Records Management Tips for Enterprise Security Access Management
One of the key internal control requirements is maintaining your department‘s written system of internal controls in a central repository in accordance with records management protocols. Internal control records include security access management records for Enterprise systems (MMARS, HR/CMS, CIW, MobiusView).
Department Security Officers (DSOs) are required to download and review security access reports in MobiusView, and as part of the bi-annual review and certification of Enterprise security access by the DSO and the Department Head. Auditors are now routinely reviewing security access management internal controls, including sampling user access for selected employees for specific weeks during a fiscal year.
Action Steps
-
DSOs should ensure that monthly MobiusView security reports are routinely downloaded each month and maintained in secured locations as part of the department’s central repository of internal controls.
-
DSOs should implement regularly scheduled monthly reviews and reconciliation of security access to ensure that user roles support “least privilege” and segregation of duties to prevent opportunities for fraud.
Bookmark our new CTR Compliance Corner as your one-stop shop for alerts and success factors that you can integrate into your daily operations to keep you safe on your mission. Contact [email protected] if you need support from our Statewide Risk Management Team.