Minnesota Office of the Legislative Auditor
Financial Audit Division

Menu

Minnesota Office of the Legislative Auditor Menu

Report Summary


Financial-Related Audit

Department of Employee Relations
Department of Finance

SEMA4 Information Technology Audit


Overall Audit Conclusions

The Departments of Employee Relations and Finance have adequate controls to ensure that employees are paid the appropriate rates. Furthermore, the departments have adequate controls to ensure that the payroll is accurately processed and recorded in the state's general ledger. Finally, the departments have implemented controls to protect the integrity of SEMA4 payroll and personnel data. However, there are some opportunities to further enhance the security infrastructure.

Key Findings and Recommendations

  • Some information technology professionals had excessive security clearances. Though some of these employees sometimes needed powerful clearances, we question the need to grant such clearances on a permanent basis. We recommend that the departments grant employees security clearances that are commensurate with their typical job duties and handle extraordinary security needs on a case-by-case basis.
  • During transmission, some interface files were not appropriately secured. We recommend that the departments encrypt transmissions to and from SEMA4.
Background

This information technology audit assessed the adequacy of key "application" and "general" controls of the State Employee Management System (SEMA4). Application controls filter out invalid data before it can be processed and ensure that remaining transactions are completely and accurately processed. General controls, such as security policies, procedures, and standards, are not unique to specific computerized business systems. Instead, they apply to all business systems that operate in a particular computing environment.

More Information

Office of the Legislative Auditor ♦ Room 140, 658 Cedar St., St. Paul, MN 55155