Add to collection(s) Add to saved
  1. Business
  2. Management

Payroll Audit

advertisement 
Payroll Audit
Final Audit Report
October 2010
Audit conducted by:
Audit Operations Division
Office of the Chief Audit Executive
Canadian International Development Agency
200 Promenade du Portage
Gatineau, Quebec
K1A 0G4
Tel: (819) 997-5006
Toll free: 1-800-230-6349
Fax: (819) 953-6088
(For the hearing and speech impaired only (TDD/TTY): (819) 953-5023
Toll free for the hearing and speech impaired only: 1-800-331-5018)
E-mail: info@acdi-cida.gc.ca
TABLE OF CONTENTS
EXECUTIVE SUMMARY ..................................................................................... v
1.0 Background................................................................................................. 1
2.0
Audit Objectives, Scope, Methodology and Criteria ................................... 1
3.0
Main Audit Findings .................................................................................... 2
4.0
Conclusion ................................................................................................. 4
Appendix 1: Audit Criteria and Summary of Findings ............ 5
Appendix 2: Acronyms and Abbreviations ............................. 6
Appendix 3: Sampling Methodology ...................................... 7
iii
Executive Summary
Background
According to the 2009–10 Departmental Performance Report (DPR), the Canadian
International Development Agency’s (CIDA) salary expenditures totalled $195.8 million,
or 79 percent of total operating expenditures for 2,119 employees.
The payroll administration within CIDA rests primarily with the Human Resources
Branch (HRB) and the Chief Financial Officer Branch (CFOB). CIDA’s Compensation
and Benefits Unit in Human Resources Branch is responsible to administer pay and
benefits transactions for CIDA employees through the Regional Pay System (RPS) of
Public Works and Government Services Canada (PWGSC).
CFOB is responsible for the recording of inter-departmental settlement and Agency pay
related transactions, as well as the reconciliation of actual salary recorded within the
financial system to the amounts reported by PWGSC. Meanwhile, under the
coordination efforts of CFOB, individual Branches are responsible to review actual
salaries as compared to budget with the use of the Salary Forecasting System (SFS).
Audit Objectives
The objective of this audit is to provide reasonable assurance that adequate and
effective controls are in place to ascertain the integrity of pay transactions.
Audit Conclusion
The audit found that adequate controls have been designed and are operating
effectively. These controls mitigate risks relating to the accuracy of pay transactions.
Opportunities for minor operational improvements were noted and communicated by
way of a management letter.
Statement of Assurance
In my professional judgement as Chief Audit Executive, sufficient and appropriate audit
procedures have been conducted to support the conclusions stated in this report.
These conclusions are based on a comparison of the circumstances, as they existed at
the time, with pre-established auditing criteria approved by management. This
conclusion is applicable only to the subject examined. The audit engagement was
planned, conducted and results are reported in compliance with Internal Audit
Standards for the Government of Canada.
Chief Audit Executive
v
1.0 Background
The payroll audit was part of CIDA’s Three-Year Risk-Based Audit Plan, 2009–10 to
2011–12. The Audit Committee recommended and the President of CIDA approved the
Plan on April 28, 2009.
According to the 2009–10 Departmental Performance Report, the Canadian
International Development Agency’s salary expenditures totalled $195.8 million, or 79
percent of total operating expenditures for 2,119 employees.
The payroll administration within CIDA rests primarily with the Human Resources
Branch (HRB) and the Chief Financial Officer Branch (CFOB). CIDA’s Compensation
and Benefits Unit in Human Resources Branch is responsible to administer pay and
benefits transactions for CIDA employees through the Regional Pay System (RPS) of
Public Works and Government Services Canada (PWGSC).
CFOB is responsible for the recording of inter-departmental settlement and Agency pay
related transactions, as well as the reconciliation of actual salary recorded within the
financial system to the amounts reported by PWGSC. Meanwhile, under the
coordination efforts of CFOB, individual Branches are responsible to review actual
salaries as compared to budget with the use of the Salary Forecasting System (SFS).
2.0 Audit Objectives, Scope, Methodology and Criteria
2.1 Objectives
The objective of this audit is to provide reasonable assurance that adequate and
effective controls are in place to ascertain the integrity of pay transactions.
2.2 Scope
The audit covered pay transactions at Headquarters, from the validation of appropriate
authorization to initiate the transaction, to their posting within the RPS and final
recording in SAP FI for the period of April 1, 2008, to December 31, 2009. The focus of
the audit was limited to the validation of appropriate controls.
The audit did not include:
validation of any controls performed by PWGSC;
reperformance of the calculations related to individual pay transaction to validate
their accuracy; and
validation of data within SAP HR and controls related to Salary Forecast System
(SFS).
The examination phase was completed between November 2009 and August 2010.
1
2.3 Methodology
The following methodology was used in conducting this audit:
Interviewed individuals within HRB and CFOB to obtain an understanding of the
process of various compensation transactions and the controls in place;
Documented, through flowcharting, the current processes and controls;
Developed a control matrix listing control procedures required to mitigate the
identified risks;
Identified the key controls essential to address each significant risk, based on
the control matrix;
Evaluated the design effectiveness of the control environment; and
Evaluated and tested the design and operational effectiveness of the key
controls.
To assess that the audit objective was met, the audit criteria was substantiated based
on the validation of appropriately designed controls and their operational effectiveness
to mitigate risk that is associated to a given criteria.
2.4 Audit Criteria
As a result of the preliminary survey and the risk and control assessment, relevant
process controls were identified and linked to the lines of enquiry. The auditees were
given the opportunity to validate and approve the following audit criteria:
1. SAP FI and RPS employee data are appropriate and accurate
2. CIDA complies with relevant Policies
3. Salaried employees are paid in accordance with terms and conditions of
employment and collective agreements
4. Salary data are properly recorded and reported
3.0 Main Audit Findings
3.1 SAP FI and RPS employee data are appropriate and accurate
The audit focused on confirming that controls are designed and operating effectively as
they relate to the Agency’s recording, validating and authorizing the posting of
employee data through RPS.
2
Overall, CIDA’s controls are in place to give reasonable assurance that changes within
RPS are completed upon receipt of proper documentation by the appropriate delegated
authority and after peer verification.
Furthermore, the audit confirmed that the ability to make changes to data within RPS is
limited to those with appropriate access, and which is approved based on required
needs and by the appropriate delegated authority.
3.2 CIDA complies with relevant Policies
The Agency is required to comply with appropriate and relevant Legislation and
Treasury Board Policies as they relate to pay transactions. As a result, the audit
focused on validating that those responsible for the processing of pay transactions are
aware of all relevant Legislation and Policy.
The audit found that controls are in place to provide reasonable assurance that
individuals responsible for processing pay transactions and employee personal
information are aware of relevant Legislation and Policy through formal and timely
communication processes. There is evidence of regular meetings taking place to
discuss questions on the directives, to offer guidance and provide ongoing training,
especially for newer employees. Staff are encouraged to access PWGSC’s bulletin
thorough their website for further information.
3.3 Salaried employees are paid in accordance with terms and conditions of
employment and collective agreements
The pay transaction is created, verified and authorized by the CIDA’s Compensation
and Benefit Unit through RPS, and processed by PWGSC. The audit validated that
controls are designed and operating effectively as they relate to the recording, validating
and authorizing the posting and payment of pay transactions.
The audit concludes that appropriate controls are in place:
to validate that pay transactions are only made upon receipt of appropriate
documentation;
to support that authorization for the transaction is obtained from the appropriate
delegated authority;
to provide reasonable assurance that employees pay is calculated appropriately;
to support that all transactions are verified prior to posting;
to provide reasonable assurance that transactions are posted to RPS by an
individual with the appropriate authority; and
to provide reasonable assurance that employees are paid appropriately and in a
timely manner.
3
3.4 Salary data are properly recorded and reported
Subsequent to the validation of pay transactions, all pay transactions for a specific
period are recorded within the Agency’s accounting records through interface software
to SAP. As a result, the audit focused on validating that controls are designed and
operating effectively as they relate to the recording and reporting of salaries.
It was observed that controls are in place to validate the accurate recording of pay in the
financial system. Controls are present to reconcile the pay transactions received from
PWGSC through monthly reconciliations and the review of error reports. The Agency
has also implemented controls to corroborate that appropriate payments and receipts
from other government departments and agencies occurred as it relates to transferred
employees.
4.0 Conclusion
The audit concludes that adequate controls are designed and operating effectively.
These controls mitigate risks related to the accuracy of pay transactions. Some minor
opportunities for operational improvements were noted and communicated by way of
management letter.
4
Appendix 1: Audit Criteria and Summary of Findings
Met Criteria
Audit Criteria
Mostly
1. SAP FI and RPS employee data are appropriate and
accurate
■
2. CIDA complies with relevant Policies
■
3. Salaried employees are paid in accordance with the
terms and conditions of employment and collective
agreements
■
4. Salary data are properly recorded and reported
■
In Part
No
5
Appendix 2: Acronyms and Abbreviations
Acronym or
Abbreviation
Description
DPR
Departmental Performance Report
CFOB
Chief Financial Officer Branch
CIDA
Canadian International Development Agency
HRB
Human Resources Branch
PWGSC
Public Works and Government Services Canada
RPS
Regional Pay System
SAP FI
SAP Financial Accounting Module
SAP HR
SAP Human Resource Module
SFS
Salary Forecasting System
TBS
Treasury Board of Canada Secretariat
6
Appendix 3: Sampling Methodology
Number of transaction types and files tested:
To provide reasonable assurance that adequate and effective controls are in
place, the audit team:
Reviewed the payroll process and identified 35 key controls for further
testing.
Performed 865 tests on samples selected based on 15 transaction types.
Determination of number of samples required by transaction type:
The audit team used a generally accepted methodology to establish the sample
sizes for each transaction type.
Accordingly, the table below lists the minimum sample sizes used for this
engagement. The audit tested population sizes in each of the three categories
identified in the table, and followed the sample methodology suggested for each
segment. The sample sizes, and related tests are based on a 90 percent
confidence level that conclusions can be extrapolated to the entire population.
Size of Population
*0 – 100
101 - 500
More than 500
No deviations
N/A
23
25
Minimum sample size
One deviation
Two deviations
N/A
N/A
35
45
40
60
*For populations with fewer than 100 items, it is considered proper sampling practice to test 10 percent of
the actual population.
7
Related documents
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
QUALITY ASSURANCE: Obstetrics Auditing, Records & Reports
QUALITY ASSURANCE: Obstetrics Auditing, Records & Reports
Big Data As Complementary Audit Evidence
Big Data As Complementary Audit Evidence
Lutz Internal Audit Director 10 22 2015
Lutz Internal Audit Director 10 22 2015
LGFMA Presentation - Internal Audit Program Model
LGFMA Presentation - Internal Audit Program Model
Title: Audit
Title: Audit
CIS 349 – Information Technology Audit and Control
CIS 349 – Information Technology Audit and Control
Download
advertisement