Surviving an HRMS Audit: 4 Essential Steps
Nothing causes instant heartburn as much as the words, ‘the auditors will arrive Monday.’ When you have an HRMS, and in particular where you have payroll data in the HRMS, you often fall under the Sarbanes-Oxley Act (SOX) due to the Finance implications and are a prime target to audit. Here are a few steps to get your system ready to shine in an HRMS audit situation.
Make Sure Your User Controls Are Iron-Clad
One of the first questions in an HRMS audit will be, ‘show us your documented process for HRMS user access.’ The second question will then test your processes to ensure that you are acting in accordance with those procedures. If HR VP’s regularly bypass the documented form process through an email, either change the process to accommodate this working practice, or change the behavior.
Get a Handle on Full-Access ID's
Auditors are particularly interested in users who span multiple areas of control, for example, someone who can enter a new employee should be different than the person who runs the payroll. One data entry professional should not have the rights to both enter and approve a new salary. If you have people who control multiple areas, be sure that there is a system of checks and balances, such as one person may perform a mass load of salary increases, but a different person tests the loaded file and signs off on it.
Practice Test in Advance
The auditors will question multiple people to be sure that processes are handled consistently. It’s helpful to get everyone in the same room and walk through the documentation as well as the location of it. Then, go through a practice run of an HRMS audit; the usual audit sample size is 30, so your auditors will ask for a complete list of users and choose 30 of them and ask to see the forms to back up those user requests. A practice run gives you a chance to remedy any faults in advance.
Be Ready to Support HR Colleagues
An HRMS audit is often concerned about users and access, but SOX impacts HR too, especially in the hire and termination area. HR often needs data to support their audit activities, so it is always good to allocate HRMS staff in advance to be on standby for this support.
The consequences of poor cloud HRMS security protocols
A rundown of what happens when your company fails to establish solid cloud HRMS security protocols
Using your HRMS payroll module to keep on top of tax filing
A guide to using your HRMS payroll module to keeping on top of taxes, compliance and other payrol...
Five HRMS security threats you need to be aware of in 2016
This year's most pressing HRMS security threats, and how to avoid them