Financial Management Program 1
Learning Objectives Upon completion of this session, you should be able to: Recall definition of internal control Understand the importance of internal control Recite basics of the payroll and benefit cycle Explain Internal Control for the payroll cycle Discuss segregation of duties for payroll 2
INTERNAL CONTROL DEFINITION 3
Internal Control Review COSO Committee of Sponsoring Organizations 4
Internal Control Review COSO s definition of internal control: Internal control is a process, effected by an entity s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: 5
COSO s Integrated Framework Internal control is directed towards the achievement of objectives Operations effectiveness & efficiency Financial Reporting reliability of financial statements Compliance following applicable laws and regulations 6
Internal Control Components 7
Internal Control Components 1 st component, Control Environment Integrity and ethical values gifts and gratuities.pdf UGA example Commitment to competence Management s philosophy and operating style Assignment of authority and responsibility Human resource policies and practices 8
Internal Control Components 2 nd Component, Risk Assessment Defined by COSO Risk assessment is the identification and analysis of relevant risks to achievement of the objectives, forming a basis for determining how the risk should be managed. 9
Internal Control Components 3 rd Component, Control Activities Control activities are the methods used to reduce risk identified during the risk assessment process. 10
Control Activities Top Level Reviews Direct Functional or Activity Management Information Processing Physical Controls Segregation of Duties 11
Internal Control Components 4 th Component, Information and Communication An organization needs to make sure that types of communications used are broadbased, useful, reliable and continuous. 12
Internal Control Components 5 th Component, Monitoring Ensures that the internal controls operate as intended. Ongoing Monitoring Separate Evaluations 13
COSO Update 1 st Quarter 2013 Concepts that remain the same Definition of internal control 5 components Criteria used to assess effectiveness Use of judgment in evaluating effectiveness 14
COSO Update 1 st Quarter 2013 Concepts added Codification of principles for developing and evaluating the effectiveness of Internal Controls Expanded financial reporting objective to address internal and external, financial and non-financial reporting objectives Increased focus on operations, compliance and non-financial reporting objectives based on user input 15
COSO Update Timeline www.coso.org 2010 2011 2012 Sept - Jan Feb - Oct Dec - Mar Apr - Dec Assess & Survey Stakeholders Design & Build Public Exposure Finalize Released first quarter 2013 16
Summary of Updates Codification of 17 principles embedded in the original Framework Control Environment 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability Risk Assessment 6. Assesses fraud risk 7. Identifies and analyzes significant change 8. Specifies relevant objectives 9. Identifies and analyzes risk Control Activities Information & Communication Monitoring Activities 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures 13. Uses relevant information 14. Communicates internally 15. Communicates externally 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies 17
IMPORTANCE OF INTERNAL CONTROLS 18
Meet objectives Security of assets Preserve integrity Compliance Several valuable reasons for Internal Controls Prevent errors Protect employees Checks and balances Establish standards 19
Most state laws require governments to have annual audits of their financial statements in accordance with Generally Accepted Government Auditing Standards (GAGAS). GAGAS requires reporting on internal controls 20
Internal Control and Single Audits When expending Federal assistance of more than $500,000, a government must undergo an A-133 audit or a Single Audit. Single audit requires auditee to maintain a system of internal controls 21
Lack of adequate internal controls is one of the most commonly cited reasons that fraud occurs within an organization. FRAUD 22
PAYROLL AND BENEFIT ACCOUNTING OVERVIEW 23
Employee Earnings Determined by agreement between employer and employee Salary schedule Type of position Steps and years of experience Employees pay examples: Annual salary/prorated over pay periods Hourly rates FLSA 150% regular rate for +40 hours with certain exemptions 24
Employee Earnings Time sheet Basis of periodic payroll Contents of time sheet Employee name and number Pay period Dates worked Number of hours worked Signatures Employee Employer 25
Payroll Journal Special Journal Sometimes call Payroll Register Common contents: Name of employee Expenditure/expense classifications Adjusted gross payroll Net payroll 26
Payroll Deductions and Social security tax Federal Income Tax State Income Tax Deferred compensation Pension plans Insurance Other miscellaneous Withholdings 27
Recording the Payroll 28
Recording Employer s Share of Benefits 29
Earnings Records 30
PAYROLL PROCESS AND INTERNAL CONTROL OBJECTIVES 31
Payroll Cycle 32
Payroll Cycle 33
Control Objectives Control operations Establish levels of authority Provide approval for transactions Provide feedback to approvers Safeguard assets Loss or damage Waste, inefficiency, error, theft or fraud 34
Control Objectives Provide adequate information Timely Reliable Supports control structure 35
Control Objectives for Payroll 1. Payroll transactions are preapproved or authorized 2. Only valid transactions are recorded and they are recorded in proper period 3. Valid transactions are accurate, agree with source documents and recorded on a timely basis 36
Control Objectives for 4. Recorded transactions Represent economic events that actually occurred Are lawful in nature Payroll Are executed in accordance with management s general authorization 37
Control Objectives for Payroll 5. Access to payroll records are controlled Restricted to authorized personnel 6. Proper segregation of duties 38
Control Environment/Payroll Control Environment Published code of ethics required to be read and acknowledged by employees Only employees that possess required knowledge and skills should be hired Employees should be supervised by qualified personnel Job descriptions should be updated with required skills and knowledge 39
Control Environment/Payroll Management has ongoing commitment to ongoing education and training for employees in the payroll department Especially regarding federal and state tax issues and laws 40
Risk Assessment and Objective No. 1: Authorization Risks: Hiring an unapproved employee May not be legally eligible Overspending budget Hiring an unqualified employee Incorrect classification for benefits could result in higher costs Payroll 41
Risk Assessment and Objective No. 2: Safeguarding Assets Risks: Payroll Errors in payroll process due to hiring unqualified employee Interest and penalties Fictitious employees added to payroll 42
Risk Assessment and Payroll Objective No. 2: Safeguarding Assets Risks: Incorrect employee classification Employee vs independent contractor Exempt vs nonexempt Leave taken not properly reported 43
Risk Assessment and Payroll Objective No. 3: Accurate, reliable and timely information Risks: Salary/Pay rate not correct Hours/pay period inaccurately entered Deduction entered improperly Payroll transactions not posted to general ledger Taxes/benefits not paid within required time 44
Control Activities for Payroll Four Categories of Control Activities Hiring Documentation Authorization Reconciliation 45
Control Activities for Payroll Written process for hiring Budget approval Authority to advertise Appropriate applicant information Established selection process Formal job offering (Letter) Pay rate Benefits provided Status Full-time, part-time FLSA classification 46
Control Activities for Payroll Documentation complete the forms Personal data Form I-9 (Employment Eligibility Verification) Form W-4 (Federal Tax Withholding) Form G-4 (State Tax Withholding) Benefit forms Retirement plan forms Other forms 47
Control Activities for Payroll Authorization Required to ensure that only valid transactions are entered into payroll system Time sheets signed by employee and supervisor Supervisor s approval = authorization to pay and certifies time recorded is actual time worked. Payroll should be authorized by supervisor Verify that all supporting documentation is present prior to approving payroll Could be manual or electronic approval 48
Control Activities for Payroll Reconciliations Hours worked on time sheets = summary of hours worked in payroll system Adjusted Gross Salary - No variations unless adjustments to pay Taxable Wages - Adjusted gross wages less pre-tax deductions Benefits and Deductions # of employees 49
Control Activities for Payroll Checklist easy way to show completed tasks Also need to reconcile general ledger accounts after withholdings are paid 50
Information/Communication of Payroll Enrollment period for benefits Pay periods and dates (cutoff) Holidays Furlough days Personnel policies and procedures Salary information Benefits payable due dates Tax withholding due dates 51
Monitoring and Payroll Are controls operating as intended Unmonitored controls deteriorate over time Monitoring should be ongoing 52
Ongoing Monitoring and Payroll Supervisory activities: Preventive control Detective control Examples: Reconciliations of payroll amounts Initial and date face of reconciliation Review employee information change forms for accurate and timely posting 53
Monitoring and Payroll Separate Evaluations Completed by persons outside of operations after the fact External auditors Internal auditors Objective Internal controls functioning properly Provide communication tools for deficiencies 54
SEGREGATION OF DUTIES 55
What Is Segregation of Duties? Segregation of duties (SoD) means separating the record-keeping function from the operational responsibility of that activity and from those who exercise physical control over the records 56
What Is Segregation of Duties? Deliberate fraud more difficult Likely that innocent errors will be found Used to ensure that errors or irregularities are prevented or detected on a timely basis by employees in the normal course of business 57
Categories of Duties to be Segregated 58
Evaluating Segregation of Duties Ask yourself If I make an error in my work, will someone downstream of me detect it before it becomes a major issue for management and the taxpayers to read about? 59
Evaluating Segregation of Duties Function that is indispensable, potential subject to abuse Divide function into separate steps Assign each step to a different person or different department 60
Evaluating Segregation of Duties At a minimum, no person should be able to perform more than two of the functions. The matrix illustration below presents various ways to assign responsibilities that are less than the optimum. 61
Mitigating or Compensating Controls Reduces the risk of an existing or potential control weakness resulting in errors and omissions Compensating controls are less desirable than the segregation of duties More resources are required to investigate and correct errors and to recover losses 62
Mitigating or Compensating Controls Types of compensating controls that can be implemented: Review reports of detailed transactions Review selected transactions Take periodic asset counts Check reconciliations 63
Mitigating or Compensating Controls Management performs the procedure Compensating controls cannot be delegated 64
Segregation of Duties Checklist 65
Segregation of Duties 66
Segregation of Duties 67
www.vinsoninstitute.org 2012 The Carl Vinson Institute of Government. All rights reserved. 68