Internal Audit Scope South Waikato District Council - (SWDC)

Page created by Samuel Morgan

Business

English

Like
Share
Embed
Fullscreen
Slides
Download HTML
Download PDF
Abuse

←

→

Page content transcription

If your browser does not render page correctly, please read the page content below

Internal Audit Scope

South Waikato District Council
(SWDC)

June 2018

kpmg.com/nz

PayrollRevOW
Background
South Waikato District Council (SWDC) has recently outsourced its payroll function to Datacom. To ensure that the
payroll function is still operating effectively, Management has requested Internal Audit to perform an end-to-end review
over SWDC's payroll function. This document outlines the terms of reference for this internal audit and is subject to
KPMG's Internal Audit Services Agreement with Waikato LASS.

Internal audit objectives
— Assess the adequacy of design and operating effectiveness of processes and controls over the payroll function; and
— Provide recommendations for improvement where opportunities exist.

Internal audit scope
Key risks
— Absence of documented payroll-related policies and procedures;
— Inadequate controls and processes to detect non-compliance with SWDC's procedures for payroll;
— Inappropriate access to employee master file and the banking system resulting in unauthorised
  transactions/activities;
— Fictitious employees are set-up and paid;
— Inaccurate calculation and processing of pay run resulting in over/under payments;
— Lack of segregation of duties resulting in fraudulent activities;
— Inappropriate employee set up, termination and maintenance of master file;
— Exceptions are not identified and investigated in a timely manner;
— Over/under payments to employees due to input and other errors by the third party service provider;
— Inaccurate postings of payments made in the General ledger resulting in ineffective decision making;
— Monitoring over the service level agreement with Datacom; and
— Non-compliance to the Holidays Act 2003.
Scope
This internal audit will cover the scope period from 1 July 2017 to 31 May 2018 and will consider the following key
elements of SWDC's end to end payroll processes based on the key risks mentioned above. The scope includes:
Payroll function
— Compliance to Payroll policies, procedures and guidelines;
— Delegations of authority and segregation of duties in the payroll process;
— Processes and controls relating to changes to employee masterfile (including employee setup and terminations)
— Authorisation of payroll calculations including leave, overtime, allowances, PAYE and other deductions;
— Termination and manual payments;
— Review of information as per payroll summary report sent by Datacom to supporting documentation;
— Review of exception reporting and follow up of exceptions;
— Controls over payroll payments, reconciliations and clearing accounts;
— Monitoring over service level agreement with Datacom; and
— Adequacy of reporting to allow effective review of changes to payroll data, decision making and identification for
  follow-up.
Holidays Act process design assessment
We will perform a risk-based assessment of non-compliance with the Holidays Act, focussing on common areas of non-
compliance, including the following:

— casual staff;
— annual leave;
— alternative holiday;
— sick leave; and
— bereavement leave.
Coverage of scope areas
We will cover the above scope areas through the below methods:
1. Control design effectiveness assessment (Payroll function and Holidays Act compliance)
Assess whether the processes and controls are designed in a manner that will enable appropriate management over the
key risk areas based on the above scope. We will assess the existence of controls by performing a walk-through of key
processes.
2. Control operating effectiveness testing (sample-based testing) (Payroll function)
We will assess whether the processes and controls have been performed effectively (e.g. consistently and accurately)
during the scope period.
This will be tested through sample-based testing in line with KPMG's Internal Audit methodology. Where applicable, we
will substitute the sample based testing with data analytics for a wider coverage.
3. Data analvtics testing (Payroll function)
We will assess the provided payroll data through a suite of data analytics tests designed to identify potential non-
compliance, indicators of fraud, assess integrity of master data, and highlight key trends for decision-making.

Out of scope
— Bonus/incentive payments;
— Employee expense payments; and
— Compliance with the full requirements of the Holidays Act and calculations-based assessment of SVVDC's
compliance with the Holidays Act 2003.

Internal audit approach
This internal audit will require fieldwork to be performed at the SWDC office. The approach will include the following
steps:
Planning
1. Obtain and review SWDC's policies and procedures, process documents and discussion with Management relating
to the in-scope areas;
2. Document an overview of the in-scope areas and the related operational systems to identify key risks and
associated mitigating controls;
3. The key risk and control assessment will be confirmed with management to agree the areas of significant risk.
Fieldwork
4. Use the risk and control assessment to target the fieldwork to areas of significant risk.
5. Detailed testing and data analytics (as required) will be performed in line with KPMG's Internal Audit methodology
as required to support our conclusions;
6. Analyse findings to identify the reasons and causes for deviations from policies and procedures and SWDC's
guidelines;
7. Potential internal audit findings will be cleared with process owners prior to drafting the Summary of Potential
Findings for Management discussion;
Reporting
8. A report will be drafted detailing the internal audit findings and opportunities for improvement, and provided to
Management for documentation of their intended action plan; and
9. Issue final report including Management action plans to address Internal Audit's recommendations.

id:446 2

Project sponsor
Ben Smit, Deputy Chief Executive, will be the sponsor of this internal audit. Ben will retain ultimate responsibility for
ensuring recommendations arising from this review are actioned. Fiona Ferrar, Finance Manager, will be our day to day
contact and responsible for ensuring that the documentation and interviewees required for the review team are made
available on a timely basis.

Fees
Our fixed fee for this review is $20,000. The fee estimates are exclusive of GST and disbursements. Disbursements will
be billed at cost. Our estimate has been based on the assumption that we will have ready access to necessary
interviewees and documentation throughout the duration of our review. We will promptly inform the project sponsor of
any constraints in performing this review and of any additional work requested that could result in any variation of this
scope.
Health and safety
The health and safety of its staff is paramount to KPMG. We request that, prior to the project commencing, WDC
provides KPMG with any specific health and safety information pertaining to the field visits, e.g. Personal Protective
Equipment (PPE) requirements, specific health & safety risks, training requirements, any restrictions on personnel
accessing the site(s) etc.
Upon arrival at the site, and prior to commencing the field visits, KPMG requests the necessary site safety inductions,
including information on emergency response procedures, be completed. Whilst at the site(s), KPMG staff will comply
with the health and safety policies of each site, as have been communicated by you.

Internal audit team

David Sutton Engagement Partner Overall lead and quality control of the work performed and
deliverables.

Muhsin Hilal Engagement Manager Manage the delivery of the in-scope areas and quality control
of the work performed.

Anna Nguyen Engagement Lead Lead on-ground execution of the internal audit work.

Mayank Tayal Data Analytics specialist Execution of data analytics.

Other staff will be utilised as required.

Indicative timetable

Planning and preparation 5 June 2018

Fieldwork - commence 18 June 2018

Close out meeting with project sponsor 29 June 2018

Draft report issued to management 3 July 2018

Management comments received 16 July 2018

Final report issued to management 19 July 2018

k_421i41 3

Distribution
 Name                       Title                    Audit scope   Draft report   Final report

 South Waikato District Council Management

 Ben Smit                   Deputy Chief Executive       v              V              V

                                                                                       -
 Fiona Ferrar               Finance Manager              V              V              V
                            Human Resource
Christine Beach
                            Manager
                                                         V              v              v

 Audit and Risk Committee

 Audit and Risk Committee                                V                             v

                                                                                                 4

Approval of internal audit scope

Approved by:                        pproved by:

David Sutton
                                   Ben Smif
Partner, KPMG
                                   Deputy Chief xecutive, South Waikato District Council
Date: 8 June 2018
                                   Date:      Q'
                                                       t8

ki4461

Contact us

David Sutton
Partner, Advisory
T +64 (09) 367 5844
E davidsutton@kpmg.co.nz

Muhsin Hi lal
Associate Director, Advisory
T +64 (09) 363 3639
E muhsinhilal@kpmg.co.nz

kpmg.cominz

pm                           .. ]

C) 20188 KPMG, a New Zealand partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG
International"), a Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative ("KPMG International"), a Swiss entity.

You can also read