Business Administrator Services
October 13, 2005
KSC Room 204
9:00 a.m. – 11:00 a.m.
Michelle Kocher was introduced as a new member to the BAS Forum group. Michelle works in the Office
of the Vice President for Administration (Dr. David Creamer). The BAS Forum members welcome
Michelle and look forward to her participation and input.
Brad Staats – Kronos Update
Brad Staats, Comptroller, spoke to the BAS Forum members about the Kronos system. The Kronos
implementation will resume in the coming weeks. Below is an overview of the Kronos migration schedule,
noting the month that each phase is scheduled to begin.
Phase of Kronos Project
& Hardware Parallel Validate
Departments Review Training Production Production Project Closure
Library December January January February
College of Ed January February March April
Ashtabula March April May June
Communications & Information
Arts & Sciences May June July August
Research & Grad Studies
CE&O June July August September
Project Closure October
Brad indicated each of the departments on the schedule will be asked to appoint one person to serve as the
department Kronos implementation liaison. The liaison will be the point person for questions and issues on
Kronos from the department users, and the primary source of communications to the department regarding
Kronos issues. Brad further explained that each department added to Kronos receives training and
completes a 6-week parallel testing process, during which department employees are clocking in and out
using the Kronos system and also completing paper timecards. This parallel processing ensures all
transactions on the paper time cards are being recorded as intended through Kronos reporting.
Q. Supervisors need accurate information on accrual totals when approving time off. The vacation
and sick leave balances in Kronos are different than the accrual balances in the MyHRWeb system at
times. Where can accurate information on accrual balances be obtained?
A. Due to differences in data processing schedules and system reporting dates, the vacation and sick
leave accrual balances in Kronos and the MyHRWeb web facility may show different values at the
same point in time. The accrual balances shown in MyHRWeb reflect the accrual balances as of the
employee’s most recent pay date. All the accrual values in MyHRWeb are based on fiscal-year-to-
date values, and the balances are adjusted based on vacation and sick leave input that has been
processed by the HRS office.
To ensure accurate information is being used in time off decisions, supervisors should instruct their
employees to review the accrual balances in MyHRWeb (located online at
https://myhrweb.kent.edu/myhr/defaulta.aspx) prior to requesting time off. When approving
requests for time off, supervisors can verify an employee’s accrual balances by 1) contacting payroll
2) contacting Human Resources or 3) verifying accrual time with an individual employee using
Brad explained that, to avoid confusion between these different accrual balance sources, several
possible changes are being considered, including:
Removing vacation and sick leave accrual balances from Kronos
Providing a supervisor with employee vacation and sick leave balances through the
When decisions have been made on these possible changes, the BAS Forum members will be advised.
To ensure employees and supervisors are using appropriate accrual balance information, it was
suggested and agreed that this issue would be addressed in the e-Inside as a Human Resources
Question of the Week.
Steve Hujarski – ERP Update
Steve Hujarski provided a brief update on the status of the ERP project. Steve advised that a request for
proposal (RFP) for the ERP project is being created and it is expected that the RFP will be sent to qualified
vendors in early November.
As mentioned in previous BAS forums, the University is exploring the use of a Shared Services Model, in
which Kent State would partner with other universities in purchasing and implementing an ERP system.
All the Shared Services partners would share in the costs of the system. The Shared Services Model is still
being considered at this time. More information on the status of the ERP project and the Shared Services
decision will be provided as it becomes available.
Steve Hujarski – FAMIS (Facility Asset Management Information System)
Steve Hujarski advised that the initial test hardware for the FAMIS system has been installed, the FAMIS
software application has been installed and the process of formulating the software for the KSU
environment is underway. The Office of the University Architect is currently reviewing and correcting
AutoCAD drawings that will be placed on the FAMIS system in the coming months.
Steve Hujarski – Server Consolidation
Steve Hujarski advised that a project is underway to consolidate servers on the Kent campus. The server
consolidation project began 3 months ago and will continue for another 6-9 months. Through this effort,
data and applications on numerous individual servers located across campus are being moved to servers
located in the Library Data Center that are more secure and up to date. The benefits of the consolidation
IT is able to provide more effective support for servers that are located in the Library.
There is improved security over the data and applications on the servers in the Library.
Cost savings will be realized due to reduced expenses for licenses, protection costs, etc….
Steve Hujarski - Technology Assessment
Steve Hujarski explained that as new software applications are implemented (such as Kronos, FAMIS, ERP
and Imaging), the computers at many employee workstations will have increased performance
requirements. As systems are upgraded and new applications are rolled out to departments, the IT systems
support personnel will assess whether the current computer hardware in employee workstations meets the
increased performance requirements and can support the new applications. Steve explained that new
applications will not be installed until a technology evaluation is completed, and it is either determined that
the applications will function properly on the computer equipment, or equipment upgrades occur.
Q. If a department’s computers must be updated in order for the new applications to work properly,
who will be responsible for the funding of the computer upgrade?
A. Steve advised that departments should keep the computer upgrade issue in mind when preparing
the Fiscal Year 2007 department budgets. The IT systems support should provide each department
with an estimated upgrade cost, based on their assessment of the computer equipment. The cost of
computer upgrades may create budgetary and implementation issues for some departments.
Departments with concerns should contact their designated IT support staff to discuss how the
upgrade should be budgeted.
Greg Seibert – Computer Security
Greg Seibert, Director of Security and Compliance, spoke to the BAS Forum members about computer
security at Kent State University. Greg noted that there were two security issues during the summer of
2005 at Kent State: A KSU laptop with Social Security numbers for about 1,400 employees was stolen in
June and four desktop computers that contained students' names, Social Security numbers and grades were
taken from an office in August. It was noted that police investigators believe that the equipment was
targeted only for its resale value. The computers were password protected and not easily accessible.
Since these incidents occurred, the University has expanded its review of data security and worked to adopt
a more proactive computer security posture. Specifically, the University is taking the following steps to
protect university data:
Assessing the large-scale effort to remove Social Security numbers as identifiers from our core
institutional data system.
Reviewing faculty and staff access to university core institutional computing systems.
Developing and implementing a university-wide Security User Education Campaign that will be
delivered in the work spaces of all authorized users. This effort will also engage the local
department Information Technology (IT) professionals.
With the assistance of the University Counsel, reviewing and expanding the newly created IT policy
chapter in the University Policy Register to reflect an expanded set of acceptable use policies.
Expanding our security and compliance efforts to include two new positions, along with enlisting all
Kent State IT professionals.
Redesigning “shadow” databases within the university to also remove any Social Security numbers
being used as identifiers.
Reviewing the use of department computer file servers, from both duplication of effort and security
Visit www.kent.edu/computersecurity to get more information about what Kent State is doing to improve
computer security and what computer users should do if they receive a notice that their personal
information may have been compromised.
Key points from Greg‟s presentation are noted below:
The University is focusing first on addressing security on servers that currently house large amounts
of sensitive data and / or federally protected information (covered by FERPA, HIPAA and the
Graham-Leach-Bliley act). These servers will be moved to a secure data center and the information
will eventually be moved over to a SAN (Storage Area Network) in the Library Data Center to
improve the security and data integrity.
The implementation of an ERP system will eliminate the use of social security numbers as student
and employee identifiers. Because the fully implemented ERP system is several years out into the
future, the University has assembled a task force to assess the feasibility and financial cost of
eliminating social security numbers as an employee and student identification number in the near
Two additional positions will be added to the Office of Security and Compliance, so that security
issues can be addressed more proactively.
BAS Forum members were provided with handouts regarding the use of Password Synchronization,
Common Sense Guidelines, Desktop Protection and the Top Ten Personal Computer Security
Requirements. (The materials included in the handouts are included at the end of the minutes.)
Greg advised that changes are being made so that all KSU system passwords must be changed a
minimum of 2 times per year.
Greg indicated that software is being implemented that will scan computers to identify files that
may contain social security numbers or credit card numbers, so the security over the information
can be addressed.
Greg stated that McAffee security software will be mandated on all University computers, unless a
specific exemption is requested and granted. Even computers that are not used to store sensitive
data can serve as a „jumping off point‟ for problems, and the same security standards will be used
for all KSU computers.
The BAS Forum will continue to be used as a source of relaying computer issues to University
Greg thanked the BAS Forum members for the information that the group shared about computer
security, and asked that BAS members continue to look for ways to improve data security in their
Since the BAS Forum meeting, Greg reported that he was advised of several security issues by BAS Forum
members and worked to have the issues addressed.
Diana Dubinsky – Grants Discussion Group
Diana Dubinsky introduced herself to the BAS Forum members and spoke about the Grants Discussion
Diana is the Grants Coordinator in the Dean‟s office in the College of Education, Health and Human
Services. Prior to her current position, Diana was a grant accountant in the Comptroller‟s Office. She
came to Kent State University from NEOUCOM, and she had previously worked for a CPA firm.
Diana explained that the concept of having a Grants Discussion Group was developed during the time that
she was working in the Comptroller‟s Office doing post-award accounting. It seemed to her that annual
workshops did not provide the “hands-on” instruction needed in many of the departments across campus.
Now that she has a role in an academic area, Diana has initiated these discussion group meetings. The
objectives of the Grants Discussion Group are:
To offer support to business personnel and faculty members involved with grants administration,
to provide resources and instruction from University Staff and
to initiate contact with other grant professionals so that questions about grants can be addressed and
issues can be aired.
The handouts from previous Grants Discussion Group meetings on the responsibilities of the Principal
Investigator and Cost Sharing were provided to the BAS forum attendees. (The materials from the Grants
Discussion Group handouts are included at the end of the minutes.)
Diana explained that all future meetings will be set up with a specific target audience - some meetings will
be intended for Faculty to attend, while other meetings will be for business staff. The topic for the next two
meetings will be Effort Certifications and Salary Revision. Details about the upcoming meetings are as
Business support personnel involved in grants are encouraged to attend a discussion group
meeting scheduled on Tuesday November 8, 2005 from 12:00 p.m. to 1:00 p.m. in Room 200
White Hall (READ Room).
Faculty members involved in grants are invited to attend a discussion group meeting on Thursday
November 10, 2005 from 12:00 p.m. to 1:00 p.m. in Room 200 White Hall (READ Room).
Faculty and staff involved in grant administration who would like to talk to others about grant issues are
encouraged to attend the Grants Discussion Group meetings. Anyone interested in participating in the
Discussion Group should contact Diana (by phone at extension 2-0769 or by e-mail at email@example.com)
to be added to the list of discussion group participants, and to receive future communications about the
discussion group activities.
bonny Mills – Imaging
bonny Mills, the Project Director of Networking and Administration in Shared Services - HR, spoke to the
BAS Forum about the imaging projects being implemented at Kent State. Holly Slocum, as Document
Imaging Administrator in Administrative Computer Services, is working full time on imaging projects. As
part of their role as the imaging team, the document imaging staff assist departments in converting paper
documents to a digitized format, which can be viewed electronically as images. The key points from
bonny‟s presentation are listed below:
The use of imaging began at Kent State 3 – 4 years ago in the Registrar‟s office. Many of the
Registrar‟s documents have now been converted to images. In addition, imaging is being used for
PERS waiver forms in the Payroll office, for promissory notes used by the Bursar‟s office and in the
Development offices. The imaging team is beginning work now with the Procurement group on
invoice images, and also has active projects with University Counsel and Continuing Studies.
In addition to reducing the volume of paper documents that must be kept on hand for department
processes, imaging also improves department efficiency, since a user can access all imaged
documents in a central location based on the security permissions.
bonny explained that the role of the imaging team is to meet with the department users, analyze
their needs and design a database for the images. The role of the department is to scan the images
and support the hardware needs of the system (along with their LAN administrator).
In addition to the imaging software required, there are hardware requirements for departments using
imaging, including PC‟s and scanning equipment. The associates from the IT imaging team will
identify all hardware needs when they assess any imaging request.
There are storage costs associated with scanned images. All images are housed in the SAN (Storage
Area Network) located in the Library. Currently, IT charges departments $15 per gigabyte per
month. There is also a $5 / gigabyte annual charge. A gigabyte is approximately 30,000 images
based on average resolution of the image.
Access to documents is controlled by a designated department imaging steward, who can establish
different views of the imaged documents in conjunction with the Document Imaging Administrator,
based on the needs of users.
Departments interested in transferring paper files to digitized images should contact bonny mills on
extension 2-1326 or by e-mail at firstname.lastname@example.org. The department will be asked to complete a
pre-discovery questionnaire, and an onsite visit will be held to discuss needs and options.
Vicki Ladd – New Ohio Sales Tax Contact
Vicki advised the BAS Forum members that Gloria Bollinger, Administrative Assistant in Treasury, Tax &
Risk Management Services, is retiring effective November 1, 2005. Bill Hendricks, Accountant in the
Comptroller‟s office, will serve as the contact for Ohio sales tax issues. Any questions regarding sales tax
or W-9‟s should be directed to Bill on extension 2-8636. All sales tax documents should continue to be
sent to Treasury, Tax & Risk Management, Room 226 MSC or faxed to extension 2-5434.
Maureen Kennedy – Health Insurance Reminder
Maureen Kennedy reminded the BAS Forum members about the upcoming benefits open enrollment
window for Kent State employees, which is November 1, 2005 through November 18, 2005. It is important
to remind all employees that action is required by employees. If an employee does not complete the
enrollment form during the enrollment window period, they will not have health insurance. More details
about this are found in the e-Inside Special Edition and the Inside Kent State Special Edition dated October
6. Information can also be found online at www.kent.edu/yourhealthbenefits. BAS Forum members are
asked to ensure all employees in their departments have received this important information.
Maureen Kennedy – Financial Process Table (Draft form)
Maureen Kennedy provided BAS Forum members with a draft copy of a decision table for financial
processes. The decision table is intended to serve as a tool that explains when the IDC, Budget Transfer,
Cost Transfer and Revision in Salary Distribution Processes should be used. Maureen requested that the
BAS Forum members review the document and provide any comments, corrections or suggestions on the
form. Please send any feedback to Maureen Kennedy at email@example.com. Once changes required
have been made, the form will be placed on the BAS website and an email will be sent to the BAS
The next BAS Forum is scheduled for December 8, 2005 in Room 204 at the Kent
Student Center. Meeting will be from 9:00 a.m. – 11:00 a.m.
The following pages contain the handouts provided by Greg Seibert regarding computer security and
safeguarding your work area and from Diana Dubinsky’s presentation on the Grants Discussion Group.
Handout from Greg Seibert’s presentation on the Computer Security
Top Ten Personal Computer Security Requirements
Kent State University recognizes the need for vigilant security measures necessary to maintain the integrity
of the electronic information produced by the university community. As information technology is often
changing, the university recognizes the need for an office dedicated to ensuring that university information
services are secure and utilized properly. Members of the University community must be aware of any
federally-protected data (FERPA, HIPAA, GLBA) that is stored on their workstations and servers and take
these mandated steps to protect it. Those that do not have protected data must still comply with steps 1 - 6
to ensure that their workstations do not become compromised gateways that can be used to attack other
Information Services is working with the Security Advisory Committee, a subcommittee of UCT, to gain
insight on how to best implement these requirements. The full body of UCT will review this draft during its
first meeting of the semester.
Information Services will work with all departments to assist them in becoming compliant with the
appropriate mandates. The federated desktop support model will be leveraged to assist in this effort.
Compliance will not be forced in a manner that would adversely affect the operations of any one area, but
will be accomplished cooperatively in order to impact efficiencies in the least way possible.
1. The operating system (OS) must be patched and up-to-date.
You are required to subscribe to automatic updates if that feature is available for your
workstation or server.
2. You must run an anti-virus product and make sure that you update the signature file on a daily basis.
The University provides McAfee anti-virus software for Mac and Windows platforms at no
3. You must regularly run a spyware product such as Spybot.
This is available on the web for free use. It can be downloaded at:
The University is also licensing anti-spyware from McAfee which will also soon be
available at no charge.
4. Your workstation must be password protected.
All default or blank password entries must be removed. Use strong passwords that contain a
combination of letters, numbers and punctuation marks. Do not record your password and
save it in a location near your workstation. Do not share your password with others.
5. Your workstation must be physically secure.
If you can lock your office during your absence, do so. Keep your laptop locked away in a
safe area as often as possible. If possible, secure your workstation with a strong security
6. Use a firewall on your workstation or laptop. Windows XP and most versions of Linux come with
7. You must use a locking screensaver that requires a password to be entered after a period of inactivity.
If you frequently leave your work area, consider a time-out period of as little as 5 or 10
8. Be aware of the data that is on your workstation and what you need to do to properly protect it.
Any datasets that can be accessed from a central server resource should be stored there and
not on individual workstations.
You must follow the University‟s guidelines for the use and transmission of student ID
numbers. See http://www.kent.edu/Administration/is/upload/SID-Guidelines.doc
9. If you have protected data on your laptop, delete it or keep it encrypted.
The University will soon provide and support a standard encryption technology.
10. When connecting from remote locations, always use a secure connection such as a VPN or secure
Many free wireless services offer no protection whatsoever. Do not use them unless you are
also using a VPN when using protected information. Never e-mail protected information
unless it can be encrypted such as with the encryption function of Lotus Notes.
Current KSU (Security Related) Services Future KSU (Security Related) Services Available
The University is working with the IUC and
The University site licenses McAfee anti- with McAfee to site license a more robust
virus software which is available to all faculty, commercial spyware product. The University will
staff and students for free. soon provide and support a standard software
The University has site-licensed software
from Cisco that will assist us in assuring the
security of workstations attached to the network. If you have data that is protected or sensitive,
If a fall pilot in the Residence Services area is make sure to take the appropriate precautions that
successful, this service will be made available to outline the required protection for that data
other areas of the institution. (HIPAA, FERPA, GLBA, University policy). The
above ten steps are a good start. Additional
The University is licensing Altiris desktop tutorials on this information will be provided this
management software that will assist in keeping fall.
software on desktops up-to-date and secure. If
our pilot at the Michael Schwartz Center is Policies and AUPs are being updated to better
successful, this software will be made available protect sensitive information. The Security
to other areas of the University. Advisory Committee (a subcommittee of UCT)
will review drafts of the proposed University
policies and workstation security requirements
during their meeting on September 9th.
A VPN service to provide secure remote access
will be made widely available fall semester. It is
completing pilot testing this summer.
Handout from Greg Seibert’s presentation on the Computer Security
Security Is Everybody’s Business
Common Sense IS the Best Defense
As an integral part of Kent State University, it is important for all of us to do the best job possible in
protecting the security and privacy of all information that is entrusted to our care. Much of the information
that we deal with is protected by State or Federal statute or by University policy. Ethical considerations
alone dictate that we not share any information about individual situations or identifiable people unless it is
necessitated by our job. Information should only be shared with those who have a need to know. At the
same time, work may be part of your conversation such as sharing with a colleague your sadness that a
student you advise will need to withdraw from school because of a serious illness. However, it would never
be ok to identify the student by name nor specific illness. You should also be careful about sharing general
information that because of its uniqueness or situation would actually identify a student or staff member
even if their name is not revealed.
Some Common Sense Guidelines
Here are some guidelines for you to use that help fulfill your responsibility of protecting confidential
Use a screen saver for your workstation that automatically locks and requires a password to be
reactivated. The fastest timeout reasonable is recommended. If you are frequently leaving your desk
area, 5 minutes might be a reasonable setting to try.
If your workstation is in a public area such as near a service counter, angle the display such that
clients at the service counter or those visiting the work area cannot readily view the contents
displayed on your screen.
If your work area is in a cubicle or other open area, close folders and cover documents on your desk
containing sensitive information when you must leave your work area. A piece of poster board or a
desktop calendar are very effective tools to use to prevent the viewing of information by others
when you are not present. When you leave the work area for the day, make sure that all documents
have been returned to a secure area.
When working with clients, do not ask them to publicly reveal personal identity information such as
credit card numbers or Social Security numbers. If you cannot converse with them in private, have
them supply this information in writing rather than verbally announcing it to everyone in your
If your office is not monitored by other colleagues, close and lock the door if possible when you
must leave your work area.
E-mail and Voice-mail Protection
Never e-mail complete credit card numbers, Social Security numbers, or bank account information
via regular e-mail. If you use Lotus Notes, the secure, encrypted mode of transmission is safe to use.
Otherwise, only send the last four digits of the number if it is necessary to refer to a name and an
account. Never use a Hotmail, Yahoo, AOL or other commercial account to send or receive
Always assume that messages intended for e-mail and voice-mail recipients may be accessed by
others. Be discreet in leaving messages.
Never share your passwords or other access codes and keys with others. Always make sure to keep
them secure and known only by you.
If you print documents that contain protected information, do not discard them in a standard trash
receptacle. Make sure that they are either shredded in your office or are placed in a secure disposal
container provided by one of the approved shredding contractors.
Watch for inappropriate display or disposal of protected information copies. Be especially vigilant
about names, credit card numbers, Social Security numbers and bank account information. If you
have ideas on how to improve the security of protected information, make sure to share them with
If your office disposes a workstation or other data collection device, make sure that all protected
information has been removed from hard drives and other recording media. If you need assistance
with this, call the Help Desk at 2-HELP.
Remain aware of the requirements of the confidentiality policy of the University.
If you feel uncomfortable about a policy or the action of a colleague as it relates to information
privacy or security, speak up!
If you have any suggestions, questions, or concerns, contact Greg Seibert (firstname.lastname@example.org), the Director of
Security and Compliance at 2-0383.
Handout from Diana Dubinsky’s presentation on the Grants Discussion Group
RESPONSIBILITIES OF THE
The Project Director, also known as the Principal Investigator or Grant
Administrator, has primary responsibility for the management of his or her program.
This responsibility includes the obligation to plan and manage each program carefully; to
be aware of and adhere to all terms and conditions of the award; and to adequately
document all expenditures in accordance with the sponsor's regulations.
The office of Sponsored Programs (RAGS), in conjunction with the office of Grants
Accounting (COMPTROLLER’S OFFICE), will assist you in structuring and implementing
operating procedures to meet program administration obligations, but they cannot be
responsible for day-to-day
program administrative tasks for individual programs. Project Directors (PIs & Co-PIs) are
ultimately responsible for project management.
Although restrictions that govern federally sponsored programs do not necessarily apply
to non-federal awards, awards that are fully or partially funded from federal sources and
awarded to the University through a state or any other pass-through entity is considered
federal and is subject to federal regulations. Link: LEGAL and COMPLIANCE
In the absence of applicable federal or sponsor regulations or guidelines, Kent State
University polices and procedures apply. Link: University Policy & Procedures Project
Directors should be aware that when federal, state, sponsor, and/or University regulations
overlap, the most restrictive regulations apply. The Project Director is responsible for
reviewing federal, sponsor, University, and departmental guidelines, policies, and
procedures that are applicable to each project, and is responsible for compliance
throughout the life of the project.
This information has been provided through the use of the GRANTS ACCOUNTING
MANUAL -- Link: Grants Accounting Manual
Handout from Diana Dubinsky’s presentation on the Grants Discussion Group
Most government agencies are prevented by law from paying the entire cost of
a grant supported research project. These agencies require that the University pay a portion of
the cost of the research project. This portion is called “cost sharing".
In most cases, Kent State's cost sharing is provided as the percentage of the
Project Director’s (PI) or another University employee's salary that is devoted exclusively to the
project (level of effort). Evidence of the level of effort is provided through the process of Effort
If cost sharing is part of a grant, a University account number will be established
for that purpose. This six-digit account number will always start with "100".
When a percentage of effort (salary) is to be charged to a cost share account, a
"Revision in Salary Distribution Charges" form must be submitted by the employing
department, indicating the percentage of the employee's salary that should be charged to the
cost-share account [Link: Forms]. Note: Budget Transfers are not required for RSDCs – the
KSU Budget Office automatically makes the transfers from the “home” department account of the
grant to the Cost Share Account. Questions may be referred to the Budget Office at 2-3750.
Occasionally, non-personnel expenses will be proposed as the University's
project cost share. This may be in the form of direct departmental support for certain allocable
costs, such as supplies or equipment. These charges should be made directly to the cost share
account. The department will then request a budget transfer into this account from the
department account that has committed to provide the project cost sharing.
Donations of tangibles or services may be offered as the project cost share.
These are considered in-kind contributions. In these cases there are no direct charges to the
cost share account. If facilities or tangibles are donated, a "Certification of Facilities and/or Other
Items" [Link: Forms] must be completed by the donor or Project Director. If the donation is a
service, a "Certification of Professional Time" [Link: Forms] must be completed and signed by
donating professional services to the project.
If donations are received as cost sharing, the Project Director must submit a
memo to Grants Accounting listing the amount of funds (gifts) received and the donor.
The Principal Investigator is responsible for maintaining original documentation
associated with cost share donations.
TO REQUEST THE ELECTRONIC VERSION OF THESE HANDOUTS, CONTACT DIANA
DUBINSKY AT email@example.com.