Payroll Internal Control Basics Mindy Harada OS Payroll Consulting firstname.lastname@example.org Areas of Discussion: Definition of Internal Control Separation of Duties Reconciliation Authorization and Approval Procedure Documentation Management Policy What is Internal Control? A process designed to provide reasonable assurance regarding the objectives in the following categories: effectiveness and efficiency of operations; compliance with applicable laws and regulations; and reliability of financial reporting. (CCH) A system of checks and balances applied within an organization to ensure the accuracy of its financial records and the security of its assets. (Payroll Source Book) Separation of Duties A job or process should not be performed by a single individual or department without the review of another individual or department. Creating the separation: Set the Policy Sr. Management Authorize Sr. Management Document Payroll Implement Payroll, Acctg, Treas. Verify Auditors/other dept. Separation of Duty examples Big Company HR keeps the employee data such as rate of pay, cost center, benefits Payroll handles timecard entry, OT and PTO Payroll cuts the checks, HR hands them out Treasury completes the bank recon Small Company Acctg dept completes the bank recon Dept heads check employee lists against employees who receive paychecks Store paychecks outside the payroll dept but keep the key in payroll Account Reconciliation Check the accuracy of recorded Payroll transactions Verify that debits and credits, journal entries and general ledger balance for each transaction Compare the amount of social security tax withheld and listed on the payroll register to the amount booked on the G/L Make sure checks issued by accounts payable have been posted to the right account Verify the end of the month balance agrees with payroll dept records. It is possible that taxes with held in one month did not have to be paid by the end of the month. Reconcile discrepancies at least monthly Bank Reconciliation Bank Reconciliation Automated reconciliation Made easier by: Direct deposit Automated bank recon Check sequence control software Check data file Positive pay Cancelled check file Be careful of manual Outstanding check file checks Unmatched check file Payroll IT Level controls Changes to applications, software and hardware are authorized, tested, approved, properly implemented and documented Physical access to computer equipment, storage media is restricted by authorization Programs and data are routinely backed up and secured Authorization and Approval Authorization is defined by your company policy- for example, all Managers are authorized to approve overtime and vacation requests for their direct reports. Approval is signing on the line, accepting responsibility for the authenticity of the form or item. It should be well known in the payroll department who, in senior management, has authorization and for what items or limits. Authorization and Approval Define the type of authorization and approval and then decide what level of procedural documentation and/or management policy must be created. There are 2 types of controls: Preventative: Stopped before it happens Detective: Find after it occurs Policies and Procedures Policies Procedures Rules that govern a process Instructions for getting the or job. They include job done. Should company policies and include the payroll dept’s legal requirements. contingency plan and Items like OT instructions for entering requirements, PTO policies, federal tax pay data, master file return due dates, when a data, etc. Every task terminated employee performed by the dept must receive a paycheck should be defined and explained in its policies and procedures manual. Procedure Documentation What should the Payroll Dept have in writing? Company policies on overtime, benefits, vacations, sick leave, termination, recordkeeping, etc Procedures for handling payroll, tax deposits, quarterly returns, liabilities, direct deposit, acct reconciliations, etc. The entire payroll process, A to pay! Disaster recovery plans Payroll computer system user manuals Define your Master System of Record Payroll dept job descriptions Accurate Data File descriptions & location of file Management Policy Who is allowed to be a ‘backup’ for absences? How documented do the procedures have to be? How are issues reported? (and to whom?) How does the Payroll manager stay up-to-date on regulatory changes? Who is assigned to update policies? What is the procedure for approving requests for confidential information? Questions?