Payroll - Internal audit report

City of Marion
28 May 2008

28 May 2008 Kathy Jarrett Manager Governance The City of Marion 24 5 Sturt Road STURT SA 50 47

Dear Kathy

Payroll – Int ernal audit report
In connection with the City of Marion Internal Audit Plan, we have completed the abovementioned internal audit project and are writing to report our findings. We acknowledge and appr eciate the assistance provided by Andrew Lindsay and Peter Bice in the performance of the review. This report covers processes and controls that were in effect during November 2007 – February 2008 and fieldwork was performed during February 20 08. Please contact David Powell on 8417 1727 or Matthe w Beeby on 841 7 1756 if you have any que ries regarding this report. Yours sincerely

Ernst & Young

Liability limited by a scheme approved under Professional Standards Legislation

Contents
1. 2. 3. Execut ive summary........................................................................................... Detailed findings and recommendations ............................................................. Improvement recommendation ........................................................................ Risk rating criteria .......................................................................... Personn el consulted during the condu ct of this project ....................... .. 1 .. 8 .. 16 .. 18 22

Appendix A Appendix B

© 2008 Ernst & Young Australia. Liability limited by a scheme approved under Professional Standards Legislation.

The main objective of the review was to identify gaps in control performance and recomm end process efficiencies that may be gained. The capture of information. The objectives of the review were to: ► ► ► Review the payroll controls in place Consider the efficiency of processing and review the communication procedures between Human Resources and the payroll processing function Assess the procedures associated with the monitoring of payroll processing to enable City of Marion to comply with authority levels and appropriate segregation of duties. the control of data. The processing of payroll is a core function requiring effective internal controls to limit the opportunities for fraud or error. Payroll . resulting in losses to City of Marion. monitoring and processing controls are in place to minimize the opportunity for City of Marion employee s to perpetuate fraud. There is the potential for a lapse in communication between personnel involved in Human Resources and Payroll which needs to be managed to ensure information is correctly transferred. Our review will take into consideration the adequacy of the payroll process and controls to minimize the risk of fraud. procedures and records surrounding the Payroll processes to ensure the safegua rd of the Council’s assets. In addition. we have undertaken a review of the City of Marion’s Payroll functions . 1. Whilst incorrect information resulting in employees receiving less salary than cont racted is unlikely. It is important that effective appr oval. resulting in financial loss to City of Marion. Accordingly.Internal audit repor t .1.1 Executive summary Background & objectives In accordance with the Internal Audit Plan 2008. we have documented our recommendations regarding the appr opriateness of the City of Marion’s policy. the risk exists that payroll is processed in excess of contractual arrangements with employees. appr oval mechanisms and transfer of funds are all key steps in the payroll process requiring effective internal controls. the re is inherently a risk associated with payroll due to fraudulent activity.

as well as the process for appr oval of leave and variations.1. 1. The processes and reporting associated with job costing in relation to projects. including overtime and allowances. This approach is outlined in the phases below: Understand the payroll process Provide valueadded reporting Payroll .2 Scope The scope of this project was to exami ne the key controls over the following payroll processes: Our review will include a focus on the following areas : ► ► ► ► ► Key reconciliations between systems including the recording of monthly accruals of employee entitlements. awards and EBA regulations. Internal controls surrounding timesheet capture.3 Approach Phase 1 Phase 2 Identify and assess business risks Phase 3 Assess processes and control gaps Phase 4 Validate process measures and controls Phase 5 The app roach to this project followed the Internal Audit methodology developed by Ernst & Young. Compliance with relevant legislation.Internal audit repor t . data input and verification processes. The reporting to business unit managers.

1. . 1. 1.3 We have: ► ► ► Ass ess process and control gaps Assessed the process and identified control gaps that do not addr ess the identified risks Assessed whether the recommendations implemented addres s the identified risks Identified gaps between actual and desired/potential performance of these controls over risks. legislation and Enterpr ise Agreement in relation to payroll processing Understood the systems used to capture payroll data Discussed procedures in place to monitor payroll processing Understood what supporting documentation is retained to validate payroll processing. medium or high risk. procedures. we: ► ► ► ► Reviewed the current policies. awards.3. Specifically.2 We have: ► ► Ass ess business and financial risks in the process Identified business and financial risks in the process Sourced and prioritised risks as low.3.3.1 Understand City of Marion’s payroll policy and procedures We have updated our understanding of the payroll processes through consultation with relevant employees and observation.

Document the flow of documents through payroll processing 2. 5 6 6 8 30 48 3. Payroll procedures should be reviewed for appropriate controls to ensure the accuracy of salary paym ents. and should sign the register and accounting entries to evidence review. AUDIT PROGRAM : W EIG T H RANK SCO RE Payroll Processing: 1. ent iii) Review all com puter/m anual payroll registers to ensure that the inform ation has been accurately entered and captured.1. .3.4 We have: ► ► ► Validate process measures and controls Developed a review plan based on risks identified Reviewed key controls identified as implemented Tested the key controls. Verify the following: i) Signatures of em ployees preparing salary paym calculations and the officer ent reviewing the sam should be evidenced on the appropriate register. Select a sam ple of individuals from the last payroll register and perform the following: 7 8 56 . e ii) Ensure that file copies of Em ployee Statem ents of Earnings and Payroll Registers are m aintained in the custody of the Payroll Departm personnel.

ii) Reasons for absences. vi) Trace to appropriate disbursem to em ent ployee. Include system reports. vii) Trace total payroll am ounts to posting in the proper general ledger accounts. e calculation of gross pay. PC ine reports. Trace elective deductions to signed authorization form and reference taxes to s appropriate sources. Conclude on adequacy. approved. Utilized Form s a) Obtain copies of all forms used by the department. early departures and overtim are indicated and approved. deductions.i) Trace the pay rate and all deductions to properly authorized form in the s em ployee’s personnel file. ine and filed. b) Evaluate for adequacy and effectiveness. and net pay. including gross pay. iii) Registers with personnel records. 5. 8 9 72 6 6 36 8 7 56 6. iv) Trace any overtim pay to properly approved form If tim cards are used in the e s. ii) Agree departm ental classifications in payroll. and m anual reports. stipends. Ensure that the inform ation presented in these reports is tested or analyzed at som point in the audit program e Tim Accounting: e 7. determ that they have been properly calculated. v) Recalculate all am ounts. 4. Select a sam of recently com ple pleted tim cards/time sheets and e verify the following: i) The tim w e orked is properly recorded. Document controls for protection and distribution of payroll checks. Generated Reports . a) Obtain copies or exam ples of all reports generated for the personnel and payroll departm ents and determ their use and distribution. e 8 8 64 .

9. 9 7 63 8 9 72 12. ii) Vacations are scheduled to ensure that efficient operations are m aintained. iii) A ttendance and tardiness guidelines are com unicated to all em m ployees. Scan salary expense am ounts for the prior 12 m onths.iii) O vertim is properly calculated and reported. Expense Control . 13. 8. Review attendance records and check that appropriate disciplinary actions are evidenced for those em ployees showing abuse of attendance or tardiness guidelines. Consider issuing confirm ations to a sam of em ple ployees to verify accuracy of vacation balances and proper reporting of leave. necessary to ensure that the system is functioning as intended and that time is accurately recorded. Select a payroll register for testing and com pare it with input records subm itted for payroll processing. Determine the reasons for any differences in the inform ation and follow up any exceptions with management. Document the operation of the tim ekeeping system Test as . Absence Reporting a) Interview m anagem and em ent ployees and review absence reports to evaluate the following: i) Daily records of attendance are m aintained. Evaluate the Authority’s liability for unpaid vacation days. e iv) The tim card/tim sheet is signed by the em e e ployee and approved by the supervisor. iv) All absences are reported in a tim and accurate m ely anner. 9 8 72 8 8 64 10. Follow up on 7 9 63 8 10 80 . 11.

PSAs. 9 9 9 9 81 81 TAX DEDUCTIONS: 16. specifies a dollar am ount or a percentage of com pensation. m 8 7 56 ii) There is no m than one salary reduction agreem executed each calendar year. or other unusual com pensation. and com pare the relation of am ounts to gross pay with the sam ratio for the prior period.any unusual fluctuations noted. com pare prior period salary expenses to current period expenses and current budget (by departm ent) and investigate significant variances. iii) Evaluate reasonableness of accrual for payroll expenditures at the end of the period. and is dated before the first day of the pay period in w hich the salary reduction com ences. Validate the payroll register by selecting a sam of em ple ployees and physically verifying their existence. stipends. Or. e ii) Identify bonuses. ore ent iii) The am ount of the deduction agrees w the am ith ount authorized by the . 15. and inspect evidence of approval. For payroll benefit expenditures and accruals. 14. Review documentation of the payroll deductions for the employees to determ that: ine i) The deduction is supported by a written agreem which is signed by the ent em ployee and an authorized organization’s adm inistrator. perform the following: i) Com pare accruals for com pensated absences such as vacation and sick leave to prior period actual and current budget.

Trace balances to the general ledger. ii) The account title and account num bers are docum ented. Review the annuity contracts and documentation of custodial accounts to verify com pliance with IRS regulations. in particular that the tax-sheltered annuity is not transferable or forfeitable. and supporting documentation. Test transactions as necessary. iv) Docum entation supporting the calculation of contribution lim itations indicates that the calculations are correct and the deduction does not exceed the lim itation on elective deferrals. 19. and that there is no conflict with the distribution requirements.em ployee. 17. iv) The reconciliation balance ties to the general ledger ending balance. Obtain the reconciliations of all payroll-related deposit accounts and payroll-related liability accounts. Verify the accuracy of the reconciliation and the propriety of any outstanding items. Evaluate reconciliations to ensure that business standards are implemented. Reconciliations: 8 6 48 7 8 56 18. 9 6 54 . v) Signature of the preparer and the reviewer as w as the respective dates are ell docum ented. including: i) Reconciliation is prepared w ithin thirty days of the end of the period. bank statements. iii) The general ledger date is docum ented.

and unusual entries. reasonableness. Budget: 21. reports. s vii) Origination dates of outstanding item are clearly docum s ented. ost Ensure that all checks carry the appropriate signatures and verify the propriety of the endorsem ent. Determine that blank check stock is adequately safeguarded. etc. Testing a sample of transactions for accuracy. Examine in detail the contents of the m recent bank statement. Com pare dates on the deposit slips to the date the deposits were recorded by the bank to ensure that deposits are being promptly processed . 22. including general ledger pages. Determ whether files are consistently safeguarded ine during and after business hours.vi) Descriptions of outstanding item are adequate and explicit. 20. 24. and adequacy of supporting docum entation. Ensure that access to payroll records is lim ited to authorized employees only. ix) Backup docum entation. Review for significant overdrafts. are attached. Obtain the Payroll Departm ent’s budget reports as of the m ost recent month-end. Custody of Payroll Records: 7 8 56 9 9 81 7 6 42 10 9 90 23. serious fluctuations from initially budgeted figures. viii) Reconciling item are cleared w s ithin sixty days. 9 9 81 . x) The reconciliation is clear and able to be reasonably understood by individuals not involved in its preparation.

In addition. No exceptions were found with regards to those selected for testing. ► 1. Based on the scope of this Internal Audit project. The report is also initialled and dated by the payroll clerk to evidence who performed the adjustments No exceptions were noted of staff who had taken annual leave.4 ► Positive Findings All timesheets selected for testing were duly signed by both the employee and his/her line manager.1. The staff selected for annual leave testing had appropriately completed an annual leave form which was duly appr oved by an appr opriate delegated authority A sample of staff who had terminated their employment with the City of Marion were tested to ascertain whether payments continued subsequent to their final termination payment. we noted the following positive aspects: ► ► ► . It was also confirmed no staff were paid in cash Any pay adjustments processed by payroll are checked by the payroll clerk and a report is produced detailing those adjustments.3. the system controls used for submitt ing electronic timeshe ets app eared to be effective with no exceptions noted. gaps and inefficiencies identified within the payroll process.5 We have: ► Provide Value Added Recommendations Identified opportunities to improve the payroll processes through finding solutions to mitigate any identified business or financial statement risks and any apparent inefficiencies Provided recommendations that add ress inherent risks.

new employee. Clearing accounts particular to the Payroll process were being performed. These reconciliations. but not cons istently nor on a regular basis. should be reviewed by an appr opriate delegate within the Finance Department. termination and mas ter file reports. In addition. which we have characterised as being: ► ► ► Instances of non-compliance with existing processes and controls Opportunity to strengthen existing processes and controls Opportunities to introduce new processes or controls. These included leave. Consequently. This finding was cons istent across BanksSA Online access and Authority access.1. some forms of user access were unidentifiable which could lead to unauthorised access and unauthorised transactions. at a minimum. it was found that system controls were not reviewed. .5 Summary of Issues During the course of the audit. Catastrophic Number of Issues reported 0 Extreme 0 Major 5 Moderate 9 Minor 0 Improvement idea 2 The following table provides a summary of the recommendations raised. some standard reports that are commonly produced during the Payroll function were absent from the Payroll processes at the Council. These reports should be produced on a monthly basis and reviewed by someone independent of the Payroll functions. The preparation of these clearing accounts on a monthly basis are another means of identifying errors and potential fraud.

1 2. New employee reports Terminated Employee reports Leave policy and leave reports X X X X X X X X Improvement Idea 3.1 3.1.1.2.1.2.Internal audit repor t Ernst & Young ÷ 6 . X X City of Marion Payroll . Unassigned administrator accounts in Authority. Review of pay adjustments. Pay By Exception.2. Payroll checklist. Payroll Master File reports X X X X X Moderate risk issues 2. Authority Security Prof iles. Bank SA Online users.2.2.6 2.2.2.3 2.8 Manual timesheets.Ref Issues Process/Control Non-Compliance Enhance Existing Process /Control Introduce Additional Process/Control Major risk issues 2.1.2 Payroll induction process.3 2.7 2.4 2.2 2.1 2. Cleari ng account reconciliations.1.5 2. RDO / TOIL policy.2 2.4 2.5 Bank SA Online EFT files.2.

Such recommendations will in some instances be capable of immediate implementation whilst others will require furthe r research to identify the full scope of activities and implementation costs. The likelihood and impact definitions are attached in Appendix A.Internal audit repor t Ernst & Young  7 . The remaining few observations and recommendations will need to be considered in light of alignment with the behaviors’ and intent of the preferred organisational ‘Constructive Culture’ before cons ideration is given to implementation.Rating Definitions The risk ratings in this report are based on likelihood and impact assessments which have been agreed with the Audit Commi ttee based on the Risk Assessment Criteria. 1. issues rated extreme and high are reported to the Audit Commi ttee while issues rated m oderate.6 Overall management comment The internal audit undertaken to review the City of Marion’s Payroll functions present a number of observations and recommendations providing opportunities for improvement to payroll processes. For the purposes of internal audit. low and improvement are lower risk issues for management attention. City of Marion Payroll .

No periodic review of Authority is conducted and user prof iles are inappropriately created.2 Unassigned administrator accounts in Authority. The authorisers shou ld initial and date each report to identify the reviewer and to evidence the review was conducted in a A review of the Payroll cleari ng account reconciliation process is curre ntly being undertaken. There are five administrator accounts active in Authority which are not employee accounts.2. Accounts Receivable. duplicate or fictitious amounts are recorded in the main cleari ng account ‘355 0’ and then disbursed subsequently to other sub accounts resulting in Payrun's are reconciled to the Authority cleari ng account 3550 which is to be reviewed and authorised by an appropriate level of management.1. Cleari ng account reconciliations have not been reviewed on a regular basis due to other finance tasks taking priority. A deployment flowchart is being drafted to identify responsibilities in this process. ► Given Name SurName ► Civica Administrator ► Civica Admin ► Given Name SurName ► Wacher Wacher 2. The administrator account names are as follows. General Ledger and payroll. nor who City of Marion Payroll . Incorrect. These actions will only be traced to the user profile which is not an employee name. Users with privileges which enable them to self assign security settings may use one of the previously mentioned administrator accounts to access Authority functions and perform unauthorised transactions.Internal audit repor t .1. therefore there is no evidence that the review had taken place.3 Cleari ng account reconciliations. The accounts which have been reviewed are not initialled or dated by the preparer or reviewer. The following administrator accounts should be removed immediately: ► Given Name SurName ► Civica Administrator ► Civica Admin ► Given Name SurName ► Wacher Wacher Identified administrator accounts will be removed as a matter of priority. and they have full access to functions such as Accounts Payable.1 Detailed findings and recommendations Major risk recommendations Root cause Risk / implication Recommendation Management comments Observation 2. Unauthorised payments and postings may occur as a result and additional access permissions may be assigned. Other cleari ng accounts are reconciled on a regular basis with formal sign off at Ernst & Young  8 Cleari ng accounts reconciliations pertaining to payroll are not reviewed in a timely manner. 2.

This should not be performed independently of administrators (who have access to create/modify/terminate user accounts and change configurable application level control s – security. Furthermore. from a review of the cleari ng account checklists. There is a risk that over time. a project to review security settings within Authority is curre ntly underway. potentially creating the opportunity for an employee to perform unauthorised or unwarra nted activity based on their job role. This information must be formalised. these numbers are relative to the security setting for each individual user and determine the level of access. published and made available to all IT staff that are required to work with Authority security task such as new user set up and periodic system reviews. access removed or altered. The system uses a combination of numbers which are set against Menu Items. dated and signed by a Manager (not the preparer of the cleari ng account reviews) to evidence completeness of clearing account reconciliations.Observation prepared and reviewed the clearing account reconciliations. users are granted additional access as their job rol es change and previous access is not removed. As mentioned above. The IT department should contact the Authority / Civica manufacturers / developers to identify the meaning of all security profile levels relating to Authority.Internal audit repor t .4 Authority security prof iles. Ernst & Young ÷ 9 The security prof iles used to restrict user access on the system are unknown to the IT department. Root cause Risk / implication loss of funds to the Council and inaccurate recording of key financial data such as wages. City of Marion Payroll . The system permissions for each of these profiles is unknown therefore users cannot be assigned appropriate access and system reviews cannot be conducted accurately. superannuation and leave entitlements. The system uses a combination of numbers which are two digits. Cleari ng accounts identified on the checklist should be reconciled monthly. starting with the lowest access level “00” ranging up to “99” to identify privileged users. The clearing account checklist is to be reviewed. where was no initial from either preparer nor reviewer.g.1. 2. monthly). Periodic review of accounts should be performed by the business owner of the application on at minimum a quarterly basis. Discussions will be undertaken with Civica to scope the work required to upgrade the system to allow the production of a Payroll business owner specific report. This creates "access creep" where employees have access to transactions that have a segregation of duties conflict. The Authority IT security profile levels should be reviewed for all staff and where appropriate. All cleari ng accounts which have been reviewed must be dated and signed by the preparer and reviewer (or delegate). This risk has previously been identified within the ICT Department following an ICT Security Audit. IT is unaware of the authority security profile levels. The security prof iles used to restrict user access on the system are known to the ICT Department. Management comments year end. Recommendation timely manner (e. The existing Civica review of accounts report format is complex and not isolated to the Payroll business owner. Future prepara tion and review of these accounts will be evidenced by an initial.

there is no review by the Payroll Clerk or the Organsational Development Manager of changes made during the payrun. Unauthorised changes to the Master File may be undetected.5 Payroll master file reports. Consequently. 2. initialled and dated by the Payroll Clerk to evidence who made the changes and that those changes have been checked in a timely manner. During this contact it was recognised that a review of the existing security levels should be undertaken. The Master File report should be produced each payrun. (High) The system canno t curre ntly produce a Master File listing report. resulting in financial loss.Observation Root cause Risk / implication Recommendation auditing etc). ICT Department have been in contact with Civica to gain further understanding of the security profile levels. Prior to and during this audit process. Access should be provisioned and reviewed on the basis of business requirements.1. . the new dhelp Access Request process that has been introduced. The Organisational Development Manager or appropriate delegate should review the Master File report and also initial and date to indicate who performed the review and that it was reviewed in a timely manner. This report should be checked. The Authority system be upgraded to allow the production of a Master File report. Management comments As an intermin step. a Master File report listing all changes made to the Payroll system is not being produced. will reduce the risk of employees having access to unwarra nted modules and security levels. Curre ntly. It is recommended a review of transactions performed by Administrators be conducted on a regular basis. Discussions will be undertaken with Civica to scope the work required to upgrade the system to allow the production of a Master File report.

Once approved timesheets may be submitted to payroll by the line manager or employee. two Payroll.1 Manual timesheets Timesheets are required to be completed and signed by all field staff.2 HBL Bank online users. It is understood that ‘back-up’ users are required so payruns can be appropriately authorised when there are any issues with staff availability. All HBL Bank Online users should be reviewed for appropriatness and all accounts which are not used or have expired passwords should be removed.2 Moderate risk recommendations Root cause Risk / implication Recommendation Management comments Observation 2. 15 users are set up in Business Banking on-line. Five users have view only access – three Accounts Payable. Line managers within City Services will be reminded of the requirement to not allow field staff to submit their timesheets. Six Finance staff have authority roles for processing creditor EFT’s. Unauthorised access to the application could be obtained. Again. Additionally the option to scan all field staff timesheets and email them to payroll will be facilitated.2. and then Submitted to a line manager for approval. It is agreed that one authority (Jeff Rittberger) could be removed as he has not been called upon to perform an authorising role for some time. It is therefore possible unauthorized changes can be made to timesheets without detection where those timesheets are returned back to the employee for forwarding to Payroll. Line managers may choose to scan all field staff timesheets and email them to payroll. either by application administrators accessing the unused profiles or existing personnel using the user IDs of employees. five signatories are necessary to cover periods where authorising officers are unavailable and to ensure that we meet our obligations to Suppliers.2. 2. These reviews should be conducted annually to ensure that access is apporpriate and up-to-date.2. A total of 15 users have access to the HBL Bank Online users are Bank Online Application. Access to the Bank Online Application should be reduced from 15 to 6. This gives sufficient coverage where authorising officers are unavailable. Payroll staff were . Unauthorised changes can be made to field staff timesheets which may result in fictitious or duplicate payments The payroll team are only to accept field staff timesheets which are submitted by line managers. Timesheets can be submitted to payroll by employees. However. it is inapproapriate to have 15 users to authorise payment when only two are required for each payrun. Four Organisation Development staff have authority roles for processing payroll EFT’s. indicates the users have not used their accounts for a period of time. Seven out of the not reviewed for 15 users have expired passwords which appropriateness.

incorrect superannuation payments and leave accruals. The payroll checklist identifies all reports which are required to be attached and reviewed for each payrun. All appropriate payrun reports outlined on the Payroll Payrun Checklist must be produced and attached to each payrun. they can be removed from the user list. reviewed and authorised Payroll reports are not being appropriately reviewed and authorised which may lead to incorrect journal postings such as excessive wage payments. The payrun authorisers must determine all reports are produced and attached before they sign the banking cover sheet.Internal audit repor t Payroll checklist is not being attached or checked against the payrun reports.3 Payroll checklist. Confirmation will be sought from the OD Manager. As the demand for this has reduced. The following reports were not attached to the payrun’s tested: City of Marion Payroll . Ernst & Young ÷ 9 . For three out of 10 payruns tested the payroll checklist was not attached.2.Observation Root cause Risk / implication Recommendation Management comments given view only access to enable them to view the progress of the EFT file and be part of the process to ensure that payroll files were submitted and correctly dated. Accounts Payable staff were given access to enable BSB search facilities to verify Creditors providing account numbers for EFT payment purposes. From the testing conducted it became evident checklists are either attached to payrun’s or timesheets for that pay period. If this is no longer considered necessary. 2. they will be removed from the user list. It is expected that the payroll checklist is attached to the payrun only. Payroll officers have been reminded of completed and attached to every payrun the requirement to produce and attach to verify all reports that should be Payrun Checklist and appropriate Payrun included have been appropriately reports to Payroll Payrun reviewed and authorised before the HBL Bank Online EFT process is complete. Currently payrun reports are not being reviewed or authorised appropriately because the payroll checklist is not being completed or attached to each payrun. A Payroll Payrun Checklist must be . The Payroll checklist is not being appropriately completed. There was one instance out of 10 payrun’s where the payroll checklist was attached to the payrun but it was not completed.

Audit trail currently exists through the completion of Pay Adjustment Sheets and other base authorisation documentation (e. 2.4 Review of pay adjustments There is no independent review of pay adjustments. or appropriate delegate. All ad-hoc pay adjustments include relevant calculations. and Trial Balance – three Instances. City of Marion Payroll . The pay adjustment process does not require pay adjustments to be reviewed.2. pay adjustments are entered and reviewed by the same person. emails from appropriate manager). before adjustments are submitted No action required.g.Internal audit repor t . Fictitious or erroneous pay adjustments are made resulting in financial loss to the Council.Observation Root cause Risk / implication Recommendation Management comments Allowance Report – one instance Deduction Report – one Instance Superannuation Contribution List – one Instance Tax Summary Report – one Instances Costing Report – two Instances. being the Payroll Clerk. From discussion and observation. other than the Payroll Clerk. All pay adjustments are to be reviewed and authorised by the Organisational Development Manager. authorisations and other records as a part of the EFT authorisation process.

2. Formulation of a policy for the management of excessive leave is currently underway. restrictions on the maximum of continuous RDO/TOIL be placed to encourage staff to take annual leave. To promote the Council as an Employer of Choice. However.5 RDO / TOIL policy.2. . . Staff may therefore take accrued RDO’s/TOIL rather than take accrued annual leave. Currently there is no policy to limit the amount of RDO or TOIL taken at any one time. RDO/TOIL continue to be used as a form of leave. This would also facilitate the Council’s strategic objective of Employer of Choice as it would encourage a more balanced approach to work/life. thereby increasing the accrued annual leave balances The current policy does not restrict the amount of RDO/TOIL taken at any one time Staff abuse the privilege of RDO/TOIL and use this form of leave in lieu of annual leave resulting in the continued accumulation of annual leave. RDO/TOIL accrual is in line with Flexible Leave arrangements set out in the applicable industrial agreements.

7 Terminated employee reports. indicating that the employee has been matched to employees’ supporting documentation to verify that each employee exists. There is no report produced to list terminated employees. the Pay Edit Listing Report was not initialled. In addition. . It is recommended that a New Employee Report be produced for each pay-run and reviewed by the Payroll Clerk and the OD Manager (or equivalent delegated authority). The Organisational Development Manager should also review this report and initial and date the report to indicate such review. The Authority system generated Termination Report is a historical report containing all terminations since implementation of the system. dated and signed by the Payroll Clerk to indicate who performed the check and when. There is also lack of accountability on reviewing of terminated staff from the Payroll system Deliberate and accidental oversights in the employee termination process resulting in continued payments to terminated employees post termination date and financial loss to the Council.. There was no evidence that terminated staff listed on the Pay Edit Listing report were checked off to indicate the termination payment was checked for accuracy. A termination report should be produced for every pay run and the payroll clerk should check each termination subsequent to the final termination to check terminated staff do not continue to be paid subsequent to their final termination payment. a New Employees report can be generated from the Authority system.2. Fictitious employee details are forwarded to Payroll resulting in financial loss to the Council. The current process does not require the generation and review of New Employees by Management. However a Termination Report can be produced from the BI Query system. no report listing new employees joining the City of Marion is generated. From discussion and observation. New Employees report will be generated and reviewed with each Payrun as a part of the EFT authorisation process 2. However.6 New employee reports Root cause Risk / implication Recommendation Management comments From discussion with the HR personnel. Both the preparer and reviewer of the report should sign and date the report to indicate such review has taken place. Each employee should be checked off the report.2.Observation 2. Discussions will be undertaken with Civica to scope the work required to upgrade the system to allow production of a Payrun specific report. there is no report produced to list terminated employees.

Annual leave reports detailing excessive annual leave accrued. This policy includes set parameters for levels of accrued leave. (e. A report detailing those staff who have not taken 10 days continuous leave is also not distributed to line managers.g. Such a report will enable the business to identify which employees have significant accrued annual leave balances. providing explanation to the Organisational Development Manager as to why their staff are listed. Cash flow implications due to excessive accumulation of accrued annual leave. Accrued annual leave reports are to be produced once a month. Where excessive annual leave is not resolved within three months. The same process as above regarding escalation to Executives should be followed where the matter has not been resolved within three months.2. with further escalation to the Audit Committee after six months with existing organisational industrial arrangements supporting work life balance and flexible working arrangements.8 Leave policy and leave reports Currently there is no policy implemented which requires employees to take mandatory continuous annual leave Currently annual leave reports are not being produced or reviewed by the payroll / Organisation Development. The current leave policy does not require staff to take a minimum 10 days of continuous annual leave. low morale. Formulation of a policy for the management of excessive leave is currently underway. lower productivity due to failure to take annual leave. A policy be implemented requiring all staff to take a minimum of 10 days of continuous annual leave per annum. should be produced and distributed to line managers. and reviewed. greater that 40 days). high turnover.2. The existing BI Query system will be modified to allow leadership staff at all levels to access leave balances. Where accrued annual leave for staff is still not resolved after six months. initialled and dated by the Organisational Development Manager. This should be distributed to line managers for explanation. . nor does it require the production and analysis of leave reports Fraud remaining undetected as staff who do not to take a reasonable amount of leave may do so to enable them to cover-up fraudulent activity. OHS&W issues. an escalation process should be initiated whereby the report is distributed to Executive for follow-up. Nor is a report produced and distributed to line managers detailing those staff with excessive accrued annual leave (greater than 40 days). Line managers should review the report. A report should also be produced detailing staff who have not taken 10 days of continuous annual leave per year. the matter should be further escalated to the Audit Committee.

Existing induction process provides personal interaction with new employees and therefore higher level of quality customer interaction.1. The instructions include Payroll contact details should the new employee need further clarification.1. No action required. To gain efficiencies through the prevention of errors and subsequent follow up of errors performed by new employees. 3. The current induction process be replaced by standard instructions. Efficiencies may not actually be gained as the time used during induction may be greater than the potential time expenses if repairing possible errors. Improvement Recommendations Observation Root cause Risk / implication Recommendation Management comments 3.2 Pay by exception .1 Payroll induction process Payroll staff currently perform an extensive induction process with each new employee to ensure all forms are completed correctly and the employee is aware of the payroll processes he/she is responsible for.3. The instructions and forms can be provided to staff together with their contract of employment.

which is a requirement enforceable by law.A Pay By Exception process has been suggested whereby full time staff are paid a standard 38 hour week. Recommendations in addition to those proposed by Norman Waterhouse include: ► Employees signing a declaration upon commencement of employment stating any excess hours will be documented by way of timesheet and submitted to the council within one month of accruing additional time in excess of 38 hours per week. Due to potential time lags between additional hours worked and approval. Approval for any additional hours performed should be submitted by the employee and authorised by the manager within two weeks of the day the additional hours were performed. which is important in retaining the services of current employees and attracting new ones. Employees may not Submit their request for written approval for additional hours worked until long after the work has been performed. however the accrued balances should be monitored and reviewed by the Organisational Development team Recommendations will be explored with Norman Waterhouse. it may be difficult for management to verify the legitimacy of those additional hours. The accrual and taking of RDO’s will continue to be in accordance with the award and agreement. which should have restricted access. This affects the employees work life balance. Improve efficiencies in the payroll processes The employer doesn’t record any hours of work that is deemed overtime. Employees may choose to work additional hours. There is a possibility of staff fraudulently creating a log book of additional hours worked and using this log book in a dispute with management. over and above the standard 38 hour week in order to accrue leave before they get written approval from their manager. Where other than standard 38 hour week is worked the employee will be required to submit an exception report using the electronic timesheet (including electronic authorisation by manager) or appropriate leave form. Any additional hours worked in excess of 38 hours will be paid as an exception. Monitoring and reviewing of accrual and taking of RDO’s will be responsibility of line managers . This form must be filed with the employees records and it may be scanned and uploaded (file converted into a read – only format) into the payroll directory. ► An approval form should be created to capture the request for additional hours to be performed which are in excess of the standard 38 hour week. Failure to sign such a declaration will result in forfeiture of payment for additional hours.

Extreme Serious control weakness requiring immediate Senior Management attention. requiring management’s attention. . Improvement Idea An observation or Idea for management to consider to improve a process or control. Moderate Minor control or efficiency issues Minor Minor control or efficiency issues. Major Existing controls that need improvement for effectiveness.Appendix A Risk rating criteria Catastrophi c Serious control weakness requiring immediate Audit Committee/Board attention and senior management resolution.

Likelihood Rating 5 Almost certain 4 Likely 3 Possible 2 Unlikely 1 clear Description May occur at least several times a year May occur once in a year May occur at least once in a 5 year period May occur during the next 5 to 10 years Unlikely to occur in the next 10 years. .

Consequence rating 5 Catastrophic Description High impact long-term issue with major political. Serious third party litigation/dispute Long-term issue with moderate political.000. Sustained media coverage for short term period (state or local level). Significant public or employee safety issue. reputation or stakeholders impact requiring Council intervention. reputation or stakeholders consequences requiring active Council management.000 and $100. Major third party litigation . Minor impact on Council’s ability to deliver strategic outcomes. Significant OH&S or liability incident/issue impacting on public or employee safety. Medium-term issue with minor political or stakeholders impact requiring Executive Management intervention. Financial loss under $10. Death / multiple injuries. Moderate impact on Council’s ability to deliver strategic outcomes. reputation or stakeholders impact requiring CEO’s intervention.000. Short term media coverage (local level). Limited impact third party litigation/dispute. Major impact on Council\’s ability to deliver strategic outcomes. Threat of third party litigation Political or stakeholders incident requiring management intervention. Minor OH&S incident/issue or minor public safety incident. Significant impact on Council’s ability to deliver strategic outcomes. Long-term issue with major political. Major OH&S or liability incident/issue. Financial loss between $100. Letter to the editor. Insignificant public or employee safety or OH&S incident/issue. Insignificant impact on Council’s ability to deliver strategic outcomes. Media coverage for an extended period (including national). Financial loss between $1M and $5M.000 and $1M. Media coverage for an extended period (including international). Financial loss over $5M or high impact on sustainability Severe public or employee safety matter. Minor threat of third party litigation 4 Extreme 3 Major 2 Moderate 1 Minor . Financial loss between $10.

5 4 3 2 1 Mod Maj Maj Ext Ext Mod Mod Likelihood Minor Mod Maj Maj Maj Minor Minor Mod Mod Maj Minor Minor Mod Mod Maj Maj Maj Ext 1 2 3 4 5 Consequence .

Sign up to vote on this title
UsefulNot useful