Contents subject to change.

Slides:



Advertisements
Similar presentations
Purchasing Card/Accounts Payable Presentation. Agenda Introduction Audit findings Audit Recommendations How can we help?
Advertisements

HR SERVICE REQUEST SYSTEM Department Demonstrations February 2012.
Employee Self-Service (ESS). Agenda Introduction 1 Terminology 2 Employee Self-Service Components 3 More Information 4 Questions & Answers 5.
Chapter 43 An Act Relative to Improving Accountability and Oversight of Education Collaboratives Presentation to Board of Elementary and Secondary Education.
Workflow & Event Derivation Workshop
PAYMENTNET at the University of Pennsylvania New Purchasing Card Management Software Application February 7, 2007.
Manager Desktop & Supervisor ID UL Meeting December 15, 2006.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Workflow & Event Derivation Workshop
FMMI Overview October 2014.
SAS 112: The New Auditing Standard Jim Corkill Controller Accounting Services & Controls.
Created May 2, Division of Public Health Managing Records What is a Record? What is a Records Retention & Disposition Schedule? Why is this Important?
Overview Signature Authority For Financial Transactions Michele M. Mock October 20, 2005.
Mandatory Annual ACE Training Fiscal Year 2011 – 2012.
Mandatory Annual ACE Training Fiscal Year 2010 – 2011.
TRANSIT BENEFIT CONFERENCE ON BEST PRACTICES AND STANDARDIZATION Presented By: December 6, 2007.
GENERAL UPDATES & REMINDERS JUDD ENFINGER. Fiscal Year-End Year-end calendar posted on Controller’s website ◦
11 Insert Agency Name Time and Labor Implementation Meeting Insert Date of Meeting.
April 2008 BAS Forum Payments to Non-Resident Aliens Reference the March 20th to the BAS Communications group. Departments planning events for summer.
OMB Memorandum M Implementation of the Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act) September 2013.
1 Fannie Mae Servicing, Loss Mitigation, Quality Control & Policy John Curcio, Director Michael Sloan, Manager © 2015 Fannie Mae. Trademarks of Fannie.
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
Building a Sound Security and Compliance Environment for Dynamics AX Frank Vukovits Dennis Christiansen Fastpath, Inc.
Web P-Card Training February Overview The SUNY Financials Web Procurement Card application is used to manage the regular operations of SUNY’s Procurement.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
2017 Performance Management Changes
Travel Charge Card Training
SchoolSuccess for Coordinators
UNIVERSITY RECEIVABLES Policy ▪ Resources ▪ Options
For use with New York State agency staff
Compliance Update 11 December
Policies and Procedures
UNIFORM GUIDANCE: RESULTS AND BEST PRACTICES
Project Management: Messages
Information Technology (IT) Audits
Business Managers Meeting May 15, 2017 Presented by Management Advisory Services Sharon Doherty-Ritter, Director David Sohns, Management Analyst.
Multnomah Education Service District
PTCA Credit Card Program Overview
Streamline your HR document management processes
Multnomah Education Service District
DUMFRIES AND GALLOWAY IMPLEMENTATION AND MANAGEMENT OF PREPAID CARDS
IS4680 Security Auditing for Compliance
SmartLaborII Supplier Training Overview October, 2016.
Paying Human Subjects Clinical Neuroscience Administrative Center (CNC)
Training for New District Test Coordinators
Supplier Training Overview February 2018
Introduction to Internal Audits
Port Everglades Department Pre-Launch Briefing
Certification of Internal Controls Over the Payment Process
Approving Timesheets.
Change Management Team
Red Flags Rule An Introduction County College of Morris
End of Year Performance Review Meetings and objective setting for 2018/19 This briefing pack is designed to be used by line managers to brief their teams.
Financial Authorized Requestors User Group
DUMFRIES AND GALLOWAY IMPLEMENTATION AND MANAGEMENT OF PREPAID CARDS
RECORDS AND INFORMATION
County HIPAA Review All Rights Reserved 2002.
Office of the State Comptroller Fiscal Year End Meeting
RAIN Meeting March 3, 2009.
Risk Management: why and how to protect your health center
Web P-Card Training February 2016
What are IAM Key Processes.
Learning Management System (LMS) Alignment Meeting April 02, 2019
EMS Development Course for Government Agencies
Administrator All-Hands
ePerformance: A Process Crosswalk May 2010
CUIBO MEETING April 24, 2019.
Region Leaders Training May 8, 2019
Topics.
Presentation transcript:

Contents subject to change. New SFS Online Validation Process Overview for NYSICA April 26, 2018 Statewide Financial System (Internal Use Only). 1 Contents subject to change. Statewide Financial System (External Use Only). Contents subject to change. 4/26/2018

Contents subject to change. Welcome and Introductions Statewide Financial System (Internal Use Only). 3 Contents subject to change. Statewide Financial System (External Use Only). Contents subject to change.

Agenda / Key Takeaways for Today Annual User and Role Validations (Quarterly Report Improvements project) External Audit SFS Security Policy SFS Agency Security Maintenance Procedure Security Maintenance Best Practices Administrators etc. are privileged users in the system SFS User Provisioning Request Form SFS Internal Control Compliance Review Questions Statewide Financial System (External Use Only). Contents subject to change.

Importance of Annual Review Why is it important to you and SFS: To ensure confidentiality, integrity and availability of the data in the SFS by your periodic review of user and role information. OSC is subject to an Annual Financial Audit to which SFS is included. Each agency that uses SFS is subject to be included in the audit. You are responsible for the user and role information for your agency. Critical success factors for the Annual Financial Audit are: Timely review and maintaining the documentation related to the review. Your agency maintaining documentation around user provisioning. Statewide Financial System (External Use Only). Contents subject to change.

Annual User and Role Validations Contents subject to change. Kristen Pelcher Statewide Financial System (Internal Use Only). 24 Contents subject to change. Statewide Financial System (External Use Only). Contents subject to change.

Annual User and Role Validations SFS has implemented an online solution for the quarterly reports process beginning this fiscal year. Static files will no longer be distributed. Agencies will use real-time queries to complete reviews online. A new workcenter was deployed for easy access. Sign off form will now be completed online Snail mail of forms will no longer be required A mapping exercise was deployed to agencies requesting 100% compliance. Every agency must map at least one ASA, Financial Certifier, and Compliance Reviewer in SFS. If your agency does not have someone mapped to each of these roles, your agency will be unable to provide the required sign off. Contents subject to change.

Updated Training Materials Self-Paced Training in the Statewide Learning Management System (SLMS) SLMS Course Code: SFS-9.2-SPT ADMIN Security 205 Compliance Reviewer 205 Financial Certifier 205 Job Aids on SFSSecure JAA-ASA205-010 JAA-CR205-001 JAA-FC205-001

Annual User and Role Validations Security WorkCenter and Agency User and Validation Page Demo Contents subject to change.

Annual User and Role Validations Each quarter, SFS will distribute an email to all agencies as a reminder that SFS user and role validation must be completed at least once annually. Your agency can decide when it is most appropriate for your agency to complete the review. You may choose to complete the review more than once a year. Refer to the Agency Role Guide on SFS Secure to ensure you have the most updated guidance. Contents subject to change.

Yearly Follow-up Cycle October: SFS sends reminder email to ASAs for agencies who have not completed annual sign-off January: SFS sends follow-up email to ASAs AND Internal Control Officers February: SFS conducts phone outreach to ASAs March: Escalation via phone call to agency Chief Financial Officer

Reminders: Annual User and Role Validations Ensure that your agency: Is aware of new training materials Has mapped to all the required roles Built the new roles into your onboarding/offboarding and transfer processes Has tested the new features in the Agency Business Process (ABP) testing environment Contents subject to change.

Contents subject to change. External Audit Roger Aucoin Statewide Financial System (Internal Use Only). 3 Contents subject to change. Statewide Financial System (External Use Only). Contents subject to change.

External Audit As a reminder, any agency with ability to provision users to the SFS is subject to external audit. Your agency may be selected for the Annual Financial Audit and you will be required to provide documentation for user and role provisioning and your annual user and role reviews. Ensure you have required documentation in relation to: Annual user and role review: Spreadsheets Email correspondence Notify your ASA of your review outcome so changes are made within 30 days of review User provisioning processes: Refer to the following resource materials on SFSSecure SFS Agency Security Maintenance Procedure SFS User Provisioning Request Form

Contents subject to change. Security Policy Kristen Pelcher Statewide Financial System (Internal Use Only). 3 Contents subject to change. Statewide Financial System (External Use Only). Contents subject to change.

Security Policy Reference and Resources > Access to SFS (Security and Roles) > SFS Security Policy Contents subject to change.

Maintenance Procedure Contents subject to change. SFS Agency Security Maintenance Procedure Kristen Pelcher Statewide Financial System (Internal Use Only). 5 Contents subject to change. Statewide Financial System (External Use Only). Contents subject to change.

Security Maintenance Procedure on SFSSecure Reference and Resources > Access to SFS (Security and Roles) > SFS Agency Security Maintenance Procedure Contents subject to change.

Maintenance Procedure Resource Considerations Effective communication among supervisors, Human Resources (HR) and agency SFS administrators Supervisors provide the first line of insight on employee movement, extended leave, retirement, employee death, and termination As SFS Compliance Reviewers you should be the champion Engage your management and SFS administrators in conversations for process improvement Contents subject to change.

SFS Administration Observations User provisioning Separated employees and non-employees who have access to SFS are not locked and removed timely. Risk - the separated SFS users retain access to your agencies data. Separate process for contractors Contractors are not in state payroll systems How are you getting notified of contractor movement? Contents subject to change.

SFS User Provisioning Request Form SFS User Provisioning Request Form or your internal SFS access form are the methods for timely notification of provisioning changes to the ASA Documentation should be retained in case your agency is required to produce it upon audit request. Authorization and justification of changes being made to users in SFS must be retained for traceability to the ASA Self-Service Request reference number Contents subject to change.

Internal Control Compliance Review Mary Alber Statewide Financial System (Internal Use Only). 14 Contents subject to change. Statewide Financial System (External Use Only). Contents subject to change.

Internal Control Compliance Review SFS Internal Control Compliance Review document SFS recommends each agency Internal Controls Officer (ICO)/Compliance Reviewer consider the checklist when completing an internal controls compliance review of access to SFS. This checklist supports the published Office of the State Comptroller (OSC) Guide to Financial Operations (GFO) ‘Certification of Internal Controls over the Payment Process.’ Contents subject to change.

Compliance Review Internal Control Officers/Compliance Reviewers are asked to ensure: An inventory is created of any lack of controls or weaknesses in established Agency provisioning processes. A corrective action plan or compensating controls are established for any weaknesses identified in security processes. Monitor SFS access by utilizing tools provided via the Internal Control Officer Information Center in SFSSecure under Reference and Resources. Contents subject to change.

How to assess compliance? Ensure your agency has established policies over user access and SFS role assignment. Engage your administrators and list out any obstacles you face in these internal processes as currently implemented. Review your list with management for solution support. Escalate any road blocks. Contents subject to change.

Offboarding in SFS When an SFS user leaves state service, the User Account should be locked immediately and removed timely. Many agencies listed outstanding travel or credit card transactions as a reason they are not locking or removing SFS access timely. Outstanding travel or credit card transactions are NOT a reason to leave SFS access open to a separated state employee or contractor. RISK: Leaving SFS access in place for a user who left state service Contents subject to change.

Account Security SFS Audit Process runs on the first of every month: Account Locking: Lock agency user accounts that are more than 90 days old and have never been used Lock agency user accounts that have not been used in 180 days or more Removal of accounts: Accounts that are locked by the audit process and not reactivated within 180 days are removed from the SFS system. User accounts that hold travel only roles will not be removed as part of this process. Contents subject to change.

Any questions from our topics today? Thank you for attending! Contents subject to change.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.