Internal Auditing Final Case Study

3026 Words13 Pages
You are the internal audit senior responsible for conducting an assurance engagement of the XYZ Company payroll process. This process has not been audited for three years and, as such, is due in the normal audit cycle. There have been no significant changes since the previous audit, that is, there were no system changes, no reorganization of personnel, and no substantive procedural changes. However, during the last assurance engagement, the internal audit function identified several observations, some of which were considered significant. The significant observations related to:
Information pertaining to employees leaving the company was not communicated to the IT department, resulting in extended delays before those employees’
…show more content…
2. To manage the compensation of the employees with precision and on-time.
3. To transmit information effectively to the IT department, in order to obviate the delays in the updating of employees.
4. To record periodically match benefit participants list with employee and/or retiree list.
Potential Risk Scenarios for each objectives respectively
1. There’s a potential risk of delegating one-person manipulating the recording and authorizing of the payroll accounts.
2. There’s a considerable risk that an employee will not turn-in the timesheet in a timely manner, and so will not be paid.
3. There’s a probability of the occurrence of significant errors that would likely cause the duplication of payment to terminated employees as well as variances on the payment to ghost employees.
4. There’s a possibility a lack of supporting evidences and requirements to grant the benefit associated for each employees.
Risk Assessment

It is considered as HIGH IMPACT as lack of sufficient direction could result in material payroll transactions being made in an inappropriate or fraudulent manner. This risk is considered MEDIUM LIKELIHOOD because the sizable sums of money involve in the payroll function have frequently been a target for theft and fraud.
*RISK TOLERANCE: - The Payroll Department set a target of 100% that the policies and procedures must be followed and may tolerate a 5% of not following the rules.

Get Access