5.6 Employee Compensation Systems Security
5.6 Employee Compensation System〈s〉 Security
(Last Modified on January 30, 2018)
5.6.1 Data Access and Segregation of Duties
(Last Modified on January 30, 2018)
Each institution is responsible for the security of their employee compensation system(s) and for the establishment of access to the system.
To enhance security of the employee compensation system data and to reduce operational risks associated with personal service expenditures, each institution, as well as the SSC, should:
- provide employees access to the employee compensation system at the appropriate level to perform their job duties and/or maintain their personal employee information,
- segregate transaction initiation (i.e. hiring an employee, time entry), transaction processing (i.e. job record updates, processing payroll) and transaction recording (i.e. posting payroll transactions in the general ledger), and
- implement compensating controls if adequate segregation of duties is not feasible.
The OneUSG Connect system utilizes security roles and permission lists to aid in the proper access to data and segregation of duties. Employees should be assigned the OneUSG Connect security role(s) necessary for the completion of their job duties. Institution or System Office employees outside of the human resources and/or payroll offices should only be assigned OneUSG Connect access required to accomplish their job duties. For example, an academic affairs office employee responsible for reporting faculty credentials should have read access only.
The SSC should separate the following services if provided for institutions:
- HR Data Entry/Benefits Data Entry
- Payroll Processing, and
- Money Movement (between USO, Institutions and Vendors) and Accounting Services (GL JE creation, reconciliations, etc.)
The system access of employees that are on an extended leave of absence should be reviewed to determine appropriate access to the system, if any, during the extended leave. If an employee with practitioner or managerial access is on extended leave, a similar determination should be made as to appropriate access during the extended leave. The length of the absence and the reason for the absence should be considered in making the determination.
5.6.2 Employee Compensation System〈s〉 Security Administration
(Last Modified on January 30, 2018)
The primary and backup Security Administrators (SA), who are appointed by the CBO of each institution, are responsible for ensuring that the appropriate level of security is awarded to the practitioners at their respective institutions. The SA should identify access required for the operators ensuring compliance with the federal and state regulations, as applicable, and USG policies and procedures. For SSC supported institutions, security access should be validated locally for all requested access before submitting the request to the SSC.
↑ Top