Audit Controls - American Payroll Association · Segregation of Duties Segregation of Duties (SOD) is a basic building block of sustainable risk management and internal controls for

AUDIT CONTROLS

September 12, 2018

Disclaimers

As part of our continued tradition and commitment to our Customer as well as the Community we serve, Paytime, Inc. is honored to provide this and many other educational resources. This presentation is being offered,

and was developed, to provide timely and accurate information delivered by a subject matter expert to the audience in attendance. This material and presentation is offered with the understanding that the presenter(s),

publisher(s), sponsor(s) and Paytime, Inc. are not engaged in rendering legal, accounting, or other professional services. This presentation is meant to provide general and summary information only. The subject matter

is not specific to any company, individual or industry and none should be implied. No attorney-client relationship or consultant-client relationship has been created and no legal or other professional advice is implied nor

inferred. If legal, accounting, consulting or other professional advice is needed, those services from a licensed professional in good-standing should be acquired. By attending this educational event, you agree to release

Paytime, Inc., its subsidiaries and affiliates and each of their respective shareholders, officers, directors and Employees from any and all losses, damages, liabilities, deficiencies, claims, actions, judgments, settlements,

interest, awards, penalties, fines, costs, or expenses of whatever kind arising from your use of this presentation and/or educational resource(s) and any and all information contained herein. The attendee and participant

assumes all responsibilities for the use, contents, interpretations and any circumstances resulting from the aforementioned.

Tricia Richardson, CPP, SPHR, SHRM-SCP

Account Relationship Manager

Confidential and proprietary. 2

AGENDA

▪ Checklists - (and we will give you one)

▪ Verifying deduction & earning taxation

▪ Internal Controls

▪ Reviewing batch totals and reports - what to look for

▪ Contingency planning

▪ Documented procedures

▪ Best practices


CHECKLISTS

Why?

▪ Historical Reference

▪ Audit Trail

▪ Document Process

▪ Make sure everything is done

What to Include?

▪ Download Audit History – what happened this pay and who

made the change? – Review

▪ General Steps (refer back to procedures)

▪ Section by Month, Department, Person responsible

▪ Sign-offs


CHECKLISTS



APPROVALS

& REVIEWS


VERIFYING

DEDUCTION

& EARNING

TAXATION


VERIFYING

DEDUCTION

& EARNING

TAXATION


VERIFYING

DEDUCTION

& EARNING

TAXATION


VERIFYING

DEDUCTION

& EARNING

TAXATION


INTERNAL CONTROLS

Segregation of Duties

Segregation of Duties (SOD) is a basic building block of sustainable risk management

and internal controls for a business.

Use the “roles and responsibilities” function within software applications wherever

possible, and maintain an SOD workbook of each framework for all key processes. An

advanced organizational control will interface the Human Resources organization chart

with the SOD workbook to create a very strong control mechanism and a simultaneous

management tool for allocating resources and managing to budgets. If roles and

responsibilities are not followed, the opportunity for collusion cannot be controlled within

an organization’s risk preferences or within any acceptable framework.

https://www.aicpa.org/InterestAreas/InformationTechnology/Resources/Auditing/InternalControl/Pages/value-strategy-through-segregation-of-duties.aspx


INTERNAL CONTROLS

▪ Inherent verification of data

▪ Segregation of Duties - No 1

Person or Department is

able to control the entire

process

▪ Payroll should NEVER enter

Salary information and

process payroll

▪ HRIS should be the only

department with the ability

to change User permissions

▪ User permissions by job

function, not individual

▪ Protected Information!

HRIS ensures permissions are

locked-down

Human Resources ensures New Hire

information completed (including pay)

Supervisor ensures Employee has access

to areas needed

Employee Time Entry with unique identifier

Time approved by Supervisor

Time imported by Payroll Department

Employee changes imported by Payroll

Department

Payroll Department reviews imports for

reasonability (missing timesheets, salary

levels, etc.)

Edits sent back to Human Resources or

Supervisor

Payroll processed and preliminary reports

provided to Management

Management approves and “posts” Payroll

Accounting/Finance sends direct deposit file and verifies all

banking against Payroll reports; general ledger

entry

Employee receives their pay


Policies, Procedures and Internal

Controls Self-Audit

INTERNAL CONTROLS

https://www.irs.gov/retirement-plans/policies-procedures-and-internal-controls-self-audit


INTERNAL CONTROLS

EP Team Audit (EPTA) Program - Internal Control Questionnaire

https://www.irs.gov/retirement-plans/ep-team-audit-epta-program-internal-control-questionnaire


BDO Consulting Segregation of Duties Checklist




REVIEWING BATCH TOTALS AND REPORTS – WHAT TO LOOK FOR

▪ If payroll administrator imported hours or amounts, the payroll administrator should confirm that

the batch totals in your payroll software match the totals that were provided on the original file.

▪ If payroll administrator manually keyed hours or amounts into a batch, the payroll administrator

should confirm that the batch totals in your payroll software match the totals that were provided

from your original source document, if totals are provided. Also, payroll administrator should

have a second set of eyes confirm each entry, to ensure hours or amounts were keyed on

correct employee record.


BEFORE you “close” Payroll – Review:

▪ Payroll Summary Payroll Recap Funding

▪ Active Employees NOT PAID

▪ Terminated Employees PAID

▪ Vendor Check Summary (compare totals to previous pay)

▪ Live Payroll Check List

▪ Missed Deductions

▪ Labor Distribution Report

▪ Pre-Process Labor Distribution

▪ General Ledger Report


Compare Totals and Data to Previous Pay



▪ If you have special circumstances, such as paying out PTO time, or doubling an

employee’s deduction on a particular pay - create a new batch to capture these special

changes. You can create a worksheet to total these special adjustments manually, then

confirm the batch totals in the payroll software.

TeamSuiteHR

Screenshot



▪ Always review each employee pay statement on the payroll register,

specifically those to which manual edits have been made.

▪ Always compare gross wage totals, deductions totals, and taxes total to the

previous payroll. If there is a variance of a certain amount (which could be

different based on Company), provide an explanation as to why the

amounts are less or more the previous payroll run. Examples could be

new hires or terminations, or benefit premium changes, etc.

Add this Process to your Audit & Internal Controls

In the event of a disaster, the

last thing an Employee needs

to hear is “Paychecks will not

be available”

Employees do not care that the

Payroll Processor has: Quit,

was in an accident, on Vacation

and trapped in an airport, etc.

Payroll MUST happen,

regardless

You have to have a contingency plan in place that should, at a minimum, include:

• Communication Plan

• Cross-train: more than 1 Employee should know how to process Payroll (the complete process)

• Staff appropriately

• The back-up Employee should perform the Payroll every few months to stay “fresh”

• Checklists, Documented Processes and Procedures – it may not be a hurricane, it may be a sudden lack of that key Payroll Employee

• Off-site remote Payroll processing

• Laptop, printer, generator, check stock, hot-spot off-site if needed

• “Recovery Site” – but plan for the Payroll processing to happen somewhere else

• “Cloud” access to everything a Payroll processor would need

CONTINGENCY PLANNING

Test your Contingency Plan

- Just like a fire drill


The back-up Employee(s) should perform

the Payroll every few months

▪ Document everything you do, with Screenshots, helpful hints, etc.

▪ Back-up Employee(s) should use these instructions to test them

▪ Keep Checklists Updated

▪ Demonstrates your knowledge and understanding – adds value

DOCUMENTED PROCEDURES

BEST PRACTICES

▪ If there is going to be a manual adjustment made to your Employee’s paycheck – inform the employee prior

to processing. This will allow the employee to prepare for the adjustment and also ask questions about the

adjustment. This way if you were informed to make this adjustment in error, you still have time to fix before

processing. This also saves you time on pay day!

▪ Understand that taking time to review payroll reports prior to processing can save both you and your

employees a lot of stress. When an employee is over (or under) paid, there are adjustments that need to

be done in order to correct the issue. Sometimes it can wait till the next payroll run, but other times, it

can’t.

▪ Invest in Training: Stay current on legislation relating to payroll law, and take advantage of opportunities

(like this Webinar) to better your payroll processes. Continually look to improve the process to make it both

more effective and efficient for you and the Employees of the Company.

▪ Professional Credentialing. Payroll and Human Resource credentials give you, your Leadership, and

Employees confidence in your role. Regardless of how payroll is processed, or who processes, it is your

responsibility as part of the Team to ensure an Employee’s pay is accurate. Credentialing also requires

continuing education – you will be informed.

▪ Invest in Training your EMPLOYEES: Help them understand their paycheck proactively, so that you will not

have to address impromptu questions later. Empowering the Employee is a benefit that the Employee will

appreciate.


Documents

Audit Controls - American Payroll Association · Segregation of Duties Segregation of Duties (SOD) is a basic building block of sustainable risk management and internal controls for