Quarterly Risk Report - Payroll Review

Why the Office of the City Auditor (OCA) did this project

OCA’s data analytics include a component that shows trends in financial risks. The analysis compares each financial module’s risk relative to the other financial modules. This provides information to help choose which financial module to focus on for a deeper analysis of risk indicators. OCA chose the Payroll module for review because it had the largest number of flags compared to other modules. 

Project Scope

This is a review of analytics that were the highest risk flags in the Payroll module for the quarter ending 12/31/2024. 

How OCA did this project

The Payroll module contains 27 analytics. Fifteen indicators were selected for transaction analysis based on impact and likelihood of risk events. The attached Risk Wall exhibit provides more detail on the risk analysis. 

Key Observations

There were no findings within the scope of our analytic testing. 

Audit Objective

Review internal controls related to Payroll risks in the Payroll module. 

Procedures

Project procedures included a review of the following business processes:

1. Blank Org Allocation – Ensures that the organization code is present on all employee pays. 

2. Changes After Output Post – Ensures that there are no changes to a Personnel Action form after the date for final approval.

3. Employee Creates Own PA – Ensures that no employees are creating their own Personnel Action forms for a change in pay. 

4. Checks with Negative Deductions – Ensures that there are no negative deductions greater than the total earnings amount. 

5. Hours Changed After Submitted – Ensures that the hours worked by the employee match the hours in the earning history. 

6. Multiple Employees Same Account – Ensures that any matching employee bank account is due only to a relationship such as a marriage or other familial relationship. 

7. Multiple PA's – Ensures pay is correct when there is a time frame of less than 180 days to a previous Personnel Action form. 

8. Inactive Employee Payments – Ensures that there are no payments made to an employee that is marked inactive. 

9. Off Cycle Payroll Outliers – Ensures that there is no additional employee payment off cycle of regular payroll to termination. 

10. Rate Change After PA – Ensures that there is not an additional employee’s pay after a Personnel Action form has been approved for pay. 

11. Time Submitted with No Pay – Ensures if an employee has time worked that they are paid for that time. 

12. Unusual Payroll Transactions – Ensures that an employee’s paycheck has the deductions expected and they are not greater than the amount of total earnings. 

13. Rate Change No PA – Ensures that all pay changes have a matching Personnel Action form. 

14. Retro Pay – Ensures that there is justification for any retro pay an employee receives. 

15. Pay Rate Changes – Ensures that there is proper documentation for all pay rate changes. 

    
    

Risk Wall Exhibit

A risk matrix was created to evaluate the impact and probability of each analytic to determine scope of testing. The probability was determined by the number of flags for each analytic and is included below the analytic name in each box below. Impact was determined by auditor discretion and discussion with management. The upper right quadrant of the risk wall indicates high impact and high probability of risk events. The fifteen analytics inside the arc were chosen for deeper analysis due to their elevated audit risk because of their high probability or high impact. 

Each box’s name correlates to the analytics descriptions listed in the procedures section above. 

Download PDF Version: