Brian PelletierTyler Technologies
4B – ROLE BASED SECURITY - PAYROLL
KASBO Spring 2015
Intro/GoalsIntro:•Theft and fraud affect an entire organization. Secure Munis to reduce the threat•Focusing on role based security alone is not a complete solution
Goals:•Secure Munis through user, menu and role based security•Review Payroll Auditing functions
User Access•Review all enabled user accounts in Cloud Admin
User Access•Review all enabled user accounts in User Attributes
Note: Keep support roles (983klamb, 983smill, 9XXXschd,
9XXXsupp)
User Roles - Review•Do your users have roles like this?
User Roles - Review• Review Munis generated roles (e.g. PO_MNTPOS_FULL, AP_POST_FULL etc.)• Remove Munis generated roles from User once you have reviewed and taken action• Review remaining roles and determine if they are appropriate for each enabled user• As you review roles, remove unneeded modules (use caution)•Use the Munis Help to get detailed information on fields•Never share passwords!!! Temporarily assign a role if needed
• Remember to perform a database refresh (mucopy) after making changes to ensure Train & Test are also secure
Munis/User Roles - Review• Review settings in Munis generated roles• Review modules in each role
Menu Security• Menu access is assigned to a role(s)• Ensure user has appropriate menu access in each
role• Roles do not require menu access (e.g. GL data
access)• Very few users need access to System
Administration > Security > User Attributes/Roles
Role Security - Payroll• The payroll module (found within a role) has many options•Use Munis Help from within the program to get information on various fields
Munis Help
Role Security - Payroll
Role Security - Payroll•Payroll Superuser/Administrator• Needed to process payrolls• Not necessary for updating employee information• If “Yes, no restrictions” this overrides category and other restrictions• Other options:• No: Can update employee info but limited in payroll processing• Restricted to location: Limits access to employees• Projections Only: Limited to payroll info in Budget Salary Benefit
Projections
•Status/Start/Change Access:• Full Access• Restricted – Cannot access Start, Users, Locations and Balloon buttons
Role Security - Payroll• View/Maintain deductions: Only in a payroll (Earnings & Deductions)• View/Maintain direct deposit accounts: In Employee Deductions•Maintain Job/Pay GL: In Employee Job/Salary
Data Access:• Options in each area are:• Full – no restrictions• None – no access• Limited – you set the specific ranges accessible to this role
• Remember - Restrictions only apply if not Payroll Superuser
Role Security - Payroll
Role Security - Payroll•Category Access provides 5 options:•No Access Inquiry Only•Hide SSN (Inquiry Only) Update/Delete – full access•Hide SSN (Upd/Del)
Monitoring Payroll•No matter the restrictions in place, someone or some group must have access to process the payrolls•Separation of duties and restrictions can reduce the opportunity of fraud but cannot eliminate it•Monitoring payroll is a task each organization should consider performing
•Tyler includes many programs that not only audit payroll changes to employees but also audit the payroll process and changes
Monitoring PayrollMonitoring Payroll Processing:• Payroll Start and Status• Earnings and Deductions• Earnings and Deductions Proof• Global Audit Inquiry
Auditing Changes:• Payroll Audit Inquiry• Payroll Audit Options
Payroll Start and Status
Payroll Start and Status•Warrant is typically check date (e.g. 111714)•Check Date determines where the pays/deductions are reported/accumulated• Incomplete steps show green triangle•Completed steps show grey triangle•Complete: Shows checked when all required steps are complete. Set by Munis.•Check for Period Files Purged
Payroll Earnings and Deductions•Check for altered deductions in the Earnings and Deductions program:
Payroll Earnings and DeductionsEarnings and Deductions program:•Click the Global button•Click the “Global access to deduction records” button•Find all deductions where “Changed” > 0
1 Sufficiency2 Calc Code4 Tax Tables, Tax Marital, Exemptions256 Deduction Gross512 Employee Amount1024 Employer Amount
• Codes can be combined (e.g. 1536 = 512 + 1024)
Earnings and Deductions ProofOccasionally run a Totals Only proof after the payroll is complete and compare to prior Final proof amounts:
Global Audit Inquiry•Provides an audit trail of payroll processing tasks•User can see who ran payroll step and precisely when•Can also see if it was run multiple times
Payroll Audit Inquiry•Audits changes to:•Employee data (master, deductions, pay, accruals, accumulator etc.)•Setup tables (Pay master, Deduction and Benefit Master, Accrual Tables etc.)•Control tables (Payroll Control Settings)
• Information kept in great detail along with all fields established during an Add or Delete•The Audit Finder provides an elaborate tool to navigate the vast audit information
Payroll Audit Inquiry
Payroll Audit Inquiry
Payroll Audit Options• Program allows user to determine what is audited in Payroll/HR• Some auditing is optional and others are not
Payroll Audit Options• Predefined Sets Within Tables• Live – Current• Term – Terminated• Proj – Projection• System Gen – System Generated Changes• Other – Uncategorized Data• Actions – Pending Actions• Applicant – Applicant Tracking
Payroll Audit Options• May want to turn off System Gen options to reduce audit overhead