Sample Employee Work Schedules by uhp13786


Sample Employee Work Schedules document sample

More Info
									Company (Name):
                                                                                     A total of 48 tests have been                           Contains detailed testing                                                              Links to the pre-populated test
Fiscal Year End (Date):
                                                                                     designed to evaluate ALL KEY risks                      instructions, rather than generic                                                      sheets with fill-in fields for
Tested on (Date)/ tested by (Name):
                                                                                     based on best practices and the                         descriptions of the tests to be                                                        company-specific information.
Tested in (System):

Payroll and HR (Personnel) - Audit Program for SAP R/3 - SAMPLE
Control Activity                        Control         Control     IT Nature       Control Rating Query       Testing Procedures:                                                                                                     Testing Reference       Conclusion
                                        Activity Type   Nature      IT Dependent/   High/          No          For each control activity selected for testing, auditor needs to perform adequate testing procedures to gain            Reference to supporting Effective/
                                        Preventive/     Manual/     Non IT-         Medium/                    reasonable assurance that controls operate effectively in accordance with established policies, procedures, and         evidence considered     Ineffective
                                        Detective       Automated   Dependent       Low                        guidelines. The following testing procedures will assist auditors in performing tests of control for each control       pertinent
Hiring Personnel

Control Objective HR1: Additions to the payroll master files represent valid employees. All new employees are added to the payroll master files.
Control Objective Assertion: [Balance Sheet] Payroll related accruals / provisions & [Income Statement] Salaries, Wages & Related Expenses: Validity, Completeness
HR1.03: The personnel and the          Preventive       Automated   IT Dependent    High                 2     A job is a general classification of task areas (e.g. head of department). A job is a standard description of an                Tab 2
organizational reporting structure are                                                                         activity that can be performed by a person. Perform the following procedures to generate a listing of users with
current.                                                            In addition to the written step-           access to maintain or edit existing jobs in SAP R/3:
                                                                    by-step instructions, screen-
Access to modify personnel and                                      prints from SAP will be provided           Execute transaction code SUIM
organizational reporting structure in                               to visually assist those new to            Proceed to the Users By Authorization Values screen via "User " -> "Users By Complex Selection Criteria " ->
SAP R/3 is limited to appropriate                                   the system.                                "By Authorization Values "
                                                                                                               AUTHORIZATION OBJECT 1:
                                                                                                               • S_TCODE:
                                        Covers ALL principal hr/payroll                                          PO03 (Maintain Jobs)
                                        • Hiring Personnel                                                     AUTHORIZATION OBJECT 2:
                                        • Terminating Personnel                                                • PLOG:
                                        • Recording Time                                                         Plan Version (PLVAR): * (means users authorized to maintain jobs in ANY/SOME plan version(s))
                                        • Calculating Payroll                                                    Subtype (SUBTYP): * (means access to maintain ANY/SOME subtypes of given infotypes)
                                        • Disbursing Payroll                                                     Planning Status (ISTAT): * (means ANY planning status in which the user is authorized for access)
                                        • Maintaining Master Files                                               Function Code (PPFCODE): INSE (Insert) OR AEND (Change) OR DEL (Delete) OR "*" (All/Any)
                                                                                                                 Infotype (INFOTYP): * (means users authorized to maintain jobs for ANY/SOME infotypes)
                                                                                                                 Object Type (OTYPE): C (means "Jobs") OR P (means "Persons/Employees") OR "*" (All/Any)

                                                                                                               Export results to the Tab referenced in the "Testing Ref." Column for further analysis. Assess whether it is
                                                                                                               appropriate for such users to have such access, based on their job responsibilities and established policies,
                                                                                                               procedures, standards, and guidance. Compare the results of the test with the information obtained from the
                                                                                                               interviews with the individuals responsible for the control activity. Investigate any discrepancies. Document your

aaddb6a9-9ed0-4961-ad27-6cd69b7bd485.xls                                                                                                                                                                                                                                     Page 1 of 4
Exception Details          Mitigating Controls        Planned Remediation Procedures   Planned           Remediation   Ref. to Post-
For ineffective controls   For ineffective controls   For ineffective controls         Remediation       Status        Remediation
                                                                                       Date              Completed/    Testing Details
                                                                                       For ineffective   In Progress   If applicable

aaddb6a9-9ed0-4961-ad27-6cd69b7bd485.xls                                                                                                 Page 2 of 4
aaddb6a9-9ed0-4961-ad27-6cd69b7bd485.xls                                                                         Tab 2

Users with access to maintain or edit existing jobs in SAP R/3:

Count        User ID       User Name           Locked?                       Valid From   Valid Through       User Type                      Access Appropriate Exceptions   Comments/ Exception
*Insert                                        (Yes/No)                                   *Exclude IDs that   *Exclude D (System) and C      as per the Job     Noted?       Detail
additional                                     *Exclude locked user IDs                   are past their      (Communication) IDs (no end    Responsibilities?  (Yes/No)
rows as                                        ("0" or "Blank" in this field              validity date (no   user access); leave A          (Yes/No)
needed                                         means that user ID is NOT                  access)             (Dialog) and S (Service) IDs
                                               locked)                                                        for analysis

Total              0                                                                                                                                 0               0

                                                                                                                                                                                                   Page 3 of 4
aaddb6a9-9ed0-4961-ad27-6cd69b7bd485.xls                                            Tab 8

Count        Employee ID   Employee Name   Start Date            Selected For   Employee is a      Approved By                                    Approved On Exceptions         Comments/ Exception Detail
*Insert                                    * Do not list         Testing?       Valid New Hire?    (Name, Title)                                  (Date)      Noted?
additional                                 employees hired       (Yes/No)       (Yes/No)                                                                      (Yes/No)
rows as                                    before or after the
needed                                     period of intended                                     Complete for new employees selected for testing in Column "E". N/A for remaining new hires.


Total              0                                                    0               0                                                                               0

                                                                                                                                                                                                   Page 4 of 4

To top