1:35-2:30 pm enterprise risk management presenter · ¾fiscal 2008 – revenue of $2 billion...

ENTERPRISE RISK MANAGEMENT

MARCH 25-26, 2009 I MARRIOTT MARQUIS I NEW YORK, NY

presents

A VISION FOR TOMORROW’S TREASURER7th ANNUALTREASURY&RISK

Presenter

Frank Fiorille

1:35-2:30 PM Enterprise Risk Management

1 ENTERPRISE RISK MANAGEMENT

Profile

Provider of comprehensive payroll and integrated human resource and employee benefits outsourcing solutions for small-to-medium-sized businesses

29th largest company traded on the NASDAQ (Market Cap)

572,000 clients

More than 100 offices nationwide and in Germany

Eighteen consecutive years of record revenues, net income and EPS

Fiscal 2008 – revenue of $2 billion

Founded in 1971, public in 1983


AccoladesAccolades


Compliance

Action Plans

Accountability

Likelihood of occurrence

Consequence (business impact)Paychex

Enterprise RiskManagement

Monitor and Measure RiskManagementPerformance

Identify and Classify Risk

AssessRisk

ImplementRisk

MitigationStrategy

Plan RiskResponse

(Mitigation Strategy)

Avoid

Periodic self-assessments

P4 Review

Risk Control

Portfolio MIS

Accept

Reduce

Transfer

StrategicFinancial Operational

A Conceptual Approach to ERM at Paychex

ERM Culture Attributes•Risk management is recognized as a key contributor to value creation.

•The risk culture is defined and enshrined to give managers and employees the requisite freedom of maneuver.

•An awareness of risk and the need to manage it pervades the enterprise.

•Risks are identified, reported, and quantified to the greatest possible extent.

•Equal attention is paid to both quantifiable and unquantifiable risks.

•Risk management is everyone’s responsibility and is not fragmented into compartments and silos.

•The enterprise avoids products and businesses it does not understand.

•Scenario planning embraces uncertainty and considers all possible developments.


Environmental Scan

Financial Risks Strategic Risks

Hazard Risks Operational Risks

Enterprise Risks

•Adverse Changes in Industry Regulations

•Inadequate/Inaccurate Financial Controls/Reporting

•Equipment/Facilities

•Business Acquisitions/Divestitures

•Adverse Changes in Environmental Regulations

•Health Care/Pension Costs

•Debit/Credit Rating

•Counterparty Risk

•Asset Valuation•Transaction Processing Errors

•Accounting/Tax Law Changes

•Revenue Management

•Uncompetitive Cost Structure

•Liquidity/Cash

•Credit Default

•Shareholder Activism

•Fuel Prices

•Interest Rate Fluctuations

•Currency/ForeignExchangeRate Fluctuations

•Financial Markets Instability

•Economic Recession

•CurrencyInconvertibility

•Offensive Advertising

•Corporate Culture

•Timing of Business Decisions/Moves

•Loss of Intellectual Property

•Customer/Supplier/Dealer Relations

•Inadequate Management Oversight

•Ethics Violations

•Budget Overruns/Unplanned Expenses

•Pricing/Incentive Wars

•Attacks on Brand Loyalty

•Product Market Alignment

•“Gotta Have Products”

•Program Launch

•Ineffective Planning

•Customer Demand

•Seasonality/Variability•Technology Decisions

•Union Relations/Labor Disagreements/Contract Frustrations

•Product Development Process

•Product Design/Engineering

•New or Foreign Competitors

•Public Boycott orCondemnation

•Market Share Battles

•Negative Media Coverage

•Foreign MarketProtectionism

•Mergers/IndustryConsolidation

•Joint Venture/Alliance Relations

•Perceived Quality

•3rd Party Liability

•General/Product Liability

•Directors/Officers Liability

•Property Damage

•Building/Equipment Fire

•Loss of Key Facility

•Workers Compensation

•Boiler/Machinery Explosion

•Building Collapse

•Building Subsidence/Sinkholes

•Lightning Strikes

•Deductible Limits

•Land/Water/Atmospheric Pollution

•Volcano Eruption

•Tsunami

•Hail Damage

•Hurricane/Typhoon

•Animal/Insect Infestation

•Severe Hot/Cold Weather

•Cargo Losses

•Heavy Rain/Thunderstorms

•Blizzard/Ice Storms/Wind Damage

•Disease/Epidemic

•Tornados

•Terrorism/Sabotage

•Wildfire

•Earthquake

•Flooding

•Geopolitical Risks

•Cargo Losses

•Asbestos/Mold Exposure

•HR Risks – Key Skill Shortage, Personnel

•Turnovers

•Harassment/Discrimination

•Loss of Key Equipment/Personnel

•Warranty/Product Recall Campaigns

•Vandalism

•Arson

•Kidnapping

•Extortion

•IT System Failure – Hardware/Software/LAN

•Computer Virus/Denial of Service Attacks

•Gov’t Inquiries

•Workplace Violence

•Operator Errors/Accidental Damage

•Theft/Embezzlement

•Information Management Problems

•Accounting/Internal Controls Failures

•Health/Safety Violations

•Restriction of Access/ Egress

•Dealer Distribution Network Failures –Logistics Provider Failures,Logistics Route/ModeDisruptions

•Service Provider Failures

•SupplierBusinessInterruption

•Tier 1,2,3 –Supplier Problems,Financial Trouble,Quality “Spills”,Failure to DeliverMaterials

•Loss of Key Supplier

•Utilities Failures –Communications,Electricity,Water, Power


Key Risks(i.e. Tournament of Risks)

Operating Risk


Windows on Risk

Credit

Risk

Operating

Risk

Compliance

Risk

Event

Risk

Fraud

Risk

Reputation

Risk

Tail

Risk

Market

Risk

Counterparty

Risk

Technology

Vulnerability

Credit

Risk

Legal

Vulnerability

External

Dependency

Control (Audit)

Risk

Business

Risk


Inherent likelihood vs. impact

Impa

ct

Likelihood

Critical

Substantial

Moderate

Slight

Insignificant

Rare Improbable Probable Expected Definite

Key Risks

1. Political risk2. Regulatory risk3, Economic risk4. Competition 5. Market risk 6. Business interruption7. Product pricing 8. Reputation risk

9. Operating risk

10. Technology vulnerability 11. Counterparty risk 12. “Gotta Have” products 13. Credit risk14. Legal vulnerability 15. Product concentration 16. Health and safety17. IT security18. New entrants19. Privacy20. New payment mechanisms

Risk Heat MapPlacing risks in an impact/likelihood space allows for effective prioritization

Black Swan Event

1110

1620

16

127

4

12

314

513

1415

68 19

17


Risk Heat MapInherent risk1 versus management effectiveness graphs focus mitigation

efforts on the potentially critical exposures

Potentiallyunder-managed

Potentiallyover-managed

Zone ofbalanced

management

Elevated

Intermediate

Low

Inhe

rent

risk

1

Ineffectual Inadequate Reasonable Significant Absolute1. Inherent risk = [(Inherent likelihood + Impact)/2] Management effectiveness

3 1

219

Tier one risks

718

8

11 9

13

15

Tier two risks Tier three risks

Key Risks

1. Political risk2. Regulatory risk3. Economic risk4. Competition 5. Market risk 6. Business interruption7. Product pricing 8. Reputation risk

9. Operating risk

10. Technology vulnerability 11. Counterparty risk 12. “Gotta Have” products 13. Credit risk14. Legal vulnerability 15. Product concentration 16. Health and safety17. IT security18. New entrants19. Privacy20. New payment mechanisms

420 10

6

5

16

14

17

12


The seemingly straightforward administration of payroll and ancillary benefits for our clients is supported by a complex series of systems and processes comprising our product infrastructure.

Product Infrastructure

PROCESS FLOW

DELIVERABLE“Client Perspective”

System

Processing

Keyed Data

Transition

“Inherent Complexity”Setup Cli ent Mai ntenance Screens In Payroll

Application

Payroll Speciali st

Forward Pertinent Data To Imaging Specialist

Payroll Speciali st

Scan Data

Field Imaging Specialist

Process LDAP(Li ghtwei ght Di r ect Access Protocol)

Process - CRON

Import Field Image Data From ORS

CM Speciali st

Did LDAP Run?

CM Speciali st

Send Fi eld I mpor t Confirmation

Field Imaging System

Enter Client Data

CM Speciali st

Accept Or Reject?

CM Speciali st

Send Fi eld "Accept" Indicator


Does A Product Folder Exist?

CM Speciali st

Sear ch New Vi si on For Existing Product Folder

CM Speciali st

Revi ew Data

HRS Specialist

Recei ve Taxpay POA and RAA Data

HRS Print Center Rep

REJECT

ACCEPT

Send Data To Agency

HRS Specialist

Send Fi eld " Reject" Indicator


Recei ve New Client Taxpay

Data

Payroll Speciali st

YES NO

View ORS Report (Pr oduct Tracki ng )To

Determine Image Status

Payroll Speciali st

Did Item Reject?

Payroll Speciali st

Discard ORS Report

Payroll Speciali st

Research And Correct Item

Payroll Speciali st

NO

YES

NO

Send Requi r ed Hardcopies to HRS


Apply Data Tags and Selects Associated HRS

Products in Product Tracking Form

Fi eld I magi ng Speci ali st

Vi ew Pr oduct Tracki ng Report

HRS Specialist

Store Image Data on Local PC


Isolate Location Of Records To Be Labeled and Viewable Via New

Vision

ORS System

Store Data In ORS

ORS System

Store Data in Centera

Centera - GEN 3

View Data Via Web ORS

Web ORS Application

Apply Image To Existing Folder In New Vision

CM Speciali st


Centera - GEN 1


Centera - GEN 1

Remove Incorrect Data From ORS

Payroll Speciali st


CM Speciali st

Did LDAP Run?

CM Speciali st



Review Image For Accuracy

CM Speciali st

Enter Client Data

CM Speciali st

Revi ew Data

HRS Specialist

Deli ver Output To Taxpay


Send Data To Agency

HRS Specialist

Print Pertinent Taxpay Data


YES

NO

View Product Tracking Report

HRS Specialist

Setup New Cli ents Accordinlgy

HRS Specialist

Store Data In ORS

ORS System


Centera - GEN 3


Web ORS Application

Apply Image To New Folder In New Vision

CM Speciali st

Setup Cli ent Mai ntenance Screens In Payroll

Application

Payroll Speciali st

Forward Pertinent Data To Imagi ng Speciali st

Payroll Speciali st

Scan Data


Process LDAP(Li ghtwei ght Di r ect Access Protocol)

Process -CRON


CM Speciali st

Did LDAP Run?

CM Speciali st

Send Field Import Confirmation


Enter Client Data

CM Speciali st


Data

Payroll Speciali st

NO




Pr oducts in Product Tracking Form





Vision

ORS System

Store Data In ORS

ORS System


Centera - GEN 3

DELIVERABLE

Accept Or Reject?

CM Speciali st




CM Speciali st

Search New Vision For Existing Product Folder

CM Speciali st

REJECT

ACCEPT

Send Fi eld "Reject" Indicator


YESNO

Apply Image To Existing Folder I n New Vi si on

CM Speciali st

Apply I mage To New Folder In New Vision

CM Speciali st


Centera - GEN 1


CM Speciali st

Did LDAP Run?

CM Speciali st



Enter Client Data

CM Speciali st

Revi ew Data

HRS Specialist

Receive Taxpay POA and RAA Data


Del i ver Output To Taxpay




NO

Isolate Location Of Recor ds To Be Labeled and Viewable Via New

Vision

ORS System

Store Data In ORS

ORS System


Centera - GEN 3


Web ORS Application


CM Speciali st

Send Field "Accept" Indicator


Apply I mage To New Folder In New Vision

CM Speciali st






HRS Specialist


CM Speciali st




Vision

ORS System


CM Speciali st

Send Fi eld " Accept" Indicator



Payroll Speciali st

Scan Data


Process LDAP(Lightweight Direct Access Protocol )

Process -CRON

Send Requi r ed Har dcopi es to HRS



Pr oducts in Product Tracking Form


Apply Image To New Folder I n New Vi si on

CM Speciali st

Vouchers

New loadCORE to MMS transfer

CORE to CORE transfer

Trading process Enrollments

New Plan Set Ups Write Offs

Global Funds ClosuresFund AcquisitionsNightly Price Validation SIPA Data Export

Deduction Prep

Trading Partner changes / series changesConversion in trades

MATC add/drops

RK runs

Negative payroll contributionsDividend processing

Price corrections

ACH process

Death payoutsDistribution Packages

Hardship withdrawals Internal rolloversManual Trades

Miscellaneous Checks

QE\YE Processing

Agency Return Mail

Write OffsLate Payments

ProofsAgency Return MailCredit Bill

Purged Client List Bank Change

“Universe of Processes”


Error OccurrencesFlawless execution is essential -- Nothing short of perfection.

Given system/process interdependencies, even minor errors have the potential to instigate total process failure.

Warranty ChargesWarranty ChargesCreditsCreditsDiscountsDiscountsLaborLaborBad DebtBad Debt

AuditFY08 Total $(M)

Description

Warranty Charges $4.7

All warranty charges as reported to accounting

Credits $11.575% of all credits are related to Operational Failures

Discounts $10.2

Figure only includes CORE clients with 12+ months of services. 50% of discounts can be related to operational failures.

Labor $3.4 Cost to complete Operational errors

Bad Debt $.5Estimate of 10% of credit losses are due to Operational Failures.


Operating Risk Review

Risk MappingEvaluate process stability

Highlight, rank, and catalog key risk sources

Establish remedial measures to reduce process failure

1

Fraud ScreeningAssess internal fraud controls

Develop fraud prevention measures

Discrepancy EconomicsIdentify expense associated with error fallout

Calculate “Fully Loaded” error cost

Evaluate tolerance thresholds relative to error cost

Risk Mapping

Fraud Screening

Discrepancy Economics

Review• High impact areas are targeted by ORM for review

• Key ORM personnel review process infrastructure:

Process stability and loss potential

Monetary cost of error fallout and resolution

Internal fraud prevention controls

• Findings and remedial measures are documented within a concise two-page summary

• ORM partners with Segment to install necessary measures

2

2

3 1

3

22

11 33


22Risk Mapping

ImpactImpactPotential

RealizedBenefits

* Proactive - Risk Mapping intelligence enables segment to take a proactive stance in addressing impending material failures

* Engagement - Segments are further engaged in business controls and the inherent cost of failure

* Accountability is formalized and further instilled within segments to fully dimension and address operating risk

* Mitigation - Provides anticipatory approach understanding and thwarting key risks, proactively

Risk ScoringThe probability of failure is applied to a failureimpact rating to derive a risk score.

Risk Mapping is used to identify, evaluate, and prioritize business risks.

• Evaluate the adequacy and stability of key infrastructure

• Highlight and rank key risk sources

Certain Likely Possible Un- Likely Rare

LikelihoodLikelihood

Like

lihoo

d

Impact

11 33


Failure Probability

Potential

Realized

??? ?

Integrity Control(Ensure the exchange of accurate, complete data)

Monetary Monetary ImpactImpact

Revenue Revenue ImpactImpact

Reputation Reputation Impact (Client)Impact (Client)

Reputation Reputation Impact (Third Impact (Third

Party)Party)

Sources and extent of fallout resulting from breakdown

Potential - Possible magnitude of fallout

Realized - Known, experienced cost of failure

Impact

FrequencyFrequency

Adequate Unreliable Lacking

Control Review

The status and condition of

existing controls is reviewed

Analysis of controls and criticality of tasks is used to determine the likelihood of process failure.

Rare Unlikely Possible Likely Certain Slight Minor Moderate Major Catastrophic

Error Fallout

22

11 33

Execution Control(Successful and timely completion of task)


Area Characterization• Business Deliverables / Scope of review

• Data streams / interdependencies

Process Identification / Mapping• Within the scope list all process

• Each process identified list the tasks involved in completing the process.

Process Analysis• Likelihood: Tasks are studied to highlight Execution and

integrity controls

• Impact: Realized and Potential impacts are documented and explained

Treatment / Action Plan• Enhancements to execution and integrity controls are

identified to mitigate the likelihood of risk events from occurring

1

2

3

4

3 Process Mapping

Process Process Name Process Description Department Name

P1

P2

This section will list the different processes that comprise the scope of your Business Deliverable. Each process will be outlined by any natural process break between systems or functions. Within each process, list the specific tasks executed to accomplish the process, as well as descriptions of those tasks.

TaskID

Execution Control(How do we know it moved to the

next step)

Integrity Control(How do we know the information was correct)

1

2

Do the tasks listed above have controls to insure execution and integrity? Please list them below. If the task does not have a control please enter “None”

Likelihood x Impact = Risk Score

Realized Potential Client Impact

Error will result in the client being aware of this error

Client action is necessary to resolve the error

9. Has a one time failure or potential failure of the process under review ever caused or could cause any of the following client/employee impacts?

Task Number {EX. P1.1, P1.2}

Controls to be implemented, updated?

Priority Who is responsible for implementing control

Target Implementation date or Ticket #, and priority

Date of reevaluation

Action Plan

Assessment Survey 22

11 33


• Client fund balances recorded with Paychex’ systems do not consistently match fund balances at the money manager. Money Managers send funds that are less than the participants balance with Paychex’ system. When this occurs, the participants distribution is placed on a system generated hold.

• 6,552 participant distributions were placed on hold.

• 1092 audit items caused by this process

• Remittance of distributions to participants were delayed

Likelihood / Impact Scoring

Realized:Within the year, the total cost associated to warranty expenses were approximately $10,000. This incurred when distributions were not manually rebuilt correctly, and participants received distributions in excess of their balance . In addition, over 1000 audit imbalances were identified and worked by the 401K audit team.

Potential:If recreated distributions are processed for the incorrect participant or for the incorrect amount, monetary loss is experienced. The potential loss which can occur with this process is unlimited, as any denomination can be used when generating a new distribution.

Losses equal to or greater than $.01 or losses less than $5,000

Losses equal to or greater than $5,000

and less than $50,000

Losses equal to or greater than $50,000 and less than

$100,000

Losses equal to or greater

than $100,000 and less than $1,000,000

Losses equal to or greater

than $1,000,000

Monetary

Reputation (Client)

Realized:Participants may not receive a check for what was previously quoted to them. In addition, the money manager reject process may delay the distribution to a participant for up to 15 days. Up to 75% of all money manager rejects incur phone calls to the CSC due to these service impairments

Potential: Consistent with realized

Client aware of error, however

no action is required by the client to resolve

the issue.

Client aware of error, client

action is necessary to resolve the

error. No other ramifications to

client.

Client aware and needed for

resolution. Client may

receive notification of an

error from a third party.

Client action is necessary, and error disrupts

the normal business

operations of the client.

Client's reputation is damaged, judgments

against client. Client unable to

operate business.

1 – 50 clients

impacted

51 – 500 clients

impacted.

501 -1,000 clients

impacted.

1,001 – 10,000 clients

impacted

10,000+ clients

impacted.

RareError is not expected

to occur

PossibleError may occur occasionally, i.e.,

quarterly

LikelyError will probably occur but it is

not persistent. We know from our experience that the error does occur from time to time. i.e.,

monthly business operations of the client.

CertainError occurs frequently, it is a constant threat, or is custom

and practiced, i.e., daily, weekly

UnlikelyError occurs infrequently, but

remains a possibility. i.e., once or twice a year

1. Trades Initiated

2. Funds received from Money Manager

3. Funds Dispersed

Execution ( ) / Integrity ( ) Control

Impact

Likelihood

22

11 33


Risk Scoring- Money Manager Trade

Likelihood Certain 55

Total ScoreTotal Score 1515

Monetary

Revenue

Reputation (Client)Reputation (Third-Party)

ImpactCatastrophic

36

Not Applicable0

Minor

3

Not Applicable

39Impact ScoreSum or All Impact Scores

Total Impact Score 3

Heat MapScoring Method

0 Like

lihoo

d

Impact

22

11 33

1

2

3

4

5

1 2 3 4 5

5 10 15 20 25

4 8 12 16 20

3 6 9 12 15

2 4 6 8 10

1 2 3 4 5


FIX


Process failures result in exception processing - often a complex and manual ordeal

Multiple processing steps are often required to sufficiently address even minor errors

The true impact of error instances is realized by considering the full cost of error fallout and repair

22

11 33



Cost Consideration: All sources of expenses resulting from process breakdown

Penalties

LaborWarranty

Client credits

FundingsClient Discounts

Loss Revenue

3rd party fee

Expenses associated with fallout

Key discrepancies can be reduced to a common unit of impact to be aggregated and compared.

Benefits:

• Price of failure awareness

• Assists in establishing priorities when resources are limited

• Assigned values can be weighted against current standards

• Full risk spectrum, true cost/failure analyses

ReconciliationClient Calls

22

11 33


Discrepancy EconomicsCorrection Steps:

Step Explanation Normal Time Fully Loaded Error Time

Trade Rec. Balancing the blotter and posting rejects to bank detail 3 3

Approvals Sign off from the blotter 2 2

L & D Research Calculate the difference between the trade and the distribution. Once the difference is calculated, it is posted in the database. 3 32

L & D Rebuild process void, set up new distribution, and calculation the distribution. 8 8

Approvals Generate reports, review bank detail to confirm funds in balance, and update status 3 3

NB1 / NB2 Adjustment researching and entering adjustments in 401K adjustment DB) - 8

Banking Enters Adjustment in HRIS and approves in database - 1

Approvals Approvals post automatically if entered from DB, no verification - 1

Additional funds Funds not received will return possibly weeks – months later. Received funds need to be distributed. (401k Audit group 3 min + L&D re-distribution 6 min) - 9

Approvals Generate reports, review bank detail to confirm funds in balance, and update status - 3

Mailing Generate new check and mail out - .05

Total Time to Complete Correction (Minutes):Total Time to Complete Correction (Hours):

19 70.05

.32 1.17

Client Level Rejects = 851 fully loaded errors, 4268 Normal851*1.17= 994 Fully loaded Correction Hours = $19,8704268*.32= 1351 Normal Correction Hours = $27,029

Phone Calls = 75% Participant Level Rejects at $9 per call, 4914*9 = $44,226

Audit records = 1092 * .18/h = 196 Correction Hours = $3,931

Warranty = $10,176

Total: $105,233

Total Cost:MM Rejects:

Client Level = 5119Participant Level = 6552

Total Costs = $105,233Total Client Level Rejects = 5119

$105,233 / 5119 = $21

Cost Per MM Reject:

22

11 33


Fraud Screening

Fraud Screening is used to detect, and prevent internal fraud.

• Correct current gaps

• Derive mitigation measures

PreventPreventDetectionDetection

• Assess adequacy of internal fraud controls

• Evaluate gaps in internal controls

• Manually initiated financial transactions• Access to bank account detail• Segregation of Duties• Transactional Authority• Management Awareness Authority

Investigate:

• Reduce gaps in internal controls• Offer solutions for addressing internal

fraud risks

Prevent: Process controls are required to address fraud risk inherent to the present environment.

• Material losses • Revenue streams• Reputation damage

Protect:

• Monetary / Cash Value

• Data

Identify potential loss:

Setup Cli ent Mai ntenance Screens In Payroll Application

Payroll Speciali st


Payroll Speciali st

Scan Data


Process LDAP (Lightweight Direct Access Protocol )

Process -CRON


CM Speciali st

Did LDAP Run ?

CM Speciali st

Send Field Import Confirmation


Enter Client Data

CM Speciali st

Accept Or Reject?

CM Speciali st




CM Speciali st


CM Speciali st

Revi ew Data

HRS Specialist



REJECT

ACCEPT

Send Data To Agency

HRS Specialist

Send Fi eld " Reject" Indicator


Recei ve New Client Taxpay Data

Payroll Speciali st

YES NO

View ORS Report (Pr oduct Tracki ng )To Determine Image Status

Payroll Speciali st

Did Item Reject ?

Payroll Speciali st

Discard ORS Report

Payroll Speciali st


Payroll Speciali st

NO

YES

NO



Apply Data Tags and Selects Associated HRS Pr oducts in Product

Tracking FormField Imaging Specialist


HRS Specialist



Isolate Location Of Records To Be Labeled and Viewable Via New Vision

ORS System

Store Data In ORS

ORS System


Centera -GEN 3


Web ORS Application


CM Speciali st


Centera - GEN 1


Centera -GEN 1


Payroll Speciali st


CM Speciali st

Did LDAP Run?

CM Speciali st




CM Speciali st

Enter Client Data

CM Speciali st

Revi ew Data

HRS Specialist



Send Data To Agency

HRS Specialist



YES

NO


HRS Specialist


HRS Specialist

Store Data In ORS

ORS System


Centera -GEN 3


Web ORS Application


CM Speciali st

Setup Cli ent Mai ntenance Screens In Payroll Application

Payroll Speciali st


Payroll Speciali st

Scan Data


Process LDAP( Li ghtwei ght Di r ect Access Protocol)

Process - CRON


CM Speciali st

Did LDAP Run ?

CM Speciali st



Enter Client Data

CM Speciali st


Data

Payroll Speciali st

NO



Apply Data Tags and Selects Associated HRS Pr oducts in Product Tracking FormFi eld I magi ng Speci ali st




VisionORS System

Store Data In ORS

ORS System


Centera -GEN 3

DELIVERABLE

Accept Or Reject ?

CM Speciali st

Send Fi eld "Accept " Indicator


Does A Product Folder Exist ?

CM Speciali st


CM Speciali st

REJECT

ACCEPT

Send Field "Reject " Indicator


YESNO


CM Speciali st


CM Speciali st


Centera -GEN 1


CM Speciali st

Did LDAP Run?

CM Speciali st



Enter Client Data

CM Speciali st

Revi ew Data

HRS Specialist







NO

Isolate Location Of Records To Be Labeled and Viewable Via New Vision

ORS System

Store Data In ORS

ORS System


Centera - GEN 3


Web ORS Application


CM Speciali st

Send Field " Accept" Indicator



CM Speciali st






HRS Specialist


CM Speciali st

Recei ve Taxpay POA and RAA Data



VisionORS System


CM Speciali st

Send Fi eld "Accept " Indicator



Payroll Speciali st

Scan Data


Process LDAP( Li ghtwei ght Di r ect Access Protocol )

Process - CRON



Apply Data Tags and Selects Associated HRS Pr oducts in Product Tracking Form


Apply Image To New Folder I n New Vision

CM Speciali st

Setup Client Maintenance Screens In Payroll ApplicationPayroll Speciali st

Forward Pertinent Data To Imagi ng Speciali st

Payroll Speciali st

Scan Data


Process LDAP(Lightweight Direct Access Protocol)Process -CRON


CM Speciali st

Did LDAP Run?

CM Speciali st



Enter Client Data

CM Speciali st

Accept Or Reject?

CM Speciali st




CM Speciali st


CM Speciali st

Revi ew Data

HRS Specialist



REJECT

ACCEPT

Send Data To Agency

HRS Specialist




Payroll Speciali st

YES NO

View ORS Report (Product Tracking )To Determine Image StatusPayroll Speciali st

Did Item Reject?

Payroll Speciali st

Discard ORS Report

Payroll Speciali st


Payroll Speciali st

NO

YES

NO



Apply Data Tags and Selects Associated HRS Pr oducts in Product

Tracking FormField Imaging Specialist

View Product Tracking Repor t

HRS Specialist



Isolate Location Of Recor ds To Be Labeled and Viewable Via New Vision

ORS System

Store Data In ORS

ORS SystemStore Data in Centera

Centera -GEN 3


Web ORS Application


CM Speciali st


Centera -GEN 1


Centera - GEN 1


Payroll Speciali st


CM Speciali st

Did LDAP Run?

CM Speciali st




CM Speciali st

Enter Client Data

CM Specialist

Revi ew Data

HRS Specialist



Send Data To Agency

HRS Specialist



YES

NO

View Product Tracking Repor t

HRS Specialist


HRS Specialist

Store Data In ORS

ORS System


Centera - GEN 3


Web ORS Application


CM Speciali st

Setup Cli ent Mai ntenance Screens In Payroll ApplicationPayroll Speciali st


Payroll Speciali st

Scan Data


Process LDAP(Li ghtwei ght Di r ect Access Protocol)Process -CRON


CM Speciali st

Did LDAP Run?

CM Speciali st



Enter Client Data

CM Speciali st


Payroll Speciali st

NO



Apply Data Tags and Selects Associated HRS Pr oducts in Product Tracking FormField Imaging Specialist



Isolate Location Of Recor ds To Be Labeled and Viewable Via New Vision

ORS System

Store Data In ORS

ORS SystemStore Data in Centera

Centera - GEN 3

DELIVERABLE

Accept Or Reject?

CM Speciali st




CM Speciali st


CM Speciali st

REJECT

ACCEPT



YES NO


CM Speciali st


CM Specialist


Centera - GEN 1


CM Speciali st

Did LDAP Run?

CM Speciali st



Enter Client Data

CM Specialist

Revi ew Data

HRS Specialist







NO

Isolate Location Of Records To Be Labeled and Viewable Vi a New VisionORS System

Store Data In ORS

ORS System


Centera -GEN 3

Vi ew Data Via Web ORS

Web ORS Application


CM Speciali st




CM Speciali st






HRS Specialist

Apply I mage To New Folder I n New Vi si on

CM Speciali st



Isolate Location Of Records To Be Labeled and Viewable Via New VisionORS System

Apply I mage To New Folder I n New Vi si on

CM Speciali st




Payroll Speciali st

Scan Data


Process LDAP(Li ghtwei ght Di r ect Access Protocol)Process -CRON



Apply Data Tags and Selects Associated HRS Pr oducts in Product Tracking FormFi eld I magi ng Speci ali st


CM Speciali st

22

11 33


Internal Fraud Assessment

Distributions that reject within the Money Manager Trade File requires manual intervention to re-create the participant’s check. The lack of sufficient internal controls to guard against internal fraud during the creation of a manual check within the HRIS system poses risk.

During the manual check process, users must populate the payee name and payee address. Manual checks are subsequently sent directly to the payee name/address designated within the check request forms without authentication review.

Those with intentions of self-fulfillment are provided the ability to abscond with Paychex’ client funds. An employee is able to single-handedly redirect participant assets into their own personal account via payee name/address modification. This means of deceit is straightforward and presently undetectable.

Internal Fraud Risk: YES

ORM assessed the adequacy of internal fraud controls within the processes supporting the regeneration of distribution transactions that reject within the Money

Manager Trade File.

Findings:

22

11 33


Treatment/ Action Plans- Money Manager Trade

Rec. ID

Recommendation Person/ Area ResponsibleTarget Date

Follow up Date (Reevaluation)

A Establish process to proactively identify client fund balance discrepancies when SunGard initiated sell activity exceeds the money manager’s balance TBD / Loans and Distribution TBD TBD

B ORM endorses CR503499 which calls for an adjustment in SunGard to balance with the money manager prior to transmitting sell activity TBD / Loans and Distribution TBD TBD

CProvide the ability for SunGard/HRIS to recognize if the money manager reject is within write-off range (between - $10.00 and $5.00). Automatically post distributions within this range and write-off differences.

TBD / Loans and Distribution TBD TBD

D Enable the dollar amount of the distribution in the Money Manager Reject status to be updated and allow distribution to be remitted. TBD / Loans and Distribution TBD TBD

E Provide the ability for HRIS to automatically populate the loan default and taxation when regenerating a distribution. TBD / Loans and Distribution TBD TBD

Risk Mapping1

Discrepancy Economics2With 5,119 clients impacted by imbalance instances, the annualized cost of exception processing is estimated at $105K. Measures are required to reduce fund balance discrepancies, contain internal fraud exposure, and streamline exception

processing.

Rec. ID

Recommendation Person/ Area ResponsibleTarget Date

Follow up Date (Reevaluation)

A Access to modify payee name/address information must be limited to a subset of personnel TBD / Loans and Distribution TBD TBD

BA query/report should be created to identify payee address information each time a manual check is generated (loan, distribution, installment distribution) that does not match respective employee data within the client profile from. This report should be reviewed by the Supervisor team on a weekly frequency to ensure all name/address exceptions were submitted within the required documentation for review.

TBD / Loans and Distribution TBD TBD

Fraud Screening3

22

11 33

1:35-2:30 pm enterprise risk management presenter · ¾fiscal 2008 – revenue of $2 billion...

Documents