Overall Audit Conclusions
The departments of Employee Relations and Finance have adequate controls to ensure that employees are paid the appropriate rates. Furthermore, the departments have adequate controls to ensure that the payroll is accurately processed and recorded in the state's general ledger. Finally, the departments have implemented controls to protect the integrity of SEMA4 payroll and personnel data. However, our audit identified some opportunities to further enhance the SEMA4 security infrastructure.
Key Findings and Recommendations
Background
This information technology audit assessed the adequacy of key "application" and "general" controls of the State Employee Management System (SEMA4), which underwent a major upgrade in April 2003. Application controls filter out invalid data before it can be processed and ensure that remaining transactions are completely and accurately processed. General controls, such as security policies, procedures, and standards are not unique to specific computerized business systems. Instead, they apply to all business systems that operate in a particular computing environment.