Segregation Of Duties Employee Compensation

2y ago
58 Views
2 Downloads
498.18 KB
34 Pages
Last View : 15d ago
Last Download : 6m ago
Upload by : Maleah Dent
Transcription

Segregation of DutiesEmployee Compensation

Internal Controls A process the provides reasonable assurancethat the objectives of the institution will beachieved. Not one event, but a series of actions thatoccur throughout an institution’s operations. An integral part of the operational processesand not a separate system.

Internal Control ResponsibilityEveryone has a responsibility for internal controls Management–directly responsible for the design,implementation, and operating effectiveness Staff–help management and are responsible forreporting issuesExternal auditors are not considered part of aninstitution’s internal control system.

Redefined Focus on Internal ControlFramework Statewide State of Georgia adopted the “Green Book” publishedby the Federal Office of Management and Budget(OMB) in December 2015. Update standards and policies USG Institution management needs to ensure theyunderstand and assess the risks and ensure they haveappropriate and sufficient internal controls Still responsible even if function is provided by a thirdparty (ex: Alight – Benefits Administration isoutsourced but USG and individual USG institutions arestill responsible for internal controls relating to thatoutsourced work)

Segregation of DutiesSegregation of Duties is a key component ofcontrol activities of the institution Assigning key duties and responsibilities todifferent personnel to reduce the risk of error,misuse, or fraud Example: one person initiates, a differentperson records, a different person approves,etc.

SOD/Employee Compensation/(HCMS)Control Consideration:Does the employee responsible for initiatingmodifications (e.g., add/delete employees, changesto employee information) in HCMS also have theability to approve or record these changes?Recommendation:All changes to HCMS should be reviewed andapproved by a supervisory-level employee (otherthan the employee initiating the change) in theHuman Resources department prior to beingrecorded in the system.

SOD/Employee Compensation/(HCMS)NOTE: Best practices suggest that no one employeeshould be able to record modifications to HCMS.The modifications should be initiated by oneemployee and reviewed and authorized in thesystem by a separate employee.Compensating Controls Example:A system report of all changes to HCMS should begenerated for review. A supervisory-level employeewho does not have access to modify HCMS shouldreview this report and match the changes toapproved Personnel Action Forms.

SOD/Employee Compensation/(HCMS)Control Consideration:Do the employees responsible for maintaining HR data in HCMS(e.g., adding/deleting employees, changes to compensation)also perform any of the following functions: Make decisions regarding hiring or termination of personnel Have access to the payroll system (or payroll module) Involved in the payroll process Generate payroll checks Receive payroll checks for distributionRecommendation:Employees responsible for modifying HR data in HCMS shouldnot have access to the payroll system, be involved in the payrollprocess, distribute payroll checks or make hiring or terminationdecisions.

SOD/Employee Compensation/(HCMS)NOTE: In some instances, the Human Resources module and the payroll module may be part of thesame system. However, the employees responsible for processing the payroll should not have accessto the Human Resources module and vice versa. For smaller institutions where one employeemaintains the HR data in HCMS and processes payroll, this employee should not be able to authorizeand execute the pay run (i.e., generate payroll checks) or distribute payroll checks.Compensating Controls Example:To enhance controls over the payroll process, the following compensatingcontrols can be utilized: A supervisory-level employee who is not involved in the payroll processreviews and approves the pre-payment payroll report as well as the final payrollreports after the payroll has been processed. Distribution of payroll checks is conducted by a supervisory-level employeewithout payroll responsibilities, and checks not distributed are investigated. Gross wages, per the payroll journals and the general ledger, are reconciled tothe W-2s.

SOD/Employee Compensation/(HCMS)Control Consideration:Are employees able to review and approve theirown hours worked or time entered in thetimekeeping system?Recommendation:Hours worked should be reviewed and approvedby the employee’s supervisor prior to beingrecorded or transmitted to the payrolldepartment.

SOD/Employee Compensation/(HCMS)Control Consideration:Do the same employees responsible for preparing payroll for processingalso perform any of the following duties: Modify the Employee Master File Approve the payroll Generate payroll checks Distribute payroll checks Receive final payroll reports (e.g., payroll registers) for review andapprovalNOTE: If an outside payroll service is used for payroll processing, thesame employee responsible for communicating changes to payrollmaster file data to the outside payroll service provider should not beinvolved in recording the payroll entries in the general ledger, preparingpayroll reconciliations or distributing payroll checks. This employeeshould also not receive the copies of the final payroll reports (e.g., payrollregisters) from the outside payroll service.

SOD/Employee Compensation/(HCMS)Recommendation:The file prepared for processing payroll should be reviewed andapproved by an employee who is not involved in the preparationof this payroll file or part of the human resources function.Compensating Controls:To enhance controls over the payroll process, the followingshould be considered: Use of an outside payroll service provider. Use of direct deposit instead of payroll checks. Perform a periodic analytical review of the payroll expense,including but not limited to budget to actual variance analysis. Perform an analysis of head count to revenue ratios.

SOD/Employee Compensation/(HCMS)Control Consideration:Does the same employee responsible for reviewing andauthorizing the file prepared for processing payroll alsoperform any of the following functions: Generate payroll checks Distribute payroll checks Receive final payroll reports for review and approvalRecommendation:A supervisory-level employee who is separate from thepayroll processing and human resources functions shouldreceive and review the payroll reports (e.g., payrollregisters) and payroll checks for distribution.

SOD/Employee Compensation/(HCMS)Control Consideration:Are undistributed payroll checks and rejectedpayroll direct deposits investigated and reconciledby a supervisory employee outside of the payrollfunction in a timely manner?Recommendation:Employees not involved in the payroll or humanresources function should maintain custody aswell as investigate and reconcile the returnedpayroll checks.

SOD/Employee Compensation/(HCMS)Control Consideration:Does the employee responsible for recording the payrollexpense entry in the general ledger perform any of thefollowing functions: Modify the Employee Master File Prepare or authorize payroll Generate payroll checks Distribute payroll checksRecommendation:An employee outside of the payroll and human resourcesfunctions should post the payroll journal entry to thegeneral ledger.

SOD/Employee Compensation/(HCMS)Control Consideration:Does the employee responsible for reconciling thegeneral ledger to the payroll system also have theability to record entries in or make adjustments tothe payroll system?Recommendation:Reconciliations should be performed by anemployee who does not have modification rightsto the payroll system.

SOD/Employee Compensation/(HCMS)Control Consideration:When using an outside payroll service to calculate and remitpayroll withholding tax, does the employee responsible forreceiving the payroll tax refund checks perform any of thefollowing functions: Prepare and process payroll, including but not limited tocommunicating changes in the payroll master file data to theoutside payroll provider Authorize payroll Prepare payroll reconciliationsRecommendation:The payroll withholding tax refund checks should not bereceived by an employee who is involved in the payroll process.

Auditing Within the HCMS ApplicationCurrent Practitioner User Role Review:Run the BOR SEC USER ROLE PLIST PAGEQuery by user id to see a list of roles and page accessgranted by a specific user id. This query will also tell you ifthe user has update capability to the page or if it is a viewonly access.Future Query in Development:BOR SEGREGATION DUTIESThis Query is being developed to help assess potential segregation ofduties issues. It will mirror the one that is in GeorgiaFIRST Financialsapplication and will be based of the segregation of duties matrixprovided by the auditors.

Auditing Within the HCMS ApplicationSOD Matrix – Base for Query

Auditing Within the HCMS ApplicationBOR SEGREGATION DUTIESThis query is also based on the points discussed by Claire atthe beginning of the presentation. If a user is returned in theresults of the query, then there needs to be an evaluation ofthat user to see if there is a true segregation of duties issue.If there is a segregation of duties issue noted, there needs tobe mitigating controls in place or the user’s security accessneeds to be updated to remove the risk.

Auditing Within the HCMS ApplicationBOR SEGREGATION DUTIESExample of Query in GeorgiaFirst Financials:Instead of Vendor, PO, Requisition, you would see items like Time Entry,Time Approval, Process Payroll, Reconcile GL, etc. Users will choose afunction to evaluate here.

Auditing Within the HCMS ApplicationBOR SEGREGATION DUTIESExample of Query in GeorgiaFirst Financials:For this example, we chose Approve requisition. This query is run bycompany in HCMS.

Auditing Within the HCMS ApplicationExample of Query in GeorgiaFirst Financials:You will notice that there are a few user ids returned. This doesn’t automaticallymean there are SOD issues. An evaluation of each user must be completed. Inthe Financials Application there are more user preference type actions, thathave to be taken into account. A user may have access to a page, however ifthey don’t have the action, they can’t update the page.

Auditing Within the HCMS ApplicationThe above query does most of the role reconciliation for you. However it isimportant to understand what each role within the application has access to.Through Employee Self Service, an employee can enter and submit theirtimesheet, however, a Manager with Manager Self Service has to approve it.The BOR HR Employee Maintenance role contains access to Hire anemployee, update dependent data, update Badge information, calculatecompensation on Job, Maintain Bank Accounts, Manage Hire Details,create a new employment instance, etc This is the person that controlsthe JOB record and updating it within the application.Managers within Manager Self Service can request a new hire, and it will routethrough workflow for approval. Once approved, then someone with the aboverole will still have to key the transaction within the database.

Auditing Within the HCMS ApplicationThe BOR Payroll Data Maintenance role contains access to CreateAdditional Pay, Create General Deductions, Request Direct Deposit,Retro Pay Calculation Results, Update Tax Distribution, etc Aperson that has this role, should not have the BOR HR EmployeeMaintenance Role.

Auditing Within the HCMS Application

Auditing Within the HCMS Application

Payroll Audits – Calc DayAudit NameDescriptionBOR PAY LN AUDITAudit shows if user made changesto his/her own pay line.BOR ADDITIONAL PAY AUDITAudit shows if user made changesto his/her additional pay.BOR HR COMPRATE AUDITAudit shows if user made changesto his/her comp rate in job data.Excel to CI TOAD scriptAudits additional pay being loadedvia Excel to CI.

Payroll Audits – Confirm DayAudit NameDescriptionBOR PAY LN AUDITAudit shows if user made changes tohis/her own pay line.BOR PAY LN SUPPORT AUDITAudit shows if SSC/ITS operatorsmade changes to his/her employeepay line.BOR ADDITIONAL PAY AUDITAudit shows if user made changes tohis/her additional pay.BOR ADDL PAY SUPPORT AUDITAudit shows if SSC/ITS operatorsmade changes to his/her employeeadditional pay tables.

Payroll Audits – Confirm DayAudit NameDescriptionBOR HR COMPRATE AUDITAudit shows if user madechanges to his/her comp rate injob data.BOR HR COMPRATE SUPP AUDITAudit shows if SSC/ITS operatormade changes to his/heremployee comp rate in job dataBOR PAY DED SUPPORT AUDITQuery shows if SSC/ITS operatormade changes to his/her ownpaycheck via deduction override.

Payroll Audits – Confirm DayAudit NameDescriptionBOR PAY EARN SUPPORT AUDITAudit shows if SSC/ITS operatormade changes to his/her ownpay earningsExcel to CI TOAD Script #1Audits additional pay beingloaded via Excel to CI.Excel to CI TOAD script #2Audits to see if operator madechanges to his/her own payusing other Earnings Tables viaExcel to CI.

Questionable Items Found in Audit Payroll is completely stopped No one is paid Just kidding

Questionable Items Found in Audit

Questionable Items Found in Audit SSC payroll is notified immediatelyAudit findings are researched with institutionPayroll is adjusted as neededInstitution is educated on SODSSC enters case for tracking purposes

master file data to the outside payroll service provider should not be involved in recording the payroll entries in the general ledger, preparing payroll reconciliations or distributing payroll checks. This employee should also not receive the copies of the final payroll reports (e.g., payroll registers) from the outside payroll service.

Related Documents:

Employee Compensation has grown 3% annually over the past 10 years Overview 3 General Fund Adopted Budget FY 2007 FY 2017 % Annual Increase Employee Pay 671.70 808.17 1.9% Employee Benefits 191.12 354.85 6.4% Total Employee Compensation 862.82 1,163.02 3.0% Retiree Health 12.27 16.00 2.7% Total Employee Compensation & Retiree Health

As specified by the IRS, cost segregation specialists use an engineering-based approach for both new and existing properties. Per the IRS Cost Segregation Audit Techniques Guide (ATG), Chapter 4, the prime characteristic of a high-quality cost segregation is “preparation by an individual with expertise and experience”. ThisFile Size: 1MBPage Count: 9

Principal Elements of A Quality Cost Segregation Study* *Taken directly from the IRS Cost Segregation Audit Techniques Guide. About Madison SPECS Specialized Engineering and Cost Segregation In-house team of over 50 experienced en

Cost Segregation: A aluable Strategy for Commercial Property Oners 2017 Bentley Consulting Group, LLC QUALITY COST SEGREGATION STUDIES According to the IRS1, a “quality” cost segregation study is both accurate and well-documented. The preparer should

TABLE OF CONTENTS UNIT LESSON TITLE PAGE NO. I 1.1 Compensation 3 1.2 Compensation Responsibilities 17 1.3 Compensation System Design Issues 23 1.4 Compensation Philosophies 29 1.5 Compensation Approaches 34 II 2.1 Fringe Benefits 41 2.2 Strategic Compensation

Clinic compensation (Total Compensation -Academic Compensation) 170,000 Dr. Smith earned 5 points in 3 different categories in calendar year 2018. Dr. Smith has therefore met the expectations for 100% the benchmark. Dr. Smith's compensation in FY20 is 200,000 30,000 (Academic Compensation) 170,000 (Clinical Compensation)

Workers’ Compensation Employee Handbook 5 An employee’s weekly compensation rate equals sixty-six and two-thirds percent (66 2/3%) of the employee’s average weekly wages in the employment in which the injury occurred during the past 52 weeks prior to the injury. The weekly compensation rate is subject to a statutory

Oracle Segregation of Duties What We Found We identified 84 employees in 16 departments who had capability to perform incompatible business tasks within Oracle. About two-thirds of the conflicting task assignments related to payroll or purchasing. The remaining conflicts related to accounting or cash receipts. Overall, we identified