Risk Management for Payroll

WESTERN PA CHAPTER OF THE AMERICAN PAYROLL ASSOCIATION NOVEMBER 4, 2015

Leading Practices in Payroll

Establish Discipline and Manage Expectations

Enforce Accountability
Be Transparent
Avoid Manual Processes (Effectively Use Technology)
Reconcile, Balance and Audit
Stay Up-to-Date
Benchmark

Western PA Chapter of the American Payroll Association

Page 2
Leading Practices in Payroll, Continued
Performing your own assessment

Understand the process to be improved

Research leading/best practices
Select organization for analysis
Collect data
Identify barriers to change
Drive change within your company

Western PA Chapter of the American Payroll Association

Page 3
Understanding Risk Management

What is Risk
What is internal control
The Risk Management process
Identifying Risks
Risk Appetite
Likelihood
Impact
How Controls are tested

Western PA Chapter of the American Payroll Association

Page 4
Common Payroll Risks

Issuance of unauthorized payroll and transactions

Nonexistent employees
Terminated employees
Incorrect/inaccurate disbursements (overpayments)
Excess time/untimely processing/delayed payments
Misstatement of payroll and payroll tax accounts
Payroll theft
Loss of sensitive payroll information
Fines, lawsuits and penalties

Western PA Chapter of the American Payroll Association

Page 5
Common Payroll Internal Controls

Segregation of Duties
Human Resources
Recording Time Worked
Preparing Payroll
Paying Employees and Payroll Taxes
Security of Assets
Review and Reconciliation

Western PA Chapter of the American Payroll Association

Page 6
Common IT Controls

Access (Physical & Logical)

Change control and management
Security administration
Data backup and recovery
Security and Privacy
Application Controls
Input
Process
Output

Western PA Chapter of the American Payroll Association

Page 7
Audit Benefits

Audits can re-affirm the existing payroll process and adequacy of internal
controls. (Assurance)
Audits can identify gaps to providing adequate controls in the payroll process.
Audits reinforce payrolls role in safeguarding the companys assets.
Compliance requirements can reinforce need to have consistent and compliant
processes and policies.
Audits can identify and recommend improvements for operating efficiencies
and effectiveness.
Audit can be an ally (Lends Creditability).

Western PA Chapter of the American Payroll Association

Page 8
Roles and Responsibilities
What role can the payroll department perform?

Develop process workflow for each function in the payroll process.

Create and update written documentation for each step in the payroll process.
Audit record-keeping and retention procedures to verify records and access.
Identify and correct gaps and risks that could lead to control and security issues
and communicate them to management.
Develop methods of measurement of correcting gaps and risks.
Document the design, evaluation, and testing of internal controls to be used in
management certification (Sarbanes-Oxley Process).
Even if elements of your payroll function/process is outsourced this does not
remove the companys responsibility to ensure providers internal controls are
adequately implemented and operating effectively.

Western PA Chapter of the American Payroll Association

Page 9
Internal Control Assessment
Questions to Consider

Does the department have an up-to-date organizational chart that depicts the
responsibilities and reporting relationships of each employee?
Have written department specific policies and procedures been developed for
conducting the business and financial operations?
Are there current job descriptions for all staff members?
Is there timely communication of updates and reminders of policies and
procedures?
Does management monitor and review leave and payroll records to ensure
compliance with company policy and accuracy of information?
Are your employees knowledgeable about relevant policies and procedures for
payroll and human resources?
Are timecards signed/approved by an employees supervisor, or designated
individual by the department, who has specific knowledge regarding the hours
worked by the employee?

Western PA Chapter of the American Payroll Association

Page 10
Internal Control Assessment, Continued
Questions to Consider

Does the department keep records of any variable hours worked?

Are your payroll and human resources files kept secure and confidential?
How are you protecting your employees personal and confidential
information (social security numbers, name, address, Date of Birth, etc.)
which is paper based and electronic format?
How do you handle requests for employee information and how is it
communicated?
Is there assigned responsibility for timely submission of new hire
documentation, terminated employee documentation, changes to an
employees file, and other payroll and human resources documents?

Western PA Chapter of the American Payroll Association

Page 11
Questions?