Payroll System


September 24, 2010

Payroll System: Internal Controls Analysis and Evaluation

An analysis of internal control weaknesses in the payroll system and suggested Internal Controls

Internal Control Weaknesses

Suggested Internal Control

The foreman can issue temporary numbers to new employees. The foreman can add ghost workers

New Employee’s numbers should be issued from a different department, like the Human resources department

The employees’ clocking system can be easily manipulated as the employees enter their numbers at arrival to the office. An employee can clock in the wrong time.

An automatic clocking system should be implemented. The new clocking system should be computerized and should be able to identify an employee without the number, for example recognizing the employee’s fingerprints.

There is no direct link between the payroll and the clocking system.

The clocking system should be computerized and linked to both the wages and the payroll system to allow for transparency.

The wages department staff amending computerized wages system as well as maintaining employees’ records. This is susceptible to manipulation.

There wages department staff should not maintain employees record. This should be done by the human resources department

The delivery of cash to the office though by a secure courier. There could be break-ins within the office.

SouthLea Co. should insist to their employees to open bank accounts, where wages are electronically transferred to their bank accounts

No senior manager signs and verifies the payments that are prepared by the two employees.

A senior manager should verify and authorize the wages payments.

Employee’s payments are put in an envelope and again given to the foreman for distribution. The foreman can collude with the two wages staff or he may add a nonexistent name since he is the one to receive the cash.

The wage packets should be distributed by someone other than the foreman or in the presence of the manager. The manager should counter sign the pay schedule before handing it over for distribution.

The pay schedule or pay slip is done manually

The computerized wages system should be upgraded to allow printing of pay slips

The employees do not sign for the wages received.

There should be a list indicating each employee’s wage where she/he will sign against after receiving the money

There are several differences between the internal and the external departments, the main one being, that while the external auditor is concern mainly on the financial statements, the external auditor is concern with all the operations of the business. There are other differences and especially in their responsibilities in detecting fraud and according to ISA 240. The Professional Standard Board (PSB), which is the body that is responsible for setting the auditing standards in New Zealand, has been in the process of adopting the International Auditing Standards (ISAs) (EStandards Forum, 2009). One of the ISAs which it has adopted is ISA 240, the Auditor’s Responsibilities Relating to Fraud in an audit of financial statements. These differences are:

Internal Auditor

External Auditor

Main reason for audit work

The main objective for the internal department is to assist the management in improving the organization’s operations and especially assessing the strength of the internal controls.

The objective of an internal auditor is to express an opinion on the financial statements and on the strengths of internal controls.


  • Has both qualitative and quantitative elements

  • materiality should be assessed based on how it affects audit risk and its relevance to internal controls

  • Has both qualitative and quantitative elements

  • the materiality of the fraud will be assessed differently for each entity depending on its size

  • The materiality assessed on its effect to the financial statements and especially on the profits.

Identification of fraud

  • The internal auditor has a responsibility to investigate any suspicions of fraud in the entire organization. The suspicion can be as a result of him being mindful of the entire business, or as a hint from any other sources.

  • The internal auditor should report any suspicions

  • If independent, the mere existence of the department should act as a deterrent to possible fraud.

  • The auditor can rely on several sources. The auditor enquires from the internal auditor of any suspicions of fraud that they had detected within the course of the period under audit. The external auditor takes into consideration the reliability of the internal audit function and the effectiveness of corporate governance.

  • The external auditor will undertake analytical procedures and should question any unusual relationships that would lead to possible fraud.

  • Has the responsibility to identify any present risks of fraud, estimates what the effect would be on the financial statements and decides on the response


EStandards Forum, (2009). New Zealand: International Standard on Auditing: Retrieved on September 24, 2010

International Federation of Accountants, (2010). International Standard on Auditing 240 (revised): The Auditors Responsibility to Consider Fraud in an Audit Financial Statement: Retrieved on September 24, 2010