Security Liaison User Group Meeting May 29, 2009

Security Liaison User Group Meeting

May 29, 2009

Agenda Welcome Mary Yabrosky Financials Security Patty Cafazzo,

Nayda Flores General Security Sam Johns EPM Security Mary Yabrosky HRMS Security Tracy Douglas Security Updates Sam Johns, Mary

Yabrosky

Welcome

Introduction OSC Core-CT HR Team Core-CT Fin Team Core-CT Security Team

Facility

Welcome

Goal: Help Security Liaisons understand Core-CT Security and related tasks Improve Communication Improve access to Security related information

Improve Security Website Layout Provide more on-line job aids and valuable links

Collect Feedback Help transition Liaison responsibilities

Welcome

Security Liaison Communication Vehicles: Core-CT Security Bulletins E-mail Core-CT Security Mailbox Core-CT Security Website User Group evaluations Liaison Survey

Welcome

Security Liaison Survey Results, March 2009 21 HRMS 24 Financials 24 Primary Liaisons 8 Secondary Liaisons 29 Agencies

Welcome

Security Liaison Survey - Findings Need better understanding of CO-1092 process Need better understanding of EPM Reporting

tables Need better understanding of Financial

Workflow & Origins Need better understanding of HR Roles 75% of survey participants would like a User

Group - 1 or 2 times a year

Agenda

Welcome Mary Yabrosky Financials Security Patty Cafazzo,


Yabrosky

Financials Security OSC Processing - CO-1092 and Segregation

of Duties

The general guidelines cont.: Accounts Payable – A Voucher Adjustment, Maintainer or

Processor can not have the Voucher Approver or Alternate Approver Role. Additionally, a Voucher/Alternate Approver can not have either the Requisition Purchase Approver or any Purchase Order Approver Role.

The Business Unit must have an approved CO-512 on file with the Comptrollers office for identifying all final approvers. Only the final approvers should be listed on the CO-512. For Requisitions, the final approver role is the Requisition Purchase Order Approver; for Purchase Orders, the PO Budget Approver; and for Accounts Payable, the Alternate Approver and the Voucher Approver.

Financials Security OSC Processing - Reasons for Delays in the

Processing of the CO-1092: Conflicts exist in an individual’s current roles or the roles

requested for the individual have a conflict or will cause a conflict with the existing roles. Conflicts should be eliminated currently or prospectively prior to the resubmission of the CO-1092.

A CO-512 must have been approved for your Business Unit and on file with the Accounts Payable Division. If not, notice of this deficiency will be communicated to your Business Unit by e-mail, allowing the Business Unit five (5) business days to comply before the CO-1092 is rejected. As a reminder, the CO-512 requires the signature of the agency head.

Financials Security OSC - Roles Audits

APD conducts periodic audits of the agencies’ security roles for segregation. A listing of all employees that have financial roles is generated and compared to a Segregation of Roles grid. An analysis is made to determine if a conflict in an individual’s roles exists. The Business Unit is notified if a conflict has been determined to exist and is given two (2) weeks to come up with a resolution. A copy of the corrections resulting from an audit must be sent by e-mail to [email protected]. If the conflict(s) is (are) not resolved in the time allotted APD will be forced to delete the conflicting role(s). The Comptroller’s Accounts Payable Audit team is willing to assist any agency that may have some difficulties in the segregation of roles.

Financials Security Workflow & Origins

When to use the Financials Appendix Page – CO-1092 General Buyer OR Program Buyer PO Amount Approver 1&2; PO Budget Approver Requester and Multi Requester Req. Amount Approver 1-4; Req. Budget Approver; Req.

Purchasing Approver Alternate Approver Adjustment Voucher Processor; Journal Voucher Processor;

Voucher Processor Voucher Approver


General Buyer & Program Buyer, You must complete the following:

Ship to location Deptid Origin (1 only)


Requester and Multi Requester, You must complete the following:

Ship to location Deptid Origin (1 only)


PO Amount Approver 1&2; PO Budget Approver Req. Amount Approver 1-4; Req. Budget Approver; Req. Purchasing Approver, Alternate Approver Voucher Approver: You must complete:

Business Unit Origin(s) All must be listed


Adjust. Voucher Processor, Journal Voucher Processor, Voucher Processor You must complete:

Origin (Only 1)

Financials Security Workflow & Origins:

Origins are three character representation of and Agency, Bureau, Division or Unit

Origins are used to identify where transactions originate Workflow enables transactions to flow from originator to

approver when:Transaction Originator Origin = Transaction

Approver Origin Workflow Transactions include Requisitions, PO’s,

Vouchers

Financials Security

Workflow & Origins How to look up Origin and Business Unit for

Approval Roles Approval Roles:

CT WF REQ AMT APPROVER 1 – 4 CT WF REQ BUDGET APPROVER CT WF REQ PURCH APPROVER PO Amount Reviewer 1 - 2 PO Budget Reviewer Voucher Approver Alternate Approver

Financials Security Workflow & Origins - Steps to lookup Route

Controls on Workflow Roles in Core-CT Navigation: FIN PeopleTools>>Security>>User

Profiles>>User Profile Enter Userid Click ‘Search’ Click ‘Roles’ tab Select the ‘Route Control’ link to the right of the

Approval Roles. Origin and Business Unit is displayed Click ‘OK’ or ‘Cancel’ to return to ‘Roles’ tab

Financials Security Workflow & Origins - Steps to lookup Route

Controls on Workflow Roles in Core-CT


How to look up Voucher Origins in Core-CT Navigation: Set Up Financials>SupplyChain>Common

Definitions>User Preferences>Define User Preferences

Enter Userid (ex: test) Click ‘Search’ Click on Procurement link Click on Payables Online Vouchering link Voucher Origin is displayed (Ex: ZZZ) under Default

Values


How to look up Voucher Origins in Core-CT


How to look up Requester setups in Core-CT Navigation: Set Up Financials/Supply Chain>Product

Related>Procurement Options>Purchasing>Requester Setup

Enter Userid in ‘Requester’ field – Ex: BellamoJ Click ‘Search’ Request Setup Page: displays the requester defaults: Ship

To, Origin, Department


How to look up Requesters setups in Core-CT


How to look up Buyers set ups in Core-CT Navigation: Set Up Financials/Supply Chain>Product

Related>Procurement Options>Purchasing>Buyer Setup Enter Userid in ‘Buyer’ field – Ex: StarbalaA Click ‘Search’ Buyer Setup Page: displays the Buyer defaults:

Department, Ship To, Origin


How to look up Buyers setups in Core-CT

Agenda



Yabrosky

General Security

CO-1092 Security Form - Process Flows Supervisor initiates/authorizes CO-1092

request submits to Liaison Liaison verifies, authorizes and faxes to Core-

CT Security (CS) mailbox If new user, CS requests User ID from ITD CS obtains appropriate central authorizations

(OSC or DAS) CS processes request and notifies Liaison Allow 2 week turnaround time

General Security

CO-1092 – Authorizations Required Agency Liaison ITD OSC/DAS

General Security

Receive CO-1092from Agency

Sort by typeNew

ModifyName Change

HRMSor

Financial

To OSC for review and approval

Segregation of duties And CO-512

To Core-CT for review and approval

Segregation of duties

Core-CT Security makes changes to

the user profile

Core-CT Securitymakes changes to

user profile

New to ITD for assignment of

User ID

Faxed back to agency liaison

CO-1092 – Process Flow

New User ? No

New User ? Yes

General Security

CO-1092 - Prioritization of Security Requests

1. New Users2. Updates3. Name Changes

General Security

Security Liaison Guide Guide will help you to understand:

Core-CT Application Security Password policies Agency Security Liaison Responsibilities and Agency

Manager Responsibilities CO-1092 Process Financial / HRMS / EPM Security Other useful links and job aids

Agenda



Yabrosky

EPM Security

Understanding EPM Reporting Table and Security: Reporting Functional Subject Areas EPM Permissions and Access Groups (Trees) User Profiles: Roles, Data Permissions How it all Comes Together

EPM Security

Functional Reporting Subject Areas HR or Financial information and data access will

be the same in EPM Exceptions: EPM only access; EPM roles do not

mirror Financial or HR roles

EPM Security Functional Reporting Subject Areas

HR Reporting Table descriptions job aid:

http://www.core-ct.state.ct.us/epm/docs/hr_reporting_table_summary.doc

Position Information Subject Area

Position Reporting Table (CTW_POSITION)The Position Reporting Table contains data related to the employee positions

that have been set up within the State of Connecticut. The table will hold the status of the position (whether it has been approved or not), the department or agency assigned to the position, the job code or class of the position, and the chart field string that has been assigned to the position for budgeting purposes. This reporting table will not hold the employees that will be assigned to the positions as it is possible for several hundred employees to be enrolled in the same position. A join to the Employee table will allow the user to select both employee and position information.

EPM Security Functional Reporting Subject Areas

Financials Reporting Table descriptions job aid:

http://www.core-ct.state.ct.us/epm/docs/fin_reporting_table_summary.doc

General Ledger Subject Area

Ledger Balances Table (CTW_LED_BAL)This table holds ledger balances for each accrual ledger (modified

accrual, full accrual, and modified cash ledgers) for all accounting periods and fiscal years. Included in this table will be the business unit, ledger, ChartFields, and the posted total amount. Users can query this table to view the State's accrual accounting position for the current month or year-to-date.

EPM Security EPM HR Permissions

and Access Groups

Access Groups

Reporting Tables

Permission Lists

EPM Security EPM Fin Permissions

and Access Groups

Access Groups

Reporting Tables

Permission Lists

EPM Security How it all comes together:

EPM User Profile

Roles

Permission Access Groups Reporting Tables

Lists

EPM Security

EPM User Profiles: Roles, Data Permissions Liaison must check EPM checkbox on CO-1092

form User must have EPM Reporting Role(s) to access

EPM Reporting Tables User must have data permissions (HR Deptid or

Fin BU) to access Core-CT Data in EPM

EPM Security EPM User Roles

Reporting Table to Role Mapping Job Aid – HRMS

http://www.core-ct.state.ct.us/epm/Reporting Table to Role Mapping

EPM Security EPM User Roles

Reporting Table to Role Mapping Job Aid- Financials

http://www.core-ct.state.ct.us/epm/Reporting Table to Role Mapping

EPM Security How it All Comes Together in EPM User Profile

EPM Data Permissions: FIN HR

EPM Security How it All Comes Together in EPM User Profile

Reporting Table role

Portal, EPM Application & signon- time roles

Agenda



Yabrosky

HRMS Security HRMS/EPM Application Security Request form

The CO 1092 Security Request form for HRMS/EPM

The HRMS/EPM Security request form is now a separate form from FIN/EPM

When making your requests, please be very careful not to put a check mark by any roles that the User already has

http://www.core-ct.state.ct.us/security/xls/hrform.xls

HRMS Security

HRMS Role Handbook The handbook is provides:

Roles Descriptions Tasks associated with each role

http://www.core-ct.state.ct.us/docs/hrms_role_handbook_task_55.doc

HRMS Security HRMS Role Mapping Job Aid

HRMS Security HRMS Role Mapping to Page Job Aid

http://www.core-ct.state.ct.us/user/hrjobaids/overall/default.htm

HRMS Security HRMS Reports

Reports can be found in the master reporting document list

Go to Core Security Web Site

Click on Reporting Job Aids

Click on the appropriate hyperlink.

http://www.core-ct.state.ct.us/

HRMS Security Segregation of Duties

There are two very important roles associated with the security segregation of duties guidelines.

Agency Payroll SpecialistAgency Time and Labor Specialist roles

These roles cannot be assigned to a User who has the Agency HR Specialist role. The link below provides further information.

http://www.core-ct.state.ct.us/security/docs/hr_seg_duties

Agenda



Yabrosky

Security Updates

CO-1092 Retention Schedule: CSL & OSC - agencies to

retain original forms 2 years from employee’s separation of service – 3/2009

RIP impacts: Delete users and adjust roles of approvers and

processors Ensure timely submission of CO-1092s for deletion or

updates of HR & Financial users

Security Updates

Userid Audits Changing from Quarterly to Biannually Identifying new mechanisms to automate

process Subsequent reporting in EPM

Security Updates

New and modified Security forms and jobs aids: Security Liaison Guide –4/2009 HRMS Role Handbook –3/2009 Financial Role Handbook –2/2009 HRMS CO-1092 Form – 3/2009 Financial CO-1092 Form – 4/2009

Security Updates

New and revised Security forms and jobs aids: Agency Security Liaison List – 4/2009 EPM Table to Role Mapping – 5/2009

Security Updates Core-CT Security Website – Before Changes

Security Updates Core-CT Security Website - After

Security Updates Security Liaison Website – new Links and Job Aids

Security Liaison Guidehttp://www.core-ct.state.ct.us/security/docs/liaison_guide.doc

State IT Policieshttp://www.ct.gov/doit/cwp/view.asp?a=1245&q=253994&doitNav=|&doitNav=|

Comptroller Memorandahttp://www.osc.state.ct.us/

Roles HRMS Pages and Reportshttp://www.core-ct.state.ct.us/user/hrjobaids/tl/hrms_rl_hndbk.xls

Security Liaison Financials Job Aid (Workflow Routing Template)http://www.core-ct.state.ct.us/financials/wf/

Navigation to Look up Requesters and Buyershttp://www.core-ct.state.ct.us/security/docs/look_%20up_rqstrs_and_byrs.doc

Steps to Look Up Route Controls in Workflowhttp://www.core-ct.state.ct.us/security/docs/fin_lkp_origin_bus.doc

When to Use Appendix – BU Workflows for Origins- coming soonhttp://www.core-ct.state.ct.us/security/docs/when_to_use_fin_appdx.doc

Roles needed to access Financial Reportshttp://www.core-ct.state.ct.us/reports/financial.asp

EPM Reporting Table to Role Mappinghttp://www.core-ct.state.ct.us/epm/xls/rptng_tbl_to_rl_mppng.xls

Agenda

User Group On-line Evaluation Form:http://www.core-ct.state.ct.us/evaluation/

THANK YOU!

Documents

Security Liaison User Group Meeting May 29, 2009