STATE OF CONNECTICUT
THE STATE COMPTROLLER
MEMORANDUM NO. 2001-21
March 28, 2001
TO THE HEADS OF ALL STATE AGENCIES
|Attention:||Commissioners, Chief Financial Officers, Business Managers, and Payroll Officers|
|Subject:||Comptroller's Financial Systems Security Revised CO-1057 and CO-1057A Forms|
The purpose of this memo is to advise all state agencies of the importance of having appropriate internal controls over and within automated systems to ensure that transactions are properly authenticated and authorized.
A key security issue in an automated system is unauthorized transaction processing. Guarding against unauthorized or inappropriate transaction processing is critical because of the integration of automated systems.
An automated system concentrates accounting records and transaction processing capabilities in one system. Unrestricted access to automated systems compromises the controls provided by segregating duties and other safeguards that are usually part of manually operated systems.
II. CONTROL ACTIVITIES
Security in automated systems is imperative so that only those individuals authorized have access to on-line transaction processing capabilities. The initial request for user access to systems is done via Form CO-1057, Agency On-Line Security Form.
Each agency has the responsibility of requesting the deletion of an employee's user identification code/password immediately upon notice of his or her termination, retirement or transfer to another agency.
Each agency must monitor the following to ensure that identification codes and passwords are properly effective:
III. GUIDELINES AND PROCEDURES
Previously, the Office of the State Comptroller requested that each agency head designate a single contact person and backup for the Comptroller's Financial Systems (Central Accounting System, Payroll System, and Retirement Data Base System). A list of designated agency contact individuals is on file with the Comptroller's Information Technology Division.
If an agency has not designated a contact person, or had personnel changes that affected the agency's designated contact person, they must complete a CO-1057A, Agency Contact Person For Agency Online Security Form, and list the person(s) that should be contacted regarding User Identification and Password access to the Comptroller's Financial Systems. This form must be completed and sent to the Comptroller's Office.
When an agency needs to submit an Agency On-Line Security Form (CO-1057) for new, revised, or deletion of access, the designated agency liaison should fax or mail the CO-1057 to:
The Comptroller's Information Technology Division will contact the agency liaison when the Agency On-Line Security Form (CO-1057) has been approved and the identification code/password has been assigned. The liaison must then give this information to the designated user. In the case of a deletion, there will not be any notification that the request has been completed.
In the event of a password problem, the designated user should inform the agency liaison, who should then contact the Comptroller's Office.
The CO-1057 and CO-1057A forms are now available in electronic format at the Office of the State Comptroller Web Site at:
The CO-1057 form is in Excel format and the CO-1057A form is in Word format. Both forms can be downloaded from the Web Site and must be submitted via fax or mail. Revised samples of both forms are attached to this memorandum.
Questions may be directed as follows:
|On-Line Security:||Office of the State Comptroller|
|Information Technology Division|
|Diane Campbell||(860) 702-3613|
|Nayda Flores||(860) 702-3614|
|On-Line Forms:||Office of the State Comptroller|
|Policy Services Division|
|Mark A. Scerra||(860) 702-3442|
Return to Index of 2001 Comptroller's Memoranda
Return to Index of Comptroller's Memoranda
Return to Comptroller's Home Page