Li) as evidence of review. Through discussion with Lu, determine that exceptions are appropriately followed up. For a sample of pay runs, extract pay rates from the employee data file and have the system recalculate the gross pay and confirm it matches the figure in the pay run Incorrect payment is made to the employees The CFO reviews details from the payroll system prior to authorising payment. She then checks the bank statements to ensure the correct amounts have been debited (Manual) Select two monthly electronic funds transfer reports and the corresponding bank statements. Inspect the electronic funds transfer reports for evidence of authorisation by Lily. Check that the monthly salary transfer has been initialled by Lily. Unauthorised access to payroll data Both the payroll employee data file and the payroll software are password protected (ITAC) Attempt to access both the payroll employee data file and the payroll software by entering login names and password of personnel from other departments to confirm both systems are password protected Payroll data/ changes are not accurate or complete or have not been authorised Only the payroll manager and the CFO have the password to import payroll data into the payment system (ITAC) Attempt to access both the payroll employee data file and the payroll software by entering login names and password of personnel other than the payroll manager and the CFO to confirm both systems are password protected
Chartered Accountants Program Audit & Assurance Unit 19 – Activities and solutions Page 19-13 ACT Tests of controls to be performed on MT’s internal controls for the payroll process Process Risk Internal controls identified, control category Tests of controls to be performed Employment termination process Terminated employees are not removed from the payroll system Monthly ‘Leavers report’ is reviewed and signed by the HR supervisor (Manual) Select two monthly ‘Leavers reports’. Check that they have been signed by the HR supervisor, Gurpreet. Recommended approach The steps outline the recommended approach for successfully completing this task. Step 1 – Refer to the Standards for the requirements relating to tests of controls Read ISA 315 para. 12, which requires the auditor to obtain an understanding of internal controls relevant to the audit. Refer to ISA 315 paras A60–A66 for guidance on how an entity may use a mix of automated (IT) and manual controls. In designing and performing tests of control, ISA 330 para. 10(b) requires the auditor to determine whether tested controls depend on indirect controls (such as GITCs), and if so, whether it is necessary to obtain evidence of the effective operation of those controls. In this scenario, you were told that GITCs had been tested and were found to be effective.
You've reached the end of your free preview.
Want to read all 284 pages?
- Three '16
- Chartered Accountants Program