NAME OF AUDIT - American Payroll Association



PAYROLLAUDIT PROGRAMdate \@ "MMMM yyyy"August 2015Potential RisksObjectives/StepsPrep. ByDateW/P Ref.Effectiveness Of Key User Functions (Payroll Only)Rates and Dates not set up properly.1. Maintaininig Payroll DataSetup Of Payroll – review source documentation for payroll setups for 20XX (i.e., 26 pay periods, tax rates, payroll policy changes) and compare them to what is in the system.Evaluate the process for uploading new tax rates into the system. (i.e. fed, state, FICA)Document process for setup.Employee pd too much or too little.Deductions not accuratei.e., taxes – finesGarnishment of wages Select a sample size appropriate for your objectivesPayroll Calculations in HRMS SystemDeductions (for example)BenefitsTaxesChild SupportClub Dues (i.e., Union, Employees Club, etc.…)CommutingGarnishment of WagesUnited WayAll Earnings (for example)SalaryBonusesUse a (25) employee sample from HR audit (or reasonable representation of employee types), and re-calculate their payroll deductions and earnings.Determine that the appropriate forms are in the employee payroll file. (i.e. W-4, etc. …)Pay adjustments not processed completely, accurately or on time, resulting in too much or too little money deducted from and or added/to employee pay checks.Missed opportunities for retroactive deductions.Only one person has control over all adjustments.Unauthorized adjustments could be processed.Pay Adjustments (including retro adjustments and garnishments)Ensure appropriate documentation is on file for pay adjustments. Determine types of adjustments that can occur. Determine how they ensure that all adjustment transactions result in the appropriate deductions/reimbursements? How do they ensure they are accurate? Are the adjustments subject to independent verification? For example, consider:Employee Initiated Changes (i.e., overtime corrections)Retroactive DeductionsGarnishmentsUnauthorized one-time awards.Incorrect award amount.One Time AwardsDetermine that controls for one-time awards are appropriate to ensure compliance to the company rules. For example, consider:Chairman’s AwardPresident’s AwardPerformance Spotlight AwardEmployee reimbursed to little or too much.Duplicate reimbursements paid to employee.Invalid reimbursement for a terminated employee.Employee ReimbursementsUsing sample of (25) individuals (or appropriate mix based on company size) from HR audit, trace any reimbursements to source documents to determine information/calculation is accurate.Expense ReportEmployee MembershipsRegistration, certifications and accreditation;Education reimbursement including retroactive for new employees on 6 month probation.RelocationNote: The interfaces processing reimbursements are:List the interfaces you have and what systems they supportAre there limits that may be exceeded?Stock Purchase PlanWalk through process with payroll department.Testing to be determined.Are there limits that may be exceeded?Employee Merchandise Purchase PlansWalk through process with payroll department.Testing to be determined.Terminated employee paid.Final PaycheckEvaluate the final paycheck procedures to ensure the final paycheck is accurate and processed timely.Walk through process with payroll department.Testing to be determined.Note: This process is coordinated with the timekeeping system admin and HR.Dedicated Vehicle PlanWalk through process with payroll department.Testing to be determined.Fixed DistributionWalk through process with payroll department.Testing to be determined.Labor DistributionWalk through process with payroll department.Testing to be determined.Occasional UseWalk through process with payroll department.Testing to be determined.SeveranceWalk through the severance process with Human Resources, Legal and rmation in HRMS is not accurate and/or complete. This risk is magnified with mass updates, as more information is updated at one time.Mass Updates -- Determine that transactions applied HRMS with mass updates are appropriately controlled and results appropriately reviewed. Additionally ensure that controls and compliance to company procedures are appropriate. Test the following:Long Term Incentive PlansMerit Increases/Lump SumsManagement Incentive Comp PplanGeneral Increase for Bargaining Units (Union Increase)Market Value Salary IncreasesPayroll ProcessingTimesheet information from Workforce Management Systeam is not being interfaced correctly to HRMS/Payroll System.A.Working with Paysheets (timesheets)Determine what paysheets are used for. Items noted that may be reviewed regarding paysheets are:Timesheets – tracking exception timeOT Time for non-exempt employees.Manual AdjustmentsNote: Ensure accuracy of information interfacing from Workforce Mgmt Systems. This may be covered during section V -= Risks.All pay errors are not identified and corrected.Employees paid too much or too little.B. Calculating PayReview process of calculating pay. Determine how errors are identified and resolved. What edits are in the system?Note: Review process of running edit and final payroll including the balancing procedures performed.A good time to do a Variance Comparison between last pay period and current pay period.C. Confirming PayWalk through process of confirming pay. Review the balancing procedures.Is the right person being paid?Are they getting paid the right amount?Are they getting too many paychecks? (Duplicates)D. Working With ChecksUse sample of (25) individuals from HR audit to test following audit areas.Check ProcessingEnsure that the checks and signature name plate(s) are physically secured and under dual control.Review the check distribution process.Ensure paycheck data in HRMS System is accurately printed on paystubs/checks.Determine how live check versus direct deposit is indicated in HRMS system.How are paycheck numbers generated? How are they controlled?Unauthorized check.Incorrect amount on check.Check received by wrong person.Manual ChecksReview the check distribution process.Review authorization for manual checks.Track reasons for manual check requests for metrics.Note: these are used for special requests and are printed in the payroll department.Lost check cashed.Stop payment request not performed timely.Lost PaycheckEnsure log information is accurate. Note: The voided or cancelled check information is entered into HRMS payroll system to provide an audit trail. This is for documentation only. The processing is performed in the bank recon system. Wrong bank account.Wrong amountNot on timeDirect DepositReview/Test:Accuracy of direct deposit account information in HRMSAuthorization of direct deposit (authorization forms.)Unaware of outstanding checks.On-Line Bank ReconciliationReview process for on-line bank reconciliations.What are the procedures for investigating missing, duplicate or long outstanding checks?Note: Potential test would be to verify the check information (number and amount) to the bank recon system.Wages wrong.Unauthorized adjustment.Employee paying too much or too little taxes.E. Adjusting Employee BalancesPay AdjustmentsReview procedures for pay adjustments. Pay special attention to work-arounds regarding taxable wages and pre-tax calculations.Potential Test - review adjustments for 3rd quarter 20XX.Corporate financial information inaccurateEmployee deductions not recorded correctly.Payroll Journal EntriesReview payroll journal entry process.Test steps to be determined.Quarterly Processing (Payroll Only)Incorrect tax deposits and forms filing could create agency penaltiesIdentify requirements for quarterly processing.Determine that the company is complying with Federal and State agencies for supplying them with taxation data.Year-End Processing (Payroll Only)Incorrect payroll information is recorded on the W-2 and subsequently to the taxing authorities.Identify requirements for year-end processing.Determine that THE COMPANY is complying with Federal and State agencies for supplying them with taxation data.Review the process for producing W-2 forms.Risks Associated With Managing Payroll Are MinimizedWe can rely on the work performed in the other sections to meet this control objective. No steps needed for this sectionN/A (see note at left)Data Integrity (Payroll Only)Exception TestingRun queries to test integrity of payroll data in HRMS. (For example identify any terminated employees receiving a paycheck, etc.…)For details regarding the tests performed, reference exception-testing spreadsheet at w/p ________.Conversion from other application – Discuss impact of difference of decimal points. HRMS has greater number of positions than other application had so there is less rounding error, however, some salaries were affected.Where there any other problems noted?Training and Control of Field InputTrainingStandardsControlsHow has decentralization of input worked?Note: All timesheet input is done in XX Time System. Reference section V for interface testing.Use Of Computer Resources (Payroll Only)HRMS not used for its maximum effectivenessIdentify potential HRMS payroll functionality that may be used instead of the company’s customizations.Are there opportunities for automation where there is manual entry to HRMS or other systems?Identify manual payroll processes that are not supported by HRMS application. Determine if there are plans to incorporate these functions into application.Discuss why payroll processing takes so long.Interfaces (Payroll Only)Information passed to/from other system is not accurate, complete, or timely.(Note2: this also relates to synchronization of data)Create a system diagram of payroll interfaces. Chose a sample of the interfaces and ensure information input or output from HRMS is accurate, complete and updated on a timely basis by reviewing balancing and reconciliation procedures.Time SystemG/LAccounts PayableBank Recon SystemLabor Distribution SystemBankingWire TransfersAudit Trails (Payroll and HR)Unable to determine neither what has occurred nor a way to research system activity.Determine that audit capability exists, is turned on, and used.Determine that adequate audit capability exist the HRMS application and that it is used so that application performance is not degraded.Review of audit trailsWho reviews?What is reviewed?How often?What action is taken based on what criteria?Change Management (Payroll and HR)Naming standards?Approvals for changes? Prioritization?How changes affect other system components?Documentation of changes?Determine that change management controls are appropriate.Review comparison reports used to determine changes among software upgrades/releases.Obtain a list of problem tickets. Look at any open tickets. Is the service desk meeting their SLA’s goals for HRMS?Determine if some team queries were lost during the upgrade (if applicable).Backup and Recovery (Payroll and HR)Determine that application, system, and data files are backed up, rotated offsite, and retained per regulations.Obtain criteria for data retention from business pare criteria with how long the data is being backed up.Determine that the business resumption process is documented and is tested periodically.Operations DocumentationThe lack of appropriate documentation can increase risks that systems will be inadequately maintained by existing or new staff. Determine that operations procedures, customizations, jobs, programs and locations where they reside are documented. Jobs are not appropriately controlled to ensure data is accurately and timely processed.Review how production jobs are scheduled and controlled on the server and/or mainframe.Application/Provider ContractTHE COMPANY’s interests are not protected adequately the contract.Determine that an escrow account is setup as necessary to protect THE COMPANY in case application process has solvency difficulties.Controls are not in place to ensure procedures for interacting with application are adequate.Determine if the contract has clause regarding THE COMPANY’s right to audit procedures for interacting with application provider.Output ManagementReports are produced that are not being used (waste of resources).Reports are distributed to inappropriate personnel Too much clutter in an edit/error report may cause the review to miss critical system errors.Unauthorized individuals could obtain access to confidential dataDocument key reports from the payroll system and ensure they are received and used by the appropriate personnel..Evaluate key edit/error reports to ensure that they contain only true exceptionsDetermine that personnel do not keep query report information on their local hard drives.Identify and evaluate controls over printed reports (in I/O and/or on personal printers). If it is sensitive information, should it even print to I/O?Review confidentiality of report information by reviewing access to confidential reports Reports may contain inaccurate information that adversely impacts operations, business decisions, etc. Potential errors may not be detected with the current reports that are producedReview the content of a sample of key reports for:UsefulnessPurpose Clearly DefinedTitle meaningfulWhat reports are used for error correction/detection?Are users happy with and using reports? ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download