General Accounting
Policy
FIACCT 02-11_00 General accounting- System access-overview
Effective: April 5, 1999
Revised: September 1, 2006
Reviewed:
Purpose
This policy establishes guidelines for accessing data in Division of Finance automated systems.
Background
Access to any Division of Finance automated system is provided to individuals authorized by management to perform financial or payroll functions for specified low orgs.
Access is controlled through ADABAS security by value (the low org range and files to be accessed) and other security software packages, both internal and external to the Division of Finance.
Policy
A. The Division of Finance requires that all users of Finance systems apply for access to a specified system by submitting a formal application to the Division of Finance security administrator. The submitted form must be the correct and/or updated version and must be completed in its entirety before the application will be processed.
Access may be requested for the following conditions:
1. A user accessing Finance files on a need-to-know basis as part of the employee’s official job function.
2. A user that creates ADHOC reports by writing programs which access specified Finance files for a specific purpose within the user’s agency.
B. Any user who is authorized to use systems containing private data should be informed by their own agency that the data is considered to be confidential and private in nature.
C. Any user of a Division of Finance system will sign the statement on the user access request form informing him that it is a breach of security to divulge the assigned user ID and/or password to another user within or outside the agency.
D. A manager may submit a user access request form to the Division of Finance security administrator to remove user access from the system due to non-compliance in upholding the confidentiality and/or integrity of the data or the assigned user ID and password.
E. The Division of Finance security administrator can send a notification letter to the manager if it has been determined that the user has violated the rules of confidentiality of data or the privacy of the user ID and password. The security administrator will work with the agency manager to correct the violation or reach an agreement concerning the user’s removal or continued access to the system in question.
F. Access to Finance systems will be maintained as long as the user has a valid ACF2 logon ID to access the state’s mainframe computer (where applicable) or until there is a change in job function.
G. It is the agency’s responsibility to complete a proper security form and forward it to the Division of Finance security administrator if there has been a change in the user’s status.
Timing
The agency sends the appropriate User Access Request form to the security administrator, Division of Finance. The Division of Finance security administrator processes the paperwork within three days of receiving the completed, approved request form.
Procedures
Responsibility
Agency
Action
Request the appropriate User Access Request form from the Division of Finance security administrator. These forms are available in PDF format on the Division of Finance Web site at www.finance.utah.gov.
Forms are identified as follows:
PYSA 1 – Payroll
SA 7 – Payment Tracking System
SA 8 – FINET
SA 8S – Organization
Complete the appropriate User Access Request form and acquire the required signatures.
Submit the original form to the Division of Finance.
No copies or FAX will be accepted.
Division of Finance Security Administrator
Verify that the form has been properly completed and signed by the employee, supervisor, authorized coordinator, security administrator, etc. as applicable.
Return the form with an attached sheet specifying the reasons for rejection if the form has not been properly completed.
Establish necessary security based upon the options requested on the form.
Notify the user by phone or e-mail when access has been granted.