Internal Audit Department

Financial Controls Programm

8. Payroll
Masterfiles, Reporting and Security
8.1 Updates to payroll masterfiles are authorised and checked.

8.2 Masterfile edit reports of changes are regularly checked by management.

8.3 Adequate controls are in place to prevent the duplication of employees on the payroll
system and the creation of fictitious employees.

8.4 Payroll details are reported to department heads on a regular basis to confirm
accuracy of payroll data.

8.5 Access to payroll is controlled by a tiered system of passwords.

Testing
1. Obtain a list of employees who have access to amend the payroll masterfile.
2. Enquire how this access is monitored and controlled.
3. If amendment/exception reporting exists select a sample of 5 employees with
pay amendments and check these for appropriate backing documentation and
authorisation. If any errors are found increase the sample size to 10.
4. Enquire what controls are in place to prevent duplication of employees on the
payroll (does the system flag identical names/employee id numbers, are HR
notified of all new additions etc). Are these considered adequate?
5. Confirm whether payroll details are sent to department heads for their review.
If yes are they required to evidence this or send a confirmation to payroll that
the details are correct?
6. Document how access to the payroll system is controlled (including read only
access).

Results

Pay Rates and Hours Worked

8.6 Changes to pay rates are approved by the appropriate level of management and
cannot be made by an unauthorised person.

8.7 Monthly and weekly payrolls are reviewed by the appropriate level of management.

8.8 Payroll exception reports are regularly produced and reviewed by an appropriate
official.

8.9 Monthly headcount reconciliation prepared and approved independently of the payroll
function. Reconciliation shows headcount bought forward updated for changes (eg
new starters, leavers etc) and reconciled to headcount per payroll.

Testing
1. Ascertain the process for authorising and processing amendments to pay
rates. Sample 5 changes in pay rate and ensure that these have full back-up
and have been authorised by an individual with the delegated authority to do
so.
2. Document the payroll review process, including the production of exception
reporting. Comment on its adequacy.
3. Enquire whether a monthly headcount reconciliation is performed, what this
entails and how it is conducted. Review one such reconciliation and ensure
that it covers the requirements of 8.9.

Results

Reconciliation
8.10 Control accounts exist for deductions and gross pay and are reconciled and reviewed

Page 1 of 2
Internal Audit Department
Financial Controls Programm

regularly by an independent person.

8.11 All payments to tax and other authorities are paid promptly and there are no
outstanding unresolved claims.

Testing
1. Document the local pay structure (gross pay with applicable deductions – tax,
social security, pension etc), including dates when payments are due to be
made for the various deductions.
2. Verify that GL accounts for Payroll Control and each type of deduction.
3. Review the reconciliations for these and obtain explanations for any items
older than expected from the timeframes outlined in Test 1. Enquire when
and how these are expected to be cleared.
4. Review the files for payments to the authorities/pension company etc in
respect of payroll. Check 3 of these to the bank statements to ensure that
they have been paid on time.
5. Enquire whether there are any unresolved claims. If yes obtain details of
these.

Results

Payroll Bureau
8.12 Adequate controls exist over the supervision of payroll if outsourced to an external
payroll bureau.

Testing
Enquire whether payroll is outsourced. If yes document the control, reporting and
authorisation procedures for this. Verify that adequate checks have been performed
by management on the bureau’s output.

Results

Page 2 of 2