Surviving an HRMS Audit: 4 Essential Steps

Nothing causes instant heartburn as much as the words, ‘the auditors will arrive Monday.’ When you have an HRMS, and in particular where you have payroll data in the HRMS, you often fall under the Sarbanes-Oxley Act (SOX) due to the Finance implications and are a prime target to audit. Here are a few steps to get your system ready to shine in an HRMS audit situation.

Make Sure Your User Controls Are Iron-Clad

One of the first questions in an HRMS audit will be, ‘show us your documented process for HRMS user access.’ The second question will then test your processes to ensure that you are acting in accordance with those procedures. If HR VP’s regularly bypass the documented form process through an email, either change the process to accommodate this working practice, or change the behavior.

Get a Handle on Full-Access ID's

Auditors are particularly interested in users who span multiple areas of control, for example, someone who can enter a new employee should be different than the person who runs the payroll. One data entry professional should not have the rights to both enter and approve a new salary. If you have people who control multiple areas, be sure that there is a system of checks and balances, such as one person may perform a mass load of salary increases, but a different person tests the loaded file and signs off on it.

Practice Test in Advance

The auditors will question multiple people to be sure that processes are handled consistently. It’s helpful to get everyone in the same room and walk through the documentation as well as the location of it. Then, go through a practice run of an HRMS audit; the usual audit sample size is 30, so your auditors will ask for a complete list of users and choose 30 of them and ask to see the forms to back up those user requests. A practice run gives you a chance to remedy any faults in advance.

Be Ready to Support HR Colleagues

An HRMS audit is often concerned about users and access, but SOX impacts HR too, especially in the hire and termination area. HR often needs data to support their audit activities, so it is always good to allocate HRMS staff in advance to be on standby for this support.

author image
Heather Batyski

About the author…

Heather is an experienced HRMS analyst, consultant and manager. Having worked for companies such as Deloitte, Franklin Templeton and Oracle, Heather has first-hand experience of many HRMS solutions including Peoplesoft and Workday.

author image
Heather Batyski