University taps Baker Tilly to conduct payroll security review and ensure appropriate controls and segregation of duties

Our client’s need

A large, public university needed help to review the controls around its PeopleSoft HCM application.

Baker Tilly solution

Serving the university’s internal audit function, Baker Tilly evaluated the state of system access for a financial application, specifically the payroll module. We conducted interviews and reviewed existing documentation (e.g., policies, procedures, reports, system implementation information) to gain an understanding of the current application environment, including the payroll processing cycle and the security administration process. We developed high-level process flow diagrams for four payroll processing cycle components in order to document the key payroll business processes performed in the application. We also developed high-level process flow diagrams for security administration process components, including adding, modifying, removing, and reviewing users, roles, permission lists, and row-level application security. We provided the university with an inventory of currently implemented users, roles, permission lists and row-level security. Additionally, we reviewed access to key payroll and security administration items to ensure appropriate segregation of duties exist.

Results achieved

Baker Tilly provided a final presentation to the university that included recommendations for improvements to application security and segregation of duties. Specifically, our results helped the university redefine security administration roles and responsibilities to ensure appropriate controls and segregation of duties.

For more information on this topic, or to learn how Baker Tilly specialists can help, contact our team.