Add to collection(s) Add to saved
  1. Business
  2. Finance

Checklist 11.1: Payroll Controls Risk Assessment Risk Rating

advertisement 
Checklist 11.1: Payroll Controls Risk Assessment
Risk
Rating
Management Controls
1. Does the financial institution have clear statements of employment criteria
(e.g., personnel levels, experience and minimum skills, location, personal
integrity, education, compensation rates, benefits and payroll deductions)
approved by the Board of Directors, internally disseminated to appropriate
institution personnel, that sets forth:
a. Written policies and procedures for approval of new hires and payroll
data by persons other than those responsible for payroll preparation?
b. Policies and procedures authorization by persons other than those who
prepare payrolls of (1) additions to, changes to, or deletions from
payroll; (2) individual wage or salary rates and changes thereto; and
(3) payroll deductions?
2. Does the financial institution periodically select a sample of employees
from the payroll register and inspect personnel records to verify
authorization for hiring of the employees, compensation rates, benefits,
and payroll deductions?
3. Does the financial institution perform a review and approval by a
designated official of new hires with special employment terms, contracts,
or agreements?
4. Do the appropriate supervisory personnel obtain a list of employee
terminations and trace the terminations to deletions from payroll?
5. Do the appropriate supervisory personnel observe on a surprise basis the
distribution of payroll to employees and investigate the handling of
unclaimed payroll checks or envelopes?
6. Does the financial institution use access control software or applicationspecific access controls, together with appropriate user password
procedures and physical controls over access to workstations, LANs, and
online terminals, to limit access to payroll change processing to only those
authorized?
7. Does the financial institution maintain a permanent record for each
employee, showing date hired, initial pay rate, and subsequent changes in
Yes
No
N/A
Risk
Rating
Management Controls
rate requiring conflicts of interest statements?
8. Does the financial institution have employee benefit plans, and all
subsequent amendments, approved by the Board of Directors, legal
counsel, and the IRS?
9. Do personnel independent of the payroll function periodically test a
sample of payroll file edit reports by comparing the change to the payroll
files to the authorized input document?
10. Are changes to the payroll reference file processed only with a properly
authorized input document?
11. Does the financial institution have adequate written procedures regarding
all other personnel function and payroll processing activities?
12. Does the financial institution periodically perform a comparison of
selected payroll amounts to predetermined control totals or equivalent
procedures to ensure that all original data and revisions are accurately and
completely processed?
13. Are control totals and comparisons established or performed by persons
not responsible for payroll preparation or authorization of payroll
changes?
Payroll Processing
1. Does the financial institution have adequate written policies and procedures
regarding reporting and computing of payroll?
2. Does the financial institution designate the departmental time card review
responsibility to an appropriate official and require written authorization (signoff) of those time cards prior to payroll processing?
3. Does the financial institution use pre-numbered and controlled time records
(e.g., time cards, sign-in sheets) or other means in reporting time and
attendance?
4. Does the financial institution account for sequence of pre-numbered time
records and follow-up of missing records; use check-off sheets to ensure that
all time records have been submitted (or that all fixed salary employees have
Yes
No
N/A
Risk
Rating
Management Controls
been reported)?
5. Does the financial institution compare summarized totals per time records,
with total hours recorded in the payroll register and in the payroll distribution
reports?
6. Has the financial institution established control totals and reconciliation to
totals posted to the control account?
7. For fixed salary employees, does the financial institution compare
summarized payroll totals with predetermined control totals?
8. Does the financial institution have adequate written procedures regarding
payroll reporting and summarization activities?
9. Does the financial institution have department supervisors approve time
reports, including overtime?
10. For employees paid on an hourly basis, does the financial institution use
adequate time records that are checked to supporting records of time incurred?
11. For employees receiving commissions, are the commissions based on loan
originations that are reconciled to originations recorded in the general ledger?
12. Does the financial institution ensure that the payroll has been checked and
approved as being valid before posting payroll to general ledger and earnings
records by:
a. Re-computing payroll accruals and comparing them with subsequent
payroll payments; comparing payroll tax reports with accrued tax
liabilities?
b. Checking by persons other than payroll preparers of the calculations
of gross pay and payroll deductions (e.g., by agreeing gross pay and
payroll deduction totals with predetermined control totals or by
sufficient checking of individual accounts)?
c. Recalculations of extensions and footings of payroll summaries and
payroll distribution reports, by persons other than payroll preparers?
Yes
No
N/A
Risk
Rating
Management Controls
d. Checking of account coding and payroll distribution of time records?
13. Does the financial institution have a designated official, who did not
participate in its preparation, review and approve each journal entry?
14. Does the financial institution have procedures in place that require all
computer program changes to be authorized, reviewed, and approved by the
data processing manager and the payroll/personnel department head?
15. Does the financial institution perform periodic EDP reviews to ensure all
programming changes are appropriate and properly authorized?
16. Has the financial institution established procedure for adding to, changing,
or deleting from the payroll/personnel data bases?
17. Does management review the continuing quality of the names and
addresses in the files including periodic determinations of whether each
existing name, address, salary, or employment status is correct?
18. The integrity of the data bases may be guarded by the following process
controls:
a. Specifications stating that changes must be approved in writing by
designated executives or supervisory personnel?
b. A comprehensive edit-check process that limits the possibility that
erroneous or incomplete data can be entered into the payroll/personnel
system database?
c. Limitation of access to data files through the use of access control
software, application specific password controls, or physical controls?
19. Does the financial institution require periodic EDP security reviews and
prompt follow up on all findings?
Payroll Disbursement
1. Does the financial institution have adequate written procedures regarding
payroll disbursements and summarization activities?
2. Does the financial institution perform a comparison as to names, dates,
Yes
No
N/A
Risk
Rating
Management Controls
numbers, and amounts of recorded disbursements with paid checks and
financial institution statement entries by persons other than (1) check
preparers or (2) those who can introduce documents into the cash
disbursements system? (This is done as part of financial institution
reconciliation.)
3. Does the financial institution account for sequence of pre-numbered checks
and follow-up of missing documents by persons other than the one who
maintains the payroll account?
4. Does the financial institution have a designated official review the results of
follow-up on missing documents?
5. Has the financial institution established control totals (e.g., totals of
appropriate columns in the check register) for posting to control accounts and
reconciliation to net payroll in the payroll register?
6. Does the financial institution have a designated official review the
comparison of recorded disbursements with paid checks and institution
statement entries?
7. Does the bank use pre-numbered journal entry forms and related
accountability for all numbers each period?
8. Does the financial institution have adequate written procedures regarding
activities on processing and summarization of payroll disbursements?
9. Does the financial institution prepare payroll checks only on the basis of an
authorized check request or approved payroll summary, by persons other than
those who initiate or approve any documents that give rise to cash
disbursements for payroll?
10. Do the check signers review the applicable supporting documentation prior
to signing checks, and are check signers different than those who approve
payroll for payment?
11. Does the financial institution require dual signatures on checks of
unusually large amounts and adjustment (or manual) checks?
12. Does the financial institution perforate, void, or otherwise cancel source
Yes
No
N/A
Risk
Rating
Management Controls
documentation to prevent subsequent reuse?
13. Does the financial institution ensure that disbursements have been checked
and approved as being valid before posting amounts to control account and
earnings records?
14. Does the financial institution compare checks, either individually or in
total, with the payroll register, as to amounts, dates and payees, by persons
other than the payroll preparers?
15. Does the financial institution have a designated official review and
approve the results of comparison of checks with the payroll register?
16. Does the financial institution reconcile payments of payroll deductions to
payroll deductions recorded in separate control accounts, by persons other
than the payroll preparers?
17. Does the financial institution use check account coding of payroll
disbursements for posting to the general ledger?
18. Does the financial institution have a designated official, who did not
participate in its preparation, review and approve each journal entry?
19. Does the financial institution have adequate written procedures regarding
payroll substantiation activities which lists the balances, reports, activities,
policies, and procedures that are to be substantiated, when they are to be
substantiated, how the results should be documented, and to whom they
should be communicated?
20. Does the financial institution perform a periodic reconciliation of general
ledger balances with earnings records and investigation of differences by
persons other than those who (1) authorize payroll changes, (2) prepare
payroll records, or (3) distribute payroll?
21. Does the financial institution have supervisory review and approval
reconciliation and investigation procedures?
22. Does the financial institution periodically compare the recorded balances
with budgeted amounts, prior period, and other analyses of payroll (e.g.,
computing average payroll cost per employees)?
Yes
No
N/A
Risk
Rating
Management Controls
23. Does a designated official review a comparison and analysis of payroll and
follow up on unusual items?
24. Does the financial institution have adequate written procedures regarding
payroll evaluation activities which list the balances, reports, activities,
policies, and procedures that are to be evaluated, when they are to be
evaluated, how the results should be documented, and to whom they should be
communicated?
25. Does the financial institution periodically determine the accruals for sick
and vacation pay, period-end accrued salaries, pensions, and retirement
benefits, etc.?
26. Does a designated official review and approve the determination of
accruals?
27. Does the financial institution perform an analytical review of payrollrelated accruals by comparing amounts to benefits paid, total payroll expense,
hours worked, or number of employees?
28. Does the financial institution test the reasonableness of accrued payroll by
recalculating the amount, performing a predictive test of the amount, or
examining subsequent payments?
29. Does the financial institution periodically review the formulae used for
accruals (e.g., accruals for sick and vacation pay, pension, and retirement
benefits)?
30. Does the financial institution obtain reports from independent parties (e.g.,
actuaries) and test the reasonableness of key assumptions used in the
computations of payroll-related accruals?
31. Does the financial institution perform an analysis of payroll accruals in
relation to budget and prior periods?
32. Does the financial institution review minutes, agreements, and budgets for
evidence of payroll-related expenses that may have been incurred?
Comments:
Yes
No
N/A
Related documents
ABSTRACT Information technology is the characteristic that makes
ABSTRACT Information technology is the characteristic that makes
Authorization for Overtime - California State University Stanislaus
Authorization for Overtime - California State University Stanislaus
Services - Buzzworks
Services - Buzzworks
GROSSMONT-CUYAMACA COMMUNITY COLLEGE DISTRICT
GROSSMONT-CUYAMACA COMMUNITY COLLEGE DISTRICT
Staff/Faculty Name Change Form - Centre for Human Rights
Staff/Faculty Name Change Form - Centre for Human Rights
SPECIAL CHECK FROM IMPREST FUND
SPECIAL CHECK FROM IMPREST FUND
Download
advertisement