Internal Auditing Final Case Study
You are the internal audit senior responsible for conducting an assurance engagement of the XYZ Company payroll process. This process has not been audited for three years and, as such, is due in the normal audit cycle. There have been no significant changes since the previous audit, that is, there were no system changes, no reorganization of personnel, and no substantive procedural changes. However, during the last assurance engagement, the internal audit function identified several observations, some of which were considered significant. The significant observations related to:
Information pertaining to employees leaving the company was not communicated to the IT department, resulting in extended delays before those employees’ …show more content…
This risk is considered HIGH LIKELIHOOD because delays were encountered in the processing of overtime and acting pay transaction.
*RISK TOLERANCE: - The Payroll Department anticipate 100% of the employees will return their timesheets in a timely manner and set a tolerable level of 10% of not following protocols.
DUPLICATE PAYMENT RISK
It is considered HIGH IMPACT because there could be a material and it would represent lost funds if undetected. This risk is considered LOW LIKELIHOOD as it is less likely that the system of the IT Department will have the delay in processing the payments.
*RISK TOLERANCE: - The Payroll Department foresee a 100% that the payments to the employees will not be duplicated and may tolerate atmost a 2% of possible occurence.
SUPPORTING DOCUMENT RISK
This risk is considered MEDIUM IMPACT because the security of information contain on the benefits of the employee are vulnerable aspects of the payroll process. This risk is considered MEDIUM LIKELIHOOD as such misdirected the amounts withheld for employees may be directed through other means.
*RISK TOLERANCE: - The Payroll Department set a level of 100% of accomplishing the requirements needed with regards to the employee benefit and may tolerate 2% of not complying the required documents.
Key Performance Indicators:
- All of the policies and procedures are performed and implemented giving way to a