Internal Audit Objectives

1)     To ensure that the payroll accurately reflects hours worked, and that employees are paid correctly
and in a timely manner.
2)     To review & evaluate the internal accounting controls to ensure that they are adequate.
3)     To review and evaluate internal administrative controls.
4) To obtain and document the process of hiring and termination of employees and subsequent payment
of those employees based on hours worked

5) To ensure that Human Resources is obtaining appropriate information in accordance with regulations
6) To ensure correct payment and withholding of tax by the Payroll Department in accordance with IRS
guidelines
7) To ensure that adequate controls surround the processing of payroll, which includes adequate
segregation between Human Resource and Payroll Department functions

Page 1
PROCESS: Payroll & Personnel

SUB-PROCESS: Hiring Personnel

Understanding of Work Paper Done by,

Control Objective Control Activity COSO Category Risk Current Process Testing Significance Reference Date
10—Additions to the PR-PR110—Significant Compliance, Because payroll master file data is It was informed by the Conduct an interview with the Payroll manager and review documentation regarding: (1)
payroll master files changes to the payroll master Operational used by multiple transactions, HR executive that the Policies, procedures, standards, and guidance related to the review and approval process
represent valid files are approved by unauthorized changes to this data super access to the for requests to change the payroll master files and reports of changes to the payroll
employees. management. present a greater risk than errors in payroll software Ascent master files. Scan printouts or reports from the human resources or payroll system that
inputting transaction data. This is true Payroll is available to detail the current status of employee payroll data. Review forms or other documentation
because (1) any unauthorized Ass. Manager finance used to evidence approvals of change requests.
modification, deletion, or corruption of
master file data is likely to have a
widespread or continuous effect; and
(2) elements of the payroll master files
tend to be sensitive and are normally
confidential (e.g., salary/pay rates,
medical history).

PR-PR115—Payroll master file Compliance, Over time, infrequently used payroll The payroll master are Conduct an interview with the Payroll manager and review: Policies, procedures,
data is periodically reviewed for Operational master file records may become updated or cahnged standards, and guidance relating to the periodic review of payroll master file data
accuracy and ongoing inaccurate, due to changes in facts only after the appriasls. including comparison to information in personnel files. Review of procedures for
pertinence. external to the payroll system. In case of the 1)updating payroll master file data, and 2) correcting identified errors or omissions in the
employees whose payroll master files. Review procedures for archiving "inactive" payroll file records.
appriasls had been
done, the revised
contents of the CTC
were compared with
the Master Records in
Ascent Payroll

PR-PR120—Departmental Compliance, Departmental transfers can often be There were no Conduct an interview with the Payroll manager regarding: (1) Policies, standards, and
managers periodically review Operational mishandled, and although an departmental transfers. procedures used to periodically assess the continued validity of the employee master files
listings of current employees employee is correctly classified as This was ensured or database, including system-generated reports used in performing such reviews.
within their departments and "active" and his or her pay calculated thorugh discussion with Review the documentation related to: (a) Standards and procedures related to the
notify the personnel correctly, the department or function the HR executive & periodic review of employee status by various department managers or supervisors (b)
department of necessary may not be correct. Such a Ass. Manager Finance. New hire, termination, or transfer documents (c) Report on the current status of
changes. misstatement could affect any employees (d) Documentation from the personnel department detailing changes in
budgets, costs, or revenues allocated employee status.
by department headcount.

Page 2
PROCESS: Payroll & Personnel

SUB-PROCESS: Hiring Personnel

Understanding of Work Paper Done by,

Control Objective Control Activity COSO Category Risk Current Process Testing Significance Reference Date
PR-PR159—Recorded Standing employee data is often The Master records are Conduct an interview with the Payroll manager and review documentation regarding:
changes to the payroll master updated, not by the payroll updated by the Ass. Policies, procedures, standards, and methods related to approval of payroll master file
files are compared to department, but by the human Manager Finance . Also changes, Individuals authorized to sign payroll master file update forms, including
authorized source documents resources or personnel department. responsible for the documentation used to evidence approvals to changes in the payroll master file data.
to ensure that they were input Such data is typically confidential payroll processing. The Review reports of changes to the payroll master files, including documentation from the
accurately. (e.g., salary, health care provisions, details related to the personnel department detailing current status of each employee in the payroll master file.
investment options) and must be employees are
adequately safeguarded. maintained in their
personal files. These
files are kept under lock
and key with the HR
executive.

15—All new employees PR-PR140—Variations Compliance, The reconciliation of the payroll The attendance records Conduct an interview with the Payroll manager and review documentation related to:
are added to the payroll between payroll master files Operational master files to the time recording are mainatined in Time Policies, procedures, standards, and methods used to reconcile the payroll master files to
master files. and time recording system are system on a periodic basis helps to Tronix and hence no the time recording system, including exception/error handling procedures in a timely
investigated and appropriate ensure that both systems are such reconciliations are manner. Review listing of individuals with access to system-based reconciliation
action taken if necessary. consistent and that only current done. functions, authorized and consistent with each user's job function.
employees are being remunerated.
Inconsistencies between the payroll
master files and the time recording
system could result in: - Current
employees not being paid timely
(presuming the time recording system
provides detail for payroll payment
processing) - Invalid employees
being recorded in either system and
receiving payments.

Page 3
PROCESS: Payroll & Personnel

SUB-PROCESS: Hiring Personnel

Understanding of Work Paper Done by,

Control Objective Control Activity COSO Category Risk Current Process Testing Significance Reference Date
PR-PR160—Requests to Compliance, If payroll master file data changes are The changes to the Conduct an interview with the Payroll manager and review documentation regarding:
change the payroll master file Operational not processed timely, management master records are Policies and procedures to change the payroll master file data change requests, including
data are logged; the log is analysis based on statistical trends done when the details recorded in system generated payroll master file data change logs. Review system
reviewed to ensure that all may be inaccurate. Generally, this will apprisals take place functions used to record and approve payroll master file data change requests.
requested changes are be of consequence only when the and in case of the tax Documentary evidence of managerial / supervisory review performed of logs generated to
processed timely. payroll master file data change is details on receipt of the ensure that master file data changes are input timely. Review the average time between
widespread (e.g., a change in tax rate notifications. This was receipt of payroll master file data change requests and input of changes, including
for employees with earnings greater ensured by comparig procedures for investigating anomalies identified or inability to meet standard input time
than a given amount). thr revised CTC with spans.
the master records and
in case of the taxes the
configuration

PR-PR161—Requests to Compliance, Sequential numbering of payroll There is no such Conduct an interview with the Payroll manager regarding: Methods used to assign
change the payroll master file Operational master file change requests helps to system of maintenace sequential numbers to payroll master file change requests and to enter such numbers into
data are submitted on ensure that all change requests have of pre numbered forms the application system, including procedures used to restrict access to and use of
prenumbered forms; the been processed and that each for the purpose of prenumbered payroll master file change requests. Review procedures used to account for
numerical sequence of such transaction is processed only once. A making changes to the the sequence of such numbers and to identify missing or duplicate payroll master file
forms is accounted for to break in the sequence may indicate master records. change requests. Review the documentation related to: Payroll master file change
ensure that all requested that a payroll master file change requests, Sequential numbering reports (e.g., reports of sequences used and/or voided,
changes are processed timely. request was not processed or was reports of potential missing or duplicate request numbers), Functional specifications for
canceled. the sequential numbering programs and related edit and validation and/or reporting
routines, Results of testing sequential numbering programs and related edit and validation
and/or reporting routines, both prior to implementation and in connection with any
subsequent modifications to the system, Printouts of user access profiles or tables that
detail access rights granted to users who have access to automated processes that
facilitate management follow-up regarding exception items.

Page 4
PROCESS: Payroll & Personnel

SUB-PROCESS: Terminating Personnel

Understanding of Work Paper Done by,

Control Objective Control Activity COSO Category Risk Current Process Testing Significance Reference Date
20—Terminated PR-PR115—Payroll Compliance, Over time, infrequently used payroll This was verified by Conduct an interview with the Payroll manager and review
employees are removed master file data is Operational master file records may become checking in the documentation regarding: (1) Policies, procedures,
from the payroll master periodically reviewed for inaccurate, due to changes in facts Ascent Payroll standards, and guidance related to the review and approval
files. accuracy and ongoing external to the payroll system. software that the process for requests to change the payroll master files and
pertinence. names of reports of changes to the payroll master files. Scan printouts
terminated or reports from the human resources or payroll system that
employees are detail the current status of employee payroll data. Review
blocked but not forms or other documentation used to evidence approvals of
removed and this is change requests.
blocked at the end
of month.

PR-PR120— Compliance, Departmental transfers can often There are no Conduct an interview with the Payroll manager regarding: (1)
Departmental managers Operational be mishandled, and although an departmental Policies, standards, and procedures used to periodically
periodically review employee is correctly classified as transfers assess the continued validity of the employee master files or
listings of current "active" and his or her pay database, including system-generated reports used in
employees within their calculated correctly, the performing such reviews. Review the documentation related
departments and notify department or function may not be to: (a) Standards and procedures related to the periodic
the personnel correct. Such a misstatement could review of employee status by various department managers
department of necessary affect any budgets, costs, or or supervisors (b) New hire, termination, or transfer
changes. revenues allocated by department documents (c) Report on the current status of employees (d)
headcount. Documentation from the personnel department detailing
changes in employee status.

Page 5
PROCESS: Payroll & Personnel

SUB-PROCESS: Terminating Personnel

Understanding of Work Paper Done by,

Control Objective Control Activity COSO Category Risk Current Process Testing Significance Reference Date
PR-PR140—Variations Compliance, The reconciliation of the payroll As the attendance Conduct an interview with the Payroll manager and review
between payroll master Operational master files to the time recording records are in Time documentation related to: Policies, procedures, standards,
files and time recording system on a periodic basis helps to TRONIX , and HR and methods used to reconcile the payroll master files to the
system are investigated ensure that both systems are department gives time recording system, including exception/error handling
and appropriate action consistent and that only current attendance sheet procedures in a timely manner. Review listing of individuals
taken if necessary. employees are being remunerated. manually to payroll with access to system-based reconciliation functions,
Inconsistencies between the processing authorized and consistent with each user's job function.
payroll master files and the time department so that
recording system could result in: such reconcilitions
- Current employees not being are carried out at
paid timely (presuming the time the end of the
recording system provides detail month.
for payroll payment processing)
- Invalid employees being
recorded in either system and
receiving payments.

PR-PR160—Requests to Compliance, If payroll master file data changes The changes to the Conduct an interview with the Payroll manager and review
change the payroll Operational are not processed timely, master records are documentation regarding: Policies and procedures to change
master file data are management analysis based on at the end of the the payroll master file data change requests, including details
logged; the log is statistical trends may be month and not on recorded in system generated payroll master file data
reviewed to ensure that inaccurate. Generally, this will be of the basis of the change logs. Review system functions used to record and
all requested changes consequence only when the payroll resignation letter approve payroll master file data change requests.
are processed timely. master file data change is and the date of Documentary evidence of managerial / supervisory review
widespread (e.g., a change in tax leaving. The proper performed of logs generated to ensure that master file data
rate for employees with earnings updation of the changes are input timely. Review the average time between
greater than a given amount). software was receipt of payroll master file data change requests and input
checked by of changes, including procedures for investigating anomalies
compring the identified or inability to meet standard input time spans.
details in the
personal file with
that masters.

Page 6
PROCESS: Payroll & Personnel

SUB-PROCESS: Terminating Personnel

Understanding of Work Paper Done by,

Control Objective Control Activity COSO Category Risk Current Process Testing Significance Reference Date
PR-PR161—Requests to Compliance, Sequential numbering of payroll There is no such Conduct an interview with the Payroll manager regarding:
change the payroll Operational master file change requests helps system of Methods used to assign sequential numbers to payroll
master file data are to ensure that all change requests maintenace of pre master file change requests and to enter such numbers into
submitted on have been processed and that numbered forms for the application system, including procedures used to restrict
prenumbered forms; the each transaction is processed only the purpose of access to and use of prenumbered payroll master file change
numerical sequence of once. A break in the sequence making changes to requests. Review procedures used to account for the
such forms is accounted may indicate that a payroll master the master records. sequence of such numbers and to identify missing or
for to ensure that all file change request was not duplicate payroll master file change requests. Review the
requested changes are processed or was canceled. documentation related to: Payroll master file change
processed timely. requests, Sequential numbering reports (e.g., reports of
sequences used and/or voided, reports of potential missing
or duplicate request numbers), Functional specifications for
the sequential numbering programs and related edit and
validation and/or reporting routines, Results of testing
sequential numbering programs and related edit and
validation and/or reporting routines, both prior to
implementation and in connection with any subsequent
modifications to the system, Printouts of user access profiles
or tables that detail access rights granted to users who have
access to automated processes that facilitate management
follow-up regarding exception items, or the ability to modify a
request's sequential number after it has been assigned.

Page 7
PROCESS: Payroll & Personnel

SUB-PROCESS: Terminating Personnel

Understanding of Work Paper Done by,

Control Objective Control Activity COSO Category Risk Current Process Testing Significance Reference Date
25—Employees are only PR-PR135—Compliance Compliance, Laws and regulations related to No such case Conduct an interview with the payroll manager and review
terminated within with employee Operational terminating employees may exist at documentation related to : Policies, procedures, standards,
statutory and union termination policies and the federal, state, and/or local and guidance related to employee terminations, and their
requirements. procedures, including level, and may be specific to a deactiviation/removal from the payroll master file. Scan
compliance with statutory particular industry. In addition, documentary evidence that all employee terminations
regulation and union certain groups of employees may processed are valid. Review the communication processes
requirements, is be subject to collective bargaining between the following departments: personnel or human
monitored by agreements that specify resources, payroll, and the department(s) to which the
management. procedures for terminating member employee reports. Review monitoring mechanisms used to
employees. If employee ensure that all statutory and/or union procedures, including
terminations do not comply with documentation requirements are being met.
statutory regulations, fines may be
imposed by the government,
resulting in losses to the
organization. For violations of
union requirements, former
employees and the union to which
they belong may sue the
organization. Alternatively, the
union may go on strike. To provide
effective control, policies,
procedures, standards, and
guidance need to be followed
consistently.

Page 8
PROCESS: Payroll & Personnel

SUB-PROCESS: Recording Time

Control Control Understanding Work Paper

Objective Activity COSO Category Risk Current Process Testing Significance Reference
05—Time and PR-PR125— Compliance, While there are variations on the use and application of clock cards, the underlying control in the independent The attedance Conduct an interview with the Production manager and review
attendance data Hourly Operational, recording of hours worked remains common. The clocking process identifies the hours during which each employee sheet was seen. documentation related to: Policies and procedures for authorizing or
recorded reflects employees Financial is present at work. These hours are typically reviewed or authorized by a production shift manager before being In the production approving clock cards, Procedures for the collection and input of time-
actual time record time released to the time recording and payroll systems to ensure that the time indicated on the clock card is an accurate department In related information from production employees into the time recording
worked and is worked using a reflection of the work done. that it was seen system, The extent to which clock cards are used to record time
authorized. time clock; that the in time worked by production labor, and Individuals who have the responsibility
employee time and out time is or capability to authorize time charges on behalf of production
cards are not recorded employees. Review policies and procedures to ensure that all clock
approved by cards have been appropriately authorized before the corresponding
management. payment is made in the following payroll cycle. Review the
documentation related to: Clock card authorization policies,
procedures, standards, and guidance, Documentary evidence of time
charge authorizations (e.g., signatures on clock cards), List of
individuals authorized to approve production time records and any
limitations on their approval authority, and Exception and/or monitoring
reports of time charges and/or overtime requiring explicit management
and or override.

PR-PR126— Overtime is normally controlled at two stages: - Prior to the performance of overtime (i.e., the authorization given to There is no way Conduct an interview with the Financial Director and review
Overtime hours an employee to work overtime) - Subsequent to the performance of overtime Subsequent authorization should be of capturing the documentation related to: Policies, procedures, standards, and
worked and made as soon as possible after the date on which the overtime was incurred, but, in any event, before the payment of overtime . guidance regarding authorization of overtime for salaried staff,
payments for overtime. This ensures that management has adequate opportunity to amend or revoke an overtime claim before including Individuals with the authority to approve overtime hours.
such overtime payment is made to the employee. Payment for the overtime may be seen as the organization's implicit authorization Methods for recording time worked for salaried staff and the manner in
are authorized of the overtime claim and, as a result, may subsequently be difficult to recover or amend. Authorization of overtime is which overtime is calculated and recorded, including procedures for the
by normally the responsibility of line management, because they are most familiar with the their staff and the work being subsequent validation of overtime hours claimed by salaried staff.
management performed. Authorization is not normally obtained from the payroll manager. Most payroll systems have the ability to Review established procedures for dealing with exceptions such as
for all salaried perform some limited amount of overtime authorization within certain pre-determined limits. For example, overtime of unauthorized overtime worked, or the ability to modify overtime hours
employees who less than five hours a week may be authorized automatically, whereas overtime claims of more than five hours a worked. Also interview the Payroll manager regarding: Procedures for
are paid for week may be placed in suspense. ensuring that all overtime worked by salaried staff has been
overtime. appropriately authorized before being paid to the employee, and
procedures for identification and payment of overtime to salaried staff,
overtime claim forms, time sheets or time charge forms, salary payroll
reports (including analyses of overtime charges), and functional
program specification on edit and validation routines used in
authorizing overtime.

Page 9
PROCESS: Payroll & Personnel

SUB-PROCESS: Recording Time

Control Control Understanding Work Paper

Objective Activity COSO Category Risk Current Process Testing Significance Reference
PR-PR127— Salary or wage payments to employees and the accounting for payroll-related transactions normally take place close No such cases Conduct an interview with the Payroll manager and review
Time recording to the end of the accounting period. As a result, exceptions or processing errors should be identified and corrected observed documentation regarding: Procedures used to identify and resolve
and attendance timely. Exceptions or processing errors that are not resolved timely could result in the incorrect payment of salaries exception items (e.g., missing timesheets, employees who leave the
exceptions and wages and incorrect accounting for the period. organization in the middle of an accounting period, hours worked in
based on excess of a predetermined limit), Procedures to ensure the timely
expectations resolution of exception items, Reports, forms, or other documentation
established by used in identifying and resolving exception items. Review the
management documentation related to: Policies, procedures, standards, and
are identified guidance related to identifying and resolving exception items in the
monitored and production of the payroll, Payroll reconciliations (e.g., general ledger to
corrected. payroll, payment summary to summation of net pay), Payroll exception
reports, error logs, and Payroll application functional specification or
design documentation.

PR-PR128— Because the production of the payroll often represents one of the largest periodic disbursements made by the salary Conduct an interview with the Financial Manager and review
Salary and organization, it is customary to have it reviewed and approved by senior financial management. In performing this reconcilitions are documentation related to: The nature of payroll-related reports
hourly payroll review, management typically reviews the reconciliations performed as part of the production of the payroll, as well prepared by them reviewed, including the application systems from which these reports
reports as certain key payroll reports at the end of are produced and the timing of their preparation, use of the reports by
(including month but hourly management, including key relationships that are monitored and any
compensation rconciliation of independent data sources that are compared to the system-generated
and withholding time is not carried reports (e.g., personnel reports, averages per employee, sales reports
information) out. used to calculate commission payments). Review examples of
are reviewed differences identified and how such items were resolved by
and approved management. Review documentation related to: Relevant payroll
by reports related to new or terminated employees, changes in pay or
management deduction rates, deduction analysis, net pay analysis, and payment
prior to analysis. Review reports describing results of the review/approval and
disbursement. any follow-up actions taken. Review functional specifications for
programs used to prepare payroll and related accounting entries
reports.

Page 10
PROCESS: Payroll & Personnel

SUB-PROCESS: Recording Time

Control Control Understanding Work Paper

Objective Activity COSO Category Risk Current Process Testing Significance Reference
15—All time PR-PR139—All Audit Inquiries from employees regarding payroll calculations and disbursements may arise for a variety of reasons. Any No queries had Conduct an interview with the Payroll manager regarding: Policies,
worked is input. payroll queries such queries should be followed up by personnel independent of the payroll preparation and disbursement process been raised procedures, standards, and guidance relating to the reconciliation of
are followed up to ensure: - Appropriate segregation of duties exist between preparation, disbursement, and human resources (or during the period time cards to payroll reports. Review reconciliation procedures
by persons personnel management); thus, the potential for concealment of fraud is minimized. of audit. including supporting documentation used in the reconciliation process.
independent of However, on Assess the reasonableness of reconciliation timing and types of
the payroll discusion with the reconciling items typically identified. Identify procedures used to follow
preparation HR executive we up on reconciling items, including authorization of any adjustments and
and were informed use of automated processes to follow up on reconciling items. Analyze
disbursement that in case if any problems encountered during the period of our engagement and
process. queries arise, the procedures to monitor both timely completion of reconciliations and
same are solved timely resolution of reconciling items. Also interview the Security
by the HR administrator and review: User access profiles for individuals
executive. performing reconciliations, User access profiles for individuals able to
authorize data changes as a result of the reconciliation, Availability of
system-generated reports documenting the above.

PR-PR141— Reconciling time recorded on clock cards to payroll reports helps to provide assurance that all time has been input Attendance Conduct an interview with the Payroll manager regarding: Policies,
Time reported accurately. Most waged (i.e., hourly) employees are paid based on hours worked. Consequently, it is important to record is through procedures, standards, and guidance relating to the reconciliation of
by employees ensure that time recorded is accurate; otherwise, subsequent processing will produce erroneous results. This could bimatric machine time cards to payroll reports. Review reconciliation procedures
is reconciled result in employee dissatisfaction or financial misstatement. and its linkage including supporting documentation used in the reconciliation process.
regularly with software and Assess the reasonableness of reconciliation timing and types of
between clock software records reconciling items typically identified. Identify procedures used to follow
cards/timeshee in time and out up on reconciling items, including authorization of any adjustments and
ts and payroll time . use of automated processes to follow up on reconciling items. Analyze
reports. problems encountered during the period of our engagement and
procedures to monitor both timely completion of reconciliations and
timely resolution of reconciling items. Also interview the Security
administrator and review: User access profiles for individuals
performing reconciliations, User access profiles for individuals able to
authorize data changes as a result of the reconciliation, Availability of
system-generated reports documenting the above.

Page 11
PROCESS: Payroll & Personnel

SUB-PROCESS: Recording Time

Control Control Understanding Work Paper

Objective Activity COSO Category Risk Current Process Testing Significance Reference
PR-PR170— Audit Time card batch balancing procedures help to ensure the completeness and accuracy of data capture by comparing Attendance Conduct an interview with the payroll manager and review
Time cards are a system-generated total of time worked per the time cards to a manually calculated total of such transactions. record is documentation related to: Policies, procedures, standards, and
batched for maintained guidance manuals regarding time card batch balancing, Time card
data entry and through bimatric batch preparation procedures, including fields for which batch totals
batch input machine are calculated, and Time card batch balancing procedures, including
data (hash recording time in review of automated balancing procedures. Review procedures for
totals) is and out is correcting out-of-balance time card batches, including reports used in
balanced, out- recorded with the the process. Identify personnel with the ability to override time card
of-balance help of software batch balancing requirements and allow out-of-balance time card
batches are batches to be processed. Identify circumstances in which use of such
corrected overrides would be appropriate. Review the documentation related to:
promptly. Policies, procedures, standards, and guidance that detail the time card
batch controls and procedures, Time card batch header documents
and time card batch balancing reports (e.g., batch total reports, reports
of out-of-balance batches). Review time card batch control logs that
detail the batches used and the processing status of each batch.

20—Time worked PR-PR136— Payroll input and validation edits are controls that prevent the entry of erroneous data. Inadequate controls in this Only 1 person is Conduct an interview with the Payroll manager related to: Policies and
is accurately Payroll input area could result in delays in payroll processing or in the production of erroneous output upon which management authorized to procedures used to correct payroll input edit errors, including use of
input and data is edited decisions are based. access the any edit error overrides. Review the documentation related to: Policies,
processed. and validated; payroll software procedures, standards, and guidance for correcting payroll data edit
identified errors and validation errors, including use of any overrides. Review output
are corrected reports produced by payroll edit and validation routines. Obtain list of
promptly. individuals authorized to correct payroll edit and validation errors
and/or override such edit and validation routines. Scan printouts of
user access profiles or tables that detail access rights granted to users
who are responsible for correcting payroll edit and validation errors, or
able to override such edit and validation routines. Scan user manuals,
infobases, or printouts of on-line help screens describing transactions
and allowable input into transaction fields. Review screen dumps of
error messages or other messages produced during the data entry
process, including relevant data validation rules.

Page 12
PROCESS: Payroll & Personnel

SUB-PROCESS: Recording Time

Control Control Understanding Work Paper

Objective Activity COSO Category Risk Current Process Testing Significance Reference
25—Time worked PR-PR138— Audit A schedule of activities performed as part of the payroll processing cycle is often essential for ensuring that: - All Such Process not Conduct an interview with the Payroll manager and review
is processed Compliance payroll processing activities are performed - Payroll processing activities are performed in the correct order - Payroll shown to us documentation related to: Policies, procedures, standards, and
timely. with the payroll processing activities are performed timely. methods related to preparation and monitoring of payroll processing
disbursement schedules. Review system functionality available to automate the
processing processing schedule, including employees who have access to
schedule is automated scheduling features. Review printout of user access profiles
monitored by or tables that detail access rights granted to users who have access to
management. any programmed features to authorize changes to the automated
schedule. Review the functional specifications for payroll process
scheduling program, including system test results both prior to
implementation and in connection with any subsequent modifications of
the system.

Page 13
Done by,
Date

Page 14
Done by,
Date

Page 15
Done by,
Date

Page 16
Done by,
Date

Page 17
Done by,
Date

Page 18
PROCESS: Payroll & Personnel

SUB-PROCESS: Calculating Payroll

Understa Work
Control COSO nding of Paper Done
Objectiv Control Categ Current Signific Referen by,
e Activity ory Risk Process Testing ance ce Date
10— PR- Finan A schedule of The Conduct an interview with the Payroll manager and
Payroll is PR138— cial activities performed master review documentation related to: Policies,
recorded Complian as part of the payroll access has procedures, standards, and methods related to
in the ce with processing cycle is been preparation and monitoring of payroll processing
appropria the often essential for granted to schedules. Review system functionality available to
te period. payroll ensuring that: - All only one automate the processing schedule, including
disburse payroll processing employee employees who have access to automated scheduling
ment activities are for the features. Review printout of user access profiles or
processin performed - Payroll purpose of tables that detail access rights granted to users who
g processing activities payroll have access to any programmed features to
schedule are performed in the processing authorize changes to the automated schedule.
is correct order - Payroll . Review the functional specifications for payroll
monitore processing activities process scheduling program, including system test
d by are performed timely. results both prior to implementation and in
manage connection with any subsequent modifications of the
ment. system.

Page 19
PROCESS: Payroll & Personnel

SUB-PROCESS: Calculating Payroll

Understa Work
Control COSO nding of Paper Done
Objectiv Control Categ Current Signific Referen by,
e Activity ory Risk Process Testing ance ce Date
PR- Payroll cutoff The salary Interview the Payroll manager regarding: Policies,
PR144— procedures are has been procedures, standards, and guidance regarding
Payroll designed to ensure recorded payroll cutoffs, including established dates and/or
transacti that payroll on timing, Communication of accounting period and
ons at, transactions are time.The payroll cutoff dates, including types of transactions
before, or completely and same was for which cutoff is a concern (e.g., taxation
after the consistently recorded ensured by transactions, bonus calculations). Review procedures
end of an in the appropriate checking designed to ensure a consistent cutoff. Review
accountin accounting period. If in the procedures for processing transactions related to a
g period transactions are not accounting prior/future accounting period, including any
are recorded in the software. restrictions on the use or execution of any
scrutinize correct period, a transactions or programs that can override
d and/or material misstatement established cutoffs. Also Interview the Application
reconcile could occur in the Programming Manager regarding: Communication of
d to financial statements. accounting and payroll cutoff dates and/or timing,
ensure However, most Programmed processes that ensure that transactions
complete unusual transactions, are recorded completely in the appropriate
and such as bonus accounting period. We may request the following
consisten calculations and year- types of documentation in performing tests of control
t end taxation accruals, for this control activity, as described above.
recording are of higher risk and
in the are subject to manual
appropria controls.
te
accountin
g period.
Page 20
PROCESS: Payroll & Personnel

SUB-PROCESS: Calculating Payroll

Understa Work
Control COSO nding of Paper Done
Objectiv Control Categ Current Signific Referen by,
e Activity ory Risk Process Testing ance ce Date
20— PR- Finan Overtime is normally No Conduct an interview with the Financial Director and
Payroll PR126— cial controlled at two overtime review documentation related to: Policies,
(including Overtime stages: - Prior to the calculation procedures, standards, and guidance regarding
compensa hours performance of is possible. authorization of overtime for salaried staff, including
tion and worked overtime. Subsequent Individuals with the authority to approve overtime
withholdin and to the performance of hours. Methods for recording time worked for salaried
gs) is payments overtime. Subsequent staff and the manner in which overtime is calculated
accuratel for such authorization should and recorded, including procedures for the
y overtime be made as soon as subsequent validation of overtime hours claimed by
calculated are possible after the date salaried staff. Review established procedures for
and authorize on which the overtime dealing with exceptions such as unauthorized
recorded. d by was incurred, but, in overtime worked, or the ability to modify overtime
manage any event, before the hours worked. Also interview the Payroll manager
ment for payment of overtime. regarding: Procedures for ensuring that all overtime
all This ensures that worked by salaried staff has been appropriately
salaried management has authorized before being paid to the employee, and
employee adequate opportunity procedures for identification and payment of
s who are to amend or revoke an overtime to salaried staff.
paid for overtime claim before
overtime. payment is made to
the employee.
Payment for the
overtime may be seen
as the organization's
implicit authorization
of the overtime claim
and, as a result, may
Page 21
subsequently be
difficult to recover or
amend. Authorization
PROCESS: Payroll & Personnel

SUB-PROCESS: Calculating Payroll

Understa Work
Control COSO nding of Paper Done
Objectiv Control Categ Current Signific Referen by,
e Activity ory Risk Process Testing ance ce Date
PR- Finan Because the It was Conduct an interview with the Financial Manager and
PR128— cial production of the informed review documentation related to: The nature of
Salary payroll often to us that payroll-related reports reviewed, including the
and represents one of the reviewe is application systems from which these reports are
hourly largest periodic not taken . produced and the timing of their preparation, use of
payroll disbursements made But proper the reports by management, including key
reports by the organization, it check is relationships that are monitored and any
(including is customary to have observed independent data sources that are compared to the
compens it reviewed and by Finance system-generated reports (e.g., personnel reports,
ation and approved by senior Controler , averages per employee, sales reports used to
withholdi financial COO, & GM calculate commission payments). Review examples of
ng management. In differences identified and how such items were
informati performing this resolved by management. Review documentation
on) are review, management related to: Relevant payroll reports related to new or
reviewed typically reviews the terminated employees, changes in pay or deduction
and reconciliations rates, deduction analysis, net pay analysis, and
approved performed as part of payment analysis. Review reports describing results
by the production of the of the review/approval and any follow-up actions
manage payroll, as well as taken. Review functional specifications for programs
ment certain key payroll used to prepare payroll and related accounting
prior to reports entries reports.
disburse
ment.

Page 22
PROCESS: Payroll & Personnel

SUB-PROCESS: Disbursing Payroll

Understa Work
COSO nding of Paper Done
Control Control Categor Current Signific Referen by,
Objective Activity y Risk Process Testing ance ce Date
05—Payroll PR-PR126— Operati Overtime is normally Overtime Conduct an interview with the
disbursement Overtime onal controlled at two stages: - cannot be Financial Director and review
s and hours worked Prior to the performance of calculated. documentation related to:
recorded and payments overtime (i.e., the Policies, procedures, standards,
payroll for such authorization given to an and guidance regarding
expenses overtime are employee to work overtime) authorization of overtime for
relate to authorized by - Subsequent to the salaried staff, including
actual time management performance of overtime Individuals with the authority to
worked. for all salaried (i.e., the subsequent approve overtime hours. Methods
employees validation and approval by for recording time worked for
who are paid management of the hours of salaried staff and the manner in
for overtime. overtime charged to the which overtime is calculated and
payroll). Subsequent recorded, including procedures
authorization should be for the subsequent validation of
made as soon as possible overtime hours claimed by
after the date on which the salaried staff. Review established
overtime was incurred, but, procedures for dealing with
in any event, before the exceptions such as unauthorized
payment of overtime. This overtime worked, or the ability to
ensures that management modify overtime hours worked.
has adequate opportunity to Also interview the Payroll
amend or revoke an manager regarding: Procedures
overtime claim before for ensuring that all overtime
payment is made to the worked by salaried staff has been
employee. Payment for the appropriately authorized before

Page 23
PROCESS: Payroll & Personnel

SUB-PROCESS: Disbursing Payroll

Understa Work
COSO nding of Paper Done
Control Control Categor Current Signific Referen by,
Objective Activity y Risk Process Testing ance ce Date
PR-PR128— Operati Because the production of YES Done Conduct an interview with the
Salary and onal the payroll often represents Financial Manager and review
hourly payroll one of the largest periodic documentation related to: The
reports disbursements made by the nature of payroll-related reports
(including organization, it is customary reviewed, including the
compensation to have it reviewed and application systems from which
and approved by senior financial these reports are produced and
withholding management. In performing the timing of their preparation,
information) this review, management use of the reports by
are reviewed typically reviews the management, including key
and approved reconciliations performed as relationships that are monitored
by part of the production of the and any independent data
management payroll, as well as certain sources that are compared to the
prior to key payroll reports system-generated reports (e.g.,
disbursement. personnel reports, averages per
employee, sales reports used to
calculate commission payments).
Review examples of differences
identified and how such items
were resolved by management.
Review documentation related to:
Relevant payroll reports related
to new or terminated employees,
changes in pay or deduction
rates, deduction analysis, net pay

Page 24
PROCESS: Payroll & Personnel

SUB-PROCESS: Disbursing Payroll

Understa Work
COSO nding of Paper Done
Control Control Categor Current Signific Referen by,
Objective Activity y Risk Process Testing ance ce Date
PR-PR141— Operati Reconciling time recorded reconciliati Conduct an interview with the
Time reported onal on clock cards to payroll on is Payroll manager regarding:
by employees reports helps to provide carried out Policies, procedures, standards,
is reconciled assurance that all time has for and guidance relating to the
regularly been input accurately. Most attentance reconciliation of time cards to
between clock waged (i.e., hourly) of payroll reports. Review
cards/timeshe employees are paid based employees reconciliation procedures
ets and on hours worked. but at the including supporting
payroll Consequently, it is end of documentation used in the
reports. important to ensure that every reconciliation process. Assess the
time recorded is accurate; month. reasonableness of reconciliation
otherwise, subsequent timing and types of reconciling
processing will produce items typically identified. Identify
erroneous results. This procedures used to follow up on
could result in employee reconciling items, including
dissatisfaction or financial authorization of any adjustments
misstatement. and use of automated processes
to follow up on reconciling items.
Analyze problems encountered
during the period of our
engagement and procedures to
monitor both timely completion of
reconciliations and timely
resolution of reconciling items.
Also interview the Security

Page 25
PROCESS: Payroll & Personnel

SUB-PROCESS: Disbursing Payroll

Understa Work
COSO nding of Paper Done
Control Control Categor Current Signific Referen by,
Objective Activity y Risk Process Testing ance ce Date
10—Payroll is PR-PR104— Operati The bank transfer tape No Interview the Application owner,
disbursed to Access to the onal records the amounts to be electronic the security administrator, and/or
appropriate payroll bank paid to each employee and transfer the application programmer
employees. transfer tape is utilized by the bank to done from regarding: The information
is restricted process the electronic the security policy, architecture, and
to authorized transfer of employee Compnay methods used to restrict access
personnel. payments. Access to the premises. to the application system and to
bank transfer tape must, The hard specific functions and data within
therefore, be restricted to copy of the that system that may affect the
ensure that employee list as well bank transfer files. Analyze
payments cannot be as cheque relationship between systems
manipulated. In addition to is sent to software and application-level
considering the logical the ICICI & access control facilities, including
security features of the Axis Bank . methods for determining the level
payroll application, it may Also soft of access to be granted to a
also be necessary to copy with specific user and for both
evaluate physical security the letters approving and granting such
features, particularly if the sent to access. Scan documentation
information is transferred ICICI & evidencing access approvals.
via a physical tape. Axis Bank Procedures for modifying user
through access authorizations and
Email. monitoring access violations,
especially to sensitive application
functions. Review physical
security over tapes produced that

Page 26
PROCESS: Payroll & Personnel

SUB-PROCESS: Disbursing Payroll

Understa Work
COSO nding of Paper Done
Control Control Categor Current Signific Referen by,
Objective Activity y Risk Process Testing ance ce Date
PR-PR139— Operati Inquiries from employees No queries Conduct an interview with the
All payroll onal regarding payroll had been Payroll manager regarding:
queries are calculations and raised Policies, procedures, standards,
followed up disbursements may arise for during the and guidance relating to the
by persons a variety of reasons. Any period of reconciliation of time cards to
independent such queries should be audit. payroll reports. Review
of the payroll followed up by personnel However, reconciliation procedures
preparation independent of the payroll on including supporting
and preparation and discusion documentation used in the
disbursement disbursement process to with the reconciliation process. Assess the
process. ensure: - Appropriate HR reasonableness of reconciliation
segregation of duties exist executive timing and types of reconciling
between preparation, we were items typically identified. Identify
disbursement, and human informed procedures used to follow up on
resources (or personnel that in reconciling items, including
management); thus, the case if any authorization of any adjustments
potential for concealment of queries and use of automated processes
fraud is minimized. arise, the to follow up on reconciling items.
same are Analyze problems encountered
solved by during the period of our
the HR engagement and procedures to
executive. monitor both timely completion of
or Ass. reconciliations and timely
Manager resolution of reconciling items.
Finanace. Also interview the Security

Page 27
SUB-PROCESS: Maintaining Master Vendor File

Understa Work
Control COSO nding of Paper
Objectiv Control Catego Current Signific Referen
e Activity ry Risk Process Testing ance ce
05—Only PR- Compli The payroll master files are Done Interview the Payroll manager regarding: Policies,
valid PR100— ance normally made up of two properly. procedures, standards, and guidance related to the
changes The elements: Standing employee No allocation and review of access rights to the payroll
are made ability to data and Transactional discripanci master files, including monitoring access violations to
to the view, employee data.The payroll es found. the payroll master files. Identify procedures for
payroll modify, master files provide standing The same modifying payroll master file data, including forms
master or information that is used as a was and/or other documentation used to request/authorize
files. transfer reference by the payroll verified by such modifications. Obtain and review logical access
informati application to: Calculate checking rights of individuals with ability to update and delete
on employee pay and deductions, on sample payroll data. Review reports or system logs recording
contained Make payment to the employee basis the the allocation or modification of access rights to the
in the and deduction agencies, bodies, personal payroll master files and access violations to the payroll
payroll and ssociations in the correct files of the master files.
master manner and location, Make the employees
files is appropriate accounting entries with the
PR-
restricted Compli Because payroll
to the general master
ledger. file data Changes
The master Conduct an interview with the Payroll manager and
PR110—
to ance is used by multiple
payroll master files also contain recordscan be review documentation regarding: (1) Policies,
Significan
authorize transactions,
transaction filesunauthorized
including made only procedures, standards, and guidance related to the
td changes changes
current, month-to-date, quarter- by one
to this data present a review and approval process for requests to change the
to the
personnel greater
to-date, risk
andthan
othererrors in
historical person. payroll master files and reports of changes to the payroll
payroll
. inputting transaction
data for tax, accounting, data. This The Ascent master files. Scan printouts or reports from the human
master is true because
statutory, (1) any
and employee Payroll resources or payroll system that detail the current status
files are unauthorized modification,
entitlement reporting purposes. sotware is of employee payroll data. Review forms or other
approved deletion,
The payrollor corruption
master files ofare on an documentation used to evidence approvals of change
by master
sometimesfile data is likely
integrated to have
with the independe requests.
manage a widespread
personnel or continuous
master file, which nt
ment. effect; and
typically (2) elements
contains employee of the computer
Page 28
payroll
profiles,master files tend to be which is
qualifications,
sensitive
employment andhistory,
are normally
training, not on LAN
confidential (e.g., salary/pay
and health records. The payroll and hence
SUB-PROCESS: Maintaining Master Vendor File

Understa Work
Control COSO nding of Paper
Objectiv Control Catego Current Signific Referen
e Activity ry Risk Process Testing ance ce
PR- Compli Payroll master file data is The files Conduct an interview with the Payroll manager and
PR115— ance reviewed periodically as an are review: Policies, procedures, standards, and guidance
Payroll additional control to ensure that reviewed relating to the periodic review of payroll master file data
master edit, validation, and every 3 including comparison to information in personnel files.
file data authorization controls have months & Review of procedures for 1)updating payroll master file
is worked effectively throughout at the time data, and 2) correcting identified errors or omissions in
periodical the period under review. This of the payroll master files. Review procedures for archiving
ly control also ensures that the apprisals "inactive" payroll file records.
reviewed master file information remains or
for up-to-date and pertinent. Over separation.
accuracy time, infrequently used payroll The same
and master file records may was
ongoing become inaccurate, due to ensured by
pertinenc changes in facts external to the checking
e. payroll system. the Files
and the
master
data and
on
discussion
with the
HR

Page 29
SUB-PROCESS: Maintaining Master Vendor File

Understa Work
Control COSO nding of Paper
Objectiv Control Catego Current Signific Referen
e Activity ry Risk Process Testing ance ce
PR- Compli Departmental transfers can No Conduct an interview with the Payroll manager
PR120— ance often be mishandled, and departmen regarding: (1) Policies, standards, and procedures used
Departm although an employee is atl to periodically assess the continued validity of the
ental correctly classified as "active" transfers employee master files or database, including system-
manager and his or her pay calculated as generated reports used in performing such reviews.
s correctly, the department or informed Review the documentation related to: (a) Standards and
periodical function may not be correct. by the HR procedures related to the periodic review of employee
ly review Such a misstatement could Executive status by various department managers or supervisors
listings of affect any budgets, costs, or and form (b) New hire, termination, or transfer documents (c)
current revenues allocated by payroll Report on the current status of employees (d)
PR-
employee Compli Standing
departmentemployee data is
headcount. The
processing Conduct an interview
Documentation withpersonnel
from the the Payroll manager and
department detailing
PR159—
s within ance often updated, not by the personal
. review
changes documentation regarding: Policies, procedures,
in employee status.
Recorded
their payroll department, but by the files are standards, and methods related to approval of payroll
changes
departme human resources or personnel maintaine master file changes, Individuals authorized to sign
to the
nts and department. Such data is d under payroll master file update forms, including
payroll
notify the typically confidential (e.g., loack and documentation used to evidence approvals to changes in
master
personnel salary, health care provisions, key with the payroll master file data. Review reports of changes
files are
departme investment options) and must the HR to the payroll master files, including documentation from
compare
nt of be adequately safeguarded. executive. the personnel department detailing current status of
d to
necessar each employee in the payroll master file.
authorize
y
d source
changes.
documen
ts to
ensure
that they
were
input Page 30
accuratel
y.
SUB-PROCESS: Maintaining Master Vendor File

Understa Work
Control COSO nding of Paper
Objectiv Control Catego Current Signific Referen
e Activity ry Risk Process Testing ance ce
10—All PR- Compli If payroll master file data Changes Conduct an interview with the Payroll manager and
valid PR160— ance changes are not processed to master review documentation regarding: Policies and
changes Requests timely, management analysis file is only procedures to change the payroll master file data
to the to based on statistical trends may after change requests, including details recorded in system
payroll change be inaccurate. Generally, this receiving generated payroll master file data change logs. Review
master the will be of consequence only the hard system functions used to record and approve payroll
files are payroll when the payroll master file copy from master file data change requests. Documentary
input and master data change is widespread HR. evidence of managerial / supervisory review performed
processed file data (e.g., a change in tax rate for of logs generated to ensure that master file data
. are
PR- employees with earnings
Compli Sequential numbering of payroll no changes areinterview
Conduct an input timely.
withReview the average
the Payroll managertime
logged;
PR161— ance greater than
master file a given
change amount). prenumber between
requests regarding:receipt of payroll
Methods used tomaster
assignfile data change
sequential numbers
the log is
Requests requests and input of changes, including procedures
helps to ensure that all change ed forms to payroll master file change requests and to enter such for
reviewed
to requests have been processed are investigating
numbers into anomalies identified
the application or inability
system, includingto meet
to ensure
change and that each transaction is standard input time spans.
maintaine procedures used to restrict access to and use of
that
the all processed only once. A break d by the prenumbered payroll master file change requests.
requeste
payroll in the sequence may indicate company Review procedures used to account for the sequence of
d
master that a payroll master file such numbers and to identify missing or duplicate
changes
file data change request was not payroll master file change requests.
are
are processed or was canceled.
processe
submitte
d
d timely.
on
renumber
ed forms;
the
numerica
l
sequence Page 31
of such
forms is
SUB-PROCESS: Maintaining Master Vendor File

Understa Work
Control COSO nding of Paper
Objectiv Control Catego Current Signific Referen
e Activity ry Risk Process Testing ance ce
15— PR- Compli Data edit and validation Interview the Payroll manager regarding: Policies,
Changes PR162— ance routines help to prevent the procedures, standards, and guidance for correcting data
to the Payroll input of errors that would cause edit and validation errors relating to the payroll master
payroll master erroneous output. Due to the files, including use of any overrides, the nature of edit
master file data sensitive nature of information and validation routines, including the fields to which
files are is edited input into the payroll master such routines are applied, and procedures to correct edit
accurate. and files, it is essential that the data and validation errors and to ensure that such errors are
validated maintained about each corrected promptly. Identify procedures to require
; employee be as accurate as management approval of use of any overrides and
identified possible, particularly fields that individuals who are responsible for correcting edit and
errors are facilitate the correct calculation validation errors and have access to related programs
corrected and payment of wages and and transactions. Review the nature of edit and
promptly. salaries. Common types of validation routines, including the fields to which such
25— PR- Compli The reconciliation
payroll master file of theentry
data payroll No Conduct an interview
routines are withthe
applied, and theprogramming
Payroll manager logicand
of any
Payroll PR140— ance master files to the
edit and validation routinestime reconciliati review documentation related to: Policies, procedures,
validation routines or reasonableness checks, The points
master Variation recording
include thesystem on a- periodic on of time
following: standards,
in transactionandprocessing
methods used to reconcile
at which edit andthe payroll
validation
files data s basis helps to ensure
Appropriate field size (e.g., that both
for record is master files to the time recording system,
routines are performed, The specific software and including
remains between systems
employeeare consistent and that carried out
identification exception/error
computer systems handling procedures
that perform such in a timelywith
routines, manner.
pertinent. payroll only current employees type
numbers) - Appropriate are of . Review the functional specifications for the
consideration to data files, programs, and transactions
master being remunerated.
data (e.g., numeric vs. reconciliations
used in the processprogram. Reviewgenerated
and output listing of individuals
by the
files and Inconsistencies between the
alphabetic) - Appropriate digit with
routines, and Exceptions and error handlingfunctions,
access to system-based reconciliation procedures.
time payroll
checks master
on record files and the
identification authorized and consistent with each user's job function.
recording time
keys recording
(e.g., account system could -
numbers) Review the documentation related to: Policies,
system result in:
Consistency - Current
of data between procedures, standards, and guidance relating to the
are employees not being paid
fields (e.g., department number reconciliation of the payroll master files to the time
investigat timely (presuming
and employee grade match the time recording system. Review functional specifications for
ed and recording
established system
valuesprovides
for those the reconciliations program, including system test
appropria detail for payroll payment
fields) - Completion of all results,
Page 32 both prior to implementation and in connection
te action processing)
required input fields. - Invalid with any subsequent modifications of the system.
taken if employees being recorded in
SUB-PROCESS: Maintaining Master Vendor File

Understa Work
Control COSO nding of Paper
Objectiv Control Catego Current Signific Referen
e Activity ry Risk Process Testing ance ce
PR- Compli To maintain the integrity of the the access Interview the Payroll manager regarding: The
PR101— ance payroll withholding tax tables, the information security policy and architecture, including
Access to access to these tables should available methods used to restrict access to the application
the be restricted to authorized to one system and to specific functions and data within that
payroll personnel only. In addition to person system, The relationship between systems software and
withholdi considering security based at only. application-level access control facilities, Methods for
ng tables the application level, it may However determining the level of logical access granted to a
is also be necessary to evaluate through specific user and for both approving and granting such
restricted system-based controls that understan access, Documentation of access approvals including
to restrict direct editing of the ding methods for restricting the ability to modify a user's
authorize tables using database editing or between authorized access. Review procedures for modifying user
d
PR- Compli other
Changesutilities.
to key master files and them,
Changesthe access
Interviewauthorizations to reflectregarding:
the Payroll Manager changes in job
Policies,
personnel
PR111— ance tables, such as payroll changes
are madeto responsibilities (e.g., transfers,
procedures, standards, terminations)
and guidance and
related to for
approval
.changes withholding tables, should be the taxes
by only monitoring attempted access violations and access
of changes to payroll withholding table entries, includingto
to the approved prior to tables
Ass. will sensitive application
methods used functions.
to approve payroll withholding table
payroll implementation to maintain be done by
Manager changes and the extent to which such methods are
withholdi their integrity. Unauthorized the same computerized. Review software used to implement
Finance
ng tables changes to the payroll person
and it isi.e. computerized authorization techniques, including
are Ass.
withholding tables could result authorized documentation used in the approval process. Review the
approved in incorrect amounts being Manager
by the following documentation: Payroll withholding table and
by deducted from employees, Finanace security administration policies, procedures, standards,
Finance
manage requiring subsequent Controler and guidance, Payroll withholding table change approval
ment. adjustments. Such errors might as forms, Screen dumps confirming access denial, Printouts
also incur government informed. of user access profiles or tables that detail access rights
penalties. granted to those responsible for maintaining payroll
withholding tables, Exception and/or monitoring reports
of payroll
Page 33 withholding table access violations.
Done
by,
Date

Page 34
Done
by,
Date

Page 35
Done
by,
Date

Page 36
Done
by,
Date

Page 37
Done
by,
Date

Page 38
Done
by,
Date

Page 39