State of Connecticut Office of the State Comptroller MEMORANDUM 2001-45
COMPTROLLER'S SEAL STATE OF CONNECTICUT

STATE OF CONNECTICUT
NANCY WYMAN
COMPTROLLER

OFFICE OF THE STATE COMPTROLLER
55 ELM STREET
HARTFORD, CONNECTICUT 06106-1775

 MARK OJAKIAN
DEPUTY COMPTROLLER

MEMORANDUM 2001-45

August 10, 2001 

TO THE HEADS OF ALL STATE AGENCIES 

Attention: Chief Administrative and Fiscal Officers, Business Managers, and Payroll and Personnel Officers
Subject: Comptroller's Financial Systems Security Procedures

I. PURPOSE

The purpose of this memo is to advise all state agencies that effective October 1, 2001, the Comptroller's agency liaison policies will be strictly enforced. Having contact personnel in each agency is a significant part of having appropriate internal controls over and within automated systems.
 
An automated system concentrates accounting records and transaction processing capabilities in one system. Unrestricted access to automated systems compromises the controls provided by segregating duties and other safeguards that are usually part of manually operated systems.
 
Security in automated systems is imperative so that only those individuals authorized have access to on-line transaction processing capabilities.

II. CONTROL ACTIVITIES

There are approximately twenty-four hundred on-line users statewide. Each agency has the responsibility of assigning contact personnel to monitor and control their authorized access to the Comptroller's Financial Systems, and to interact with the personnel of the Comptroller's On-Line Security Unit.
 
Each agency's liaison has the responsibility of:
 
  • Requesting new access
  • Changing existing access
  • Requesting deletion of access immediately upon the notice of an employee's termination, retirement, or transfer to another department / agency.
  • Performing semi-annual audits of all assigned access.
  • Contacting OSC's On-Line Security Unit with any questions and/or problems requiring user identification codes and/or passwords.
  • Reviewing each user's access and restrict that access where the access is incompatible with the user's job description or change in responsibility within the agency.
  • The user-id codes and passwords are maintained confidentially.
  • The user-id codes and passwords are not shared for convenience between personnel.
  • The user-id codes and passwords are not attached to terminals, desk tops, or located where accessible to unauthorized personnel.
  • That passwords are changed immediately if the employee suspects that the security of his or her password has been breached.
  • All new, change, or delete requests are submitted via Form CO-1057, Agency On-Line Security Form

III. GUIDELINES AND PROCEDURES

The Office of the State Comptroller is requesting that each agency head designate a contact person and backup for the Comptroller's Financial Systems (Central Accounting System, Payroll System, and Retirement Data Base Systems). One contact and one backup may be assigned for all three systems or one contact and one backup maybe assigned for each system.

In selecting the agency contact personnel, the following should be considered:
 
  • Agencies with multiple sites where personnel have on-line access, a liaison should be assigned for each site.
  • Designated contacts are readily available to agency personnel with on-line access.
  • Designated contacts are available to monitor and control assigned user access (reference control activities).
All agencies must complete a CO-1057A, Agency Contact Person For Agency Online Security Form, and list the person(s) that should be contacted regarding User Identification and Password access to the Comptroller's Financial Systems. Only authorized agency contact personnel will be able to resolve user identification code/password issues or other related security problems. If an agency neglects to submit a CO-1057A form, there will be no authorized contact personnel on file and on-line security issues will remain unresolved until the agency designates contact individuals via the CO-1057A form.
The CO-1057A should be faxed or mailed by September 10, 2001 to:
 
Office of the State Comptroller
Information Technology Division
Room 119
55 Elm Street
Hartford, CT 06106
Attn: Diane Campbell
Fax No. (860) 702-3699
 
The CO-1057 and CO-1057A forms are now available in electronic format at the Office of the State Comptroller Web Site at: WWW.OSC.STATE.CT.US/AGENCIES/FORMS/
 
The CO-1057 form is in Excel format and the CO-1057A form is in Word format. Both forms can be downloaded from the Web Site and must be submitted via fax or mail. Revised samples of both forms are attached to this memorandum.

IV. QUESTIONS

Questions may be directed as follows:

ON-LINE SECURITY: Office of the State Comptroller
Information Technology Division
Diane Campbell (860) 702-3613
Nayda Flores (860) 702-3614
ON-LINE FORMS: Office of the State Comptroller
Policy Services Division
Mark A. Scerra (860) 702-3442
MEMORANDUM INTERPRETATION: Office of the State Comptroller
Policy Services Division (860) 702-3440

NANCY WYMAN
STATE COMPTROLLER

NW:DC:MS

Return to Index of 2001 Comptroller's Memoranda
Return to Index of Comptroller's Memoranda
Return to Comptroller's Home Page