Saving Time With Gelco
Discover Audit Files
IN THIS ISSUE:

First Quarter, 2005 Release Launch:
Gelco’s Expense Solutions Go Global

Client Conference Review:
PERSPECTIVES 2005

Around the World:
Gelco Global Capabilities


PA ESSENTIALS:

New Gelco Customer Support Services

Discover Audit Files

Month-end Reporting Schedule 2005

Most Commonly Asked User Questions

Gelco Call Center Holiday Hours


NEWS & EVENTS:

Upcoming Gelco Virtual Client Conference

Gelco SmartPaper on Sarbanes-Oxley
(85kb .pdf download)

May 2005 Gelco SmartTalks

Gelco SmartTalks Archives

Upcoming Trade Shows


Have a comment or a suggestion for a Gelco Advisor Article?

Contact Us >> 		Gelco ExpenseLink® Audit Files consist of 18 files that detail the changes your company made to users, banking information, company policies, account information, expense categories, general ledger (G/L) codes, additional data capture fields (ADC), organizational structures, vehicles, standard fields, edit tables and proxy users on your ExpenseLink program. These files identify who made the changes as well as when those changes were made over a given time period. Because they help you track the changes made to your expense management program, they can save you a significant amount of time by supporting your company’s Sarbanes-Oxley internal control requirements.

These files may be requested through the Reporting & Analysis interface of ExpenseLink or Ceridian Expense Manager™ or can be requested for a one-time run or setup on a recurring basis from Gelco Customer Service. All requests will require a beginning and an end date. Additional things to consider when requesting Audit Files include:


Audit File Security
Audit Files typically contain confidential employee information. While you can have the file sent directly to your account, an FTP site allows you quick and easy access to audit files while providing an added level of security. The FTP website provides this additional layer of security by requiring a separate user name and password. You can further protect this information by defining where files should be delivered, ensuring that files are not sent to a group mailbox or other unprotected location.

Confidential Information
Social security numbers, bank account numbers and other confidential information can be masked. Masking provides greater security when sending and receiving files. Reporting & Analysis customers have the option to receive a file with sensitive fields unmasked when the information is relevant to the audit they are conducting.

Email Notification
You may choose to receive an email once the Audit File request is complete. This provides program administrators with the convenience of knowing when their files are ready to be downloaded.

When requesting Audit Files on a one-time run basis, you should allow Gelco customer service at least 24 hours in which turnaround the reports. Clients of Gelco Reporting and Analysis can contact customer service to update their profile and receive Audit Files on a regularly scheduled basis.  If you wish, organizational level-specific file data can be sent directly to select recipients. For more information about Audit Files, please contact Gelco customer service.


 Types of Audit Files and Their Uses
  1. User Information Audit File
    This file can provide accountability for changes made to a user’s profile, their financial controls and organizational structure by capturing the name of the person(s) who made the changes. Specifically, it details on who made changes to the following user fields:
    • Sign on
    • Name
    • Address
    • Period limits
    • Period frequencies
    • User class
    • Routing degrees
    • Organizational assignments

    Uses:
    Regulatory compliance     – Changes made to internal control processes are required to be documented under SOX in order to provide certification under section 302.
    Reduced travel spending – Improving the internal control process will result in a reduction in overall travel spending through more effective policy and fraud reduction measures.

  2. User Manager Assignment Audit File
    This audit file details which managers were assigned to a user over time.

    Uses:
    Regulatory compliance – Changes made to internal control processes are required to be documented under SOX in order to provide certification under section 302.
    Reduced travel spending – Improving the internal control process will result in a reduction in overall travel spending through more effective policy and fraud reduction measures

  3. User Role Audit File
    This audit file details the roles that an individual has been granted in the system over a period of time, providing accountability for changes made to a user’s role within the system.

    Use:
    Regulatory compliance – Identification of all users involved in internal control procedures is a requirement of meeting the Section 404 auditor review requirements as well as the Section 302 internal control effectiveness report.


  4. User Payment Approver Organization Assignment File
    This audit file details what part of an organizational structure a payment approver has responsibility for and any changes made to that assignment. Provides accountability for changes made to areas of responsibility in the payment approver process. This is an important check as the payment approval process is for expense reports that have exceeded company policies. This file shows which payment approvers had access to view, reject or approve expense reports within a given organization structure.

    Uses:
    Regulatory compliance – Identification of all users involved in internal control procedures is a requirement of meeting the Section 404 auditor review requirements as well as the Section 302 internal control effectiveness report.
    Reduced travel spending – Improving the internal control process will result in a reduction in overall travel spending through more effective policy and fraud reduction measures.


  5. User Banking Audit File
    This file details changes made to a user’s banking record. Provides an audit trail log for changes made to each user’s banking records and the ability to trace funds in the event that fraud has actually taken place. This file is useful in mass load processes to verify banking changes.

    Uses:
    Reduce potential for fraudulent payments – Access to historical changes to the user banking records will allow auditors to determine if incorrect accounts were reimbursed for expenses.
    Regulatory compliance – SOX section 302 requires that all fraudulent activity that has a material impact on operations or involves an employee that is a part of an internal control procedure must be reported to the audit committee and independent auditor. The ability to identify fraudulent activity is a pre-requisite to compliance.


  6. Account Audit File
    This file details account level controls and who made changes to those controls, providing visibility to account controls that customers cannot see today.

    Uses:
    Regulatory compliance – Changes made to internal control processes are required to be documented under SOX in order to provide certification under section 302.
    Reduced travel spending – Improving the internal control process will result in a reduction in overall travel spending through more effective policy and fraud reduction measures.


  7. Account Pay Type Audit File
    This audit file details the pay types that an account uses and history of changes for those pay types.

    Use:
    Audit efficiency improvement – The current environment would require that auditors manually review expense reports to determine changes to the pay methods used by the customer. This audit log provides access to the information and requires substantially less manual effort to obtain.


  8. Account Interface Assignment Audit File
    This audit file details the various interfaces that have been configured for use on an account. This file provides auditors with information on when interfaces were made available to determine how information is sent to Gelco’s system.

    Uses:
    Regulatory Compliance – Each interface may have different internal control features. It will be necessary to track the interfaces available to users in order to properly certify Section 302 compliance under SOX.
    Reduce potential for fraudulent payments – Access to historical changes to application interfaces will improve the ability of your auditor to evaluate the potential for fraudulent transactions generated via each interface.


  9. Organizational Structure Audit File
    This audit file details the organizational structure list changes for a user’s account. This file provides information as to when an organizational structure is available for use within the contexts of user assignment and expense reporting.

    Uses:
    Ensure proper accounting of expenses in G/L – Providing an audit log of default organizational assignments will improve the allocation of expenses within the G/L by increasing the accuracy of postings.
    Regulatory Compliance – The default organization assignment for a user impacts the assigned “payment approver” within the Gelco service. Since the payment approval activity is an internal control process it is necessary to keep an audit trail on changes to this assignment in order to certify under SOX section 302.


  10. Account Expense Category Audit File
    This audit file details what expense category changes have been made within an account over a period of time. Provides visibility to the expense category list that is not readily available to the client today. Provides accountability to changes made to expense categories. Expense categories are a foundational element for how expenses are tracked and how policies work with the system.

    Uses:
    Ensure proper accounting of expenses in G/L – Providing an audit log of expense category changes will improve the allocation of expenses within the G/L by increasing the accuracy of postings.
    Regulatory Compliance – Expense categories within the Gelco solution are where automated audit business rules are assigned. The automated audit is an important part of the Gelco internal control process and it is therefore necessary to keep an audit trail on changes to categories in order to certify under SOX section 302.


  11. Account General Ledger (G/L) Code Audit File
    This audit file details what G/L code changes have been made within a user’s account over a period of time. Provides visibility to how G/L codes have changed within our system. G/L codes are important financial codes that allow customers to book expenses to particular general ledger codes or accounts.

    Use:
    Ensure proper accounting of expenses in G/L – Providing an audit log of G/L code changes will improve the allocation of expenses within the G/L by increasing the accuracy of postings.


  12. Company Policy Audit File
    This audit file details all company policies and changes made to those policies over a period of time. Company policies are financial controls that enforce limits to expenses. This is an important file in determining what controls are in place for expense categories.

    Uses:
    Regulatory Compliance – Company policies within the Gelco solution are automated audit business rules used by the solution. The automated audit is an important part of the Gelco internal control process and it is therefore necessary to keep an audit trail on changes to categories in order to certify under SOX section 302.
    Reduced travel spending – Improving the internal control process represented in the policy will result in a reduction in overall travel spending through more effective policy and fraud reduction measures.


  13. Account Vehicle Profiles Audit File
    This audit file details changes to all vehicles within an account over a period of time. Since usage rates are tracked by vehicle type this file will show changes made to those rates and who made the changes.

    Use:
    Reduce audit risk – Since vehicle rates change over time within defined regulatory boundaries it is necessary that companies be prepared to provide documentation of the rates used throughout the year in support of any audit.


  14. Additional Data Capture (ADC) Profiles Audit File
    This audit file details all changes made to ADC profiles and fields over a period of time. ADC fields can be used for sub-categorizations and collecting important auditing information such as a guest list for entertainment expenses. This file will detail the controls around those fields.

    Use:
    Reduce audit risk - ADC fields are used to collect required information to support deductibility for Entertainment/Gift expenses and in specific industries will be used to collect information supporting other regulatory concerns.


  15. Account Standard Configurable Audit File
    Tracks the use of the vendor, location, purpose, and project fields within each expense category. This file provides visibility to how these fields are configured and accountability for changes made to these fields.

    Use:
    Ensure proper accounting of expenses in G/L - Providing an audit log of changes to vendor, location, or purpose fields in the expense management program will improve the allocation of expenses within the G/L by increasing the accuracy of postings.

  16. Account Edit Table Profile Audit File
    This audit file tracks changes made through edit table set-up. This file provides visibility to edit table set-ups that are not readily available today for our customers.

    Use:
    Ensure proper accounting of expenses in G/L - Providing an audit log of changes all edit tables in the expense management program to improve the allocation of expenses within the G/L by increasing the accuracy of postings.


  17. Account Edit Table Detail Audit File
    Tracks changes made through edit table values and edit table filters. This file provides a method by which a customer may see all changes that they have made to edit values and filters.

    Use:
    Ensure proper accounting of expenses in G/L - Providing an audit log of changes all edit tables in the expense management program to improve the allocation of expenses within the G/L by increasing the accuracy of postings.


  18. User Proxy Assignment Audit File
    This audit file tracks who designated a proxy, who was designated as a proxy and what role was given to the proxy. This file provides visibility to a process that is end-user controlled. Useful for examining who was designated a proxy within the reporting time frame. It also provides accountability for those individuals that have delegated their responsibility within the role of expense report submitter or the role of approver.

    Uses:
    Regulatory compliance – Assignment of approval or submission rights to a “proxy” user represents a change to the internal control process and is required to be documented under SOX in order to provide certification under section 302.
    Reduced travel spending – Improving the internal control process will result in a reduction in overall travel spending through more effective policy and fraud reduction measures.