1 / 20

Identifying Segregation of Duties Issues in a PeopleSoft Environment

Identifying Segregation of Duties Issues in a PeopleSoft Environment. Central Ohio Chapter Information Systems Audit and Control Association February 8, 2007. 1. Your Presenters. Brian O’Brien Manager - Data Security

natane
Télécharger la présentation

Identifying Segregation of Duties Issues in a PeopleSoft Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Identifying Segregation of Duties Issues in a PeopleSoft Environment Central Ohio Chapter Information Systems Audit and Control Association February 8, 2007 1

  2. Your Presenters • Brian O’Brien • Manager - Data Security • 10 years of PeopleSoft experience with Ohio State’s 1,300 user HRMS and 2,400 user Financials environments • Pat O’Connor • Senior Systems Engineer • Ohio State’s leading technical security expert, has 8 years of PeopleSoft experience, ranging from configuration management and control to security administration 2

  3. Overview • We have created a process for • Defining, • Identifying and • Reporting • Segregation of Duties issues. 3

  4. Ohio State’s Environment • 7 Campuses • 58,000 Students • 35,000 Employees • $3 Billion Budget • 300,000+ Alumni 4

  5. Database Environment • Oracle9i Release 9.2.0.5.0 - 64bit • HP Hardware – HP-UX 11.0 N Class • Over 50 PeopleSoft Databases 5

  6. Ohio State and PeopleSoft 6 6

  7. Where We’re Headed Student Admin 8.9 Enterprise Performance Management (EPM) Upgrade HRMS 8.0 -> 8.9 eProcurement Module Financials 8.42 -> 8.9 7 7

  8. Identifying Segregation of Duties Issues • What Duties Should be Segregated? • Identify the Duties in PeopleSoft • Building the SoD Reports 8

  9. What is Segregation of Duties? • …no single individual should have control over two or more phases of a transaction or operation… • (University of Utah Department of Internal Audit Identify the Duties) • …no one individual employee can complete a significant business transaction in its entirety… • (UCSD Audit & Management Advisory Services) 9

  10. Examples of Segregation of Duties? • Those responsible for physical receipt of goods should not be responsible for paying for the goods. • Those responsible for custody of goods • should not be responsible for maintaining the records of the assets. • Those responsible for collection of receivables should not be responsible for entries in the book of accounts. • Source: • Sawyer’s Internal Auditing • 5th Edition, page 1198 10

  11. Recent Ohio State Experience • Ex-OSU worker charged in $312,000 theft • The Columbus Dispatch,Thursday, March 30, 2006 • “…job allowed him not only to tally and submit the payroll in his department, but also to hand out the checks. • “He would prepare the payroll, submit the payroll and distribute the checks,” O'Brien said…

  12. What Duties Should be Segregated? 12

  13. What Duties Should be Segregated? • Web Searches • HEUG Contacts • Ohio State’s Internal Auditors 13

  14. What Duties Should be Segregated? • Financial Duties • Requisition Initiator • Requisition Approver • P.O. Initiator • P.O. Approver 14

  15. Identify the Duties in PeopleSoft • Identify the Security Controls • Page Access (not Role) • Operator Preferences • Table Data Values • End Result is a SQL query 15

  16. Build the SoD Reports • Sample Reports • Creation Process • Create the SQL Program • Create a Formatted Spreadsheet • Paste the SQL Output to a Spreadsheet 16

  17. Build the SoD Reports • Sample Reports • Procurement SoD Reports • Workflow by User by Organization • Counts by Departments • Procurement Without SoD by Money Value • Reverse Hill-Climber 17

  18. Build the SoD Reports • Sample Reports • Delivery Mechanisms • Enterprise Web Based • Email • Hard Copies 18

  19. Questions?

  20. Contacts • Brian O’Brien • Manager, Data Security • Office of Information Technology • The Ohio State University • E-mail: obrien.9@osu.edu • Patrick O’Connor • Sr. Systems Engineer • Office of Information Technology • The Ohio State University • E-mail: oconnor.33@osu.edu

More Related