Add to collection(s) Add to saved
  1. Business
  2. Finance

CONFIDENTIAL Payroll Key Controls (Jan 2012

advertisement 
CONFIDENTIAL
Payroll Key Controls
(Jan 2012- Mar 2012)
I
N
T
E
R
N
A
L
A
U
D
I
T
&
C
O
R
P
O
R
A
T
E
G
O
V
E
R
N
A
N
C
E
C
O
N
T
R
O
L
Report Prepared By:
R. Ali (Auditor)
Date:
23 August 2012
Audit File Ref:
566
DISTRIBUTION

Executive Portfolio Holder

Audit Committee

Chief Executive
R. Williams

Director
L. Collins

Head of Corp. Dev.
D. Field

HR Operations Manager
F. Hendin

Audit Partnerships Manager
S. Martin

External Audit
C. Kennedy
Cllr M. Cook
INSIDE THIS REPORT
PAGE

Executive Summary
2-4

Appendix A
5
Internal Audit & Corporate Governance Control
1.0
EXECUTIVE SUMMARY
1.1.1
INTRODUCTION
Report No: 566
Internal Audit & Corporate Governance Control act in accordance with the Accounts and
Audit Regulations (2011) and the CIPFA Code of Practice for Internal Audit in Local
Government in the United Kingdom (2006). This audit has been prepared in accordance
with our Audit Charter.
As part of the Audit Plan 2011/12 approved by the Audit Committee 1 March 2011, we have
undertaken an audit of the systems of internal control in place over Payroll. Review of this
area has taken place in two phases in order to facilitate External Audits reliance upon our
work. Phase one related to April 2011-December 2011 period, which resulted in report 557
– Payroll Key Controls. This report represents the testing results of the final quarter of the
year. If this work was not undertaken then External Audit would undertake the testing with
an additional cost to the Authority.
At the 2010-11 year end Council salaries and wages totalled £30,698,449. As of 31 March
2012 year end Council salaries and wages totalled £31,806,337.
1.1.2
AUDIT SCOPE & OBJECTIVES
Scope
The scope of the audit was to cover the key controls identified by the Council’s External
Auditor, PricewaterhouseCoopers (PWC), within the agreed Internal/External Audit protocol
document.
Objectives
The objectives of the audit were to provide management with reasonable assurance of the
adequacy of controls operating over payroll; in particular that:






Starter forms were appropriately completed prior to input to the payroll system and
were verified for accuracy after being input;
Leaver forms were appropriately authorised and accurately input into the payroll
system;
Amendments were appropriately authorised and were accurately input to the payroll
system;
The payroll system was reconciled to the general ledger with any reconciling items
investigated and resolved on a timely basis;
The completeness and accuracy of employee information on the payroll was verified
independently on at least a quarterly basis; and
Appropriate segregation of duties and access controls were in place.
This work is relied upon by the External Auditors during their annual statutory review of the
Council’s accounts and financial processes.
Page 2 of 5
Internal Audit & Corporate Governance Control
1.2
ASSURANCE STATEMENT
1.2.1
Overall Assurance Level
Good
Report No: 566
Adequate
Limited
Unsatisfactory

** For definitions see Appendix A
1.2.2
Positive Audit Comments
We would like to draw management attention to key controls in operation over Payroll
processes and procedures that were operating effectively and efficiently:

1.2.3
All pay group reconciliations are prepared in a timely manner.
Control Issues
Audit testing undertaken to cover the period January to March 2012 identified the same
control weaknesses as reported in 557 Payroll Key Controls (April – December 2011):

Starter and Leaver forms were authorised by officers that were not included in the
Chief Executive Officer’s Authorisation List.

The Citrix system was not used to identify Council employees that had changed
their bank details.

Council manager’s do not return Payroll monitoring reports to confirm they agree
with appointment changes, overtime, establishments, etc.
No additional findings have been raised within this report.
Page 3 of 5
Internal Audit & Corporate Governance Control
1.2.4
Report No: 566
Adequacy of individual control areas
Control Area
Adequacy
assessment **
Number of recommendations
raised
High**
Starter forms were appropriately
completed prior to input to the
payroll system and were verified
for accuracy after being input;
Medium**
1*
Adequate
Leaver forms were appropriately
authorised and accurately input
into the payroll system;
Adequate
1*
Amendments were appropriately
authorised and were accurately
input to the payroll system;
Adequate
1*
The
payroll
system
was
reconciled to the general ledger
with any reconciling items
investigated and resolved on a
timely basis; and
The completeness and accuracy
of employee information on the
payroll
was
verified
independently on at least a
quarterly basis.
Total recommendations raised
Low**
1*
Adequate
1*
Adequate
0
0
0
0
** For definitions see Appendix A
* As reported within 557 Payroll Key Controls (April – December 2011).
1.3
Acknowledgements
We would like to thank the Payroll team and ICT team for their co-operation during the
course of this audit.
Page 4 of 5
Internal Audit & Corporate Governance Control
Report No: 566
APPENDIX A
3.0
Overall Assurance Level
Control adequacy assessments
We have four categories by which we classify our overall level of assurance of the processes
examined and, also, the adequacy of the individual key control areas. They are defined as follows:
Good
All controls are being applied consistently and effectively. This means
that all the control areas in the audit are being properly managed and the
associated risks are being mitigated.
Adequate
Controls exist but there is some inconsistency in their application. This
means that a few of the risks in the audit may need attention.
Limited
Some controls do not exist. This means that a reasonable number of the
risks in the audit need attention.
Unsatisfactory
A significant number of controls do not exist and/or there are major
omissions in the application of controls. This means that a significant
number of risks in the audit are not being properly managed.
4.0
Recommendation priorities
We have three categories by which we classify our recommendations. They are defined as follows:
HIGH
A top priority due to the absence of or non-compliance with a fundamental control
process, creating the risk that significant error or malpractice could go undetected.
These recommendations should normally be implemented within 1 to 3 months.
MEDIUM An important issue, which is needed to bring the internal control system up to an
adequate standard or eliminate a serious level of non-compliance with an existing
control process. These recommendations should normally be implemented within 1 to 6
months.
LOW
An issue, which, if addressed, would contribute towards raising the standard of internal
control to a level higher than adequate or help to reduce a less serious level of noncompliance with an existing control process. These recommendations should normally
be implemented within 12 months.
Page 5 of 5
Related documents
Sample Interview Questions for Accounting Majors
Sample Interview Questions for Accounting Majors
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
Big Data As Complementary Audit Evidence
Big Data As Complementary Audit Evidence
QUALITY ASSURANCE: Obstetrics Auditing, Records & Reports
QUALITY ASSURANCE: Obstetrics Auditing, Records & Reports
Lutz Internal Audit Director 10 22 2015
Lutz Internal Audit Director 10 22 2015
LGFMA Presentation - Internal Audit Program Model
LGFMA Presentation - Internal Audit Program Model
Title: Audit
Title: Audit
Download
advertisement