Auditing payroll is a critical skill. Today I explain how.
While payroll is often seen as a low-risk area, considerable losses can occur here. So, knowing how to audit payroll is important.
Payroll exceeds fifty percent of total expenses in many governments, nonprofits, and small businesses. Therefore, it is often a significant transaction area.
To assist you in understanding how to audit payroll, let me provide you with an overview of a typical payroll process.
First, understand that entities have payroll cycles (e.g., two weeks starting on Monday). Then, payments are made at the end of this period (e.g., the Tuesday after the two-week period). Also, understand that most organizations have salaried and hourly employees. Salaried personnel are paid a standard amount each payroll, and hourly employees earn their wages based on time.
Second, an authorized person (e.g., department head) hires a new employee at a specified rate (e.g., $80,000 per year).
Third, human resources assists the new-hire with the completion of payroll forms, including tax forms and elections to purchase additional benefits such as life insurance.
Fourth, a payroll department employee enters the approved wage in the accounting system. The employee’s bank account number is entered into the system (if direct deposit is used).
Fifth, employees clock in and out so that time can be recorded.
Sixth, once the payroll period is complete, a person (e.g., department supervisor) reviews and approves the recorded time.
Seventh, a second person (e.g., payroll supervisor) approves the overall payroll.
Eighth, the payroll department processes payments. Direct deposit payments are made (and everyone is happy).
In this article, we will cover the following:
The primary relevant payroll assertions are:
I believe—in general—completeness and cutoff (for accrued payroll liabilities) and occurrence (for payroll expenses) are the most important payroll assertions. When a company accrues payroll liabilities at period-end, it is asserting that they are complete and that they are recorded in the right period. Additionally, the company is saying that recorded payroll expenses are legitimate.
Additionally, payroll auditing requires an understanding of threats in light of these assertions. So how do I gain this knowledge? Payroll walkthroughs.
Perform a walkthrough of payroll to see if there are any control weaknesses. How? Walk transactions from the beginning (the hiring of an employee) to the end (a payroll payment and posting). And ask questions such as the following:
Moreover, as we ask these questions, we need to inspect documents (e.g., payroll ledger) and make observations (e.g., who signs checks or makes electronic payments?).
If controls weaknesses exist, we create audit procedures to respond to them. For example, during the walkthrough, if we see that one person prints and signs checks, records payments, and reconciles the bank statement, then we will plan fraud-related substantive procedures.
As we perform payroll walkthroughs, we are asking, “What can go wrong—whether intentionally or by mistake?”
When payroll fraud occurs, understatements or overstatements of payroll expense may exist.
If a company desires to inflate its profit, it can—using bookkeeping tricks—understate its expenses. As (reported) costs go down, profits go up.
On the other hand, overstatements of payroll can occur when theft is present. For example, if a payroll accountant pays himself twice, payroll expenses are higher than they should be.
Mistakes also lead to payroll misstatements. Payroll errors can occur when payroll personnel lack sufficient knowledge to carry out their duties. Additionally, misstatements occur when employees fail to perform internal control procedures such as reconciling bank statements.
The directional risk for payroll is an understatement. So, audit for completeness (determining that all payroll is recorded). Nevertheless, when payroll theft occurs (e.g., duplicate payments), overstatements can occur.
The primary payroll risks include:
As you think about these risks, consider the control deficiencies that allow payroll misstatements.
In smaller entities, it is common to have the following control deficiencies:
Another key to auditing payroll is understanding the risks of material misstatement.
In auditing payroll, the assertions that concern me the most are completeness, occurrence, and cutoff. So my risk of material misstatement for these assertions is usually moderate to high.
My response to higher risk assessments is to perform certain substantive procedures: namely, a reconciliation of payroll in the general ledger to quarterly 941s. Why? The company has an incentive to accurately file 941s since the returns are subject to audit by governmental authorities. So, if the 941s are correct, the reconciliation provides support for recorded payroll.
Additionally, consider theft which can occur in numerous ways, such as duplicate payments or ghost employees.
In a duplicate payment fraud, the thief, usually a payroll department employee, pays himself twice.
Ghost employees exist when payroll personnel leave a terminated employee on the payroll. Why would someone in the payroll department intentionally leave a terminated employee in the payroll system? To steal the second payment. How? By changing the terminated employee’s direct deposit bank account number to his own. The result? He receives two payments (his own and that of the terminated employee).
Once your payroll risk assessment is complete, decide what substantive procedures to perform.
My customary tests for auditing payroll are as follows:
In light of my risk assessment and substantive procedures, what payroll work papers do I normally include in my audit files?
My payroll work papers normally include the following:
In this article we looked at the keys to auditing payroll. Those keys include risk assessment procedures, determining relevant assertions, assessing risks, and developing substantive procedures. My go-to substantive procedure is to reconcile payroll to 941s. I also review payroll withholding accounts and recompute salary accruals. Comparisons of payroll expenses are useful. Finally, if merited, I perform fraud-related payroll procedures.
See my book on Amazon: The Why and How of Auditing.
Charles Hall is a practicing CPA and Certified Fraud Examiner. For the last thirty-five years, he has primarily audited governments, nonprofits, and small businesses. He is the author of The Little Book of Local Government Fraud Prevention, The Why and How of Auditing, Audit Risk Assessment Made Easy, and Preparation of Financial Statements & Compilation Engagements. He frequently speaks at continuing education events. Charles consults with other CPA firms, assisting them with auditing and accounting issues.