Security Access Management and Control: Texas Comptroller of Public Accounts - Fiscal Management System
|Effective:||09/01/10||Approved By: Sr. Associate Vice President for Financial Affairs and Deputy CFO|
For Assistance Contact: Assistant Vice President of Financial Services & University Bursar
This guideline specifies the process for establishing and maintaining access control to various Texas Comptroller of Public Account fiscal management systems.
Texas Administrative Code Chapter 202 — Information Security Standards, Sections 202.20 and 202.70.
Table of Contents
- Fiscal Management Systems — Texas Comptroller of Public Accounts
- Requesting Access
- Processing the Access Form
- Records Retention
- Semi-Annual Security Reviews
Access to the State of Texas Comptroller of Public Accounts (Comptroller) fiscal management systems must be restricted to protect assets against unauthorized access, disclosure, modification or destruction, whether accidental or deliberate, as well as to help ensure the availability, integrity, utility, authenticity and confidentiality of information.
Access is authorized only for central users. Access is limited and is determined by an employee's job responsibilities. Requests must be approved by the security coordinator (controller) or the alternative security coordinator (assistant vice president of financial services).
The online release of a batch of documents for processing into the Uniform Statewide Accounting System (USAS) constitutes the electronic approval and certification of those documents.
In this guideline, the term "expenditure" includes USAS payment documents.
UTSA employees with authority to approve expenditures must be properly listed on a Voucher Signature Card and must have authority to approve each type of expenditure or payroll document.
B. Fiscal Management Systems — Texas Comptroller of Public Accounts
1. Uniform Statewide Accounting System (USAS)
USAS is the Comptroller's accounting system. USAS provides GAAP (Generally Accepted Accounting Principles) and cash basis accounting, and satisfies both state and agency accounting requirements. USAS captures accounting activities supplied by state agencies and institutions of higher education such as UTSA. Financial data in USAS is used by the Comptroller's office to produce state payments, agency reports, legislative reports, and reports for appropriation management and statewide budgets.
2. Texas Identification Number System (TINS)
TINS houses the identification numbers used to make payments to vendors and employees through USAS. An agency may review the current status, mail codes and addresses listed for each payee who is set up in the system. A payee who is set up in TINS remains in the system for at least four years after the last payment transaction date. By maintaining complete and accurate information on TINS, agencies help ensure accurate payments.
The Comptroller's office is prohibited by law from issuing a payment to any entity or person who owes money to the state of Texas (per Texas Government Code Section 403.055). If a payee is indebted to the state, an agency may place a hold on the payee's TIN. A payee whose TIN has a hold may not receive payment from the state until the hold is removed.
3. State Property Accounting (SPA)
SPA is the capital asset component of USAS maintained by the Comptroller's office as authorized by Texas Government Code Section 403.271 (b). This centralized system of agency property records provides information to legislative oversight agencies and is used in compiling the Texas Comprehensive Annual Financial Report (CAFR). The SPA system also helps ensure that state agency assets are accounted for and properly maintained.
4. Human Resource Information System (HRIS)
HRIS collects personnel descriptive data about state employees and job-related information for the positions they hold. Users may view and update their institution's data through this system.
5. Annual Financial Report Web Applications
Various web applications assist in satisfying the reporting requirements for the UTSA Annual Financial Report (AFR). For detailed descriptions of these applications see the Fiscal Management Systems Access and Maintenance Request Form.
C. Requesting Access
The Texas Comptroller of Public Accounts — Fiscal Management Systems Access and Maintenance Request (Access Form) must be completed to request access, and to update or delete existing access to the Comptroller's fiscal management systems. For detailed instructions, see the Fiscal Management Systems Access and Maintenance Request Form.
The Confidential Treatment of Information Acknowledgement Form is also required for all new access requests.
The Voucher Signature Card must be completed and submitted with the Access Form when an employee requests access to release/approve payroll or expenditure documents in USAS. For detailed instructions, see the Voucher Signature Card.
D. Processing the Access Form
The security coordinator/alternative security coordinator reviews original, completed and signed forms (including the Voucher Signature Card if applicable) for appropriate access based on job responsibilities and proper segregation of duties.
If a Voucher Signature Card (card) is submitted with the Access Form, the security coordinator:
- Ensures that the card has been completed correctly and contains the original signature of the requesting employee;
- Drafts a letter to the Comptroller that includes:
- The name(s) of the UTSA employee(s) designated to approve UTSA expenditures
- A statement designating the employee(s) as authorized to approve UTSA expenditures
- The effective date of the designation(s); and
- Obtains the UTSA president's signature on the letter.
The security coordinator submits the request to the Comptroller's office. The security coordinator does not submit the Access Form and Confidential Treatment of Information Acknowledgement, but retains these at UTSA.
When the Comptroller's office approves the request, a logon is assigned and a temporary password is established by the security coordinator.
The employee must immediately change the temporary password and follow any other applicable information technology security guidelines.
E. Records Retention
The security coordinator retains all approved forms for as long as the employee has access to Comptroller of Public Accounts information resources, plus five years.
F. Semi-Annual Security Reviews
The security coordinator reviews security access semi-annually to ensure granted access is appropriate for the employees' current job responsibilities and to maintain internal controls.
- Confidential Treatment of Information Acknowledgement (CTIA)
- Texas Comptroller of Public Accounts - Fiscal Management Systems Access and Maintenance Request
- Voucher Signature Card
|05/21/21||The Confidential Treatment of Information Acknowledgement Form is required for new access requests. Added alternative security coordinator role. Updated position titles. Editorial updates including changes to sections.|
|08/16/17||Non-substantive updates throughout.|