Financial Audit Division Report 04-36 | Released August 31, 2004 |
Key Conclusion:
The departments did not have appropriate controls to authenticate the identity of many people with access to SEMA4’s self-service environment, where employees can enter various payroll and personnel information. As a result, it would be easier for unscrupulous persons to potentially guess passwords and gain access to the system.
| Audit Scope: Audit Period:
Background: This information technology audit assessed the adequacy of key controls over the State Employee Management System (SEMA4). SEMA4 is an integrated human resources and payroll system that is used by more than 90 state agencies. During fiscal year 2004, the system processed payroll and human resources transactions for over 62,000 employees, resulting in total payroll and business expenses that exceeded $3 billion. The Department of Employee Relations provides support for human resources functions, and the Department of Finance oversees payroll processing for the entire state. Information technology professionals in these two departments work closely to maintain the SEMA4 system. To fulfill their responsibilities, the departments rely on assistance from the Department of Administration’s InterTechnologies Group. |