Skip to Search Skip to Navigation Skip to Content

Section 2: Data and Systems Integrity

Security Access Management and Control: Texas Comptroller of Public Accounts - Fiscal Management System

Effective Date:

08/01/2009

Approved By:

Lenora Chapman, Associate Vice President, Financial Affairs

Last Revised On:

12/21/10

For Assistance Contact:

Security Coordinator, Director of Accounting Services (210) 458-4826

Back-up Security Coordinator, Director, Financial Services & University Bursar  (210) 458-4221

PURPOSE/SCOPE

This guideline specifies the process for establishing and maintaining access control to various financial systems at the Texas State Comptroller.  

AUTHORITY

Texas Administrative Code Chapter 202.20 and 202.70 - Security Standard Policy.


UNIVERSITY GUIDELINES

Table of Contents

A. Overview

Access to the Texas Comptroller of Public Accounts – Fiscal Management Systems must be restricted to protect assets against unauthorized access, disclosure, modification or destruction, whether accidental or deliberate, as well as to assure the availability, integrity, utility, authenticity and confidentiality of information.

Access will be authorized solely for central users. Access is limited and is determined by an employee’s job responsibilities. Requests must be approved by the Assistant Vice President for Financial Affairs/Controller.

The online release of a batch of documents for processing into USAS constitutes the electronic approval and certification of all those documents.

NOTE: For the purpose of this guideline, the term "expenditure" includes USAS payment documents.

UTSA employees with authority to approve expenditures must be properly listed on a Voucher Signature Card and deemed to have the authority to approve each type of expenditure or payroll document.

B. Fiscal Management Systems - Texas Comptroller of Public Accounts

All employees who are provided access are required to attest to the following provision of Texas Administrative Code:

If given access you understand that you are accountable for your actions relating to information resources and you agree that information resources shall be used only for intended purposes as defined by the state agency and consistent with applicable laws.  If given authorization to release documents, you acknowledge that you have received a copy of Section 5.61 of Title 34: Texas Admin Code and understand the general requirements of claims processing and the significance of releasing a batch in USAS.

1. Uniform Statewide Accounting System (USAS)

USAS is the accounting system for the Texas Comptroller of Public Accounts.  USAS provides GAAP (Generally Accepted Accounting Principles) and cash basis accounting, and satisfies both state and agency accounting requirements.  USAS captures accounting activities supplied by state agencies and institutions of higher education, such as UTSA.  Financial data in USAS is used by the Comptroller’s office to produce state payments, agency reports, legislative reports, and reports for appropriation management and statewide budgets.

If a UTSA employee requests authorization to release/approve expenditure or payroll documents, additional authorization is required. See Establishing authority to release/approve expenditure or payroll documents for more information.

2. Texas Identification Number System (TINS)

TINS houses the identification numbers used to make payments to vendors and employees through USAS. An agency may review the current status of the payee, the mail codes and the addresses listed for each payee who is set up on the system.  A payee who is set up in TINS remains on file for at least four years after the last payment transaction date.  By maintaining complete and accurate information on TINS, agencies help ensure accurate payments. 

The Comptroller’s office is prohibited by law from issuing a payment to any entity or person who owes money to the state of Texas (Texas Government Code Section 403.55). TINS helps to administer this law.  If a payee is indebted to the state, an agency may place a hold on the payee’s TIN.

3. State Property Accounting (SPA)

SPA is the capital asset component of the Uniform Statewide Accounting System (USAS) maintained by the Comptroller’s office as authorized by Texas Government Code Annotated Section 403.271 (b). This centralized system of agency property records provides useful information to Legislative oversight agencies and is used in compiling the state’s Comprehensive Annual Financial Report.  The SPA system also provides assurance that state agency assets are accounted for and properly maintained.

4. Human Resource Information System (HRIS)

HRIS collects personnel descriptive data about each state employee and the job related information for the positions they hold.  The online inquiry feature enables you to view your institution’s data while the online entry feature lets you update that data.

5. Annual Financial Report Web Applications

The following web applications assist UTSA satisfy the reporting requirements for the Annual Financial Reports of Texas State Agencies and Universities.

  • General Revenue Reconciliation (GRSC): Used to reconcile and certify the amount of budget given by the General Appropriations Act (GAA), riders, some additional payroll expenditures and other special legislation during the fiscal year.

  • Capital Assets Note Submission System (CASS or CANSS): Used to electronically submit a summary of changes in capital assets report for the Texas Comprehensive Annual Financial Report (CAFR).

  • Schedule of Expenditures of Federal Awards (SEFA): Used to submit the federal schedules and notes to the federal schedule annually. It is also used to report the weekly activity for the American Recovery and Reinvestment Act (ARRA).

  • State Pass-Through Reporting (SPTR): Used to electronically submit information about state grant pass-throughs for the Texas Comprehensive Annual Financial Report (CAFR).


C. Completing the UTSA Texas Comptroller of Public Accounts - Fiscal Management Systems Access and Maintenance Request Form

The UTSA Texas Comptroller of Public Accounts – Fiscal Management Systems Access and Maintenance Request form must be completed to request access, update existing access or delete existing access to the following systems and access levels (based on job specific requirements).

Section I: Enter the requesting employee’s and immediate supervisor’s contact information.

Section II: Select the request type (new access, update existing access or delete existing access).

NOTE: If ‘Update existing access’ is selected, then all current selections will supersede prior authorizations that are on file.

Section III: Systems and access levels:

  1. USAS: Access to Create or to Release/Approve the following  documents:

    NOTE: If requesting access to release/approve payroll or expenditure documents in USAS, see Completing the Voucher Signature Card for more information.

    • Budget Entries

    • Payroll

    • Expenditures

    • Deposit Corrections

    • Encumbrances

    • Journal Vouchers

    • Revenue

  2. SPA: Inquiry or Update access to various SPA screens/transaction codes, which are based on the following security profiles:

    NOTE:
    See the Security Profiles and Access to SPA Screens – Reference Chart for a detailed list of SPA screens/transaction codes and their access levels (for each security profile).

    Security Profile Description
    SPA01
     Highest security level. Access to all screens/transaction codes.
    SPA02
     Lowest security level. Access to certain screens/transaction codes.
    SPA03
     Access to add property, surplus, receive transfers, update surplus, debt-financed,  locate and property in suspense related screens/transaction codes only.   
    SPA04
     Access to all inquiry related screens/transaction codes and screens/transaction  codes with delete, transfer and surplus capabilities.
    SPA05
     Access to news and report inquiry related screens/transaction codes and  screens/transaction codes with delete capabilities.
    SPA06
     Access to all inquiry related screens/transaction codes and access to Update  Location (PALUPD) screen/transaction code only.
  3. TINS: Inquiry Only to access payroll TINS information or Online Update access — and additional security level — to update payee, hold and direct deposit maintenance information, based on the following groups:

    Group Description
    TINS02
    Basic inquiry.
    TINS09
    Access to PYADDR (payee name and address) and PYHOLD (payee hold) inquiry screens.
    TINS14
     Update payee, hold and direct deposit information.
    TINS15
     Update payee information only.
    TINS16
     Update direct deposit information only.
    TINS17
     Update payee hold information only.

    Additional security levels are:

    Security Level Description
    PAY
    Payroll payment inquiry.
    EXT
    Update capabilities with basic inquiry for vendor payments.
    EXP
    Update capabilities with basic and payroll payment inquiry.
  4. HRIS: Inquiry or Update access to UTSA personnel descriptive data and job related information for the positions they hold.

  5. Annual Financial Report (AFR) Web Applications: Select Add or Remove for any of the following:

    • Capital Asset Note Submission System (CANSS)

    • General Revenue Reconciliation (GRSC)

    • Schedule of Expenditures of Federal Awards (SEFA)

    • State Pass-Through Reporting (SPTR)

Section IV and V: The requesting employee and their supervisor must read and sign the applicable acknowledgement.


D. Completing the Voucher Signature Card

The Voucher Signature Card must be completed only when a UTSA employee requests access to release/approve payroll and expenditure documents in USAS via the UTSA Texas Comptroller of Public Accounts – Fiscal Management Systems Access and Maintenance Request form.

Complete the following fields:

  1. Agency number: Enter UTSA’s agency number, 743.

  2. Phone number: Enter 210-458-4826 (Security Coordinator).

  3. Agency name: Enter University of Texas at San Antonio

  4. Date: Enter the current date.

  5. Name (typed): Enter the requesting employee’s current legal (first, middle, last) name.

  6. Employee/payee ID#: Enter the requesting employee’s 11-digit Vendor Identification Number.

  7. User ID#: Enter the requesting employee’s 7-character Comptroller user ID.

    NOTE: If the requesting employee has a Comptroller user ID, it must be entered here, however, it is not a requirement for a user to have a Comptroller user ID to be listed on a voucher signature card.

  8. Title: Enter the requesting employee’s current job title.

E. Request New Access to Fiscal Management Systems

The requesting employee must:

  1. Read the Comptroller's Public Information Summary Disclosure Manual for Employees and Contractors.

  2. Once completed, the employee must complete and sign the Confidential Treatment of Information Acknowledgement (CTIA). This form:

  • Requires the employee acknowledge their understanding that all information accessed by the individual in the course of their employment is to be held in strictest confidence and may not be disclosed except as provided in the Comptroller’s Disclosure Policy.

  • Indicates the civil and criminal penalties for the unauthorized access, viewing, use, or disclosure of federal tax information.

  1. Complete the UTSA Texas Comptroller of Public Accounts – Fiscal Management Systems Access and Maintenance Request form.

  2. Complete the Voucher Signature Card if requesting access to release/approve payroll or expenditure documents in USAS.

  3. Submit all completed and signed forms to the appropriate Security Coordinator.

  4. Once approved, the Security Coordinator will provide logon instructions and a temporary password to the requesting employee.

    NOTE: The employee must immediately change the temporary password and follow any other applicable information technology appropriate use and security guidelines.


F. Update Existing Access to Fiscal Management Systems

Access must be modified if the authorized employee has a change in job responsibilities. The requesting employee must:

  1. Complete the UTSA Texas Comptroller of Public Accounts – Fiscal Management Systems Access and Maintenance Request form.

    NOTE: The request type ‘Update existing access’ must be selected

  2. Submit the completed and signed form to the appropriate Security Coordinator.


G. Revoke Existing Access to Fiscal Management Systems

Access must be revoked when the employee no longer needs access to the system or immediately upon termination of employment. The State Comptroller requires notification not later than the fifth day after the termination becomes effective.

NOTE: It is the supervisor’s responsibility to see that the form is completed as soon as the change occurs and/or prior if appropriate.

  1. Complete the UTSA Texas Comptroller of Public Accounts – Fiscal Management Systems Access and Maintenance Request form.

  • The request type ‘Revoke existing access’ must be selected.

  • If the employee was authorized to release/approve payroll or expenditure documents in USAS, select the Yes checkbox, otherwise, select No.

  1. Submit the completed and signed form to the appropriate Security Coordinator.

H. Submitting Fiscal Management Systems Access and Maintenance Requests

Original, completed and signed forms must be sent via campus mail or delivered in person to the appropriate UTSA Security Coordinator:

NOTE: Do not send the CTIA form to the address that appears on the form. This form must be sent to the appropriate UTSA Security Coordinator.

I. Responsibilities

The Security Coordinator reviews original, completed and signed forms for appropriate access based on job responsibilities and proper segregation of duties.

NOTE: Additional documentation is required if the request includes establishing authority to release/approve payroll or expenditure documents in USAS. See Establishing authority to release/approve expenditures or payroll documents for more information.

Once approved, the Security Coordinator signs and forwards all documents to the Assistant Vice President, Financial Affairs/Controller for final approval.

The Assistant Vice President, Financial Affairs/Controller performs a final review to determine if the request is appropriate and once approved, returns the documents to the Security Coordinator to submit the request as outlined in Security Coordinator’s Reference Guide – Texas Comptroller of Public Accounts.

When the request is approved by the State of Texas Comptroller’s Security Office, a logon is assigned and a temporary password is established by the Security Coordinator.

1. Establishing authority to release/approve expenditure or payroll documents

If the UTSA Texas Comptroller of Public Accounts – Fiscal Management Systems Access and Maintenance Request form includes a request to establish access to release/approve payroll or expenditure documents within USAS, the Security Coordinator will perform the following:

  • Ensure the original Voucher Signature Card has been completed correctly and contains an original signature of the requesting employee.

  • Draft a letter to the Texas Comptroller that includes:

    • The name(s) of the UTSA employee(s) designated to approve UTSA’s expenditures.

    • A statement designating the employees as authorized to approve UTSA’s expenditures.

    • The effective date of the designation(s)

  • Obtain the President’s signature.

J. Records Retention

All approved forms are retained on file by the primary UTSA Security Coordinator for as long as the employee has access to CPA information resources, plus five years.   

K. Annual Security Reviews

The Assistant Vice President/Controller reviews security access annually to ensure granted access is appropriate for the employees’ current job responsibilities and to maintain internal controls.


DEFINITIONS

Definitions currently not on file for this guideline.

REFERENCES/LINKS

RELATED FORMS/WORKSHEETS

  1. Confidential Treatment of Information Acknowledgement (CTIA)

  2. TX Comptroller of Public Accounts - Fiscal Management Systems Access and Maintenance Request

  3. SPA Access Reference Chart

  4. Voucher Signature Card


REVISION HISTORY

Date Description

12/21/10

Employees requesting new access to Fiscal Management Systems must read the Comptroller's Public Information Summary Disclosure manual before signing the Confidential Treatment of Information Acknowledgement (CTIA) form.

09/15/10

Added the Annual Financial Report Web Applications section.

07/01/10

Added TINS02 and TINS09 to the online access type table and added PAY to the additional security level table for the Texas Identification Number System (TINS).

11/04/09

Added additional authorization requirements when requesting release/approve access for payroll or expenditure documents in USAS.

08/18/09

Added the State Comptroller notification requirement when an authorized employee is terminated — no later than the fifth day after the termination becomes effective.  

08/07/09

Guideline published.


In All We Do, We Do With Excellence - Every Person - Every Day - Every Job