3 Materials Management Module

Similar presentations

Ads by Google