Auditing Internal Controls

Document Sample
Auditing Internal Controls Powered By Docstoc
					                                                          Employment Process

                                            Internal Control Adequacy Template - FY 2009



  SUB-PROCESS STEP                                              LEVELS OF INTERNAL CONTROLS
Job Opening

Selection of Candidate                                      Operating Controls - Transactional controls,
                                                            typically embedded in the process provided
Job Offer                                                   by the workers

Employment Eligibility Verification - I9                    Monitoring Controls - Performed in or
                                                            immediately after the process typically by
New Appointment                                             first-line supervisors to ensure operating
                                                            controls are properly executed
Promotions
                                                            Oversight Controls - Controls performed
Change in Appointment                                       outside the step-by-step process by
                                                            management to gauge effectiveness of
Time Reporting                                              operating and monitoring controls (i.e., trend,
                                                            exception reports)
Additional Pay
                                                            Internal Auditing - Performed outside
Supplemental Pay                                            management hierarchy by Internal Audit to
                                                            assess existence and effectiveness of control
Incentive Pay                                               environment

Termination of Employee




 065b3328-5b8a-4c9b-bace-7a613f514532.xls                                                                     7/7/2010
                                                                                                                                                                                                                                      10/15/2008 Version
University of Michigan
Internal Control Adequacy Template - Employment Process (FY 2009)
         INTERNAL CONTROLS                                                  RISKS                                                                                           KEY CONTROL POINTS
Listed below are the sub-processes within the overall
                                                      This column lists risks inherent to the process which       SP = Standard Procedure      A = Approval
   Employment process and what we are trying to
                                                       might cause inaccurate data or inaccurate activity.        SD = Separation of Duties    WP = Written Procedures
         control for within this sub-function.
                                                                                                                                 Operating Controls                                  Monitoring Controls                    Oversight Controls
                                                                                                              SP Job Description and Job Posting should be
                                                                                                                 completed which thoroughly describes both the duties
                                                                                                                 and the qualifications required of the individual.
Job Opening                                                                                                      Review of the position description and FLSA
Ensure that candidates have clear information about                                                              designation should be done by higher authority before
the qualifications and expectations for the position;  Inappropriate applications; unable to screen and          offer is made
ensure that the unit also has a clear understanding of select candidates against weak or missing criteria     A   Within unit, have clear definition of authority to make
the position and what they need to make a hiring                                                                  commitment.
decision
                                                                                                              WP Should have written procedures for all employment
                                                                                                                 related processes that clearly outline authority levels,
                                                                                                                 roles and responsibilities
                                                                                                              SP Unit must review RIF candidates if qualified
                                                                                                                 consistent with SPG.
                                                                                                                 Resumes and/or applications must be reviewed to
                                                                                                                 ensure that they are consistent with the minimum
                                                                                                                 requirements of the position.
                                                                                                                 Thorough interviews that explore the qualifications of
                                                                                                                 the applicant should be completed
Selection of Candidate                                                                                           Reference checks must be conducted on finalist(s)
                                                       Candidates selected do not fulfill requirements for
Ensure that candidate meets the qualifications and                                                               Background checks should be conducted that are
                                                       position. Candidates misrepresent themselves.
expectations for the position and represents                                                                     consistent with the requirements of the position
                                                       Non-compliance with affirmative action plans.
themselves appropriately                                                                                         Restricted code should be referenced for finalist(s)
                                                                                                                 Ensure compliance with Affirmative Action plan
                                                                                                                 An approved management plan must be devised for
                                                                                                                 potential nepotism situations

                                                                                                              A   Within unit, have clear definition of authority to make
                                                                                                                  commitment.
                                                                                                              SP Offer letter should be completed
                                                                                                                 Review of position, FLSA designation, salary to be
                                                                                                                 done by higher authority before offer is made
Job Offer                                                                                                     A   Within unit, have clear definition of authority to make
                                                       Erroneous or unauthorized salary, conditions of
Ensure salary, conditions of employment, other                                                                    commitment.
                                                       employment, or commitments
commitments are appropriate                                                                                       Obtain approval of offer by higher authority to
                                                                                                                  approve terms of employment including salary before
                                                                                                                  extending to candidate
                                                                                                                  Document acceptance by employee
                                                                                                              SP I9 form completed in unit needs to be certified by a       Units have identified and trained someone who
Employment Eligibility Verification-I9                                                                           University employee who is knowledgeable and               can monitor that I9's in unit are being
                                                       Violation of Immigration Laws
Ensure that proper documentation is examined and                                                                 trained.                                                   completed accurately, timely and completely.
                                                       Non-compliance with Federal Law, and fines.
recorded




                                                                                                                                    2                                                                                                             7/7/2010
                                                                                                                                                                                                                                                           10/15/2008 Version
University of Michigan
Internal Control Adequacy Template - Employment Process (FY 2009)
          INTERNAL CONTROLS                                                        RISKS                                                                                             KEY CONTROL POINTS
Listed below are the sub-processes within the overall
                                                      This column lists risks inherent to the process which                SP = Standard Procedure     A = Approval
   Employment process and what we are trying to
                                                       might cause inaccurate data or inaccurate activity.                 SD = Separation of Duties   WP = Written Procedures
         control for within this sub-function.
                                                                                                                                         Operating Controls                                   Monitoring Controls                           Oversight Controls
                                                                                                                       SP Offer letter should be retained
                                                                                                                          COI/COC statements should be documented
New Appointment                                                                                                         A For certain faculty positions decision authority is from
Job Opening appointments contain accurate and                Incorrect salary, effort distribution or funding source      or delegated by Board of Regents.
Ensure that new
                                                             Fraud
Ensure that pay rates, level ofclear information about
appropriate candidates have effort, effort distribution                                                                   Salary, shortcode, % effort, effective date should be
the qualifications and expectations for the position;        Data entry errors
                                                             Inappropriate applications; unable to screen and             approved by appropriate person who verifies that it is
and funding sources
ensure that the unit also has a clear understanding of       select candidates against weak or missing criteria           consistent with offer letter.
the position and what they need to make a hiring                                                                          Verify data has been correctly entered into system
decision
                                                                                                                       SP Ensure clear criteria for promotion. For faculty, this
                                                             Qualifications of position and individual could be           would include evaluation of the casebook.
Promotions
                                                             inconsistent. Commitment of long term resources          A For faculty decisions authority is from or delegated by
Ensure that all promotion reviews and decision
                                                             associated with achieving tenure.                          Board of Regents. For non-instructional staff have
making follow both unit and University procedures.                                                                                                                               Reconcile Gross Pay Register (GPR) to source
                                                             Non-compliance with affirmative action plans.              clear definition of authority to make commitment.        documentation of appointment changes,
                                                                                                                                                                                 exception time, and other payment related
                                                                                                                     SP Appointment Letter must be completed and signed by forms to ensure accurate & timely data entry;
                                                                                                                        appropriate person                                       note any errors on report, attach correction
Change in Appointment                                                                                                   Document & retain reason for change(s)                   documents and initial and date reconciliation
                                                             Incorrect salary, effort distribution or funding source
Ensure that changed appointments contain                                                                                COI/COC statements should be documented                  Perform reconciliation so errors are easily
                                                             Fraud
appropriate pay rate, level of effort, effort distribution                                                           A Approval of salary/pay rate.                              rectified in time to process any corrections in
                                                             Data entry errors
and funding sources                                                                                                     Approval of level of effort to ensure that proper effort following month
                                                                                                                        is reflected.                                            Review to ensure that previous errors were
                                                                                                                        Approval by higher authority documented.                 corrected
                                                                                                                     SP Time Sheet or Monthly Attendance Report should be Gross pay register should not be reconciled by           Review Employment related Internal Control
                                                                                                                        completed/signed by employee themselves.                 someone who entered or approved the               MReports for reasonableness and
                                                                                                                        Timesheets data entered locally by 3rd party -           timesheet                                         appropriateness
                                                                                                                        employee should not enter own timesheet or have
                                                                                                                        special review of this time sheet.                       Effort Certification - Individual staff member    Compare planned budgets to actual
Time Reporting                                               Initial errors on form completion                          Timesheets entered on-line by employee should be         charging time to a sponsored research grant       expenditures to ensure costs are consistent
Ensure that timesheets or monthly attendance                 Fraud, Data entry errors. Timesheets not completed         approved by higher authority with knowledge of work must annually certify that charges reflect actual      with expectations.
reports, if applicable, properly reflect hours worked        in timely manner; May result in incorrect payment or       schedule.                                                effort expended on those chartcoms.
and exception time taken                                     misuse of exception time                                A Approval of timesheet or monthly attendance report                                                          Review vacation and sick time usage to
                                                                                                                        by someone who can determine appropriateness of                                                            identify potential issues regarding available
                                                                                                                        time reported. Approved timesheet should not be                                                            balance
                                                                                                                        returned to employee but directly submitted
                                                                                                                        Approval by higher authority documented


                                                                                                                                                                                     Reconcile Gross Pay Register / Effort
                                                                                                                                                                                     Certification (continued from page 2)




                                                                                                                                            3                                                                                                                              7/7/2010
                                                                                                                                                                            Effort Certification - Individual staff member                             10/15/2008 Version
University of Michigan                                                                                                                                                      charging time to a sponsored research grant
                                                                                                                                                                            must annually certify that charges reflect actual
Internal Control Adequacy Template - Employment Process (FY 2009)                                                                                                           effort expended on those chartcoms.
         INTERNAL CONTROLS                                                      RISKS                                                                                       KEY CONTROL POINTS
Listed below are the sub-processes within the overall
                                                      This column lists risks inherent to the process which           SP = Standard Procedure     A = Approval
   Employment process and what we are trying to
                                                       might cause inaccurate data or inaccurate activity.            SD = Separation of Duties   WP = Written Procedures
         control for within this sub-function.
                                                                                                                                    Operating Controls                                Monitoring Controls                                Oversight Controls
                                                                                                                  SP Should utilize Additional Pay Submittal Form and/or                                                        Review Employment related Internal Control
                                                                                                                     approved batch processing; should be completed by      Reconcile Gross Pay Register / Effort               MReports for reasonableness and
                                                                                                                     appropriate person who has authority to hire           Certification (continued from page 2)               appropriateness
Job Opening                                                                                                          employee for work outside normal employment,
Ensure that candidates have clear information about                                                                  where appropriate
                                                          Errors on form completion, Fraud, Data entry errors
the qualifications and expectations for the position;     Inappropriate applications; unable to screen and        A Document and retain purpose for additional pay                                                              Compare planned budgets to actual
Additional Pay                                            Inconsistent with federal sponsor guidelines
ensure that the unit also has a clear understanding of    select candidates against weak or missing criteria        Approval by appropriate person including someone                                                            expenditures to ensure costs are consistent
Additional pay is appropriate;                            Inconsistent with FLSA overtime guidelines
the position and what they need to make a hiring                                                                    from unit in which individual has primary regular                                                           with expectations.
Additional pay is for additional work, outside scope of   Work is within the scope of his/her appointment;
decision                                                                                                            appointment. This person should be able to
original appointment                                      Work conflicts with primary job responsibilities; Pay
                                                          rate is excessive                                         determine appropriateness of payment, including
                                                                                                                    whether or not additional work is outside scope of
                                                                                                                    regular appointment and if pay rate is appropriate

                                                                                                                  SD Employee should not be processing their own
                                                                                                                     paperwork
                                                                                                                  SP Utilize appropriate PeoplePay form consistent with     Reconcile GPR to source document or         Review Employment related Internal Control
                                                                                                                     unit and University policies and procedures.           reconcile SOA to source document, depending MReports for reasonableness and
                                                                                                                                                                            on type of payment                          appropriateness
Supplemental Pay                                          Errors on form completion                               A Approval by appropriate person                                                                              Compare planned budgets to actual
Ensure that payments are appropriate with regard to       Fraud, Erroneous or unauthorized expenditures                                                                                                                         expenditures to ensure costs are consistent
amount of payment and validity of payment                 Ineligible employees receiving payment                                                                                                                                with expectations.

                                                                                                                  SD Employee should not be processing their own
                                                                                                                     paperwork
                                                                                                                  SP Documented Incentive Pay Plan for unit Incentive                                                           Review Employment related Internal Control
                                                                                                                     Pay is separately identifiable Incentive calculation                                                       MReports for reasonableness and
                                                                                                                     performed by staff not receiving incentive pay                                                             appropriateness

Incentive Pay                                             Employee can directly control factors used to           A Initial set up of incentive pay approved by General Adequacy of performance measures reviewed               Compare planned budgets to actual
Ensure that employees that are eligible for incentive     calculate incentive pay.                                  Counsel, Sponsoring VP, financial management, HR at pre-defined intervals                                   expenditures to ensure costs are consistent
pay are properly compensated                              Incentive pay is calculated inappropriately.              and tax department                                                                                          with expectations.

                                                                                                                  SD Employee should not be processing their own
                                                                                                                     paperwork
                                                                                                                  SP Termination paperwork and employee termination        Review GPR to ensure employee has been
                                                                                                                     checklist should be completed by appropriate person removed
                                                          Employee continues to be paid                              who can verify that each step of termination has been Review GPR within 30 days
Termination of Employee                                   Employee continues to have access to                       successfully completed (typically the supervisor)
Ensure that employees are properly terminated             systems/databases, rehiring of inappropriate
                                                          employees                                               A Sign-off by appropriate person(s) who is responsible
                                                                                                                    in unit for assuring that all terminations are
                                                                                                                    processed.



                                                                                                                                       4                                                                                                                              7/7/2010

				
DOCUMENT INFO
Description: Auditing Internal Controls document sample