Question

You are the internal audit senior responsible for conducting an assurance engagement of the XYZ Company payroll process. This process has not been audited for three years and, as such, is due in the normal audit cycle. There have been no significant changes since the previous audit, that is, there were no system changes, no reorganization of personnel, and no substantive procedural changes. However, during the last assurance engagement, the internal audit function identified several observations, some of which were considered significant. The significant observations related to:

Information pertaining to employees leaving the company was not communicated to the IT department, resulting in extended delays before those employees' systems rights were terminated.

Hours paid to nonexempt employees were not supported by approved timesheets.

Amounts withheld for employees were not consistent with elections made by employees.

The possibility existed that phantom (ghost) employees could be included in the payroll without detection.

Payroll management implemented actions to address all significant observations and the internal audit function conducted limited follow-up procedures to validate that the planned actions were completed. This is the first audit since the follow-up procedures were completed.

The following is pertinent information to the payroll assurance engagement:

"XYZ employs approximately 4,400 employees. Approximately 2,700 of those employees are salaried, the rest are hourly.

Employees are paid biweekly.

Hourly employees earn pay at straight time for the first 80 hours in a biweekly pay period, time and a half for the next 20 hours in a pay period, and double time for any hours exceeding 100 hours in a pay period.

The company utilizes a widely used and market tested payroll package (Pay Right) for processing of all payroll transactions.

The payroll system interfaces with the general ledger system.

XYZ has established a separate payroll imprest account for the processing of payroll checks. Amounts are deposited in this account from the company's general account to cover any checks presented against the imprest account each day.

Certain non-payroll items are deducted from the payroll checks, including: Employee loans to cover the cost of extra benefits or computer purchases. Contributions to long-term retirement plans. Contributions to charitable organizations, such as the United Way. Contributions to political action committees (PACs).

Payroll expenses and the related payroll accruals are considered material to the company.

Based on the above information, perform the following steps to conduct a payroll assurance engagement

F. Identify which controls are considered key controls. As part of this analysis, document your assumptions regarding the effectiveness of entity-level controls and how such controls affect the payroll process- level controls, if at all.

G. Link the key controls to the identified risks.

Answer 1

In XYZ company the payroll has been not covered in normal audit cycle after three in internal audit there are some identified several observations, some of which were considered significant they are.

Payroll Process levels controls and the key to controls the identified the risks.

Incorrect processing of payroll by mistake, or with intention

This could mean employees colluding with HR for personal gain, employees making unauthorized modifications to the payroll database, or inputting incorrect details during payroll (number of days worked and overtime, for instance). These are all risks when humans deal with payroll.

Some of this can be intentional, and some may be true mistakes. Still, it’s important to be aware of these risks when it comes to payroll processing.

Lack of security

Payroll includes a lot of personally identifying information. Unfortunately, that means there will always be a risk of identity theft, embezzlement, or falsifying documents for personal gain. The most common risk for a company is to have one person responsible for payroll. This one person calculates reconciliation and payment, which is a significant amount of power - it also increases security risks.

Additionally, there is the question of how secure your digital infrastructure is. How safe and secure is payroll data on the company's server or network? If sensitive payroll information is not secure, it may lead to loss in reputation, loss of competitive advantage, loss of revenue, or legal consequences.

Ignoring payroll patterns

Pay attention to payroll to reduce the risk of losing employees. Payroll can divulge important employee information like leave patterns or management issues. Payroll has the ability to uncover behavioral patterns that can be managed or addressed to boost business productivity.

If you start to notice payroll patterns that show a particular employee is calling in frequently, you might have an employee who is unengaged. Rather than losing money on what seems to be inevitable employee turnover, start uncovering what is causing this behavior.

Non employee payroll

Non employee payroll frees up internal resources, lessens the risk of IRS penalties and can provide increased security around sensitive documents. As an ancillary perk, outsourcing can help initiate other benefits for a company, like improving direct deposit enrollment, which is cost-effective and less susceptible to payroll errors.

Fraud risk assessment

It’s essential to proactively conduct fraud risk assessments of your payroll process. Without getting under the hood of your current process, risks will not be identified and proper mitigating cannot ensue.

Improve internal controls and policies

This can help companies detect instances of fraud, allow a platform for training, or if needed a channel for whistleblowing. This could include options like re-delegating authority. Are only the most qualified employees able to access sensitive information?

It’s also important to ensure quality of your new policies. Implementing adequate monitoring and oversight strategies is imperative.

Show awareness

Letting employees know you recognize payroll mistakes are possible, and providing solutions and warnings can help temper issues both accidental and fraudulent.

• Conducting manual and online training for relevant employees
• Putting up notices to warn candidates about such practices

Offer payroll incentives

Offering something to boost morale, like DailyPay, can help. We recently wrote a case study on the impacts of engagement ride-share company, Reliable Transportation, experienced after offering DailyPay. In a nutshell, driver engagement and loyalty surged after implementing the technology. Continue reading to learn about their experience.