Relevant to candidates attempting FAU, Foundations in Audit and
F8, Audit and Assurance
This article focuses on the audit of wages but many of the points made also apply to salaries (the term payroll covers both). The distinction between the two is that wages are normally paid weekly in cash to employees working in departments such as production. Salaries, on the other hand, are paid monthly to employees normally working in administrative departments, via electronic transfers to their bank accounts. Changes in technology and less reliance on cash have blurred this traditional distinction and many hourly paid employees are now paid via bank transfer. However, in some small companies or in parts of the world where few people have bank accounts, employees are still paid in cash based on hours in attendance or work completed.
The auditor is required to plan and perform their work in order to form an opinion on the financial statements and in doing so to obtain reasonable assurance that the financial statements are free from material misstatement, whether due to fraud or error. As such this article will consider some of the key considerations that the auditor should make when planning and performing work on payroll, including the nature, timing and extent of procedures that should be carried out. The article will also consider the potential for fraud within the payroll function and some of the fraud risk factors that the auditor should be alert to when planning and performing their work.
Much of the audit work on the wages system may be performed during the interim audit, through detailed controls testing, as due to the nature and volume of payroll transactions the auditor is likely to wish to place some reliance on the company’s control system. However, some substantive procedures to confirm payroll costs and wage accruals will form part of the final audit.
Interim audit work on wages should involve the normal stages of recording, evaluating and testing internal controls.
In order to evaluate the control system the auditor will firstly consider the objectives which the control activities should be designed to achieve. Typical control objectives for wages include the following:
The evaluation should be performed by considering if controls exist to ensure specified control objectives are met.
Auditors often complete questionnaires to assist in system evaluation. Internal Control Questionnaires (ICQs) ask specific questions about controls relevant to each control objective. The alternative is an Internal Control Evaluation Questionnaire (ICEQs), sometimes referred to as key or control questions which focus on risks rather than objectives. They cover the same areas as control objectives and typical examples include:
If the evaluation indicates that controls exist a test of controls (compliance test) will be performed but if controls are weak or absent then a substantive procedure will be appropriate, to determine if material misstatement has occurred.
Five stages are shown below and typical controls identified are linked to relevant control objectives.
(i) Setting up master file data
Robust recruitment procedures are required before new employees are entered on the wages master file. Interviews should be undertaken involving senior staff to ensure the new employee has the required skills. New starters’ forms should be completed in the human resources (HR) department and copies retained along with contracts of employment. Changes to standing data on the master file should be performed by staff who are independent of processing payroll. The wages master file contains all the standing data about employees, such as name, address, date of birth, date of starting employment, employee number, rate of pay and tax code.
(ii) Recording wages due
Clock cards are often used to record the hours that employees enter and leave the premises. Modern equivalents would include employee ID cards which are swiped by an electronic card reader. In this scenario employees are paid based on hours worked. If employees are paid in accordance with work completed job cards may take the place of clock cards.
(iii) Calculation of wages
Hours worked should be converted to a gross wage by reference to the employee’s hourly rate of pay and deductions such as payroll taxes are made to calculate net pay. Software is normally used to produce the weekly payroll and calculation errors are less likely than with manual systems. Gross wages should be based on a standard working week (for example, 40 hours) and if overtime has been worked this should be picked up from the clock card. However, in some systems, authorised lists of overtime worked during the week are entered so that the revised gross wage can be calculated.
(iv) Payment of wages
As indicated earlier employees should either be paid in cash or by bank transfer. In the case of cash a cheque should be signed, preferably by two senior responsible officials (normally directors in small companies). Once collected from the bank the cash should be included in pay packets with payroll slips for subsequent distribution to employees.
(v) Accounting for wage costs and deductions
Payroll software should automatically transfer total wage costs and deductions such as tax and pension contributions to the appropriate accounts in the nominal (general) ledger. Outstanding wages owed to employees or deductions not yet paid over to the relevant third parties should be accrued and disclosed as ‘other payables’.
The above comparisons and reconciliations should be performed by senior responsible officials who are independent of the payroll department – for example, management or financial accounting staff.
The risk of fraud should be considered by the auditor when planning the work which is to be performed on payroll. Even companies that appear to have good internal controls can suffer from instances of fraud.. The most common payroll frauds include:
The common feature that often facilitates these frauds is inadequate segregation of duties. Frauds can be difficult to prevent where there is collusion among staff. Historically organisations have lost significant sums when large numbers of staff came to expect the routine inclusion of unauthorised overtime in their pay. While it is not the responsibility of the auditor to prevent or detect fraud, the auditor must identify and assess the risk of misstatement due to fraud and respond appropriately in order to obtain sufficient appropriate evidence regarding these risks.
The type of test performed will depend on the particular features of the wages system and the auditor’s evaluation of controls. Typical tests for each control objective are listed below. However, this list is not exhaustive and some of the substantive procedures may be carried out during the final audit.
Tests to ensure the accuracy and completeness of balances in respect of wage costs and payroll deductions (Control objectives 5, 6 and 7) are normally substantive in nature and conducted as part the final audit.
A substantive audit programme should include:
Computer assisted audit techniques
Use the computer as an audit tool and the most common examples are test data and audit software. These could be employed during the interim and final audit of wages.
Test data consists of data submitted by the auditor to test the operation of application controls such as data-validation (edit) checks. Test data should be input using valid and invalid transactions to check the operation of these controls. Examples include:
Audit software is normally used by the auditor for substantive testing and can interrogate a client’s computer files, re-perform calculations or extract items for further investigation. Examples include:
Knowledge of the stages in a typical wages system and the link between control objectives, controls and audit tests should help students distinguish between these terms. It is also important that, for a given wages system, candidates can identify significant deficiencies in internal control, explain the implications of the deficiencies and recommend appropriate controls.
Written by a member of the FAU examining team