STANDARD AUDIT PROGRAMME GUIDE

SAPG Ref.: 0202 Function: Finance Activity/System: Payroll

Company: Division: Country: Site:

Audit Ref.: Date: Completed by: Reviewed by:

Control Objective(s):

(a) To ensure that only valid employees are paid at the correct and authorised rate; (b) To ensure that the calculations of all payments and deductions are
correct and in accord with the relevant taxation and other regulations and requirements; (c) To ensure that all deductions are correctly disbursed; (d) To
ensure that unauthorised access to the payroll system and data is prevented; (e) To ensure that all payroll transactions are accurately reflected in the accounting
system; and (f) To ensure that regular and accurate management and statutory information is produced.

© Management Audit Ltd 1994 Filename SAPG0202.DOC Page 1

 STANDARD AUDIT PROGRAMME GUIDE

Seq. Risk/Control Issue Current Control/Measure WP Effective Compliance Substantive Weakness

Ref. Yes / No Testing Testing to Report

1 Key Issues

1.1 What mechanisms

prevent payroll payments
being made to invalid or
unauthorised persons?
1.2 How can management
be certain that amounts
paid via the payroll are
correctly calculated?
1.3 How can management
confirm that income
taxation and other
deductions are accurately
calculated and disbursed?
1.4 Are management provided
with accurate payroll cost
data on a regular basis to
support their decision making,
etc.?
1.5 How can management be sure
that all payroll transactions
are correctly reflected in
the accounting system in the
proper accounting period?

© Management Audit Ltd 1994 Filename

SAPG0202.DOC Page 2
 STANDARD AUDIT PROGRAMME GUIDE

Seq. Risk/Control Issue Current Control/Measure WP Effective Compliance Substantive Weakness

Ref. Yes / No Testing Testing to Report

2 Detailed Issues

2.1 Is the payroll system adequately

protected from either misuse
or unauthorised access?
2.2 What mechanisms prevent the
set up of fictitious employees
on the payroll system?
2.3 How can management be sure
that only valid employees are
being paid via the payroll?
2.4 What prevents the set up
of incorrect or inaccurate
payroll data (i.e. salary rates)?
2.5 Are payroll salary rates correct
in relation to agreed pay
scales/national rates, etc.?
2.6 How can management be

© Management Audit Ltd 1994 Filename

SAPG0202.DOC Page 3
 STANDARD AUDIT PROGRAMME GUIDE

Seq. Risk/Control Issue Current Control/Measure WP Effective Compliance Substantive Weakness

Ref. Yes / No Testing Testing to Report
certain that employees are
not paid for work not done?
2.7 Are payroll payment
transactions (i.e. overtime,
bonus, salary increases, etc.)
adequately authorised prior
to data entry and correctly
entered?
2.8 What prevents the entry and
processing of duplicated
payroll payment data?
2.9 How can management obtain
assurance that the payroll
system accurately calculates
nett salary and accounts
for all disbursements?
2.10 What mechanisms prevent
the incorrect calculation
of income tax and any
other statutory deductions?
2.11 How can management
be certain that all the
necessary taxation and other
deductions are correctly
accounted for and paid over
to the relevant authorities?
2.12 Are all Holiday and Sickness
payments accurate, valid and

© Management Audit Ltd 1994 Filename

SAPG0202.DOC Page 4
 STANDARD AUDIT PROGRAMME GUIDE

Seq. Risk/Control Issue Current Control/Measure WP Effective Compliance Substantive Weakness

Ref. Yes / No Testing Testing to Report
within both the company policy
and legislative requirements?
2.13 Are all exceptional payments
adequately authorised?
2.14 Are pension and any other
welfare deductions accurately
calculated, deducted from
salary and accounted for as
inputs to their target systems?
2.15 What mechanisms prevent
staff fraud or malpractice in
relation to payroll activities?
2.16 Are payroll runs adequately
reconciled to the accounting
system and anomalies promptly
identified and resolved?
2.17 What processes prevent the
generation of inaccurate,
incomplete or duplicated
bank credit data (i.e. for
automated fund transfer systems
such as BACS in the UK)?
2.18 Are payroll payments,
automated fund transfer
data or salary cheques
subject to adequate
levels of authorisation?

© Management Audit Ltd 1994 Filename

SAPG0202.DOC Page 5
 STANDARD AUDIT PROGRAMME GUIDE

Seq. Risk/Control Issue Current Control/Measure WP Effective Compliance Substantive Weakness

Ref. Yes / No Testing Testing to Report
2.19 What prevents payroll payments
continuing to be made to
former staff members who
have left the organisation?
2.20 Is sensitive or confidential
payroll data adequately
protected from unauthorised
access?
2.21 Are all the necessary/statutory
payroll outputs and forms
accurately produced and
distributed in accordance
with the required timetables?
2.22 Are comprehensive
and up-to-date payroll
procedures available?
2.23 Have specific responsibilities
for the payroll function been
suitably defined and allocated?
2.24 If wage/salary payments are
made in cash, are the security
precautions adequate to
prevent theft and/or injury
to staff distributing the pay?

© Management Audit Ltd 1994 Filename

SAPG0202.DOC Page 6
 STANDARD AUDIT PROGRAMME GUIDE

Seq. Risk/Control Issue Current Control/Measure WP Effective Compliance Substantive Weakness

Ref. Yes / No Testing Testing to Report

© Management Audit Ltd 1994 Filename

SAPG0202.DOC Page 7
 STANDARD AUDIT PROGRAMME GUIDE
SYSTEM INTERFACES FOR PAYROLL
It is unlikely that any activity or system will operate in complete isolation, but will need to interact with other data and systems in order to be fully effective.
At a simple level, such interaction could relate to the input of data from a source system and the generation of amended or enhanced data which can be output
to the next process. For example, taking coded transactions from an accounts payable system into the general ledger as the basis for subsequently producing
management accounts information.

It is often at the point of interaction between systems where controls are critical. Auditors should be satisfied that the data moving between systems is
consistent, complete and accurate, in order that the subsequent processes are undertaken upon a reliable basis.

The following table aims to plot, for the subject system of this Standard Audit Programme Guide, the potential interfaces with other systems which may require
audit attention. Indicators are provided to differentiate between those interfaces which act as input sources to the subject system and those which are potential
output targets. The "SAPG Ref." column records the reference number of the Programme Guide which addresses the issues for the related system

System SAPG Input Source Output System SAPG Input Source Output
Ref. Target Ref. Target

Organisation 0102 Ö Ö Human Resources Dept. 0301 Ö Ö

Management Information 0103 Ö Recruitment 0302 Ö
Planning 0104 Ö Manpower & Succession Plan 0303 Ö Ö
Treasury 0201 Ö Welfare 0305 Ö Ö
General Ledger / Management A/Cs 0205 Ö Pension Scheme 0306 Ö Ö
Budgeting and Monitoring 0207 Ö Health Insurance 0307 Ö
Bank Accounts/Arrangements 0208 Ö
Taxation 0210 Ö Ö
Financial Information & Reporting 0214 Ö

© Management Audit Ltd 1994 Filename SAPG0202.DOC Page 1

X

© Management Audit Ltd 1994 Filename SAPG0202.DOC Page 2