Surviving an HRMS Audit: 4 Essential Steps
Nothing causes instant heartburn as much as the words, ‘the auditors will arrive Monday.’ When you have an HRMS, and in particular where you have payroll data in the HRMS, you often fall under the Sarbanes-Oxley Act (SOX) due to the Finance implications and are a prime target to audit. Here are a few steps to get your system ready to shine in an HRMS audit situation.
Make Sure Your User Controls Are Iron-Clad
One of the first questions in an HRMS audit will be, ‘show us your documented process for HRMS user access.’ The second question will then test your processes to ensure that you are acting in accordance with those procedures. If HR VP’s regularly bypass the documented form process through an email, either change the process to accommodate this working practice, or change the behavior.
Get a Handle on Full-Access ID's
Auditors are particularly interested in users who span multiple areas of control, for example, someone who can enter a new employee should be different than the person who runs the payroll. One data entry professional should not have the rights to both enter and approve a new salary. If you have people who control multiple areas, be sure that there is a system of checks and balances, such as one person may perform a mass load of salary increases, but a different person tests the loaded file and signs off on it.
Practice Test in Advance
The auditors will question multiple people to be sure that processes are handled consistently. It’s helpful to get everyone in the same room and walk through the documentation as well as the location of it. Then, go through a practice run of an HRMS audit; the usual audit sample size is 30, so your auditors will ask for a complete list of users and choose 30 of them and ask to see the forms to back up those user requests. A practice run gives you a chance to remedy any faults in advance.
Be Ready to Support HR Colleagues
An HRMS audit is often concerned about users and access, but SOX impacts HR too, especially in the hire and termination area. HR often needs data to support their audit activities, so it is always good to allocate HRMS staff in advance to be on standby for this support.
Featured white papers
Four key principles of HRMS payroll management
A comprehensive guide to help you manage payroll effectively with HRMSDownload
A recruitment compliance checklist for US companies
A rundown of the recruitment compliance requirements your HRMS should help you hit
A payroll compliance checklist for US companies
A run-down of all the payroll compliance requirements your HRMS should help you hit
Why mobile HRMS security must differ from standard security practices
Mobile HRMS security has some unique issues, which you should take care to address