Global Payroll: Are You in Control?

Copyright 2016, GPMI, Inc.

Presented by:

Max van der Klis-Busink

Payroll Manager, NL Shell

This publication is distributed with the understanding that the publisher and authors are not engaged in rendering legal, accounting or other professional service. If legal advice or other professional assistance is required, the service of your attorney or certified public accountant

should be sought.

Global Payroll: Are You in Control? Presented by: Max van der Klis-Busink

Helpful Tips when participating in webinars: • Be prompt.• To avoid missing the beginning of the webinar we suggest you connect to the program at least 10 minutes

prior to start time. You can connect up to 30 minutes prior to the scheduled start time.• The audio portion of this webinar is streamed through your computer speakers or attached speaker. To

ensure all connections will work prior to the program, please click on the Test Your System link in your eventnotification email. We recommend you test the connection 24 hours prior to the program but no later than30 minutes prior to the beginning of the program.

• If you are having trouble logging in, please double-check your login ID. This information is provided in yourreminder message received.

• Once you are logged in the session and having difficulty hearing the audio portion of the webinar, pleaseclick refresh your browser and close any applications that you have running in the background, such asyour email, that may interfere with the audio streaming into your computer. In addition, you may want tocontact your Internet Service Provider or IT department for further troubleshooting.

• There will be question and answer opportunities throughout the program. To ask a question, simply enteryour question into the Question box at the bottom of your screen.

• An online Evaluation Survey will display immediately after the webinar ends.• Access to the On Demand will be emailed to you after the Live Webinar concludes. Access the On Demand

using the same login used for the Live Webinar.

If you have any questions following this webinar in regards to the subject matter presented, please contactGPMI Education at education@gpminstitute.com.

Continuing Education Units • The registered participant will receive 0.10 CEU and 1.0 RCHs for participation in the LIVE webinar or the

On Demand. You must participate for no less than 50 minutes of the 60-minute webinar or the On Demand. • You will receive your Certificate of Participation in an email. Please print and keep for your records.

If you do not receive your certificate contact GPMI support at support@gpminstitute.com.

FOR LIVE SESSION ONLY: Certified Public Accountants – If you need CPE credits for this webinar, please download the CPE form from the Handout window during the webinar, follow the directions on the form and submit the form to certification@americanpayroll.org. You will receive your certificate in approximately eight weeks. For a CPA to earn CPE credits for this webinar, you must answer all polls during the webinar and complete the CPE form found in the Handout Box. Webinar On Demands are not eligible for CPE credits.

Cancellations/Substitutions • If payment was submitted, cancellations must be received in writing seven days prior to the webinar program

for a full refund. A check is mailed to you for refunds. No refunds are made directly to your credit card account.

• Refunds or substitutions will not be honored within 48 hours of the webinar.Global Payroll Management Institute • 1601 18th Street, NW, Suite 1

Washington, DC 20009 © GPMI, Inc.

1

2

Introduction

Max van der Klis-BusinkPayroll Manager, NLShell

Max.vanderKlis@Shell.com

max-van-der-klis-busink

3

• Emerging trends and the need to be in control• COSO’s Internal Control Integrated Framework and the

GPCF• Four sections of the GPCF

• Section 1: Global Payroll Objectives• Section 2: Global Payroll Control Components• Section 3: Global Payroll Operating Model• Section 4: Country Standard Operating Procedures

(C-SOP)• Getting started with your GPCF

Agenda

Global Payroll Management Institute 1

4

Emerging Trends and the need to

be in control

5

Legislators around the world have responded to fraud cases with stringent legislation, for example:

• Federal Deposit Insurance Corporation Act (FDICA)

• Sarbanes-Oxley Act (SOx)• Financial Instruments and Exchange Law

(also known as “J-SOX)• Safe Harbor and EU Data Protection

Also think of “Enron Ethics”

Trend #1

6

Governments are implementing new regulatory models for their supervisory duties, for which the drivers are:

• Limited resources to detect non-compliance• Society demands cooperative approach to

tax-payers

NOTE: This led to the introduction of “horizontal monitoring” or “cooperative compliance”:

transparency in exchange for certainty on your tax position. To participate, organizations need to show how they are in control. How?

Trend #2

Global Payroll Management Institute 2

7

New service and technology solutions are changing the way multi-country payroll is, can and must be run. This has an

enormous effect on how organization’s organize payroll. Why?

However, lessons teach us that:

• Global payroll strategies are typically designed without a clear understanding of the current

state and feasible future states• Drivers to start with global payroll require a

sound understanding of current risks, controls (also local!) and environment

Trend #3

8

You might have noticed: local governments are depend of accurate payroll data as result from filings.

They rely more and more on data to be:

• Accurate• Timely• Complete

• Valid• …

Just think of RTI, DSN, etc. This requires the Global

Payroll Function to be in control and on top. Joint effort?

Trend #4

9

Each payroll function needs to be in control of payroll in an evidence-based manner.

• Are you? Will you?

• Yes? How? When?

It cannot be denied…

Global Payroll Management Institute 3

10

11

COSO’s Internal Control Integrated Framework and the GPCF

12

Committee of Sponsoring Organizations of the Treadway Commission (COSO) and its Internal Control Integrated Framework (IC/IF), version May 2013.

Purpose:

• The Global Payroll Function’s processes embed internal control and are designed to provide reasonable assurance regarding the achievement of

the payroll objectives relating to operations, reporting and compliance by executing control activities that mitigate risks in accordance with the GPCF.

Basis for a Global Payroll Control Framework

Global Payroll Management Institute 4

13

COSO IC/IF is typically summarized in a 3D cube:

• The three categories of objectives are represented by the columns

• The five components of internal control are represented by the rows

• The entity structure represent the third

dimension

All dimensions are interrelated and are the basis of being in control. Looks simple, doesn't it? In practice: not that easy.

Basis for a Global Payroll Control Framework

14

Based on COSO IC/IF, practical insights and having run payroll for many years the GPCF is a best practice method:

• Global Payroll Objectives (COSO: Objectives as columns)

• Global Payroll Control Components (COSO: Components as rows)

• Global Payroll Operating Model (COSO: in definition of control)

• Country Standard Operating Procedures (C-SOP) (COSO: entity level as 3rd dimension)

These four sections interact, are interdependent and equally important. It’s a classic concept: without one, all is none.

Global Payroll Control Framework

15

Four sections of the GPCF

Global Payroll Management Institute 5

16

1. Operations

• Effectiveness and efficiency of the Global Payroll Function

• Timeliness, accuracy and completeness (SLA)

• Total Cost of Ownership (TCO)• Customer & Stakeholder Satisfaction• Internal / external performance

benchmarking

Section 1: Objectives

17

2. Reporting• Internal and external financial reporting• Internal and external non-financial reporting

3. Compliance• Compliance to applicable national and

international laws, rules and regulations• (Adherence to internal policies and

procedures)

Section 1: Objectives

18

Fundamentals for all objectives:

• Alignment with the BCF/TCF• Code of conduct & ethics

• Compliance code is vital! Not standalone, but integrated.

Get the objectives approved by the overall accountable position in your organization: sponsorship. It’s the essential starting point of the GPCF.

Section 1: Objectives

Global Payroll Management Institute 6

19

The Control Environment is:

• The set of standards, processes and structures that provide the basis for carrying out internal control across the entities regions and functions.

• It’s the suit that determines how you should dress and the degree it allows you to move. What’s the tone?

Section 2: Control Environment

20

21

Gather this information internally from stakeholders, payroll administration, intranet pages and from the C-Suite:

1 Policies & Codes Gather the tone set forth in the Code of Business Conduct & Code of Ethics

2 OrganizationalStructure

Provides insight in where the Global Payroll Team reports into, show the organization chart and reporting lined and the function profiles

3 Customers &Stakeholders

Name the most important customers (mostly the employees) and stakeholders (internal and external)

4 IT Environment List all systems utilized, it’s general usage and who the owner is

5 Payroll Environment

Summarize all payroll entities with the cycle frequency, periodic number of payslips, time-zone, currency and complexity to run payroll

6 Payroll BusinessContinuity Plan

Outlines potential scenarios which would call for such a plan, including: IT infrastructure failures, payroll vendor service stoppage and banking issues

Section 2: Control Environment

Global Payroll Management Institute 7

22

Each organization faces risks from a variety of sources and events, both internal and external:

• A risk is identified as ‘the possibility that an

event occurs that adversely affects the achievement of Global Payroll Objectives’.

• Risks can be present in payroll’s own processes or occur outside of payroll’s influence. Source to gross?

• Risks occur on a global, regional and local level! Don’t make this just a global party.

Risks are 360 degrees.

Section 2: Risk Assessment

23

Find synergy with already described risks, for instance as part of an internal SOx-404 program and/or internal audit policies:

• Identify all possible risks (ask for help!) and link them to Global Payroll Objectives.

• Assess the risks. Classify them as key & non-key based on discretionary items. Set the intended response: acceptance, avoidance, reduction or sharing. Describe risks in a fiche with a risk header containing the reference and

description.• Ensure you understand if risks are global or local (require different mitigation)• Include all identified, assessed and described risks in a Risk Control Matrix

(RCM) and Risk Objective Matrix (ROM).

Section 2: Risk Assessment

24

In its shortest, Control Activities are those actions that mitigate the assessed risks that require a response:

• Control Activities for payroll are typically part of everyday business processes: sign-

offs, segregation of duties, system blocks, access rights, authorization policies, etc.

• Controls can however also be annual activities, such as updating payroll

parameters and obtaining the ISAE 3402 Type II or SSAE 16 Type II statements from payroll provider(s).

Section 2: Control Activities

Global Payroll Management Institute 8

25

1 Control header Reference (CTR.###) and a description in wording

2 Control classification Key and non-key based on level of complexity, professional judgement and risk of management override

3 Control objective Accuracy, authorization, completeness, error handling, segregation of duties and validity (multiple possible)

4 Control type Detective, preventive or corrective: try to mitigate one risk with various control types!

5 Control method Manual or system

6 Utilized systems List the utilized systems in this Control Activity

7 Evidence of control Name the to be obtained proof providing the control was executed

8 Control test technique Reperformance, observation or enquiry

9 Frequency of control Based on the assumed population or the mere frequency

Section 2: Control Activities

26

Include the controls in the RCM.

But consider: Control Activities must always mitigate risks, why else perform

them?

Get started with being lean and include control reviews as part of your continuous improvement plan. Loose 2 and add 1 meaningful control?

Section 2: Control Activities

27

In order to ascertain all components of internal control are present and functioning, conducting ongoing and

separate evaluations is mandatory:

• Ongoing evaluations are typically built into

(sub-)processes.• Separate evaluations are periodically conducted

with a different scope compared to the ongoing ones.

• Examples are:o Payroll Knowledge Meetings (multidisciplinary!)o Vendor Governance Reviewso (Cross-Functional) Self Audits

o Continuous Risk Identification & Review Process

Section 2: Monitoring Activities

Global Payroll Management Institute 9

28

In order to carry out internal control responsibilities, it’s important to inform each involved actor about his/her roles

and responsibilities:

• Management must be provided with the

relevant information (dashboard(s)?) by the Global Payroll Team to support the functioning of the five components of internal control by distributing the GPCF

• Communicating the right information on the right time enables them and others to make the best business decisions every day

Section 2: Information and Communication

29

Each GPCF should therefore address (at least) these topics in the last item of the Global Payroll Control Component:

1 Communication Guidelines

Primary language, communication tools, frequency of contact between regions, time-zone handling and cultural factors.

2 Storing of Information &

Documentation

Documentation repository, access rights to shared drives, methods of internal and external file sharing and retention period handling.

3 Payroll Dashboard Metrics and indicators measuring KPI performance, root cause analysis and contextual factors and drive continuous improvement. Also include any

metrics that the payroll provider can provide.

4 Payroll Enquiry Handling

Response times to customer and stakeholder enquiries, escalation process and go-to persons.

Section 2: Information and Communication

30

Efficient:• Doing the things right to achieve objectives / route to finish

Effective:• Doing the right things to achieve objectives / finishing

Transparent:• Proper disclosing of information, roles, responsibilities and

raising red flags when events (may) occur that adversely effect the achievement of Global Payroll Objectives

Section 3: Operating Models

Global Payroll Management Institute 10

31

COSO IC/IF:• Internal control is a process, effected by

an entity’s board of directors, management,

and other personnel (people) designed (systems & sourcing) to provide reasonable assurance regarding the achievement of objectives relation to operations, reporting and compliance.

• A process happens in time, and in that process people are acting with utilizing systems, that can both be outsourced.

Systems

People

Sourcing

Process

Section 3: Operating Models

32

This is where the level is detail is touched to be in control of local payroll:• C-SOPs are typically drafted and kept up-to-date by both the Payroll

Provider (if outsourced) and the Organization.

• C-SOPs are not described in the GPCF itself, but are separate supporting documents with a stringent version control management.

• C-SOPs are not Work Instructions! It’s not a ‘click here and click there’ document. They are a Control Activity in itself.

Section 4: C-SOPs

33

Follow the same structure in the C-SOPs as in the Process Groups, for instance:

1 Source 2 Gross Starters, leavers, benefit in kind, expense claims and time & attendance

2 Gross 2 Net How to read and calculate payslips,. tax benefits, mandatory information on payslips, etc.

3 Net 2 Pay How batch salary payments are processed and from which bank account(s)

4 Pay 2 Distribution How payslips are distributed (hard-copy, digital) and managing user accounts

5 Distribution 2 Report

Payroll journals, payroll reconciliations, garnishments, refunds

6 Report 2 Filing Pension administration, payroll dashboards and payroll taxes filings

7 Filing 2 Pay Payment of payroll taxes and monitoring direct debits

8 Off-Cycle Any local on-offs: voucher administration, year-end and year-start

Section 4: C-SOPs

Global Payroll Management Institute 11

34

Getting started with your GPCF

35

Step 1Understanding Current State

Step 2Setting The Scene & Drafting The Doc

Step 4Risks & Mitigations

Step 5Wrapping The Big 5

Step 6Going Local

Step 3P2S2: Process, People, Systems and Sourcing

Step 7Issuing, Informing & Maintaining

Take these steps to create the GPCF!Continuous

Improvement

Time

Com

ple

tion

Proven 7-Step Approach

Global Payroll Control Framework (GPCF)

The Global Payroll Function’s processes embed internal control and are designed to provide reasonable assurance regarding the achievement of Global Payroll Objectives relating to operations, reporting and compliance by ensuring to put the Global Payroll Control Framework in daily practice.

The set of standards, processes and structures that provides the basis for carrying out

internal control. The established tone at the top externalized in codes and policies setting the importance of internal control. The identification of customers and stakeholders of the Global Payroll Function and addressing the payroll footprint.

Control Environment

Global Payroll Control Components

Op

era

tio

ns

Re

po

rtin

g

Payroll is run in a timely, accurate and complete manner by processing in full accordance with the timelines and processes of the GPCF.

The design of the Global Payroll Operating Model leads to an acceptable level of Total Cost of Ownership (TCO).

Customers and stakeholders of the Global Payroll Team are satisfied with the services and payroll output provided to them.

Control activities are executed effectively to mitigate risks that have an adverse effect on the achievement of Global Payroll Objectives.

Payroll expense in the commercial accounts reflect payroll output and is reconciled in a timely, accurate and complete manner.

Payroll is compliant to applicable (local and international) payroll regulations next to the organization’s policies and procedures.

Documents used to run payroll are stored in a manner that ensures data integrity and compliance to local retention periods.

Co

mp

lia

nce

Global Payroll Objectives

Control ActivitiesRisk Assessment

Identified and assessing risks that have

or may have an adverse effect on achieving Global Payroll Objectives.

Activities designed and implemented, as

part of processes or separate evaluations, to mitigate risks.

Information & CommunicationMonitoring Activities

To ascertain all components of internal

control are in place, ongoing and separate evaluations are conducted.

Established ways of communication on

payroll enabling decision making based on data and context.

Source 2 Gross 2 Net 2 Pay 2Distribution 2 (Financial)

Reporting 2 Processing ReturnsGlobal Payroll Operating Model

People Sourcing Systems

Country Standard Operating Procedures

Process

Global Payroll Management Institute 12

37

Yes! You’ll be able to answer questions like:

• “Who can guarantee me our payroll

function is in control? Show me!”• “Is our operating model transparent,

efficient and effective?”

Bring It On!

38

Global Payroll Management Institute 13

2017 Education Calendar

Last revised February 2017. Schedule is subject to revisions.

All Virtual Classes and Webinars are also available On Demand.

For more information on course objectives and how to register, please visit www.globalpayrolleducation.com

The Global Payroll Management Institute (GPMI) offers a wide variety of comprehensive courses on a number of topics. Browse the list of offerings below and mark your calendar today!

MayManaging International Payroll Data

Type: 90-Minute Virtual ClassCost: $149Sponsor: Fitzgerald and Law

03

Global Payroll Management Forum

Type: 4½-Day Conference Cost: $2,050 Location: Orlando, FL

16thru

20Current State of the Payroll Services Market

Type: 60-Minute Webinar Cost: Free Sponsor: Nelson Hall

31

Global Payroll Taxation and Compliance Course United Kingdom, Ireland, Belgium, Germany, and France

Type: Four-Day In-Person Class Cost: $1,980 Location: Philadelphia, PA

03thru

06

April

Global Payroll: Are You in Control?

Type: 60-Minute WebinarCost: Free

06

Global Payroll Management Certificate Program

Type: Three-Day In-Person Class Cost: $1,460 Location: San Francisco, CA

19thru

21

JuneShould Global Payroll Operations = Global Employment Tax Compliance?

Type: 90-Minute Virtual ClassCost: $149Sponsor: Deloitte

08

Global Payroll Management Certificate Program

Type: Three-Day In-Person ClassCost: $1,460Location: San Antonio, TX

26thru

28

Payroll in France

Type: 6-Hour Virtual Class - 2 Hours per Day Cost: $595

July

171921

Global Payroll Management Certificate Program

Type: Three-Day In-Person Class Cost: $1,460 Location: Philadelphia, PA

August

16thru

18

OctoberGlobal Payroll Management Certificate Program

Type: Three-Day In-Person Class Cost: $1,460 Location: New York, NY

Payroll in Germany

Type: 6-Hour Virtual Class - 2 Hours per Day Cost: $595

11thru

13

161820

NovemberPayroll in The Netherlands

Type: 4-Hour Virtual Class - 2 Hours per Day Cost: $395

14and

16

16 - 20 May, 2017Orlando World Center Marriott

Orlando, FL, USA

Global PayrollManagement Forum

Register at www.GlobalPayrollForum.com

The most robust multinational payroll education and networking experience available. Learn about crucial international payroll updates, as well as priceless answers to your questions.

2nd Annual