Upload
truongtram
View
219
Download
4
Embed Size (px)
Citation preview
9/13/2017
1
©Stinnett & Associates LLC
CHA-CHING! PAYROLL CONTROLS
THAT PAY OFF
Melinda Stinnett, CPA, CIA | Managing Director
1
September 15, 2017
©Stinnett & Associates LLC2
PERSONAL INTRODUCTION
Bachelor’s Degree (Accounting) Oklahoma State University
Public accounting career for approximately 12 years (started Career with Price Waterhouse in Phoenix, next headed to McGladrey LLP in South Dakota, and then landed a job with Arthur Andersen in Tulsa, OK)
Establishment of Stinnett & Associates September 2001
Professional
Interests
Love all things MARVEL, Thor is my favorite superhero!
I enjoy scuba diving.
The perfect breakfast: Merritt’s Chocolate Donut!
Family trips – most recently, climbed Mt. Fuji.
©Stinnett & Associates LLC3
Personal Introduction
Graduated from Texas A&M with Bachelor’s and Master’s degrees in Accounting
Started with Stinnett in June 2004 after four years in public accounting
Client serving for 10 years, primarily SOX Compliance in the energy industry
CPA and CIA certifications
Transitioned to professional practice support in 2014
Manage Audit Methodology and Quality Assessment Program
Professional
Interests
Attending kids’ sporting events
Friday family movie nights
Favorite Drink: Diet Dr. Pepper
Favorite Hobby: Planning vacations!
9/13/2017
2
©Stinnett & Associates LLC
DISCLAIMER
• The comments and statements in this presentation are the opinions of the speakers and do not necessarily reflect the opinions or positions of Stinnett & Associates, LLC.
• This presentation is the property of Stinnett & Associates, LLC. All rights reserved. No part of this document may be reproduced, transmitted or otherwise distributed in any form without written permission from Stinnett & Associates, LLC.
• Stinnett & Associates, LLC expressly disclaims any liability in connection with the use of this presentation or its contents by any third party.
4
©Stinnett & Associates LLC
FIRM BACKGROUND
5
Stinnett & Associates, LLC (Stinnett) is a professional advisory firm which excels at maximizing value for both public and private
organizations. Our services are designed to help clients more effectively manage risk and improve performance by streamlining processes,
reducing costs, and enhancing controls.
Stinnett offers co-source and outsource solutions within a diverse range of services, including:
Process Design and Re-engineering Internal AuditGovernance Risk and Compliance
Sarbanes-Oxley Fraud Investigation Fraud Risk Assessment
Cost Recovery Information Technology Enterprise Risk Management
Doing the Right Thing
Founded in 2001, Stinnett has grown to have offices in Dallas, Houston, Oklahoma City, San Antonio,
and Tulsa. We provide services to several Fortune 1000 companies as well as many mid to large size
organizations with global operations.
We are primarily recognized for offering relevant advisory assistance and exemplary client service withthe unique ability to deliver what our clients need. Working toward solutions, we have a reputation for
“doing the right thing.”
Stinnett is a certified Women’s Business Enterprise through the Women’s Business
Enterprise National Council. We pride ourselves on being trusted business advisorswho focus on assisting clients to reach strategic milestones positioning them for
future success.
©Stinnett & Associates LLC
GETTING TO KNOW YOU
• How many years in
payroll?
• Position in payroll
department?
• Size of company?
• Type of company?
• Level of outsourcing?
6
9/13/2017
3
©Stinnett & Associates LLC
LEARNING OBJECTIVES
• Discuss current payroll trends
• Identify objectives, risks, and internal
controls over the payroll process
• Identify appropriate internal control
procedures based on the size of the
department
7
©Stinnett & Associates LLC
AGENDA
• Purpose of Internal Control
• Trends in Payroll
• Segregation of Duties
• Payroll Sub-Processes
-Objectives and Risks
-Expected Controls
-Best Practices and
Continuing Monitoring
8
©Stinnett & Associates LLC
WHAT IS INTERNAL CONTROL?
• Under the COSO Internal Control-Integrated Framework, a widely
used framework in not only the United States but around the
world, internal control is broadly defined as:
“A process, effected by an entity's board of directors,
management, and other personnel, designed to provide
reasonable assurance regarding the achievement of objectives
relating to operations, reporting, and compliance.”
9
9/13/2017
4
©Stinnett & Associates LLC
WHY PAYROLL INTERNAL CONTROL?
• Achieve Regulatory Compliance
• Identify and Create Operational Efficiencies
• Prevent and Detect Payroll Errors
• Improve Accuracy of Financial Reporting & Organizational Health
• Prevent and Detect Payroll Fraud
10
©Stinnett & Associates LLC
WHY INTERNAL CONTROL?
11
©Stinnett & Associates LLC
GROUND RULES
• Internal controls are not “one size fits all” and should be established to best suit your company and should consider:
-Nature of organizations and related businesses
-Size of staff
-Systems
-Risk tolerances
• Payroll trends are evolving and could alter your internal control structure
• Control examples included in presentation are not all-inclusive
12
9/13/2017
5
©Stinnett & Associates LLC
SEGREGATION OF DUTIES
• Separating key functions in a process such that one employee
does not have sole responsibility for a process
• Can be difficult and costly to fully implement, especially in small
companies
-Smaller companies may need to implement more manual
review controls to compensate for lack of personnel
• Four categories to be segregated: Authorization, Custody,
Record-Keeping, and Reconciliation
13
©Stinnett & Associates LLC
SEGREGATION OF DUTIES - PAYROLL
Authorization
• Approval of New Hires
• Approval of Pay Rates
• Signing of Checks
Custody
• Access to Checks and Bank Accounts
• Mailing or Delivering Checks
Record Keeping
• Preparing Source Documents
• Maintaining Journals, Ledgers, Etc.
Reconciliation
• Preparing Bank Reconciliations
• Preparing Payroll Liability Reconciliations
14
©Stinnett & Associates LLC
INTERNAL CONTROL - PAYROLL SUB-PROCESSES
• Employee Master File Maintenance
• Time Keeping and Payroll Processing
• Payroll Disbursements
• Financial Reporting
15
9/13/2017
6
©Stinnett & Associates LLC
EMPLOYEE MASTER FILE MAINTENANCE
16
©Stinnett & Associates LLC
EMPLOYEE MASTER FILE MAINTENANCE
• Objective: All and only authorized additions, deletions, and
changes to the employee master file are promptly and accurately
recorded.
• Risks:
-Unauthorized or fictitious employees are added to the system
-Unauthorized changes (including pay rates, deductions, and
other payroll benefits) are entered in the system
-Terminated employees are not removed from the system
17
©Stinnett & Associates LLC
EMPLOYEE MASTER FILE MAINTENANCE
• Limited access to employee master file
- Small company – If system does not allow for limited access, check signer should review employee master file for changes prior to each payroll run
- Large company – Access to employee master file within system is limited to appropriate individuals. Appropriate segregation of duties is expected. Periodic reviews of system access ensure access remains appropriate.
- If outsourced or cloud-sourced – Appropriate individual is responsible for validating accuracy and completeness of information sent to outsource agency or input to cloud software
18
9/13/2017
7
©Stinnett & Associates LLC
EMPLOYEE MASTER FILE MAINTENANCE
• All new hires and changes to master file are documented and
approved
- Small company – Signed authorization required for all changes to
employee master file
- Large company – Responsibility for master file changes lies with
HR and changes are interfaced to payroll system. Appropriate
system access is maintained for both systems.
- If outsourced or cloud-sourced - Appropriate individual is
responsible for validating accuracy and completeness of information
sent to outsource agency or input into cloud software
19
©Stinnett & Associates LLC
EMPLOYEE MASTER FILE MAINTENANCE
• Terminations are recorded timely and access to systems is promptly removed.
- Small company – Completion of a Termination Checklist for each termination ensures prompt removal from payroll
- Large company – Interface between HR and payroll systems ensure changes made by HR are recognized in payroll timely. Termination notices are sent to HR by supervisors.
- If outsourced or cloud-sourced - Appropriate individual is responsible for validating accuracy and completeness of information sent to outsource agency or input into cloud software
20
©Stinnett & Associates LLC
EMPLOYEE MASTER FILE MAINTENANCE
• Best Practices and Continuous Monitoring Opportunities
- Compare new employees with existing employee data (duplicate SSN, address, bank routing and account number)
- Compare employee data to vendor data
- Approval limits within the system for pay rate changes to protect from data entry errors
- Periodic reconciliation between HR and Payroll master files if separate systems are utilized
- If outsourced or cloud-sourced, HR system is interfaced to outsourced system to streamline changes
21
9/13/2017
8
©Stinnett & Associates LLC
TIME KEEPING AND PAYROLL PROCESSING
22
©Stinnett & Associates LLC
TIME KEEPING
• Objective: Total labor time and costs are properly authorized,
controlled, and recorded.
• Risks:
-Unapproved hours worked or absences are recorded and paid.
-Hours worked (including overtime) are over/under stated on the
time sheet.
-Duplicate time sheets are submitted.
23
©Stinnett & Associates LLC
TIME KEEPING
• Time sheets are approved by a supervisor prior to submission to payroll.
- Small company – Time sheets are signed by employee and supervisor prior to entry into payroll.
- Large company – E-timesheets requiring dual electronic approval by employee and supervisor prior to payroll processing.
- If outsourced or cloud sourced – Timesheets/payroll data should be sent to outsourcing agency by authorized individuals only, or timekeeping system interfaces with outsource or cloud system such that only approved timesheets are processed.
24
9/13/2017
9
©Stinnett & Associates LLC
PAYROLL PROCESSING
• Objective: Gross pay and deductions from pay are properly
calculated and recorded.
• Risks:
-Payments are made to fictitious, unauthorized, or terminated
persons.
-Duplicate payments are made to the same employee.
-Pay amount, including pay rate, regular and overtime hours,
and deductions, is incorrectly calculated.
25
©Stinnett & Associates LLC
PAYROLL PROCESSING
• Processed payroll data is reviewed for accuracy prior to payment
- Small company – Payroll reports are reviewed for changes, new employees and reasonableness of net payment prior to authorizing payment. Agreement to control totals is verified to ensure completeness of payroll processing.
- Large company – Comparative payroll analysis by pay groups/divisions, etc. is performed after each payroll processing to identify significant or unusual payroll variances.
- If outsourced or cloud sourced – Authorized individual should review provided payroll reports for reasonableness and agreement to check figures prior to authorization of payment.
26
©Stinnett & Associates LLC
TIME KEEPING AND PAYROLL PROCESSING
• Continuous Monitoring Opportunities
-Exception reports for payroll changes beyond certain
parameters
• Overtime hours significantly above normal for an employee
• Lack of overtime based on position
• Consistent hours for non-salaried employees
• Timecards with less than standard hours
• Unusual or excessive pay amounts outside of set parameters
27
9/13/2017
10
©Stinnett & Associates LLC
PAYROLL DISBURSEMENT
28
©Stinnett & Associates LLC
PAYROLL DISBURSEMENT
• Objectives:
- All payroll disbursements (payments made) are properly authorized and relate to valid employees and their work performed.
- Control is maintained over check stock and other cash disbursement technology.
• Risks:
- Payroll payments are not recorded or are recorded in the incorrect account.
- Payments are made to fictitious employees or disbursements are made without proper authorization.
- Cash disbursements recorded do not agree with amounts paid by the bank.
29
©Stinnett & Associates LLC
PAYROLL DISBURSEMENTS
• Check stock should be properly secured
-Small company – Check stock should be maintained in locked
cabinet/closet, and key is kept in custody of authorized
individual. Direct deposit should be encouraged.
-Large company – Direct deposit should be required, or check
stock that is maintained is blank until printed.
- If outsourced or cloud sourced – Check stock is maintained
on site of third-party, payments are returned to authorized
person at company.
30
9/13/2017
11
©Stinnett & Associates LLC
PAYROLL DISBURSEMENTS
• Bank account balances are monitored frequently and
reconciled timely.
-Small company – Payroll bank accounts are reconciled
monthly
-Large company – Cash accounts are monitored daily. Imprest
accounts may be utilized.
- If outsourced or cloud sourced – Maintain authorized access
to accounts by third-party.
31
©Stinnett & Associates LLC
FINANCIAL REPORTING
32
©Stinnett & Associates LLC
FINANCIAL REPORTING
• Objective:
- Payroll expenses and related liabilities are recorded appropriately
- All accruals for payroll wages, taxes, and deductions are recorded
timely and are reasonably estimated.
• Risks:
- Payroll expenses and/or related payroll liabilities (including accrued
wages) are calculated or recorded incorrectly.
- Journal entries are made for payroll or related accruals which are
inaccurate or inappropriate.
33
9/13/2017
12
©Stinnett & Associates LLC
FINANCIAL REPORTING
• Payroll reports are reconciled to the general ledger after
each payroll is generated.
-Small company – Payroll-related accounts are reconciled
timely and reviewed by appropriate personnel.
-Large company - Payroll-related accounts are reconciled
timely and reviewed by appropriate personnel.
- If outsourced or cloud-sourced - Payroll-related accounts are
reconciled timely and reviewed by appropriate personnel.
34
©Stinnett & Associates LLC
FINANCIAL REPORTING
• All journal entries are reviewed and approved by the appropriate supervisor.
-Small company – If limited personnel prevents review of individual journal entries, then a monthly general ledger review by an appropriate employee must be performed.
-Large company - Journal entries must be reviewed an approved by someone other than the preparer prior to entry.
- If outsourced or cloud sourced - Journal entries must be reviewed an approved by someone other than the preparer prior to entry.
35
©Stinnett & Associates LLC
FINANCIAL REPORTING
• Monthly review of payroll expense as compared to budget, prior year expenses, etc., is performed. Significant or unusual variances are explained.
- Small company - A monthly payroll expense review by an appropriate employee must be performed, and explanations are obtained for significant or unusual variances.
- Large company - A monthly payroll expense review by an appropriate employee must be performed, and explanations are obtained for significant or unusual variances.
- If outsourced or cloud sourced - A monthly payroll expense review by an appropriate employee must be performed, and explanations are obtained for significant or unusual variances.
36
9/13/2017
13
©Stinnett & Associates LLC
FINANCIAL REPORTING
• Best Practices or Continuous Monitoring Opportunities
-Payroll expense trend analysis over various time frames to
identify normal seasonal variances, making unusual variances
easier to detect.
-Perform a periodic payroll audit to verify payment amounts,
deductions, and withholdings are all accurate.
37
©Stinnett & Associates LLC
PAYROLL TRENDS
• Outsourcing
• Cloud-Sourcing or Software as a Service
• Accessing Payroll Information from Mobile Devices
• Data Security
• Paycards
38
©Stinnett & Associates LLC
THIRD PARTY PAYROLL PROVIDERS
• Outsourcing payroll activities does not result in outsourced risk!
-Access to third-party administrator (TPA) systems must be appropriately limited
-Data transmission must be verified for accuracy and completeness
-Review of TPA SOC 1 (SSAE 18) report on an annual basis to ensure TPA control environment meets the internal control objectives of your organization
39
9/13/2017
14
©Stinnett & Associates LLC
THIRD PARTY PAYROLL PROVIDERS
• SOC 1 Report User Control Consideration Examples
- Data Input – validating information sent is complete and accurate
- Processing – ensuring payroll data is ready to process prior to
submission
- Data Output – reviewing output for discrepancies and verifying
direct deposit files are accurate
- Logical Access – maintaining appropriate access to the TPA system
- Client Inquiries – timely notification of any changes to authorized
personnel
40
©Stinnett & Associates LLC
SPECIAL CIRCUMSTANCES - EMPLOYEE ADVANCES
• Need to track advance and repayments
- Risk of errors in recordkeeping
- Time consuming to track individual advance amounts and repayment
• Employee may terminate prior to repayment of advance
- Federal or state law may prohibit employer from withholding
advance from last paycheck
• If company offers employee advances
- Consult with employment attorney
- Have an explicit policy regarding advances
41
©Stinnett & Associates LLC
SPECIAL CIRCUMSTANCES - EXPENSE REPORTS
• If reimbursed through payroll, must be aware of tax implications
-Ensure expense is valid business expense
-Consideration of per-diem amounts vs. actual amounts (if larger
than per-diem, may be considered excess wages subject to
payroll taxes)
-Timeliness of expense reimbursement
-Use of proper expense reports with proper approval is essential
for recordkeeping and audit tracking
42
9/13/2017
15
©Stinnett & Associates LLC
QUESTIONS
43
www.STINNETT-ASSOCIATES.com | 888.808.1795
Stinnett & Associates
8811 S. Yale Ave., Suite 300
Tulsa, OK 74137
Main Number 918.728.3300