Payroll Services Internal Audit Report January 30, 2018

Similar documents
Segregation of Duties Employee Compensation

Table of Contents. Planning & Governmental Relations Capacity Enhancement & Concurrency Mitigation Agreements

Section II Payroll. Kennard ISD Page 1

Table of Contents. Veterans Preferences

University Internal Audit

The School Board of Broward County, Florida Treasurer s Office 7720 West Oakland Park Blvd. Suite 319 Sunrise, FL

Chief Financial Officer

BOARD SELF-EVALUATION TOOL

Cost Control Systems. Conclusion. Is the District Using the Cost Control Systems Best Practices? Internal Auditing. Financial Auditing

Accounting Specialist I Accounting Specialist II Accounting Specialist III Class Specification

CHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS

Cash Reconciliations and Cash Handling

COMPENSATION AND BENEFITS: LEAVES AND ABSENCES. The following guidelines will apply when employees are absent from duty: ABSENCE FROM DUTY

Internal Audit Report. Jackson County Payroll Testing Special Pay Codes June 13, 2011

PAYROLL CHECK-OFF AUDIT

Top 17 Payroll Interview Questions & Answers

Comptroller of the Treasury Central Payroll Bureau

Reconciliation Procedures. University Financial Services Hand in Hand We Learn Session June 22, 2017

Diocese of Covington Policies & Procedures Manual Section: Compliance Accounting Policy: Internal Control & Segregation of Duties

9/13/2017 CHA-CHING! PAYROLL CONTROLS THAT PAY OFF PERSONAL INTRODUCTION. Personal Introduction. Melinda Stinnett, CPA, CIA Managing Director

Internal Control Evaluation

GR Government Records

Internal Communications: MMU Board of Commissioners, General Manager, department managers, department supervisors, utility staff

Central Oregon Intergovernmental Council

HFTP Hospitality Financial and Technology Professionals

SAP HR END USER TRAINING

Chapter 16. Auditing Operations and Completing the Audit. McGraw-Hill/Irwin. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Kianoff & Associates Crystal Clear Reports for Sage 100

2011 CFS Salary Guide

THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES. Department of Communication Report No

CHAPTER 14. Performance Management, Compensation, Benefits, Payroll, and the HRIS

The Episcopal Diocese of Kentucky

BPA Touch Point of Sale Payroll System

The university shall pay employees on a scheduled basis for work performed as

FREQUENTLYASKED QUESTIONS LAST UPDATE: APRIL8, 2005 DEDUCTIONS DIRECT DEPOSIT EMPLOYEE SELF-SERVICE PAYCHECKS PAYROLL CALENDAR

PAYEXPERT PAYROLL SOFTWARE

Financial Services Job Summaries

ACCOUNTING SERVICES ON-LINE ACCOUNTING SOFTWARE RECEIVABLES LITE PLUS

Workforce HR and Workforce Payroll 8.0

OnePurdue Initiative. Concepts of Personnel Administration. Facilitated by Sue Gibson and Peggy Jasper June 1, 2006

Revised July 2015 WORKERS COMPENSATION TIME REPORTING MANUAL

Internal Control Questionnaire

REPORT OF INTERNAL AUDIT

Dunlap 323 Employee Web Portal Guide Version 1.0 (June 25, 2014)

AUDIT STATUS. Continuous Auditing Ideas and Priority Ranking Draft: 8/7/2012

Portland Public Schools. Payroll Instructions Summer Program 2016

Internal Audit How the Internal Audit Function Facilitates Internal Controls. Office of the City Auditor City of Tallahassee

Internal Audit of Compensation and Benefits

City Payroll Audit - #762 Executive Summary

Internal Audit Report. Contract Administration: 601CT Contracts TxDOT Internal Audit Division

POSITION DESCRIPTION. Department: Human Resources. Working Conditions: Normal, no adverse or hazardous conditions.

Audit of. Accounts Payable Procedures

Non- Profit Sample Best Practices Evaluation

Hot Topics from Payroll

CAPE FEAR COMMUNITY COLLEGE VICE PRESIDENT OF BUSINESS SERVICES

Business Requirements Definitions

Managing the Changes in the Fair Labor Standards Act

REPORT NO MARCH 2012 UNIVERSITY OF SOUTH FLORIDA. Operational Audit

Maryland School for the Deaf

GRAND AERIE SURVEY PLEASE CIRCLE THE FOLLOWING TO DETERMINE IF THE AERIE IS OPERATING IN COMPLIANCE WITH OUR FRATERNAL LAWS.

People Admin Position Description Module. Broadband User

FLSA Transition and Information for Employees

CHAPTER XI INSERVICE STATUS AND TRANSACTIONS

PERSONNEL POLICY MANUAL

EIS Information System Reporting Instructions

2012 Illinois State Seminar Financial Management Sessions Outline

Arkansas State University Employee Self Service

Eric Anderson, City Manager. Scottie Nix, Internal Auditor

Qmlativ Education Management System. Professional Development Center (PDC) Course Catalog

Several unallowable expenditures and exceptions to policy were noted.

FINANCIAL SERVICES TECHNICIAN STANDARD POSITION DESCRIPTION

Loch Lomond and The Trossachs National Park Authority. Key Controls Report

Concepts in Enterprise Resource Planning. Chapter 6 Human Resources Processes with ERP

Sonoma County. Internal Audit Report. Auditor Controller Treasurer Tax Collector. Sonoma County Payroll Process

NSU FLSA Guidelines, Information and Tips for Supervisors

STATE OF SOUTH CAROLINA State Treasurer's Office P.O. Box Columbia, SC INVITES APPLICATIONS FOR THE POSITION OF:

Description of Module Subject Name Management Paper Name Human Resource Management Module Title Human Resource Information System Module ID Module 39

Sage 100 Direct Deposit. Getting Started Guide

SAN FRANCISCO COURT APPOINTED SPECIAL ADVOCATE PROGRAM

Payroll Table of Contents

Outsourcing Payroll. Panacea or Pay-Per-View? A whitepaper by Geni Whitehouse

Time & Attendance Management. An Overview

Prince William County Public Schools Annual Audit Plan

Cash Disbursement Procedure

Workforce HR and Workforce Payroll 7.0

PAYROLL SUPERVISOR COUNTY OF SANTA BARBARA CAREER OPPORTUNITY PAYROLL DIVISION, AUDITOR-CONTROLLER S OFFICE

TOTAL COMPENSATION POLICY STATEMENT APPLICABILITY GENERAL PROVISION

Payroll Procedures Manual. FANS/Building Services Manager

STAFF ACCOUNTANT POSITION DESCRIPTION

ORANGE COUNTY COMMUNITY SUPERVISION AND CORRECTIONS DEPARTMENT JOB POSTING

Payroll/Benefits Coordinator

Staff Position Management Guidelines

Montgomery I.S.D Payroll Procedures Manual

Review of City's Bank Reconciliation and Deposit Procedures

Seattle Public Schools The Office of Internal Audit

AUBURN UNIVERSITY. Salary Administration Policies (Administrative/Professional and University Staff)

Records Retention and Destruction

POSITION DESCRIPTION

Financial Transfer Guide DBA Software Inc.

Educating Georgia s Future gadoe.org. Richard Woods, Georgia s School Superintendent. Richard Woods, Georgia s School Superintendent. gadoe.

Transcription:

January 30, 2018 Linda J. Lindsey, CPA, CGAP, Senior Director Alpa H. Vyas, CIA, CRMA, Internal Auditor

Table of Contents Page Number EXECUTIVE SUMMARY 1 BACKGROUND 2 OBJECTIVE, SCOPE, AND METHODOLOGY 4 COMMENDATION 6 FINDING AND RECOMMENDATION 6

EXECUTIVE SUMMARY Why We Did This Audit Our objective was to determine whether payroll is functioning effectively, efficiently and with appropriate internal controls and in compliance with applicable laws, rules and regulations. This audit was included in the annual audit plan for FY 2017-2018. What We Recommended Bank detail information is considered as Personally Identifiable Information (PII) which should be protected. Unnecessary access to users who can view bank details should be removed. The list of users who have access to view InfoType 0009-bank details should be reviewed periodically. What We Found Our overall conclusion is that internal controls are effective for payroll processing and for compliance with applicable laws, rules and regulations. However, we noted that there is not adequate control over access to employees bank details screen (used for direct deposit of pay) which can be viewed by persons in several divisions other than Payroll Services. Page 1 of 7

BACKGROUND: Payroll Services includes a total of 19 staff members in such roles as Administration, Senior Payroll Practitioners, Payroll Practitioners, and Front Desk Payroll Practitioners. Payroll Services processes payroll and assists employees and work location payroll preparers in delivering important payroll information in a timely manner. Several departments perform important functions in the overall payroll process. Office of Management and Budget (OMB) creates and maintains positions; Human Resources (HR) hires employees and sets up personnel records; Compensation Services authorizes pay rate/salary; Work locations record time and attendance; Payroll Services processes payroll, prepares tax filings, and other disbursements that result from payroll deductions; and, Finance posts and reconciles payroll entries in the general ledger. Payroll Services processes payroll and assists employees and work location payroll preparers in delivering important payroll information in a timely manner. Several departments play roles in the overall process of paying employees for their work. Employees use the self-service portal (MyOCPS) for: insurance plan option retirement plan option W4 tax information dependents address sick/vacation/personal leave request beneficiaries OCPS paid life coverage for dependent life and/or disability insurance Employees use of the selfservice portal provides timely and efficient updates to employee records. Any modification made in the portal reflects immediately in SAP system, and Payroll Services processes those changes each pay period. Direct deposit bank information is submitted by the employee on a Direct Deposit Authorization Form. Page 2 of 7

Payroll Services schedules and runs payroll jobs to determine any errors or exceptions that require corrective action prior to the actual payroll run. As master data is constantly changing, Payroll Services generates a payroll pre-edit log report to ensure errors are detected and corrected prior to the actual payroll run. Payroll Services also spotchecks the accuracy of paycheck information by validating one selected employee from each wage type in each payroll processed. Payroll Services schedules and runs payroll jobs to determine any errors or exceptions that require corrective action prior to the actual payroll run. Payroll Services processes quarterly/annual payroll tax reports, payments, and monitors for any exceptions or tax issues. There were 24,845 active employees as of 12/5/2017. Employees are categorized into 9 payroll areas and 11 employee subgroups. Charts 1 and 2 show the number of employees in each payroll area and employee subgroup. Chart 1 Active 24,845 Total Employees by Payroll Area As of 12/5/2017 9 Payroll Areas 14 1,184 170 543 1,242 283 2,934 4,472 *14,003 There were 24,845 active employees as of 12/5/2017. 0 2,000 4,000 6,000 8,000 10,000 12,000 14,000 16,000 Number of Employees 261 Day Hourly 238d PI / 217d OPT 196 Day Instr./Adm. 196 Day FSM-10mth 196 Day Class.10mth 191 Day Trans.D/M 191 Day Class.10mth 186 Day/188 Day10mt 12 Mth. Employees Page 3 of 7

Chart 2 Active 24,845 Total Employees by Payroll Subgroup As of 12/5/2017 11 Payroll Subgroups 1 105 805 391 14 171 8 33 1,140 8,176 *14,001 0 2,000 4,000 6,000 8,000 10,000 12,000 14,000 16,000 Number of Employees Among 24,845 active employees, there were 14,001 Instructional employees, 8,176 Classified and 1,140 Admin/Technical employees as of 12/5/2017. Superintendent Professional Instr. Instructional Hourly/Retirement Hourly/No Benefits Food Svc Non-Exempt Food Service Classified Board Member Admin/Technical Adm. Non-Exempt * The difference between the numbers of instructional employees on the two charts is that three 10 month assistant principals are included in Instructional/Administrators on Chart 1 and not in the 12 month employee category where other assistant principals are reported, and one instructional employee is currently serving as the CTA president and not a teacher but she is still reported in the instructional category on Chart 2. If adjusted for these items, both lists would reflect 14,000 instructional employees at December 5, 2017. OBJECTIVE, SCOPE AND METHODOLOGY: Objective The objective of this audit was to determine whether payroll is functioning effectively, efficiently and with appropriate internal controls and in compliance with applicable laws, rules and regulations. Scope Our audit scope included payroll processing activities from July 1, 2017 to October 31, 2017. Methodology To obtain reasonable assurance regarding the Payroll Services functions, our audit methodology included: Page 4 of 7

reviewing payroll policies, procedures, standards, and reconciliation processes; verifying segregation of duties in the payroll processes, and adequate security regarding access to payroll data; and, performing walk-throughs with the Payroll Services staff of payroll functions including the scheduling of payroll jobs and transferring of bank files. The total of 24,845 active employees as of 12/5/17 was extracted directly from SAP in Excel format and then export to Interactive Data Extraction and Analysis (IDEA) audit software for audit sampling and analysis. We selected 15 employees for our audit sample which covered most of the payroll sub groups. We did not find any exceptions from our test of this sample of payroll transactions. We extracted active employee data into IDEA for analysis and selection of a test sample. We used SAP Master Data, Pay Cards Report, and Payroll Display Off- Cycle transaction codes, policies and contracts, and security roles to verify pay rate or salary increases, direct deposit information, accrued leave balances, Kronos time sheets, deductions, segregation of duties, and security of payroll data. Our audit was conducted in accordance with the International Standards for the Professional Practice of Internal Auditing of the Institute of Internal Auditors and included such procedures as deemed necessary to achieve the objectives. Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. This audit was conducted in accordance with the International Standards for the Professional Practice of Internal Auditing. We are required to note any material deficiencies in accordance with Florida Statutes, School Board Policies and sound business practices. We also offer suggestions to improve controls or operational efficiency and effectiveness. Page 5 of 7

COMMENDATION: We noted effectiveness, efficiency and adequate internal controls are in payroll processing functions as demonstrated by: Payroll Services policies, procedures, standards, and timelines are established, implemented, and maintained properly; Computations and payments are accurate and timely; Segregation of duties in payroll processing is adequate; Exception reports, if any, are run prior to the payroll process; Payroll data during the transfer process is accurate and secured; Reconciliation processes are established, implemented, and maintained properly; Supervisor s review/approval process occurs prior to final payroll processing; Transferring bank files for direct deposit and TSA are accurate and timely; W3/941 files are submitted through Business Service Online (BSO) in a timely manner; Payroll entries are properly posted to the GL and reconciled by Finance; and, District s Records Retention Policy is followed by the department. Effectiveness, efficiency and adequate internal controls are noted in payroll processing functions. FINDING AND RECOMMENDATION: 1) Employees' bank detail information under PA20 HR Master Data is not secured. Several persons other than Payroll Services employees and IT consultants have access to view bank details. High risk Audit Finding: Several persons other than Payroll Services employees and IT consultants have access to view PA20 HR Master Data - InfoType 0009 employees bank details. The bank details screen contains sensitive information such as employees bank name, account number, and routing number for direct deposit purposes. Several persons other than Payroll Services employees and IT consultants have access to view employees bank details. Recommendation: Bank detail information is considered Personally Identifiable Information (PII) which should be protected. Unnecessary Page 6 of 7

access to view bank details should be removed. The list of users who have access to view InfoType 0009 bank details should be reviewed periodically. We wish to acknowledge the staffs of the Payroll Services, HR- Compensation Services, and Finance departments for their cooperation and assistance during this audit. Page 7 of 7

AUDIT RESPONSE MATRIX FISCAL PERIOD OR AUDIT DATE: JANUARY 30, 2018 Department / School Name Administrator / Department Head Cabinet Official / Area Superintendent Payroll Services Lindsay Bowlin Dale C. Kelly Exception Noted (Finding / recommendation) Management Response (Corrective Action) Responsible Person (Name & Title) Expected Outcome & Completion Date What is the evidence of the corrective action? What is? What should be? What needs to be done? Who needs to do it? When will the action be completed? (03/2018) Audit Finding: Several persons other than Payroll Services employees and IT consultants have access to view PA20 HR Master Data - InfoType 0009 employees bank details. The bank details screen contains sensitive information such as employees bank name, account number, and routing number for direct deposit purposes. Infotype 0009 must be removed from the SAP security roles in question. Rosemarie Santiago IT Administrator Infotype 0009 has been removed from the SAP security roles in question. In addition, this infotype has been added to the list of SAP critical authorizations that are reviewed and approved quarterly, by the Senior Business Process Specialist. The corrective action was completed on 3/1/2018. 1 OCPS0274Int

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback