MMARS Financial, Labor Cost Management (LCM) and Commonwealth Information Warehouse (CIW) Reports

Similar documents
New Jersey State Legislature Office of Legislative Services Office of the State Auditor. November 16, 2015 to November 30, 2017

State of West Virginia Department of Health and Human Resources (DHHR) Office of Management Information Services (OMIS)

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

RECORDS AND INFORMATION MANAGEMENT AND RETENTION

Sparta Systems TrackWise Digital Solution

Adobe Sign and 21 CFR Part 11

Frequently Asked Question Regarding 201 CMR 17.00

Sparta Systems TrackWise Solution

Agreements & Contracts: Electronic Documents User Agreement CUSTOMER SERVICE SKOWHEGAN SAVINGS

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

PRINCIPLES AND FUNCTIONAL REQUIREMENTS

Purge Entity Definition. Oracle FLEXCUBE Universal Banking Release [May] [2018] Purge Entity Definition

Policies & Regulations

Policy Document. PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

8/28/2017. What Is a Federal Record? What is Records Management?

Records Management at MSU. Hillary Gatlin University Archives and Historical Collections January 27, 2017

Records Management and Retention

5/6/2013. Creating and preserving records that contain adequate and proper documentation of the organization.

Case Study: Building Permit Files

Table of Contents 6.1 CORRESPONDENCE

The City of Mississauga may install Closed Circuit Television (CCTV) Traffic Monitoring System cameras within the Municipal Road Allowance.

PeopleSoft Finance Access and Security Audit

Records Retention Policy

The University of Texas at El Paso. Information Security Office Minimum Security Standards for Systems

OUTDATED. Policy and Procedures 1-12 : University Institutional Data Management Policy

Postal Inspection Service Mail Covers Program

COMPLIANCE BRIEF: HOW VARONIS HELPS WITH PCI DSS 3.1

Management s Response to the Auditor General s Review of Management and Oversight of the Integrated Business Management System (IBMS)

Managing Records in Electronic Formats. An Introduction

Data Warehouse Risk Assessment (GDPR)

REVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

Cell and PDAs Policy

Version v November 2015

Approved 10/15/2015. IDEF Baseline Functional Requirements v1.0

Data Processing Agreement

Sparta Systems Stratas Solution

POLICY TITLE: Record Retention and Destruction POLICY NO: 277 PAGE 1 of 6

TITLE: HIE System Audit

Red Flags/Identity Theft Prevention Policy: Purpose

Access to University Data Policy

MNsure Privacy Program Strategic Plan FY

These pieces of information are used to improve services for you through, for example:

Clearing Out Legacy Electronic Records

Records Retention 101 for Maryland Clerks

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

RMU-IT-SEC-01 Acceptable Use Policy

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Building Information Modeling and Digital Data Exhibit

SPRING-FORD AREA SCHOOL DISTRICT

Frequently Asked Questions Related to The Arkansas General Records Retention Schedule

Trust Services Principles and Criteria

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

Comprehensive Professional Energy Services Blanket Purchase Agreements Ordering Guide

SCO Monitoring Process Overview Revised December No narration, music playing. Course Number:

TxDOT Internal Audit Materials and Testing Audit Department-wide Report

Care Recruitment Matters Limited Privacy Notice

POSITION DESCRIPTION

Policy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4

Institute of Technology, Sligo. Information Security Policy. Version 0.2

Information Security Policy

CERTIFICATE SCHEME THE MATERIAL HEALTH CERTIFICATE PROGRAM. Version 1.1. April 2015

University of Texas Arlington Data Governance Program Charter

ACH Audit Guide Step-by-Step Guidance and Interactive Form For Internal ACH Audits Audit Year 2018

COMMON CRITERIA CERTIFICATION REPORT

Red Flags Program. Purpose

ACH Audit Guide Step-by-Step Guidance and Interactive Form For Internal ACH Audits Audit Year 2016

Rev.1 Solution Brief

Annual Report for the Utility Savings Initiative

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

General Information System Controls Review

Use of Controlled Substances in Research

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Chapter 10. Administration

01.0 Policy Responsibilities and Oversight

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

Farmingdale State College Records Management Training PRESENTED BY DOROTHY HUGHES INTERNAL CONTROL OFFICER AND RECORDS MANAGEMENT OFFICER

Service Description MA-CUG. Solutions. For SWIFT for Corporates

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

PROCEDURE POLICY DEFINITIONS AD DATA GOVERNANCE PROCEDURE. Administration (AD) APPROVED: President and CEO

Re: Special Publication Revision 4, Security Controls of Federal Information Systems and Organizations: Appendix J, Privacy Control Catalog

Records Management - Part 1. Records Retention Folders

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

INFORMATION ASSURANCE DIRECTORATE

KIN GROUP PTY LTD PRIVACY POLICY

CloudCheckr NIST Audit and Accountability

Inspector for Stormwater Management. Department of Environmental Quality Office of Training Services

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

SECURITY & PRIVACY DOCUMENTATION

INFORMATION TECHNOLOGY CYBERSECURITY CLOUD COMPUTING

NIST SP Controls

Oracle FLEXCUBE Universal Banking Purge Entity Definition

IBM Algo Risk Content on Cloud

PRODUCT CERTIFICATION SCHEME FOR MECHANICAL-CUSTOMIZED VEHICLES

Publications. ACH Audit Requirements. A new approach to payments advising SM. Sound Practices Checklists

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

Subject: University Information Technology Resource Security Policy: OUTDATED

David Missouri VP- Governance ISACA

Request for Proposals Atlanta Legal Aid Society and Legal Services Law Line of Vermont

Transcription:

MMARS Policy: Audit Issue Date: April 30, 2007 Date Last Revised: MMARS Financial, Labor Cost Management (LCM) and Commonwealth Information Warehouse (CIW) Reports Executive Summary The Massachusetts Management Accounting and Reporting System (MMARS) is the official financial record of the Commonwealth. The Commonwealth Information Warehouse (CIW) accepts daily data from MMARS and provides users with the ability to perform direct queries of MMARS data without impacting the MMARS application directly. This document defines the policies related to the creation, utilization, retention and administration of standard MMARS Financial, Labor Cost Management (LCM) and CIW reports. Considerations Financial Records that are subject to audit must be retained for the appropriate period after the resolution of the results of the audit (i.e. when the finding or investigation is resolved). This refers to the Statewide Single Audit as well as audits performed by the Office of the State Auditor. Consideration should also be given to federal records retention requirements for federal programs administered by the Commonwealth. Also, consideration should be given to ongoing investigations by the Office of the Attorney General and other law enforcement agencies, including Federal government investigations. Records should be retained as specified by the agency conducting the investigation. Records must be stored in a manner that is secure, prevents manipulation or modifications, and allows the records to be easily retrieved during the records retention period. Policy The Office of the Comptroller (CTR), as the owner of the Massachusetts Management Accounting and Reporting System (MMARS), determines the subset of reports defined as audit trail reports which must be retained by agencies for audit purposes. This document includes an inventory of reports, report functions, reports designated as audit trail reports, retention periods, and scheduled frequency of issuance.

Source System (MMARS) Reports Reports published directly from the MMARS application are developed using standard programming techniques and follow consistent format, calculation and output media standards. All source system reports are designed to implement security restrictions that prevent unauthorized access to information to ensure the integrity of both data and the source system. MMARS standard reports are published on specific frequencies, daily, weekly, monthly, by accounting period closing, quarterly, and annual. MMARS standard reports are stored in Document Direct for department access. Commonwealth Information Warehouse (CIW) Reports MMARS standard reports produced by the CIW follow the same format, content and scheduling classifications as MMARS reports. CIW reports are not run directly from the MMARS source system, but are run against data that is sent to the CIW from the MMARS source system. This allows not only storage of MMARS data, but also enables users to query MMARS data without accessing the source system directly. CIW produced MMARS standard reports are stored in Document Direct for department access. If Departments require additional data, certain CIW reports can be run upon request by users in addition to the regular report production schedule. Users must request ad-hoc execution of these reports via an on-line CIW Web Report Portal request facility. CIW Ad-Hoc reports generally do not qualify for retention in Document Direct and will only be available to users via the CIW reports portal until the next Ad-Hoc execution of the report. Therefore, departments are responsible for printing ad hoc reports or downloading queries to Department locations for use. Standard Reports A Standard MMARS report is defined as predefined collection of information organized in a specific sequence and format that is produced on a predictable frequency and made available to a specific audience. MMARS standard reports are published from both MMARS and the CIW. Departments should consider standard reports from either the source system or those published from the CIW as representative of the Official Books and Records of the Commonwealth. Standard reports will be administered by the Office of the Comptroller in conjunction with the CIW staff Standard reports have been designed to meet specific information needs in all functional areas of MMARS Financial and LCM. These reports provide a consistent information source for departments to use in the management of fiscal and labor distribution areas. Departments are expected to supplement standard reports with information retrieved from the CIW to meet their total information needs. Audit Trail Reports Specific standard reports will be designated as Audit Trail reports that provide a clear and auditable history of financial and labor distribution activities. Audit Trail reports will be retained in Document Direct for the minimum retention period for records conservation requirements. However, Departments are expected to make these reports available which may require retention by the Department beyond the

periods these reports are retained in Document Direct. Therefore, Departments are responsible for printing or downloading audit trail reports for retention until the completion of audits or other requirements. Report Administration Report Administration is a joint responsibility of the Office of the Comptroller (CTR) and CIW (ITD). Report design, content, production scheduling and retention periods are addressed by the following administrative procedures. Report Development and Enhancement MMARS standard reports have been designed to be sufficient to meet the requirements for normal business process management. These reports satisfy audit trail and business contingency planning requirements. Any additional reports beyond that provided by the MMARS and CIW standard reports, can be generated by departments using the CIW query features. When Departments request a new standard report, development and approval will be approved based on the following criteria: 1. The Advantage Financial baseline product releases either an updated standard report, upon which a MMARS or LCM report has been based, or a new baseline standard report that CTR chooses to implement. These situations are reviewed on a case-by-case basis and decisions are made on an assessment of the usefulness of the report. 2. Either state or federal legislative mandates or regulations change. In these instances, a determination of the scope and functionality of the reporting event will determine the method with which the information will be produced. 3. Requests for report development are monitored to determine when particular MMARS information is being requested by multiple departments. New standard reports, either from the source system or the CIW, are developed to meet these requirements. In some instances, the appropriate solution may be to expand the data available in the CIW and provide starter queries for departments to customize to meet their needs. Report Enhancements Report modifications may be required to either support MMARS software upgrades to the baseline application software or to repair defects resulting from changes (configuration or software) made to Commonwealth specific application, CIW functionality or database architecture. These enhancements are developed on a case-by-case basis. CIW Report Operations The CIW nightly production cycle includes a process to publish reports on an assigned publishing frequency. See attachment 1 for a master list of CIW standard reports for specific frequency assignments.

CTR coordinates the scheduling of CIW reports with internal and external recipients. Many CIW standard reports have the capability to be executed in an off schedule manner with user provided parameters. The ad-hoc execution and storage of CIW reports is the responsibility of the report recipient to manage. Report Output Media Standard reports from both MMARS and the CIW are produced in electronic form only. Report output is directed to either the Document Direct on-line storage or, in the case of specific CIW reports that have a short retention period, to the CIW Web Based reports portal. All MMARS reports are produced in PDF format to protect the content of the report from being altered. Department Responsibility Departments are responsible for printing or otherwise storing and retaining standard reports both for business management use and for audit purposes. Reports can either be printed at the Department facilities or via a service agreement with the ITD Operational Service Bureau. Departments that choose to have reports printed by ITD will establish a service agreement with the ITD OSB for these printing services. Standard Interdepartmental contracting and payment rules apply. Departments are responsible for the costs of report printing or retention as part of normal business operations. Report Retention Periods Document Direct retention periods have been established for all standard reports. Approval of these report retention periods are subject to approval of the Records Conservation Board (RCB). The ITD Document Direct administrators use these retention periods to manage the purging of MMARS reports from the Document Direct archive. In the event that a report or series of reports needs to be retained for a longer period of time, it is the responsibility of the Department to either print or download electronic copies of the relevant sections/pages of the standard reports needed. Departments are responsible for the long-term retention of report information relative to the Department s financial activity. In specific cases where a central control department identifies a need to retain statewide MMARS or LCM standard reports beyond the established retention period, it is their responsibility to take actions to protect the reports. These actions could include: establishing a new Document Direct storage location and requesting a transfer of reports from the normal storage location to the special location, printing the reports and retaining the hardcopy until no longer needed or downloading a copy of the report and retaining the electronic version in a local storage device. The method used to manage extended retention will be determined on a case-by-case basis. Information Sources Related Procedure - Attachments - Links - SEC Statewide Records Retention Schedule Department Reports

Contacts Legal Authority M.G.L. c. 7A (Office of the Comptroller); M.G.L. c. 29 (State Finance Law);

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback