GENERAL PAYROLL CONTROLS Dates in scope:

(1)

GENERAL PAYROLL CONTROLS Dates in scope:

Risk # Risk Expected Control Step # Testing Documents/Info Needed

1 Unauthorized initial pay rate

Initial pay rate is approved by HR and the department manager and documentation is included on the employee's files. GC1

Select a sample of new employees for period under audit and obtain supporting documents ensuring that initial pay rate is approved by the appropriate individual

List of new employees for period under audit

2

Unauthorized/unsupported deductions (statutory deductions and benefits).

Signed W4 forms and enrollment forms are included in the employee files to support statutory deductions and employee

benefits, respectively. GC2

Select a sample of employees and trace statutory deductions (i.e. taxes) and benefits to

supporting documents. Payroll Register

3 Unauthorized set-up of direct deposit

Employees with direct deposit have a signed copy of their Direct Deposit

Authorization Form on their personnel file. GC3

Select a sample of employees with direct deposit set-up and obtain copies of signed Direct Deposit Authorization Form

Payroll Register; Direct Deposit Authorization Form

4

Manual checks do not have appropriate support and are not signed by authorized signer

Manual checks must be signed by two authorized individuals who do not have access to HR/Payroll system. In addition, supporting documents for manual checks are reviewed before being signed by

authorized signers. GC4

Select a sample of manual/on-demand checks processed for period under audit and obtain copies of supporting documents and determine if signed by two authorized individuals.

List of manual/on-demand checks processed for period under audit (Payroll Register)

5 Terminated employees are paid

Terminated employees are inactivated in the payroll system in a timely manner. GC5

Obtain list of terminated employees for period under audit and verify if subsequent payroll checks/payments were processed after date of termination. If processed, obtain documentation as to valid reason.

List of termed employees for period under audit; Payroll Register

6

Check printer and blank checks are not physically safeguarded and is accessible to unauthorized individuals

1. Check printer and blank checks are kept in a locked area, accessible only to authorized individuals. 2. Pre-signed

checks are not allowed. GC6 Observe where check printer and blank checks are kept. Check for pre-signed checks. N/A

7

Check stock are not numbered sequentially

or are not reviewed for gaps Checks are sequentially pre-numbered. GC7

Observe whether check stocks are numbered sequentially and identify if any are

missing. N/A

8

Signature plate or file is not appropriately safeguarded

Signature plate or file is accessible only to

authorized individuals. GC8 Observe if signature plate is used; If file is used, determine who has access to the file. N/A

9

Payroll adjustments are not authorized and supported by adequate documentation.

Adequate documentation must be kept to support all payroll adjustments. GC9

Select a sample of payroll adjustments (all if under 30) and trace to supporting documentation.

List of payroll adjustments for period under audit

10

Interface between HR and payroll system is not reconciled or is incomplete.

File sent to ADP is reconciled to data

received by ADP GC10 Compare file sent to ADP to file received by ADP.

Reconciliation of file sent to ADP to file received by ADP

11

Garnishments and other non-statutory deductions (e.g., gift shop) are not supported by adequate documentation.

Adequate documents are included in the employee files to support non-statutory

deductions. GC11

Select a sample of garnishments and other non-statutory deductions (all if under 30) and trace to supporting documentation.

List of garnishments or other non-statutory deductions for period under audit (Payroll Register)

12

Additions to employee master are not authorized.

New employees should have supporting documents such as job application, payroll document (W4), identification document (driver's license and Social Security Card), and other required documentation (i.e. Drug Screen and Reference Check Statement, and Criminal Background Check statement) filed in their employee file GC12

Select a sample of additions to the employee master and trace to supporting documentation.

List of new employees for period under audit

Audit Program Payroll Pay Practices Ghost Employees

Gen Payroll Controls

(2)

13

Payroll advances not deducted from subsequent pay check

Payroll advances are set-up in the payroll system so that it automatically deducts the advance to the subsequent paycheck. GC13

Select a sample of payroll advances (all if under 30) and check subsequent paycheck to determine if the advance was deducted

List of payroll advances for period under audit (Timekeeping Data)

14

New employee can be entered into the system without it being listed on the ADP new hire report

The ADP New Hire Report is populated based on a unique and a required field. It is also important that the field cannot be backdated such as the new hire date or start date, because someone can easily backdates so that a "fictitious" new employee entered into the system will not be listed on the ADP New Hire Report. GC14

Observe if a new employee can be entered into the system without it being listed on the

ADP new hire report N/A

15 Termination checklist incomplete N/A; testing is only for recommendations GC15

Compare separation checklist to Renown’s checklist and make recommendations.

(Observation only .) Separation checklist

Audit Program Payroll Pay Practices Ghost Employees

Gen Payroll Controls

(3)

SEGREGATION OF DUTIES

Dates in scope:

1

Payroll personnel are able to enter or delete employees in the system, providing opportunity to create and pay fictitious employees without detection

Payroll personnel are not able to enter or delete employees in the system. If they do then there is a report generated, which is reviewed by an

independent party. SOD1A Observe for both regular and special payroll runs N/A

2

Payroll personnel are able to change pay rate and benefit information, in the system, providing opportunity to give themselves or others a pay raise or additional benefits

Payroll personnel are not able to change pay rate and benefit information in the system. If they do then there is a report generated, which is reviewed by an

independent party. SOD1B Observe for both regular and special payroll runs N/A

3

Reconciliation of payroll bank account is performed by payroll personnel, providing opportunity to conceal any misappropriation

Payroll bank account reconciliation is performed by someone who did not process and/or sign the payroll

checks. SOD2

Obtain copies of payroll bank reconciliations for period under audit and identify who prepared and who reviewed the reconciliation

Completed Payroll Bank Reconciliation for period under audit

4

Reconciliation of what is recorded in the G/L to the payroll register is performed by payroll personnel, providing opportunity to conceal any

misappropriation

Reconciliation of G/L to the payroll register is performed by someone who did not process and/or

sign the payroll checks. SOD3

Obtain copies of G/L entries for period under audit and trace to the payroll register. Identify who prepared and who reviewed the reconciliation.

CompletedPayroll Reconciliation to the G/L for period under audit

5

Termination checks are distributed by payroll personnel, providing opportunity to pay a fictitious "terminated" employee without detection

Termination checks are distributed by someone other than the person who inputs and authorized payroll. If not possible, terminated employees should be required to sign an acknowledgment that they’ve

received the last pay check. SOD4

Obtain copies acknowledgement of last pay check pick-up for a sample of employees terminated for period under audit

Acknowledgement of last pay check pick-up for a sample of employees

6 Lack of segregation of duties

No employee or group should be in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. In general, the principal incompatible duties to be segregated are:

• Custody of assets,

• Authorization or approval of related transactions affecting those assets, and

• Recording or reporting of related transactions

• Control activity SOD5 Walkthrough Segregation of duties matrix for payroll N/A

(4)

BANK RECONCILIATIONS

Dates in Scope:

If recently performed by external auditors, these steps are N/A.

Risk # Risk Step # Testing Documents/Info Needed

1

Payroll bank reconciliations are not performed effectively and/or

timely BR1

g , p p

timely. In addition perform detail testing for 1 of the months: 1) Test the schedule for clerical accuracy. 2) Agree bank balance and ending balance to the general ledger and bank statement, respectively. 3) agree

reimbursement wire (transferred from the operating account) to the net pay per the period’s payroll control total per the payroll system. 4) Select 3 reconciling items and test that the items were properly included as reconciling items, including tracing the selected items to the following month’s bank statement to ensure all items properly cleared the account. Test additional items if large or unusual reconciling items exist. 5) Review the subsequent month’s bank statement for unusual and/or large checks, checks of even dollar amounts (i.e. $500 or $1,000, etc.), or unreasonably out of sequence checks. 6) Review the outstanding checks list for checks outstanding for an unusually long period. Determine the status of the outstanding check, determine the need for any adjustments, and document findings. Document the company’s process for dated checks and voided checks. 7) For voided checks, if any, review the voided checks to ensure they have been properly defaced. Inquire as to reasons for voided as deemed necessary.

Payroll Bank Reconciliation and supporting documents for the past 3 months

2

Payroll data is not reconciled to the G/L effectively and/or timely BR2

Using the documents obtained from SOD3, determine reconciliation to the G/L is performed monthly. In addition perform detail testing for 1 of the months: 1) Agree balances on the reconciliation to the general ledger and the payroll ledger. 2) Review and investigate any large or unusual reconciling items. 3) Obtain Labor Distribution Report or similar report for a sample of departments and verify that payroll balance agrees with the G/L

Payroll Reconciliation to the G/L and supporting documents for the past 3 months

(5)

GHOST EMPLOYEES

Dates in scope:

1 Ghost Employees GE1 Look for employees with PO box address Employee Master

2 Ghost Employees GE2 Look for different employee IDs with same or similar addresses Employee Master

3 Ghost Employees GE3 Look for different employee IDs with same or similar names Employee Master

4 Ghost Employees GE4 Look for different employee IDs with same or no SSN Employee Master

5 Ghost Employees GE5 Look for employees with duplicate employee number or out of normal range. Employee Master

6 Ghost Employees GE6 Look for employees with no withholdings Payroll Register

7 Ghost Employees GE7 Look for employees who aren't on the system email listing List of employees on the email system

8 Ghost Employees GE8 Look for employees with same SSN as travelers List of travelers with SSNs; Employee Master with SSNs.

9 Ghost Employees GE9 Look for different employee IDs with direct deposit going to the same bank account

Report listing employees with direct deposit and their direct deposit info such as bank account #

10 Ghost Employees GE10

Look for employee IDs listed on the payroll register but not on the HR system and

vice versa Payroll Register and Employee Master

Look for employees in the payroll register that have different base rates than the

rates listed in the employee master file Payroll Register and Employee Master

Compare employee SSN to Social Security Administration list.

http://www.ssa.gov/employer/ssnv.htm Employee Master

13 Ghost Employees GE13 Identify hotel addresses in the area and search for employees with those addresses Employee Master

14 Ghost Employees GE14 Look for employees with addresses at a mailbox etc. location Employee Master

15 Ghost Employees GE15 Look for employees with a base rate outside of job code range Employee Master and job code salary ranges

NOTE: Each test on its own would not indicate a ghost employee. However, employees with exceptions in several tests would warrant further review and explanations should be required for duplicates and discrepancies.

(6)

CONFLICT OF INTEREST

Dates in scope:

1 Conflict of Interest CI1 Look for employees that are on the vendor master list (by SSN or by Name) Employee Master and Vendor Master

2 Conflict of Interest CI2 Look for employees being supervised by a relative (same last name) Employee Master

(7)

PAY PRACTICES

Dates in scope:

1 Possible misappropriation of assets PP1

Identify employees with more than $10,000 in gross pay and review back-up evidence

to determine if the amounts paid are reasonable. Payroll Register

Identify employees with more than $5,000 in net pay and review back-up evidence to

determine if the amounts paid are reasonable. Payroll Register

Identify employees paid the same amount as both a regular and a special check run or

both as a check and a direct deposit during the same pay period. Payroll Register

4 Lack of compliance with policies and procedures PP4 Identify employees accruing greater than the maximum leave or sick pay per policy. Leave and Sick Balance Data

5

Lack of compliance with policies and procedures;

Overcompensation PP5 Identify employees with negative leave or sick pay balances. Leave and Sick Balance Data

6 Lack of compliance with policies and procedures PP6

Identify employees receiving 1) leave; 2) holiday; or 3) sick pay who do not qualify.

(Use hire date, not status change date) Payroll Register

Identify employees receiving benefits who do not qualify. (Use hire date, not status

change date) Payroll Register

8

Lack of compliance with policies and procedures;

Overcompensation PP8 Identify employees receiving bonuses who do not qualify (only if applicable). Payroll Register

Identify employees receiving 1) bereavement pay; 2) jury duty pay; 3) continuing

education pay who do not qualify for it. (Use hire date, not status change date) Payroll Register

Identify employees receiving 1) relocation pay or 2) moving expense reimbursement

more than six months after their hire dateor that have not been authorized by HR. Payroll Register

Identify employees paid shift differential and test a sample to determine whether they

are qualified (based on position and department) to receive it. Payroll Register

12

Lack of compliance with policies and procedures and inefficient use of resources and inefficient use of

resources. PP12

Identify per-diem employees and summarize number of hours worked per pay period and compare to policy. Also 1) compare departments with high overtime to

departments with low per diem and 2) identify per diem employees with zero hours. Payroll Register

Determine whether employees receiving call-back and/or on-call pay are eligible

according to policies and procedures. Payroll Register

14

Inefficient use of resources

PP14 Identify departments and employees with most 1) call back and 2) on-call pay. Payroll Register 15

Inefficient use of resources

PP15

Identify employees with 1) call back pay and no on-call pay; and 2) on-call pay and no

call back pay. Payroll Register

16

Overcompensation

PP16

Identify employees with 1) both licensed and non-licensed on-call pay; and 2) licensed

call pay who do not have a licensed position. Payroll Register

17

Inefficient use of resources

PP17 Identify departments and employees with most overtime pay. Payroll Register 18

Inefficient use of resources

PP18

Identify departments and employees with most incremental overtime pay. Incremental

overtime is less than 1 hour Payroll Register

19

Inefficient use of resources

PP19 Identify departments and employees with most double-time pay. Payroll Register

Audit Program Payroll Pay Practices Ghost Employees

Pay Practices

(8)

20

Inefficient use of resources

PP20

Identify full-time employees working more than 18 regular hours per day (Do not include leave hours) Determine for how many pay periods this occurred for each

employee. Timekeeping Data

21

Inefficient use of resources

PP21

Identify full-time employees working more than 80 regular hours per pay period. (Do not include leave hours). Determine for how many pay periods this occurred for each

employee. Payroll Register

22

Inefficient use of resources and underpaying for

benefits.

PP22

Identify part-time employees working more than 72 regular hours per pay period. (Do

not include leave hours). Determine for how many pay periods this occurred for each

employee. Payroll Register

23

Inefficient use of resources

PP23

Identify employees receiving regular + leave hours greater than their standard hours in

the same pay period. Payroll Register

24

Inefficient use of resources and overpaying or

underpaying for benefits.

PP24

Identify employees who continuously worked 1) more or 2) less than their FTE requirement. Continuously means if they worked more than their FTE for 6

consecutive pay periods. Payroll Register

25 Overcompensation PP25 Identify exempt employees with premium pay Payroll Register

26

Inefficient use of resources

PP26

Identify timecards edits which resulted in increased or decreased pay. Determine

which departments and employees have most number of timecard edits Timecard Edits Data

27

Inappropriate timecard approval and lack of segregation of duties. and lack of segregation of

duties. PP27 Identify individuals who can approve their own timecard Timecard Approval Data

28 Inappropriate timecard approval PP28 Identify individuals below supervisor level who have ability to approve timecards Timecard Approval Data

29 Inappropriate timecard approval PP29 Identify individuals who can approve individuals outside their own cost center Timecard Approval Data

30 Unauthorized timecard PP30

Identify timecards for a specific period that were not approved by 1) the employee; 2)

the employee's manager/supervisor; 3) neither Timecard Approval Data

31 Unauthorized overtime PP31 Identify employees with overtime pay whose timecards were not approved

Timecard Approval Data; Payroll Register

32 Unauthorized leave or sick pay PP32 Identify employees with leave or sick pay whose timecards were not approved

Timecard Approval Data; Payroll Register

33 Incompliance with policies and union contract PP33 Trace system pay rules to the HR policies and union contract (if applicable).

Electronic Payroll pay rules; HR policies

34

Inefficient use of resources

PP34 Identify departments and employees receiving the most bonuses Payroll Register

35 Unauthorized/unsupported pay raise/decrease PP35

Select a sample of employees with pay raise/decrease for period under audit and obtain supporting documents ensuring that pay raise/decrease is approved by the appropriate individual and supported by adequate documentation.

Payroll Register; Employee Master

36

Gross pay is not equal to hours worked per timecard x

authorized pay rate PP36

Select a sample of employees and recalculate gross pay per the payroll register based upon hours worked per timecard approved by manager and/or employee and

authorized pay rate per employee's personnel action form or equivalent form

Payroll Register; Personnel Action Form or equivalent