hrim risks and controls 2011

7/31/2019 HRIM Risks and Controls 2011

1/101

Risks and Controls

Better Practice Guide March 2011

Human Resource Information Systems


2/101

ISBN No. 0 642 81168 7

Commonwealth o Australia 2011

Copyright Information

This work is copyright. Apart rom any use as permitted under the Copyright Act 1968, no part may be reproduced by any process

without prior written permission rom the Commonwealth.

Requests and inquiries concerning reproduction and rights should be addressed to the Commonwealth Copyright Administration,

AttorneyGenerals Department, 35 National Circuit, Barton ACT 2600 http://www.ag.gov.au/cca

Questions or comments on the Guide may be reerred to the ANAO at the address below.

The Publications Manager

Australian National Audit Ofce

GPO Box 707

Canberra ACT 2601

Email: [email protected]

Website: http://www.anao.gov.au

Disclaimer

This Better Practice Guide is not a recommendation o the SAP and/or Oracle Peoplesot systems, nor an endorsement o the

SAP and/or Oracle Peoplesot systems by the ANAO. Australian Government agencies are responsible or deciding whether

SAP is suitable or their purposes and or implementing and testing SAP.

The AuditorGeneral, the ANAO, its ofcers and employees are not liable, without limitation or any consequences incurred,

or any loss or damage suered by an agency or by any other person as a result o their reliance on the inormation contained

in this Better Practice Guide or resulting rom their implementation or use o the SAP and/or Oracle Peoplesot systems, and to

the maximum extent permitted by law, exclude all liability (including negligence) in respect o the Better Practice Guide or its use.


3/101iIntroduction

Foreword

Establishing and monitoring internal controls over human resource (HR) inormation are important management unctions. Internal

control is undamental to addressing risks to the completeness and accuracy o inormation and thus to providing assurance over the

reliability o HR inormation, its compliance with applicable laws and regulations and the eectiveness and eciency o operations.

Increasingly, entities are utilising Human Resource Management Inormation Systems (HRMIS) to assist in managing their workorce

and in meeting their employer obligations. The eective discharge o these responsibilities is necessary to support the development and

implementation o government programs and activities. However, the integration o technology to support managing a modern workorce

can introduce a range o inormation management risks. With this in mind, the Guide emphasises the important role o both system and

manual controls in maintaining the integrity and condentiality o HR inormation.

The Guide provides an overview o signicant risks and controls that are relevant to key HR unctions, with particular ocus within each

chapter on managing risks through implementation o better practice principles. The Guide identies better practice system controls, and

describes manual or process controls that are relevant to support or strengthen the implementation o system controls.

The Guide discusses risks and controls associated with the design, implementation and maintenance o the HRMIS and will be useul to

assist HR system managers and practitioners to:

implement better practices to improve the eect iveness and eciency o HR and payroll processes;

strengthen system controls and appropriately manage and segregate user access to key system unctions; and

increase awareness o system controls within the PeopleSot and SAP HR systems that are used by a large number o Australian

Government entities.

Implementation o controls should have due regard to the cost benet involved. Equally, reducing controls or cost-saving reasons should

be careully managed as the operating risk prole may be increased.

The Guide is supported by a Supplement available rom the ANAO website. The Supplement provides better practice examples or

implementing controls or the SAP and PeopleSot HRMIS applications as the key HR systems used within Australian Government entities.

Ian McPhee

Auditor-General

February 2011


4/101ii Managing Human Resource Inormation Systems Risks and Controls Better Practice Guide

Contents

Foreword i

Chapter 1. Introduction 1

Purpose o this Guide 3

Structure o this Guide 4

Key Human Resource unctions and risks 5

Central themes in this Guide 6

Identiying relevant controls 9

Chapter 2. HR and payroll data management 11

Key control objectives 14

Legislative and compliance considerations 14

Managing master data 15

Feature article: HR inormation and good privacy practice 17

Chapter 3. Workorce management 29



Employee commencements 32

Employee exits and terminations 35

Chapter 4. Payroll processing and administration 39



Time reporting 43

Payroll accounting 47

Feature article: Implementing sel-service unctionality 55

Chapter 5. System maintenance and integration 57



Managing system interaces 61

Managing system rules 64

Managing sotware updates 69

Feature article: Managing and maintaining the HRMIS 70

Appendices 73

Index 91


5/1011

Introduction

Introduction

Chapter 1.Introduction

Purpose o this Guide 3

Structure o this Guide 4

Key Human Resource unctions and risks 5

Central themes in this Guide 6

Identiying relevant controls 9


6/101


7/1013

Introduction

Introduction

Chapter 1. Introduction

Purpose o this GuideThe HRMIS is important to strategic decision-making as well as supporting day-to-day operational planning and administration.

The Guide is intended or HR practitioners and system managers and discusses signicant risks and controls relevant to the eective

management o key HR unctions.

HR and payroll unctions are closely linked and changes in one process may create issues in another. As such, there is an emphasis in

this Guide on implementing controls to saeguard the privacy and integrity o inormation.

The technology inrastructure is now in place and the key role or HR IT sta is no longer

creating and maintaining systems but making sure the inormation and workfow meettheir organisational objectives.

Lynne Mealy, President and Chie Executive Ocer o the International Association or Human Resource Inormation Management1

Government imperatives and stakeholder requirements carry implications or managing the workorce. The recent Blueprint or the

Reorm o Australian Government Administration2recommended an agenda or nine key areas and established that responsibilities o

executive managers should include a commitment to ensuring that Inormation Technology (IT) systems are appropriately implemented

and maintained. Several recommendations were made or entities to implement more eective governance rameworks and improve the

eciency o corporate unctions.

Further, the Gershon Review3

recommended cross-departmental initiatives or the sharing o IT inrastructure. These initiatives aredesigned to improve the eciency o the delivery o government services, but may also increase both risk and the need or more

sophisticated governance processes between entities.

1 As quoted in Kelli W Vito,Auditing Human Resources, The Institute o Internal Audit Research Foundation, 2007.2 Ahead o the Game: Blueprint or the Reorm o Australian Government Administration, March 2010.

3 Review o the Australian Governments Use o Inormation and Communications Technology, August 2008.

4 The Online Supplementis available or download at the ANAO website, or an electronic version is available by contacting the ANAO on 02 6203 7300 or via email on:

[email protected].


8/1014 Managing Human Resource Inormation Systems Risks and Controls Better Practice Guide

Structure o this Guide

The Human Resource Management Inormation Systems Risks and Controls Better Practice Guideis divided into two parts, the Guide

and an Online Supplement.4 Both parts are structured according to key HR unctions and activities. The Guide discusses signicant risks

and controls relevant to key HR unctions, and contains three eature articles that provide additional relevant discussion on aspects o

managing HR inormation, implementing sel-service unctionality and managing the HRMIS.

The Online Supplementprovides additional detail relevant to entities using either the Oracle PeopleSot or the SAP ECC 6.0 installation

o the relevant HRMIS. It provides additional detail concerning better practice and control guidelines when implementing and using these

HRMIS installations.

Figure 1 depicts the above structure:

Figure 1: Better Practice Guide Structure

1. Introduction

Online Supplement

Orade PeopleSot Enterprise Release 8.0 Human Resources Module

SAP Human Capital Resource Module

2. HR and payroll data management

Managing master data

Feature article: HR Inormation

and good privacy practice

3. Workorce management

Employee commencements

Employee exits and terminations

Feature article: Implementing

sel-service unctionalilty

4. Payroll processing and administration

Time reporting

Payroll accounting

Feature article: Managing and

maintaining the HRMIS

5. System maintenance and integration

Managing system interfaces

Managing system rules Managing software updates

Appendices


9/1015

Introduction

Introduction

Key Human Resource unctions and risks

The major chapters o the Guide provide an overview o signicant risks and controls that are relevant to key HR unctions. Establishing

and monitoring the eectiveness o internal controls are important management unctions and each chapter o the Guide provides details

o better practice controls that are relevant to mitigating risks.

Chapter 2. HR and payroll data management

Input and maintenance o HR and payroll data poses a signicant area o risk in any HRMIS. It is important that controls are implemented

to contribute to the maintenance o HR and payroll data that provides or accurate and complete employee inormation and payroll

transactions.

Chapter 3. Workorce management

Workorce management is a key strategic consideration within government entities. As with most other organisations, human capital

is considered a signicant asset, and the recruitment and maintenance o the right workorce is the key to success or operational

and strategic objectives.

The chapter ocuses on workorce management activities within a HRMIS to strengthen processes associated with the collection and

maintenance o employee inormation, and in this context, the main activities that are discussed are:

Employee commencements; and

Employee exits and terminations.

Chapter 4. Payroll processing and administration

Payroll processing and administration is highly dependent on a number o inter-linking HR unctions. The HRMIS provides a number o

unctions in perorming payroll calculations that are crucial to ensuring that calculations are accurately perormed. There are a number

o supporting controls, particularly relevant to payroll disbursement and posting o payroll expenses to the General Ledger.

The chapter discusses risks and controls relevant to:

Time reporting;

Payroll accounting; and

Processing o applicable deductions.

Chapter 5. System maintenance and integration

There are a number o unctions and conguration options that can be used within an HRMIS to enhance the control environment or to

increase eciency within HR management processes. The chapter recognises that the extent o conguration o system controls varies

across organisations. Factors such as entity size, size o the HR team, and whether payroll processing is outsourced contribute to the

business requirements to operate and congure controls. The chapter provides an overview on additional congurable controls that may

contribute to increasing the eciency o the HR unction and may equally contribute to the accuracy o the HR outputs.

Topics covered include:

Managing system interaces;

Managing system rules; and

Managing sotware updates.



Central themes in this Guide

The HR unction is the custodian o a variety o sensitive employment data and inormation. In this context, identiying signicant risks

and implementing eective system controls are essential to saeguard the integrity o this inormation. There are several key areas that

should be considered:

Managing HR and payroll data;

Legislation and compliance; and

Risks and controls.

The relevance o these areas to chapters o this Guide is discussed below.

Managing HR and payroll data

Input and maintenance o personnel inormation pose a signicant area o risk in any HRMIS. Ensuring that inormation is updated in the

HRMIS in a timely manner and that updates are authorised is the key to the accurate perormance o all HR unctions.

HR and payroll data are important to eective management o the human resource unction, as they underlie every transaction conducted.

Eective controls over employee inormation and master data is essential to maintain the integrity and condentially o employee

inormation. The HR and payroll data managementchapter provides urther inormation on signicant risks and controls associated

with managing master data.

The Australian Government Protective Security Policy Framework5 requires Australian Government entities to protect inormation

resources, including Inormation and Communication Technology (ICT) systems, rom compromise and misuse. In addition, the Australian

Government ICT Security Manual (ISM)6 outlines a combination o physical, personnel, inormation, IT and communications measures to

assist entities to implement IT security controls that satisy the minimum standards required to protect inormation stored or transmitted

via electronic means.7

The ANAO has issued other Better Practice Guides, including the SAP ECC 6.0 Security and Control Better Practice Guide, that outline

key measures that can be implemented in SAP environments to improve the security o inormation.

The Online Supplement to this Guide discusses security risks and recommendations or optimising security and access controls or the

HR unctionality supported by Oracle PeopleSot and SAP applications. Security controls in both applications are inherently complex and

require considerable knowledge and skill to implement.

Australian Government entities are required to comply with the Inormation Privacy Principles.8 Good privacy practices are important

when dealing with the payroll and human resource processes, given the sensitivity o data being collected and stored.

Legislation and compliance

Given the current demand or both the disbursement o payroll and associated payments to be made electronically as well as or certain

HR inormation to be exchanged electronically, eective controls over managing employee inormation and processing the payroll reduce

the likelihood o errors or potential non-compliance with legislation.

Inormation maintained by government HR teams is a key input to internal management reports. In addition the Annual Report, incorporating

the Financial Statements, includes a report o SES Remuneration and an overview o workorce composition. Further, entities are required

to provide inormation or a range o Australian Government reports, such as the State o the Service Report.

Relevant legislation or compliance requirements or Australian Government entities are discussed with consideration to the purpose o

the legislation and its usage in Government.Appendix 2 provides an overview o relevant legislation.

5 The Australian Government Protective Security Framework is available at the Attorney Generals website: www.ag.gov.au6 Deence Signals Directorate (DSD),Australian Government Inormation and Communications Technology Security Manual. The current version o the Manual was

released in December 2010.

7 For urther inormation on IT Security Management reer to the Australian National Audit Oce (2005), IT Security Management, Audit Report No. 23, 2005-06.

8 Further inormation is accessible at: http://www.privacy.gov.au


11/1017

Introduction

Introduction

Risks and controls

The Guide provides an overview o the key HR unctions being discussed and introduces relevant risks and control objectives. Control

objectives are high-level statements by management that provide a link between organisational risks and the internal controls and

activities implemented by entities to mitigate such risks.

Risks relevant to the HR unction are discussed and better practice controls recommended to mitigate these risks. Risks and controls are

identied in this Guide using an R or risk and each is given a unique number or easy identication. Each chapter provides discussion,

as relevant to the topic, on those system and manual controls relevant to mitigating or reducing the impact o a risk. Additional controls,

where relevant, oten manual in nature, which are related to other HR processes are discussed under the section heading: Optimising

the control environment.

There are signicant HR risks surrounding segregation o duties. Segregation o duties is one o the key concepts o internal

control as well as being a sound management practice. At its basic level, segregation implies that no individual is in a position

to initiate, approve and review the same HR activity. In reality this requirement is oten dicult to implement and sometimes

costly to achieve.

Good segregation has as its primary objective the prevention o raud and errors, and is a critical consideration when assigning

system and user access. The objective is achieved by distributing key HR activities among multiple individuals and/or limiting

the number o individuals with access to incompatible activities, e.g. managing HR master data and payroll processing. Oten

compensating controls will be required to manage or monitor the risks.

Control mechanisms available to assist with implementing eective segregation include:

Audit trails;

Reconciliations;

Exception reports; and

Supervisory review.

System and manual controls

Within this Guide, system controls are denoted by an S preceding a reerence number and are numbered within the range

1 to 39. Manual controls are denoted by an M preceding a reerence number and are numbered within the range 50 to 65.

System controls

Most business processes are automated and integrated with other business or corporate systems, resulting in many o the controls at

this level being automated as well. System controls include tests that conrm the accuracy o programmed business rules, mathematical

calculations, balancing or reconciling control activities, and data validation checks. System controls, being binary in nature, are not

subject to intermittent human error. Such controls are generally considered to be more reliable than manual controls, but have an

implementation cost in initially conguring the control to support business requirements. The controls that are suggested in this Guide

are standard conguration controls that are available through normal l icensing terms and conditions or most HRMIS applications.

Additionally, the Online Supplementprovides detail on suggested better practice implementation o system controls or the PeopleSot

and SAP applications.



Manual controls

Manual controls (also called process controls) are a discretional management or monitoring practice that may be perormed by an entity.

Oten these controls reer to the review or reconciliation o a report to identiy irregularities. Such controls are generally considered to be

detective controls as they provide inormation or an output that may be reviewed or analysed in order to detect irregularities. Responses

to a number o risks in this Guide recommend the implementation o manual controls as they acilitate validation or checks to conrm

that a control activity has been authorised. Such controls oten require certain reports to be run rom the HRMIS.

Optimising the control ramework

The Guide also highlights controls that, i implemented, may improve the eciency with which an entity perorms HR activities or improve

the operating eectiveness o existing controls. Such controls oten enhance the ongoing activities or processes related to the HR

unction. With this in mind, implementation o controls should have due regard to the cost benet involved.

Risk types and classifcations used in this Guide

There are numerous methods or classiying and identiying risks. The ollowing is a shorthand approach that has been adopted by the

ANAO or the classication o risks in this Guide, while recognising that actual risks may oten overlap more than one risk type:

Financial Risk: a risk that impacts the nancial

position o the entity.

Compliance and Reporting Risk: a risk that the entity

could be in breach o Australian legislative or regulatory

requirements.

Fraud Risk: a risk that an intentional deception could

be made or personal gain, or to damage another

individual or the entity.

Protection o Inormation Risk: a risk that personal

inormation about individuals could be disclosed without

the consent o the individual or that inormation is not

adequately protected.

Appendix 3provides a summary o the HR risks and controls discussed in this Guide.


13/1019

Introduction

Introduction

Identiying relevant controls

Controls are generally dened as a systematic measure that is implemented by management to:

Conduct business in an orderly and ecient manner;

Saeguard assets and resources;

Deter and detect errors, raud, and thet; and

Conrm accuracy and completeness o accounting data.

Risks identied in this Guide that are related to the HR unction are not all equal in likelihood, impact or in nancial signicance.

The consideration to implement controls should have due regard to the cost benet o mitigating identied risks.

A commonly asked question is What is a relevant control? While there is no authoritative denition or relevant controls, there are

a number o actors that are relevant in determining which controls to implement. For example:

Relevant controls oten support more than one control objective. For instance, user access controls support the existence o nancial

transactions and segregation o duties. In most cases, a combination o relevant controls is an eective way to achieve a particular

objective or series o objectives. Placing too much reliance on a single control could create a single point o ailure.

Preventive controls are typically more eective than detective controls. For example, preventing a raud rom occurring is ar better

than simply detecting it ater the act.

Automated controls are generally more reliable than manual or process controls and the reliability o automated controls is dependent

upon an entity maintaining an eective control environment. For example, automated controls that orce periodic changes to user

passwords are more reliable than generic policies.

Customisation vs confguration

The Gershon Review9 o 2008 stated that Many submissions indicated that there are no specic inhibitors to using commercial-

o-the-shel (COTS) solutions without customisationthere is oten unnecessary excessive customisation by agencies. Thiserodes the inherent benets oered by commercial o-the-shel products, and increases costs. The report noted that as a

means to reduce expenditure, entities should reduce expenditure associated with customisation o sotware.

For the purposes o this Guide:

Customisation is dened as programming changes made to the application that directly change the source code or the

underlying table structures. Customisation may cause an increase in costs due to the diculty o subsequent upgrades and

could hinder uture adoption o new eatures or unctions that may be oered in later sotware releases.

Confguration is dened as parameter changes that can be made without manipulating the source code or underlying

table structures. Conguration is a non-invasive change to sotware settings or options that alters the business logic and

conguration.

The system controls identied in theOnline Supplemento this Guide as better practice considerations or implementation o eective

system controls relate to available unctionality, and do not require customisation.

9 Review o the Australian Governments Use o Inormation and Communications Technology, August 2008, p.35.


15/10111

Introduction

Introduction

Chapter 2.HR and payroll data

management



Managing master data 15

Feature article: HR information and good privacy practice 17


16/101


17/10113

HRandpayroll

datamanagement

HR and payroll data management

Chapter 2. HR and payroll data management

This chapter ocuses more broadly on general practices or appropriate maintenance o HR and payroll data. Other chapters o this Guide

address risks and controls associated with management o transactions, or management o certain types o HR data. The importance o

master data and its linkages to other HR processes discussed in this Guide is outlined inFigure 2below. In addition, the eature article

presents HR inormation and good privacy practice.

Input and maintenance o HR and payroll data is a signicant area o risk. Accurate, complete and timely perormance o system

calculations and reporting is dependent upon the eectiveness o processes associated with management o data in the HRMIS.

Employee inormation may be stored as standing master data (which is drawn upon by nearly every activity in the payroll process

including time entry, payroll processing and benets administration), or as inormation subject to regular change and update

(e.g. perormance management).

Data in the HRMIS may be categorised as either master data or reerence data, both being important to the accuracy and completeness

o HR unctions.

Master data is inormation that is critical to the operation o the HR unction. Master data is generally used to support

transactional processes and operations, but its use is also central to business analytics and reporting.

HR master data includes personal inormation or example, rst name, surname, address, banking details, salary inormation

and qualications. Certain types or categories o master data may be considered more sensitive than others (or example,

bank details are commonly considered a key data type due to the ability to process raudulent transactions in an unsecured

environment). However, risks and impacts associated with data management are applicable to all types o master data.

Inormation such as position, conditions o employment, and pay rates are used by several unctional groups and may

consequently be stored in dierent data systems across an entity and not be reerenced centrally. Eective data management

practices assist to prevent and detect such data anomalies.

Reerence data is inormation that is subject to change and update and is important or planning, decision-making or historical

reerences. Typically, reerence data includes inormation contained in audit logs.

Oten the terms are used interchangeably. For example, taxation rates are a key table in an HRMIS and their unction may be

described as either reerence data or master data. Generally, this Guide reers to master data, however the principles and risks

apply to all data types that are entered, modied and stored in a HRMIS.

Figure 2: Master data and linkages to HR processes

Workorce managementHR and payroll

data management

Payroll processing

and administration

HRMIS

master data

central and critical

Payroll processing

Deductions


Exits and terminations

Employee benefts



Key control objectives

Control objective Risks mitigated

R201: HR master data is inaccurate.

R202: HR master data is not secure.

HR and payroll data is appropriately maintained to provide

accurate and complete employee inormation and payrolltransactions.

Legislative and compliance considerations

Saeguarding the privacy o employee inormation is an important consideration. Requirements o the Inormation Privacy Principles

or the Australian Government are outlined in the eature article on HR Information and good privacy practice. Privacy practices are

relevant when dealing with sensitive employee inormation. HR practitioners should be amiliar with requirements relating to collection,

storage, retention and disclosure o personal inormation or prospective, current and uture employees. Additionally, there are obligations

on entities to comply with the Australian Government Protective Security Framework and implement general practices generally to ensurethat inormation is appropriately saeguarded.


19/10115

HRandpayroll

datamanagement


Managing master data

While adequate processes should be established to securely store hard copy inormation, it is inormation stored within system records

which is most vulnerable and oten subject to unauthorised access. The primary control to protect condential inormation is to restrict

user ability to perorm unctions such as to establish, view and amend master data.

Risks and controls

R201: HR master data is inaccurate

Risk type

Impact Employee details may be incorrectly entered or maintained, which may result in duplicate payments,

or errors with superannuation contributions or employee deductions, or unapproved changes to the

allocation o roles or delegations.

Better practice System controls

S01: Dene key data entry elds.

Key data elds should be dened in the system to conrm that inormation necessary to the completion

o master data entry is entered.

S02: Restricting user access to view, establish and amend master data.

Access to view, establish and update master data should be restricted to appropriately authorised

users. Users with the ability to view master data should also be appropriately restricted to reduce the

likelihood o inappropriate viewing or distribution o data.

S03: Validation checks on certain elds warn the user that the inormation is duplicated in another

employee record.

Validation checks should be congured to decrease the likelihood o inaccurate inormation being

entered (or example, tax le number cannot be duplicated in another employee record). Implementing

this control will prevent the data rom being established.

Manual controls

M50: Establishment and amendment o master data occurs only when supported by appropriately

approved documentation.

All master data established and all amendments processed to master data should be supported by

appropriate documentation (approved by an appropriate authority where relevant).



R202: HR master data is not secure

Risk type

Impact Unauthorised users may have access to view and maintain sensitive HR and payroll data, which

may compromise the condentiality o personnel records and may also result in the processing o

raudulent payroll payments.

Better practice S04: Access to HR master data is appropriately congured and managed.

Implementing appropriate user access controls requires:

Identication and implementation o segregation o duty requirements to validate update/modiy/

delete master data within the HRMIS is complete and appropriately authorised;

Access to the application and to underlying data (such as the database) is assigned based on

user proles and/or roles; and

Employees should be limited in their ability to modiy reerence data items (salary, vacation hours,

and hire date) or their own records. With Web Client applications (sel-service), the client may

allow an employee to be able to modiy their own data with the exception o high-risk data elds,

including salary, hourly rate, additional pay, job grade.

Access controls provide appropriate restrictions to user access to certain data types. Access should

be controlled at three levels:

Restrict access to appropriate users (or example, HR personnel but in some situations access

may be wider i Employee Sel Service is implemented);

For each authorised user, restrict access to particular types o master data (or example, only

some authorised users will have access to bank details); and

For each user and each type o data, speciy whether access is view or edit access.

Control S02. Restricting user access to view, establish and amend master datais also relevant.

Manual controls

M51: Review o system conguration reports.

Generally system conguration change reports are available rom the HRMIS and may be reviewed

periodically to monitor changes to key controls or conguration settings. Such reports should be run

periodically. Consideration should be given to ensuring that appropriate audit tables and associated

logs are also congured. Failure to congure such tables may mean that important inormation is not

available or inclusion in monitoring reports.


Control item Description

Clean desk policy and

appropriate fling o

hard copy employee

records

Within HR and payroll teams, care must be taken to appropriately store hard copy documents

containing sensitive employee master data. A clean desk policy and policies around shredding and

retention o documentation should be considered.


21/10117

HRandpayroll

datamanagement


Feature article: HR inormation and good privacy practice10

During each stage o the employment liecyclebeore, during and ater employmentagencies will collect personal inormation. This

means that it is very important that agencies have in place systems to collect and manage this inormation in a way that complies with

all legal and policy requirements. Australian Government entities are required to comply with the eleven Inormation Privacy Principles

under section 14 o The Privacy Act 1988 (Cth). These Inormation Privacy Principles are reproduced at the end o this article.

A separate set o principles, the National Privacy Principles apply to some private sector organisations. I agencies outsource their

HR unctions to a private sector organisation, the service provider will need to comply with both the Inormation Privacy Principles and

the National Privacy Principles. Further detail is available in an inormation sheet: Privacy Obligations or Commonwealth Contracts and

is available rom the Oce o the Australian Inormation Commissioner (OAIC).

This article highlights better practice considerations or Australian Government agencies11 in order to reduce the risk o non-compliance

with these key legislative requirements.

Separate guidance and more detail on the Inormation Privacy Principles and the National Privacy Principles is set out on the

Commissioners website: www.oaic.gov.au

Inormation Privacy Principles

A summary o the eleven Inormation Privacy Principles (IPP) is outlined in the diagram below:

Manner and purpose o collection o personal inormationIPP 1

Solicitation o personal inormation rom individual concernedIPP 2

Solicitation o personal inormation generallyIPP 3

Storage and security o personal inormationIPP 4

Inormation relating to records kept by record-keeperIPP 5

Alteration o records containing personal inormationIPP 7

Record-keeper to check accuracy o personal inormation beore useIPP 8

Personal inormation to be used only or relevant purposesIPP 9

Limits on use o personal inormationIPP 10

Limits on disclosure o personal inormationIPP 11

Access to records containing personal inormationIPP 6

10 The ANAO acknowledges the input o the Oce o the Australian Inormation Commissioner in reviewing this article.

11 This eature article reers to the term agency rather than the term entity that is used throughout other sections o this Guide. This change in reerence is deliberate in

order to maintain consistency with reerences used in the legislation.



Personal inormation includes any inormation or an opinion about an individual whose identity is apparent, or can reasonably

be ascertained, rom the inormation or opinion. Where inormation is stored in a personnel le, the entire content o the le is likely

to be personal inormation as it directly relates to the individual. Section 6 o the Privacy Act 1988 provides a ull denition o

personal inormation.

IPP 1 Manner and purpose o collection o personal inormationInormation Privacy Principle 1 prohibits agencies rom collecting personal inormation or inclusion in a record or a generally available

publication unless:

(a) the inormation is collected or a purpose that is a lawul purpose directly related to a unction or activity o [the agency]; and

(b) the collection o the inormation is necessary or or directly related to that purpose.

In addition, the inormation should not be collected by unlawul or unair means. The nature o human resources and payroll processes

means that collection o personal inormationincluding tax le numbers and bank detailsis a necessity. Particular care needs

to be taken in relation to inormation requested or pre-employment security or health checks as this will usually involve very

sensitive inormation.

Better practice considerations

Training should be provided to HR and payroll personnel to

ensure they are aware o what constitutes unlawul or unair

means to collect inormation.

Personnel involved in HR unctions that legitimately

require the collection o personal inormation are aware

o the manner in which inormation should be collected.

Each entity should document a policy clearly stipulating the

purpose or collection o personal inormation at all stages o

the employment process.

There is an clear link between the information collected,

and the purpose or collecting that inormation.

IPP 2 Solicitation o personal inormation rom individual concerned

Inormation Privacy Principle 2 requires the agency to clearly inorm the individual rom whom the inormation is being collected:

the purpose or which the inormation is being collected;

i that inormation is being collected as required by or under law and, i so, what that law is; and

any person or body to whom the inormation is usually disclosed.

The collector must inorm the individual prior to collection o the personal inormation, or as soon as practicable ater collection.

This principle applies no matter how inormation is requested. For example, agencies will be collecting inormation as part o their

recruitment processes i individuals:

complete an online sel-assessment;

provide hardcopy or electronic inormation with their applications;

answer questions at the interview; or

provide urther inormation as part o pre-engagement security checks.


23/10119

HRandpayroll

datamanagement


This means that it is important that agencies:

assess what inormation is being requested at each stage o the employment cycle;

assess what purposes the agency will use that inormation or;

assess what other agencies or third parties the inormation may be disclosed to; and

notiy individuals about those purposes and potential disclosure at the point o collection.


Use o a standard inormation sheet be provided to individuals

(or example, job applicants) rom whom common personal

inormation is required. This inormation should also be readily

available to personnel involved in recruitment processes.

The individual should be informed of the purpose for

collection o inormation and the authorisation or the

collection.

IPP 3 Solicitation o personal inormation generallyInormation Privacy Principle 3 builds on the requirements or collection o inormation under Inormation Privacy Principle 1. It requires

that agencies take steps to provide that the inormation collected is:

relevant to the purpose or which it is collected; and

up-to-date and complete.

It also emphasises that collection o the inormation should not intrude to an unreasonable extent upon the personal aairs o the

individual concerned.

At each stage o the employment cycle it will be necessary to collect some personal inormation. The purpose o much o that inormation

will be clear. For example, agencies will need to collect bank account inormation rom employees in order to pay them.

There may still be some inormation where judgement is required as to whether or not it is unreasonable to collect the inormation. For

example, entities should be cautious when using applicant testing procedures. These tests should only ask job-related questions and not

ask overly intrusive questions.

It is also important or agencies to consider where inormation is being obtained rom as part o their obligation to collect inormation that

is accurate and up-to-date. This means that generally it is better practice to collect inormation rom the individual concerned, unless this

is not possible in the circumstances (or example, in the case o reeree checks).


Policies on lawul and reasonable questioning o job applicantsare developed and communicated to relevant employees.

Inormation collected should not be unreasonably intrusiveand should be relevant, up to date and complete.



IPP 4 Storage and security o personal inormation

Inormation Privacy Principle 4 requires that agencies make certain that records containing personal inormation are protected, by such

security saeguards as it is reasonable in the circumstances to take, against loss, against unauthorised access, use, modication or

disclosure, and against other misuse.

This principle relates to inormation stored both in IT systems and in hard copy. This means that agencies' HR systems and procedures

include the ollowing:

backup controls are put in place, including regular backup o inormation and o-site storage o backup tapes;

hard copy inormation is stored in locked reproo cabinets;

access to buildings and rooms in which inormation is stored is appropriately restricted;

access to inormation systems (including backup systems) in which inormation is stored is appropriately restricted based

on job requirements;

access to underlying data (such as employee les) is appropriately restricted; and

identity verication checks are undertaken prior to releasing personal inormation to the individual, or other authorised ocers.

In addition, where the collector is required to provide inormation to another person or entity, reasonable steps should be taken so that the

third party does not disclose the contents o the inormation. This could include simply inorming the person or entity o the condential

nature o the inormation (which is generally adequate or government personnel or entities), or requesting that the person or entity signs

a non-disclosure agreement prior to releasing the inormation.

Particular care should be taken when any part o the HR unction is outsourced to ensure that the agency has done everything

reasonably within [its power] to prevent unauthorised use or disclosure o inormation [contained within employee records].


Implementation o inormation system controls are sucient

to saeguard inormation stored by the agency.

Security saeguards are implemented to protect personalinoramtion against loss, unauthorised access, use

modifcation, disclosure, and misuse.

System considerations

Payroll master data is an area o high-risk in terms o raud or overpayments. Accordingly, user access to perorm unctions such as

amending or updating master data should be restricted, with access being provided in line with job requirements. Users that have access

to amend or update master data should not have the ability to perorm payroll unctions. Periodic review o this data is an important

control, such as review o a master data change report. Changes to master data should be periodically checked against the source

documentation that requested and authorised the amendment.


25/10121

HRandpayroll

datamanagement


IPP 5 Inormation relating to records kept by record-keeper

Inormation Privacy Principle 5 relates to the systems that agencies have in place to ascertain and disclose the type o personal

inormation they hold. Agencies must maintain a master record that sets out:

the nature o the records o personal inormation kept by or on behal o the [agency] (i.e. the type o personal inormation stored);

the purpose or which each type o record is kept;

the classes o individuals about whom records are kept;

the period or which each type o record is kept;

the persons who are entitled to have access to personal inormation contained in the records and the conditions under which they

are entitled to have that access; and

the steps that should be taken by persons wishing to obtain access to that inormation.

This master record should not itsel contain any personal inormation as it must be:

made available or public inspection; and

provided to the Privacy Commissioner every year in June.

Usually agencies will appoint a privacy ocer who coordinates the submission o these records on a whole o agency basis.


Data management policies stipulate inormation that is required

to be maintained.

Entities are aware o the type and nature o the

inormation they are collecting and retaining.

System considerations

Systems should be congured to require entry o the above inormation beore a new listing o records can be created.

IPP 6 Access to records containing personal inormation

Inormation Privacy Principle 6 allows individuals to access any records that contain personal inormation about them except to the

extent that the [agency] is required or authorised to reuse to provide the individual with access to that record under the applicable

provisions o any law o the Commonwealth that provides or access by persons to documents.

This principle allows an individual about whom personal inormation has been collected to have access to that inormation, unless

restricted under another law. This right to access is separate rom the reedom o inormation process. IPP 6 provides the same right

o access to inormation as is available under the Freedom o Inormation Act 1982(Cth), but the FOI Act contains dierent review and

appeal provisions. For example, under the FOI Act an agency must release requested documents unless they all within certain exemption

categories, and under current reorms to the FOI Act, there is no charge or access to personal inormation.

A particular application o this in the HR context is that an agency employee may ask to view their own personnel le at any time. Similarly,

job applicants may also ask to view notes made about them, or reasons documented or their lack o success in securing a role.

It is important or inormation to be maintained and disposed o in accordance with relevant legislation and agencies should conrm

record-keeping obligations beore disposing o inormation. Data cleansing activities should be undertaken in accordance with the

requirements to retain Commonwealth Records under theArchives Act 1983(Cth), and records should only be disposed o in accordance

with a disposal authority.


Inormation should be periodically reviewed and disposed

o, where no longer required, in accordance with relevant

disposal authorities.

Inormation is maintained in accordance with legislation.



IPP 7 Alteration o records containing personal inormation

Inormation Privacy Principle 7 requires agencies to:

take such steps (i any), by way o making appropriate corrections, deletions and additions as are, in the circumstances, reasonable to

ensure that their records o personal inormation:

(a) are accurate; and

(b) has regard to the purpose or which the inormation was collected or is to be used and to any purpose that is directly related to that

purpose, relevant, up to date, complete and not misleading.

Employee sel-service acilities allow or the modication o many items o personal inormation by employees in a way that enables these

records to be maintained accurately and in a timely manner. This does not remove agencies responsibilities or ensuring that records

are up-to-date. Where an individual requests a change to their personnel le, i the change is not made this also needs to be noted on

their personnel le, including the reasons or not making the change. Accordingly agencies procedures and systems should have the

acility to do this.


Perorm a reconciliation between data recorded in the HRMIS

at a point in time to authorised documentation to ensure the

change was made accurately.

Updates to payroll or HR master data are inaccurate or

are processed appropriately authorised.

IPP 8 Record-keeper to check accuracy etc o personal inormation beore use

Inormation Privacy Principle 8 requires agencies not to use personal inormation without taking such steps (i any) as are, in the

circumstances, reasonable to ensure that, having regard to the purpose or which the inormation is proposed to be used, the inormation

is accurate, up to date and complete.

Inormation Privacy Principle 8 builds on IPP 7 by requiring the agency to take reasonable steps prior to using inormation to ensure that

it is accurate, up to date and complete. Consideration should be given to requesting that personnel conrm details that may be out o

date (either on a periodic basis or prior to use o inormation).

IPP 9 Personal inormation to be used only or relevant purposes

Inormation Privacy Principle 9 requires that an agency who has possession or control o a record that contains personal inormation

shall not use the inormation except or a purpose to which the inormation is relevant. In other words, agencies should only use personal

inormation or a purpose to which it is relevant.

To assist with complying with this IPP, it is suggested that agencies develop a clear policy on use o personal inormation, and provide

training to relevant personnel concerning the appropriate use o inormation.


27/10123

HRandpayroll

datamanagement


IPP 10 Limits on use o personal inormation

Inormation Privacy Principle 10 applies in addition to Inormation Privacy Principle 9. This means that inormation can only be used or

a purpose i:

it is relevant to that purpose (IPP 9); and

either it was collected or that purpose or one o the exemptions apply (IPP 10).

The exemptions under Inormation Privacy Principle 10 are:

(a) the individual concerned has consented to use o the inormation or that other purpose;

(b) the agency believes on reasonable grounds that use o the inormation or that other purpose is necessary to prevent or lessen

a serious and imminent threat to the lie or health o the individual concerned or another person;

(c) use o the inormation or that other purpose is required or authorised by or under law;

(d) use o the inormation or that other purpose is reasonably necessary or enorcement o the criminal law or o a law imposing

a pecuniary penalty, or or the protection o the public revenue; or

(e) the purpose or which the inormation is used is directly related to the purpose or which the inormation was obtained.

There are also exceptions in other circumstances, such as enorcement o criminal law, imposing a pecuniary penalty, or the protection

o public revenue.

IPP 11 Limits on disclosure o personal inormation

Inormation Privacy Principles 9 and 10 restrict the use that agencies can make o personal inormation. Principle 11 restricts the

disclosure o personal inormation, which includes disclosure to other agencies. Agencies must not disclose personal inormation unless:

the individual concerned is reasonably likely to have been aware, or made aware under Principle 2, that inormation o that kind is

usually passed to that person, body or agency;

the individual concerned has consented to the disclosure;

the [agency] believes on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to

the lie or health o the individual concerned or o another person;

the disclosure is required or authorised by or under law; or

the disclosure is reasonably necessary or the enorcement o the criminal law or o a law imposing a pecuniary penalty, or or the

protection o the public revenue.



Inormation Privacy Principles

Principle 1

Manner and purpose o collection o personal inormation

1. Personal inormation shall not be collected by a collector or inclusion in a record or in a generally available publication unless:

(a) the inormation is collected or a purpose that is a lawul purpose directly related to a unction or activity o the collector; and

(b) the collection o the inormation is necessary or or directly related to that purpose.

2. Personal inormation shall not be collected by a collector by unlawul or unair means.

Principle 2

Solicitation o personal inormation rom individual concerned

Where:

(a) a collector collects personal inormation or inclusion in a record or in a generally available publication; and

(b) the inormation is solicited by the collector rom the individual concerned;

the collector shall take such steps (i any) as are, in the circumstances, reasonable to ensure that, beore the inormation is collected or,

i that is not practicable, as soon as practicable ater the inormation is collected, the individual concerned is generally aware o:

(c) the purpose or which the inormation is being collected;

(d) i the collection o the inormation is authorised or required by or under law, the act that the collection o the inormation is so

authorised or required; and

(e) any person to whom, or any body or agency to which, it is the collector's usual practice to disclose personal inormation o the kind

so collected, and (i known by the collector) any person to whom, or any body or agency to which, it is the usual practice o that

rstmentioned person, body or agency to pass on that inormation.

Principle 3

Solicitation o personal inormation generally

Where:

(a) a collector collects personal inormation or inclusion in a record or in a generally available publication; and

(b) the inormation is solicited by the collector;

the collector shall take such steps (i any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose or which

the inormation is collected:

(c) the inormation collected is relevant to that purpose and is up to date and complete; and

(d) the collection o the inormation does not intrude to an unreasonable extent upon the personal aairs o the individual concerned.


29/101

HRandpayroll

datamanagement

25HR and payroll data management

Principle 4

Storage and security o personal inormation

A record-keeper who has possession or control o a record that contains personal inormation shall ensure:

(a) that the record is protected, by such security saeguards as it is reasonable in the circumstances to take, against loss, against

unauthorised access, use, modication or disclosure, and against other misuse; and

(b) that i it is necessary or the record to be given to a person in connection with the provision o a service to the record-keeper, everything

reasonably within the power o the record-keeper is done to prevent unauthorised use or disclosure o inormation contained

in the record.

Principle 5

Inormation relating to records kept by record-keeper

1. A record-keeper who has possession or control o records that contain personal inormation shall, subject to clause 2 o this Principle,

take such steps as are, in the circumstances, reasonable to enable any person to ascertain:

(a) whether the record-keeper has possession or control o any records that contain personal inormation; and

(b) i the record-keeper has possession or control o a record that contains such inormation:

(i) the nature o that inormation;

(ii) the main purposes or which that inormation is used; and

(iii) the steps that the person should take i the person wishes to obtain access to the record.

2. A record-keeper is not required under clause 1 o this Principle to give a person inormation i the record-keeper is required or

authorised to reuse to give that inormation to the person under the applicable provisions o any law o the Commonwealth that

provides or access by persons to documents.

3. A record-keeper shall maintain a record setting out:

(a) the nature o the records o personal inormation kept by or on behal o the record-keeper;(b) the purpose or which each type o record is kept;

(c) the classes o individuals about whom records are kept;

(d) the period or which each type o record is kept;

(e) the persons who are entitled to have access to personal inormation contained in the records and the conditions under which

they are entitled to have that access; and

() the steps that should be taken by persons wishing to obtain access to that inormation.

4. A record-keeper shall:

(a) make the record maintained under clause 3 o this Principle available or inspection by members o the public; and

(b) give the Commissioner, in the month o June in each year, a copy o the record so maintained.



Principle 6

Access to records containing personal inormation

Where a record-keeper has possession or control o a record that contains personal inormation, the individual concerned shall be entitled

to have access to that record, except to the extent that the record-keeper is required or authorised to reuse to provide the individual with

access to that record under the applicable provisions o any law o the Commonwealth that provides or access by persons to documents.

Principle 7

Alteration o records containing personal inormation

1. A record-keeper who has possession or control o a record that contains personal inormation shall take such steps (i any), by way

o making appropriate corrections, deletions and additions as are, in the circumstances, reasonable to ensure that the record:

(a) is accurate; and

(b) is, having regard to the purpose or which the inormation was collected or is to be used and to any purpose that is directly

related to that purpose, relevant, up to date, complete and not misleading.

2. The obligation imposed on a record-keeper by clause 1 is subject to any applicable limitation in a law o the Commonwealth that

provides a right to require the correction or amendment o documents.

3. Where:

(a) the record-keeper o a record containing personal inormation is not willing to amend that record, by making a correction,

deletion or addition, in accordance with a request by the individual concerned; and

(b) no decision or recommendation to the eect that the record should be amended wholly or partly in accordance with that request

has been made under the applicable provisions o a law o the Commonwealth;

the record-keeper shall, i so requested by the individual concerned, take such steps (i any) as are reasonable in the circumstances to

attach to the record any statement provided by that individual o the correction, deletion or addition sought.

Principle 8

Record-keeper to check accuracy etc o personal inormation beore use

A record-keeper who has possession or control o a record that contains personal inormation shall not use that inormation without

taking such steps (i any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose or which the inormation

is proposed to be used, the inormation is accurate, up to date and complete.

Principle 9

Personal inormation to be used only or relevant purposes

A record-keeper who has possession or control o a record that contains personal inormation shall not use the inormation except or a

purpose to which the inormation is relevant.


31/101

HRandpayroll

datamanagement

27HR and payroll data management

Principle 10

Limits on use o personal inormation

1. A record-keeper who has possession or control o a record that contains personal inormation that was obtained or a particular

purpose shall not use the inormation or any other purpose unless:

(a) the individual concerned has consented to use o the inormation or that other purpose;(b) the record-keeper believes on reasonable grounds that use o the inormation or that other purpose is necessary to prevent or

lessen a serious and imminent threat to the lie or health o the individual concerned or another person;

(c) use o the inormation or that other purpose is required or authorised by or under law;

(d) use o the inormation or that other purpose is reasonably necessary or enorcement o the criminal law or o a law imposing a

pecuniary penalty, or or the protection o the public revenue; or

(e) the purpose or which the inormation is used is directly related to the purpose or which the inormation was obtained.

2. Where personal inormation is used or enorcement o the criminal law or o a law imposing a pecuniary penalty, or or the protection

o the public revenue, the record-keeper shall include in the record containing that inormation a note o that use.

Principle 11

Limits on disclosure o personal inormation

1. A record-keeper who has possession or control o a record that contains personal inormation shall not disclose the inormation to a

person, body or agency (other than the individual concerned) unless:

(a) the individual concerned is reasonably likely to have been aware, or made aware under Principle 2, that inormation o that kind

is usually passed to that person, body or agency;

(b) the individual concerned has consented to the disclosure;

(c) the record-keeper believes on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent

threat to the lie or health o the individual concerned or o another person;(d) the disclosure is required or authorised by or under law; or

(e) the disclosure is reasonably necessary or the enorcement o the criminal law or o a law imposing a pecuniary penalty, or or

the protection o the public revenue.

2. Where personal inormation is disclosed or the purposes o enorcement o the criminal law or o a law imposing a pecuniary penalty,

or or the purpose o the protection o the public revenue, the record-keeper shall include in the record containing that inormation

a note o the disclosure.

3. A person, body or agency to whom personal inormation is disclosed under clause 1 o this Principle shall not use or disclose the

inormation or a purpose other than the purpose or which the inormation was given to the person, body or agency.


33/10129

Introduction

Introduction

Chapter 3.Workorce management



Employee commencements 32

Employee exits and terminations 35


34/101


35/10131

Workforcemanagem

ent

Workorce management

Chapter 3. Workorce management

This chapter discusses activities relating to engagement o employees, managing promotions and transers, and employee departures.

Implementing eective controls in these areas are important to appropriately maintain employee inormation in the entitys HRMIS and to

ensure that payroll processing is accurate. Risks and controls or appropriately saeguarding employee related inormation is discussed

underHR and payroll data management.

Workorce management is a key strategic consideration or government entities. Workorce management covers a range o activities and

may include actions such as: recruitment o employees, learning and development, succession planning, and rewards and recognition.



R301: Non-existent or duplicate employee is added tothe payroll.

R302: Termination payments and balances are

inaccurately calculated.

R303: Employee is not deactivated when employment

is terminated.

Appropriate and accurate employee inormation is collected

and maintained.

Legislative and compliance considerations

Activities undertaken within the workorce management process are subject to various legislative and compliance requirements.The ollowing table provides an overview o key legislation that is relevant to Workorce Management procedures. See the list o general

legislation atAppendix 2.

Legislation Purpose

Public Service Act 1999 Governs the establishment and operation o, and employment in, the Australian Public Service.

Part 4 o the Act addresses methods o setting employment terms and conditions, employee transers

between agencies and termination o employment requirements.

Public Service

Regulations 1999

Parts 3 and 8 o the Regulations deal with issues in relation to APS employees. These include matters

such as the date o eect o promotions and the engagement o SES and non-SES employee or aspecied term (Part 3) and terms and condition s o employment o APS employees ater machinery

o government changes (Part 8).

Public Service

Commissioners

Directions 1999

The Commissioners Directions regulate matters including the engagement and promotion o APS

employees (Chapter 4 ) and a wide variety o matters in relation to the employment o SES employees

(Chapter 6 ).

Public Service

Classication Rules

2000

The Classication Rules detail the permitted classications o APS employees and requirements around

moving employees rom training classications to ordinary classications.

Part 11 o the

Financial Management

and Accountability

Regulations 1997

The Financial Management and Accountability Regulations 1997 are made under the Financial

Management and Accountability Act 1997. Their purpose is to provide accountability and consistency

across Commonwealth Government entities. Part 11 relates to the method o accounting or the

transer o leave entitlements or employees moving between agencies.




The employee commencement process encompasses identication o the requirement to ll a vacant role or create a new role, approval

to seek and appoint an individual, selection o the individual and the administration associated with the new hire.

Upon acceptance o the oer, the new employee is required to provide personal inormation to enable set-up o an employee record on

the HR and payroll systems (reer HR and payroll data management).A considerable amount o inormation relating to the successul

applicant is requiredranging rom the new employee address to planned working time and salary and leave entitlements.

Given the sensitive content o employee conditions o employment it is important to consider the principles detailed in the

Australian Government Information Privacy Principles. Principle 4 requires a record-keeper (entity) to protect the record (employment

contract) by such security saeguards as it is reasonable in the circumstances to take, against loss, unauthorised access, use, modication

or disclosure and any other misuse.

Transfers and promotions

A transer in the context o the HR process may mean one o the ollowing:

Intra-agency transer: an APS employee moving to a dierent job within the same entity (or agency); or Inter-agency: An APS employee moving rom one entity (or agency) to another.

A key objective in managing employee transers, either inter-agency or intra-agency, is to transer complete and accurate records relating

to that employee, particularly accrued benets.

A broader denition o intra-agency transer reers to an employee permanently changing position or working in a dierent position on a

temporary basis (or example, covering another employees extended absence or working in a higher duty capacity than their stipulated

role). Ensuring master data and time accurately refects the position in which all employees are working is reerred to as Position

Management.

Position management

Employees are allocated to a particular role or position in the HRMIS. Attributes associated with a position description include: the pay

rate and benets.

Employees may occupy more than one position in the ollowing ways:

Permanent transer: making a permanent move;

Temporary transfer: making a short-term move rom one position to another; or

Higher duties: occupying more than one position or a dened purpose and or a short period o time.

There are several approaches that may be used to refect this in the HRMIS. In the rst two instances, it is likely that the employees

record will be modied to refect the change in position. In the third instance, where the employee works within his or her own position,

and a higher position, the time spent in the higher position may be controlled through the time reporting process and receive additionalbenets via the payroll process. The unctionality to manage employee positions within the organisational chart is discussed urther in

System maintenance and integration.


37/10133

Workforcemanagem

ent

Workorce management

Risks and controls

R301: Non-existent or duplicate employee is added to the payroll

Risk type

Impact Ghost or duplicate employees on the payroll lead to overpayment or processing o raudulent payments.

Better practice System Controls

S05:Access to add an employee should be restricted to appropriate individuals and segregated rom

payroll maintenance.

Access to modiy employee inormation should be restricted to decrease the likelihood o inappropriate or

unapproved changes to employee inormation which may impact upon the accuracy and completeness

o inormation maintained in the HRMIS. Additionally, restricting access in accordance with privacy

principles reduces the risk o inappropriate disclosure o employee inormation.

Also reer toS03:Validation checks on key elds warn the user that the inormation is duplicated inanother employee record.

Manual Controls

M52: When adding a new employee, a listing o current employees should be reviewed to reduce the

risk o duplicating the employee record.

A system report o all current employees should be generated prior to adding a new employee, and

checked to conrm the employee does not already exist in the system.

A system report o all new employee additions should be generated monthly and an individual who

is independent rom the employee set-up process should check each addition against supporting

paperwork (or example, approval to hire, employee inormation including bank account) to validate theset-up was authorised and has been completed accurately.

Risks and controls associated with inter-agency transers are similar to risks associated with the employee commencement and exit

process that is discussed in Employee exits and terminations. An additional risk or inter-agency transers involves the transer o

leave entitlements and other benets. The risks generally with intra-agency transers relate to controls associated with the management

o positions in the HRMIS. The eect o transers on the organisational chart is addressed in System maintenance and integration.




Generally, determining employee conditions o employment is perormed outside o the HRMIS. It is important that the organisation

hierarchy and payroll calculation rules are established and maintained to provide consistency with conditions o employment.

Further detail on conguring key system controls or implementing supporting manual controls is provided in the discussion on

System maintenance and integration.

The ollowing items should be considered to enhance the maintenance o the employee commencement process:


Development

o standardised

reerence and

background check

procedures

A security clearance and reerence checking policy should be developed and documented. Sign-o

certiying compliance with this standard should be obtained or each selected candidate prior to

progressing to appointment stage. Documentation supporting the background/reerence checking

and security clearance should be retained.

Inormation

collected during

the application

process is handled

in accordance with

Privacy legislation

Training on Inormation Privacy Principles and obligations placed upon those responsible or handling

and retention o personal inormation should be provided to all employees involved in the employee

recruitment process.

Managing transer

requirements

Part 11 o the Financial Management and Accountability Regulations 1997stipulates arrangements

or transer o employee leave entitlements when employees move between agencies.

A standard employee

appointment orm is

used to document

new employee details

and is appropriately

authorised beore the

new hire is entered

into the system.

A new hire template orm should be developed and utilised to capture key inormation to be keyed

into the system, including employee personal details and HR inormation such as salary and position.

This orm should be signed o prior to entry o inormation into the system.


39/10135

Workforcemanagem

ent

Workorce management

Employee exits and terminations

The employee exit process is init iated when either the employer or employee provides notice o termination. During an employees notice

period, key tasks undertaken are completion o operational responsibilities, knowledge transer and an exit interview between employer

and employee.

At the employees date o termination, a termination payment is calculated. The employee returns all property owned by the employer,

and the employees logical and physical access is removed.

A termination payment is the nal payment made to an employee which incorporates payout o all entitlements. The payment will include

salary/wages or all days worked and the payout o leave entitlements in line with policy or legal requirements.

Amounts may be deducted rom termination payments based on policy or agreed Conditions o Employment. These could include, or

example, relocation or study costs paid to the employee may be recovered i the employee is terminated within a dened period. In

instances o involuntary termination or retirement, a termination package inclusive o additional entitlements may need to be calculated.

Termination payments are made as a one-o payment on the date o termination, or included in the next pay run.

Risk and controls

R302: Termination payments and balances are inaccurately calculated

Risk type

Impact Termination payment is incorrect, resulting in incorrect salary and leave entitlements being paid or

reported.


S06:Application will warn user i termination date in the past is entered.

The system should be congured such that i a termination date in the past is entered, a warning

message is generated to reduce the occurrence o backdating o terminations and to accurately

process termination payments and calculations.

S07:Workfow operates to require independent approval verication o termination date entered.

Automated workfow approvals utilising organisation hierarchy positions delegations o authority should

be utilised to approve terminations. The approver should veriy the termination date o the employee

prior to approving.

S08:Application automatically calculates payments based on master data, termination date entered,

and leave entitlements.

Use o system unctionality to calculate and report entitlements and balances is more accurate. The

eectiveness o this control requires accurate data entry and maintenance o employee inormation

and master data.

Manual Controls

M53:An independent authority checks the termination date per notication documentation to the date

entered in the system.

On a monthly basis, a report o all terminations is generated and an individual who does not have access

to terminate employees checks that all termination dates were accurately entered, with reerence to

termination documentation (or example, resignation letter).



R303: Employee is not inactivated when employment is terminated

Risk type

Impact Employee record is not fagged as terminated which may result in subsequent payment to the

employee. For entities using single sign on (which enables access to all applications without requiring

separate passwords, by using credentials at the network sign-on level), ailure to inactivate terminated

employees may also ail to inactivate network access.


S09:Application automatically changes status o employee to terminated as at termination date entered.

Systems are congured to automatically change the status o employees to terminated as at the

entered termination date. This is typically enabled through automated batch processing.

S10:Application automatically disables terminated employees access to systems based on termination

date entered.

This control is possible where position-based security is utilised. Appropriate use o the termination

date is important where single-sign access is granted based on a commencement or termination date.

S11:Application does not allow payment to be disbursed to employees with terminated status.

Operation o this control typically does not require specic conguration within the system, as it is

deemed standard unctionality. It may be possible in some circumstances to process ad-hoc payments

to terminated employees using some applications

Manual Controls

M54: Department/Cost Centre Managers are periodically provided with a listing o employees or

which they are responsible. This listing is checked to determine whether it contains any employees nolonger working within the Department

System generated listings o current employees per Department/Area/Cost Centre should be provided

to relevant Managers to veriy current employees. This check assists in detecting employees who have

transerred or been terminated and inormation regarding the transer or termination has not been

recorded in the system.


41/10137

Workforcemanagem

ent

Workorce management


The ollowing items should be considered to improve management o employee inormation relevant to employee departures:


Employee Exit

checklist

An Employee Exit checklist assists HR in completing all steps to mitigate risks associated with

employee termination. The checklist should include the requirement to return all entity property rom

the terminated employee and remove physical and system access.

Reconciliation o

terminations

A listing o terminations is maintained external to the system by the HR section as notications

are received. This listing is reconciled to a listing o all terminated employees within the system

each month.

Perorming a check o an external record o terminations against a system generated listingon a monthly basis assists in ensuring all terminations have been recorded in the system in the

correct period.


43/10139

Introduction

Introduction

Chapter 4.Payroll processing

and administration



Time reporting 43

Payroll accounting 47

Feature article: Implementing self-service functionality 55


44/101


45/10141

Pa

yrollprocessing

an

dadministration

Payroll processing and administration

Chapter 4. Payroll processing and administration

This chapter discusses risks and controls relative to the accuracy and completeness o payroll processing and includes HR activities related

to time recording and payroll accounting. Extensive reerence is made to legislation related to payroll deductions and superannuation.

The eature article discusses implementing sel-service unctionality.

The payroll processing and administration is highly dependent on a number o inter-linking unctions and activities:

Accuracy: the payroll calculation will only be accurate i using complete and accurate master data (see HR and payroll data

managementandWorkforce management chapters or discussion on risks and controls related to obtaining and managing HR data).

Completeness: the payroll processing will only be accurate i employee time and leave requests have been correctly captured and all

deductions have been properly processed.



Accurately process employee payroll or each pay period. R405: Payroll calculation is inaccurate or incomplete.

Gross pay and deductions are accurately calculated and only

applicable deductions are processed.

R406: Statutory obligations or payment o taxation

are breached.

R407: Breach o legislative requirements relating to

superannuation.

R408: Salary sacrice arrangements are not

appropriately managed.

Additional payment

hrim risks and controls 2011

Documents