Internal Audit Department Financial Controls Programm

8. Payroll Masterfiles, Reporting and Security 8.1 Updates to payroll masterfiles are authorised and checked. 8.2 8.3 Masterfile edit reports of changes are regularly checked by management. Adequate controls are in place to prevent the duplication of employees on the payroll system and the creation of fictitious employees. Payroll details are reported to department heads on a regular basis to confirm accuracy of payroll data. Access to payroll is controlled by a tiered system of passwords. Testing 1. Obtain a list of employees who have access to amend the payroll masterfile. 2. Enquire how this access is monitored and controlled. 3. If amendment/exception reporting exists select a sample of 5 employees with pay amendments and check these for appropriate backing documentation and authorisation. If any errors are found increase the sample size to 10. 4. Enquire what controls are in place to prevent duplication of employees on the payroll (does the system flag identical names/employee id numbers, are HR notified of all new additions etc). Are these considered adequate? 5. Confirm whether payroll details are sent to department heads for their review. If yes are they required to evidence this or send a confirmation to payroll that the details are correct? 6. Document how access to the payroll system is controlled (including read only access). Results Pay Rates and Hours Worked 8.6 Changes to pay rates are approved by the appropriate level of management and cannot be made by an unauthorised person. 8.7 8.8 Monthly and weekly payrolls are reviewed by the appropriate level of management. Payroll exception reports are regularly produced and reviewed by an appropriate official. Monthly headcount reconciliation prepared and approved independently of the payroll function. Reconciliation shows headcount bought forward updated for changes (eg new starters, leavers etc) and reconciled to headcount per payroll. Testing 1. Ascertain the process for authorising and processing amendments to pay rates. Sample 5 changes in pay rate and ensure that these have full back-up and have been authorised by an individual with the delegated authority to do so. 2. Document the payroll review process, including the production of exception reporting. Comment on its adequacy. 3. Enquire whether a monthly headcount reconciliation is performed, what this entails and how it is conducted. Review one such reconciliation and ensure that it covers the requirements of 8.9. Results Reconciliation 8.10 Control accounts exist for deductions and gross pay and are reconciled and reviewed

8.4

8.5

8.9

Page 1 of 2

Internal Audit Department Financial Controls Programm

regularly by an independent person. 8.11 All payments to tax and other authorities are paid promptly and there are no outstanding unresolved claims. Testing 1. Document the local pay structure (gross pay with applicable deductions tax, social security, pension etc), including dates when payments are due to be made for the various deductions. 2. Verify that GL accounts for Payroll Control and each type of deduction. 3. Review the reconciliations for these and obtain explanations for any items older than expected from the timeframes outlined in Test 1. Enquire when and how these are expected to be cleared. 4. Review the files for payments to the authorities/pension company etc in respect of payroll. Check 3 of these to the bank statements to ensure that they have been paid on time. 5. Enquire whether there are any unresolved claims. If yes obtain details of these. Results Payroll Bureau 8.12 Adequate controls exist over the supervision of payroll if outsourced to payroll bureau.

an

external

Testing Enquire whether payroll is outsourced. If yes document the control, reporting and authorisation procedures for this. Verify that adequate checks have been performed by management on the bureaus output. Results

Page 2 of 2