Ali is an auditor having satisfactory quality control review (QCR) rating issued by ICAP. He has been appointed as an auditor of Model Manufacturing Limited. He has started his audit work, understanding the entity’s internal control environment and obtains various assertions from different executives and employees of the entity. After going through a preliminary assessment of the entity’s environment, Ali feels that there is a problem in the working of internal control system in handling the sales & debtors and payroll departments. Now, he is planning to check the internal control system of sales and payroll departments of the entity.
Describe various appropriate internal control procedures and tests of control, Ali may apply to determine the strength of internal control measures over the client’s:
Internal controls are the methods and procedures designed by management to safeguard assets and to manage resources. It’s the system of checks and balances. A system of internal control serves to minimize errors in the accounting records and to deter fraud, embezzlement and theft by employees, customers and vendors. The system of internal control provides reasonable assurance of the following:
- Reliable financial and operational reports
- Efficient and effective operations
- Compliance with applicable state and federal laws and/or regulations and university policies and procedures
As department head, you are responsible for setting the “tone at the top” of your department’s control environment and ensuring that adequate controls are included in your daily operations. In plain language, a system of internal controls is essentially a system of checks and balances. This system of checks and balances over financial transactions is needed for much the same reasons why such systems are needed for democratic governments: absolute power leads to undesirable results. In government, absolute power can result in despotism; total control by one person over financial transactions can result in theft or fraud.
(i) Sales & debtors (2.5 + 2.5 Marks)
Payroll Internal Controls
General Payroll Controls
Consider using a selection of the following controls for nearly all payroll systems, irrespective of how timekeeping information is accumulated or how employees are paid:
- Audit. Have either internal or external auditors conduct a periodic audit of the payroll function to verify whether payroll payments are being calculated correctly, employees being paid are still working for the company, time records are being accumulated properly, and so forth.
- Change authorizations. Only allow a change to an employee’s marital status, withholding allowances, or deductions if the employee has submitted a written and signed request for the company to do so. Otherwise, there is no proof that the employee wanted a change to be made. The same control applies for any pay rate changes requested by a manager.
- Change tracking log. If you are processing payroll in-house with a computerized payroll module, activate the change tracking log and make sure that access to it is only available through a password-protected interface. This log will track all changes made to the payroll system, which is very useful for tracking down erroneous or fraudulent entries.
- Error-checking reports. Some types of payroll errors can be spotted by running reports that only show items that fall outside of the normal distribution of payroll results. These may not all indicate certain errors, but the probability of underlying errors is higher for the reported items. The payroll manager or a third party not involved in payroll activities should run and review these reports.
- Expense trend lines. Look for fluctuations in payroll-related expenses in the financial statements, and then investigate the reasons for the fluctuations.
- Issue payment report to supervisors. Send a list of payments to employees to each department supervisor, with a request to review it for correct payment amounts and unfamiliar names. They may identify payments being made to employees who no longer work for the company.
- Restrict access to records. Lock up employee files and payroll records at all times when they are not in use, to prevent unauthorized access. Use password protection if these records are stored on line. This precaution is not just to keep someone from accessing the records of another employee, but also to prevent unauthorized changes to records (such as a pay rate).
- Separation of duties. Have one person prepare the payroll, another authorize it, and another create payments, thereby reducing the risk of fraud unless multiple people collude in doing so. In smaller companies where there are not enough personnel for a proper separation of duties, at least insist on having someone review and authorize the payroll before payments are sent to employees.