Upload
hakiet
View
216
Download
1
Embed Size (px)
Citation preview
Learning Objectives
Upon completion of this session , you should be able to:
Recall definition of internal control
Understand the importance of internal control
Recite basics of the payroll and benefit cycle
Explain Internal Control for the payroll cycle
Discuss segregation of duties for payroll
2
COSO’s definition of internal control:
Internal control is a process, effected
by an entity’s board of directors,
management and other personnel,
designed to provide reasonable
assurance regarding the achievement
of objectives in the following
categories:
Internal Control Review
5
COSO’s Integrated Framework
Internal control is directed towards the achievement of objectives
– Operations—effectiveness & efficiency
– Financial Reporting—reliability of financial statements
– Compliance—following applicable laws and regulations
6
Internal Control Components 1st component, Control Environment
Integrity and ethical values
gifts and gratuities.pdf
UGA example
Commitment to competence
Management’s philosophy and operating style
Assignment of authority and responsibility
Human resource policies and practices
8
Internal Control Components
2nd Component, Risk Assessment
Defined by COSO –
Risk assessment is the identification and
analysis of relevant risks to achievement of the
objectives, forming a basis for determining how
the risk should be managed.
9
Internal Control Components
3rd Component, Control Activities
Control activities are the methods used to
reduce risk identified during the risk
assessment process.
10
Control Activities
Top Level Reviews
Direct Functional or Activity
Management
Information Processing
Physical Controls
Segregation of Duties
11
Internal Control Components
4th Component, Information and
Communication
An organization needs to make sure that
types of communications used are broad-
based, useful, reliable and continuous.
12
5th Component, Monitoring
Ensures that the internal controls operate
as intended.
– Ongoing Monitoring
– Separate Evaluations
Internal Control Components
13
COSO Update – 1st Quarter 2013
Concepts that remain the same
– Definition of internal control
– 5 components
– Criteria used to assess effectiveness
– Use of judgment in evaluating effectiveness
14
COSO Update – 1st Quarter 2013
Concepts added
Codification of principles for developing and
evaluating the effectiveness of Internal
Controls
Expanded financial reporting objective to
address internal and external, financial and
non-financial reporting objectives
Increased focus on operations, compliance
and non-financial reporting objectives based
on user input
15
COSO Update Timeline www.coso.org
Sept - Jan Feb - Oct Dec - Mar Apr - Dec
Assess & Survey
Stakeholders
Design &
Build
Public
Exposure Finalize
2010 2011 2012
Released first quarter 2013
16
Control Environment
Risk Assessment
Control Activities
Information &
Communication
Monitoring Activities
Summary of Updates Codification of 17 principles embedded in the original Framework
1. Demonstrates commitment to integrity and ethical values
2. Exercises oversight responsibility
3. Establishes structure, authority and responsibility
4. Demonstrates commitment to competence
5. Enforces accountability
6. Assesses fraud risk
7. Identifies and analyzes significant change
8. Specifies relevant objectives
9. Identifies and analyzes risk
10. Selects and develops control activities
11. Selects and develops general controls over technology
12. Deploys through policies and procedures
13. Uses relevant information
14. Communicates internally
15. Communicates externally
16. Conducts ongoing and/or separate evaluations
17. Evaluates and communicates deficiencies 17
Meet objectives
Prevent errors
Protect employees
Checks and balances
Establish standards
Compliance
Preserve integrity
Security of assets
Several
valuable
reasons for
Internal
Controls
19
• Most state laws require governments to
have annual audits of their financial
statements in accordance with
Generally Accepted Government
Auditing Standards (GAGAS).
• GAGAS requires reporting on internal
controls
20
Internal Control and Single Audits
• When expending Federal assistance of
more than $500,000, a government
must undergo an A-133 audit or a
Single Audit.
• Single audit requires auditee to maintain
a system of internal controls
21
Lack of adequate internal controls is
one of the most commonly cited
reasons that fraud occurs within an
organization.
FRAUD
22
• Determined by agreement between employer and employee
• Salary schedule – Type of position
– Steps and years of experience
• Employees pay examples: – Annual salary/prorated over pay periods
– Hourly rates
• FLSA—150% regular rate for +40 hours with certain exemptions
Employee Earnings
24
• Time sheet – Basis of periodic payroll
• Contents of time sheet – Employee name and number
– Pay period
– Dates worked
– Number of hours worked
– Signatures • Employee
• Employer
Employee Earnings
25
• Special Journal
• Sometimes call Payroll Register
• Common contents:
– Name of employee
– Expenditure/expense classifications
– Adjusted gross payroll
– Net payroll
Payroll Journal
26
• Social security tax
• Federal Income Tax
• State Income Tax
• Deferred compensation
• Pension plans
• Insurance
• Other miscellaneous
Payroll Deductions and
Withholdings
27
• Control operations
– Establish levels of authority
– Provide approval for transactions
– Provide feedback to approvers
• Safeguard assets
– Loss or damage
– Waste, inefficiency, error, theft or fraud
Control Objectives
34
• Provide adequate information
– Timely
– Reliable
– Supports control structure
Control Objectives
35
1. Payroll transactions are preapproved or
authorized
2. Only valid transactions are recorded and
they are recorded in proper period
3. Valid transactions are accurate, agree
with source documents and recorded on
a timely basis
Control Objectives for
Payroll
36
4. Recorded transactions
– Represent economic events that actually
occurred
– Are lawful in nature
– Are executed in accordance with
management’s general authorization
Control Objectives for
Payroll
37
5. Access to payroll records are controlled
– Restricted to authorized personnel
6. Proper segregation of duties
Control Objectives for
Payroll
38
Control Environment/Payroll
• Control Environment
– Published code of ethics required to be read and acknowledged by employees
• Only employees that possess required knowledge and skills should be hired
• Employees should be supervised by qualified personnel
• Job descriptions should be updated with required skills and knowledge
39
Control Environment/Payroll
• Management has ongoing commitment to
ongoing education and training for
employees in the payroll department
– Especially regarding federal and state tax
issues and laws
40
Risk Assessment and
Payroll
Objective No. 1: Authorization
Risks:
• Hiring an unapproved employee
May not be legally eligible
• Overspending budget
• Hiring an unqualified employee
• Incorrect classification for benefits
could result in higher costs
41
Risk Assessment and
Payroll Objective No. 2: Safeguarding Assets
Risks:
• Errors in payroll process due to hiring
unqualified employee
• Interest and penalties
• Fictitious employees added to payroll
42
Risk Assessment and
Payroll Objective No. 2: Safeguarding Assets
Risks:
• Incorrect employee classification
– Employee vs independent contractor
– Exempt vs nonexempt
• Leave taken not properly reported
43
Risk Assessment and
Payroll Objective No. 3: Accurate, reliable and timely information
Risks:
• Salary/Pay rate not correct
• Hours/pay period inaccurately entered
• Deduction entered improperly
• Payroll transactions not posted to general ledger
• Taxes/benefits not paid within required time
44
Control Activities for Payroll
Four Categories of Control Activities
• Hiring
• Documentation
• Authorization
• Reconciliation
45
• Written process for hiring
– Budget approval
– Authority to advertise
– Appropriate applicant information
– Established selection process
– Formal job offering (Letter) • Pay rate
• Benefits provided
• Status – Full-time, part-time
• FLSA classification
Control Activities for Payroll
46
• Documentation—complete
the forms
– Personal data
– Form I-9 (Employment Eligibility
Verification)
– Form W-4 (Federal Tax Withholding)
– Form G-4 (State Tax Withholding)
– Benefit forms
– Retirement plan forms
– Other forms
Control Activities for Payroll
47
• Authorization
– Required to ensure that only valid
transactions are entered into payroll system
• Time sheets signed by employee and supervisor
– Supervisor’s approval = authorization to pay and certifies
time recorded is actual time worked.
• Payroll should be authorized by supervisor
– Verify that all supporting documentation is present prior
to approving payroll
– Could be manual or electronic approval
Control Activities for Payroll
48
• Reconciliations
– Hours worked on time sheets = summary of
hours worked in payroll system
– Adjusted Gross Salary - No variations unless
adjustments to pay
– Taxable Wages - Adjusted gross wages less
pre-tax deductions
– Benefits and Deductions
– # of employees
Control Activities for Payroll
49
• Checklist easy way to show
completed tasks
• Also need to reconcile general
ledger accounts after
withholdings are paid
Control Activities for Payroll
50
Information/Communication of Payroll
• Enrollment period for benefits
• Pay periods and dates (cutoff)
• Holidays
• Furlough days
• Personnel policies and procedures
• Salary information
• Benefits payable due dates
• Tax withholding due dates
51
Monitoring and Payroll
• Are controls operating as intended
• Unmonitored controls deteriorate over time
• Monitoring should be ongoing
52
Ongoing Monitoring
and Payroll
• Supervisory activities:
Preventive control
Detective control
Examples:
Reconciliations of payroll amounts
Initial and date face of reconciliation
Review employee information change forms for accurate and timely posting
53
Monitoring and Payroll
• Separate Evaluations
– Completed by persons outside of operations
after the fact
• External auditors
• Internal auditors
• Objective
– Internal controls functioning properly
– Provide communication tools for deficiencies
54
What Is Segregation of Duties?
• Segregation of duties (SoD) means
separating the record-keeping function
from the operational responsibility of that
activity and from those who exercise
physical control over the records
56
What Is Segregation of Duties?
Used to ensure
that errors or
irregularities are
prevented or
detected on a
timely basis by
employees in the
normal course of
business
Deliberate fraud more
difficult
Likely that innocent errors will be found
57
Evaluating Segregation of Duties
Ask yourself…
If I make an error in my work,
will someone downstream of
me detect it before it becomes
a major issue for management
and the taxpayers to read
about?
59
Evaluating Segregation of Duties
Function that is indispensable, potential subject to abuse
Divide function into separate steps
Assign each step to a different person or different department
60
Evaluating Segregation of Duties
At a minimum, no person should be able to perform more than two of the functions. The
matrix illustration below presents various ways to assign responsibilities that are less than the
optimum.
61
Mitigating or Compensating Controls
• Reduces the risk of an existing or potential
control weakness resulting in errors and
omissions
• Compensating controls are less desirable
than the segregation of duties
• More resources are required to investigate
and correct errors and to recover losses
62
Mitigating or Compensating
Controls
• Types of compensating controls that can
be implemented:
– Review reports of detailed transactions
– Review selected transactions
– Take periodic asset counts
– Check reconciliations
63
Mitigating or
Compensating
Controls
Management performs
the procedure
Compensating controls
cannot be delegated
64