SlideShare a Scribd company logo

GPMI December 2015

Max van der Klis-Busink
Max van der Klis-Busink

Article on the GPCF.

Business
1 of 3
Download to read offline
BY MAX VAN DER KLIS-BUSINK Take Charge With a Part II Control Framework Global Payroll Editor’s Note: In the November issue of Global Payroll, Max van der Klis-Busink explained how he used the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework as the basis of his Global Payroll Control Framework (GPCF). He also laid out the objectives of the framework. In Part II, he lays out the first three components of internal control over payroll. T he next step toward designing the GPCF is addressing the (five) components of internal control. COSO’s framework extensively addresses these five components and it’s stated that without them, internal control simply cannot be achieved. The components apply to all objectives, processes, and functions within an organization and to the global payroll function specifically. Internal control is a dynamic process, so components are interrelated and influence each other. Risk assessment, for instance, not only influences the design of control activities to mitigate assessed risks, but also may highlight the need to implement monitoring activities. I will address the first three in this contribution and will address the other two (with the Global Payroll Operating Model) in Part III. Control Environment The control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. The executive management establishes the tone at the top and externalizes it in policies and codes applicable to all functions of an organization. Take notice of which policies allow the global payroll function to embed internal control in its processes. These could be codes of conduct related to social compliance, business ethics, or for instance information security. If the code of conduct says employees should strictly comply with applicable laws and regulations or that all digital and hard copy information must not be disclosed BY MAX VAN DER KLIS-BUSINK GLOBAL PAYROLLThe official magazine of the Global Payroll Management Institute Reprinted From December 2015
without prior consent, it influences daily payroll operations and the tone set in global payroll objectives. Company policies reveal either explicitly or implicitly whether internal control is taken seriously, whether decisions affecting payroll tax are taken opportunistically, or if ethical values and integrity prevail in these situations. This tone has an effect on how risks are assessed and labeled and thus how control activities are designed. This is also the reason why a GPCF is different for each organization. The control environment also includes information on the IT infrastructure, the customers and stakeholders of the global payroll function, and an overview of the global operating model. Finally, summarize the payroll environment to gain insight into the complexity of the payrolls and countries in the GPCF’s scope, such as the number of employees, currency, time zone, processing period (weekly, biweekly, monthly, etc.), and the turnover in employees. Use these insights to identify and assess risks and to manage the workload within the global payroll function in assigning responsibilities. Risk Assessment For internal control to be effective, organizations must identify risks that have or may have an adverse effect on achieving global payroll objectives. This is not a one-time event when designing the GPCF, but should be systematically implemented and evaluated as circumstances change. Numerous changes can affect internal control for payroll, such as starting business in a new country, implementing a new HR-system, or adding new employment terms. Risks can roughly be categorized in two categories: those present in payroll processes, and those that occur outside of payroll but that may have an effect on the organization’s position on payroll taxes. These two risk categories then apply to the global payroll operating model and need to be specified as country-specific risks to reach the level of detail required to really be in control of global and local payroll. These local risks could include the difference in how new hires are processed and the timing of registering them. In assessing local risks, these factors typically increase local payroll complexity and thus increase risk: benefits in kind, travel and business expenses, hiring and firing employees, and global mobility (expats). Before assessing risks, identify them by analyzing the global payroll function’s current processes and control environment. The global payroll function can identify risks alone, but collaborating with other internal and external stakeholders will enable a more objective analysis. This analysis can be done by interviewing other support functions (finance, HR, treasury, etc.) and payroll vendors, sending questionnaires to customers, or analyzing payroll data. As long as the risks are identified, the method succeeds. Once the risks are identified, assess and describe them in a standardized order. Include a risk header, risk classification, and the intended response to the risk. In the header, describe the risk and the global payroll objective on which the risks may have an adverse effect. Below are three examples of common risks identified in global payroll operating models: • Payroll changes (new hires, contract changes, and departing employees) not being included in the payroll change sheet, causing inconsistencies in payroll master data resulting in incorrect payroll output; • Not meeting payroll timelines in accordance with the GPCF, having an adverse effect on deadlines communicated to stakeholders, customers, vendors, and filing deadlines; • Insufficient funds on payday, which prevents salary payments and the payment of payroll taxes, resulting in non-compliance. Control Activities The actions an organization or function establishes to mitigate identified and assessed risks are control activities. It’s common to build control activities into processes as routine controls and everyday business decisions, such as segregation of duties, sign-offs on output, four-eye principle (two-person rule), automated system blocks, and authorizations. Control activities are normally a response to assessed risks, such as those described before. Since payroll is mainly a transactional process, business processes usually include so-called transaction controls with a direct and clear link to an assessed risk. Start designing control activities by analyzing current control activities, inventorying the assessed risks, and identifying the potential the current global payroll operating model provides to mitigate it. The aim should always be to mitigate all assessed risks or to knowingly accept not mitigating them. An organization also should stop control activities that do not mitigate risks and add no (business) value. After gaining insight into the required controls and the feasibility of implementing them, describe them. Include these elements: a description in the header; a classification of
key or non-key; the control objective, type and method; and the systems utilized to perform the control activity. Label the controls as key or non-key based on three discretionary items: the level of complexity of the activity, the level of professional judgment required to execute the activity, and the risk of management being able to override the activity to get things done. Each control has an objective such as accuracy, completeness, validity of data, or the segregation of duties. Have a combination of control objectives that together mitigate interrelated risks. Here are three control activities typically incorporated in the processes of the global operating model: • Payroll changes processed on the payroll change sheet are checked and approved prior to further processing by another member of the global payroll function in accordance with sections 3 and 4 of the GPCF; • In the online banking system, the global payroll function has a profile setup that allows only initiating and partly authorizing a payment before it is executed by the global controller; • Sign-off on the preliminary payroll output is only given to the payroll vendor after the global payroll manager has approved the last preliminary output via email. These control activities pursue different objectives. The first one, for instance, pursues accuracy, completeness, and validity, while the second and third pursue correct authorization and segregation of duties. They also differ in type, which can be defined as either detective, preventive, or corrective (see table below). A combination of control activities will ensure better control over risks. Next, list the systems utilized to perform the control. In order for the auditors to easily write their audit plans, include evidence obtained as proof of the control, if performed, and the frequency of the control on a global and local level. Finally, map each control activity to one or more described risks and add it to the Risk and Control Matrix (RCM). This RCM provides the necessary insight enabling you to answer the question CFOs tend to ask: “Are all of our identified risks mitigated with control activities?” It’s a great document to share with internal and external auditors. In Summary In this contribution, I have exemplified the first three components of internal control. Once these are designed and addressed, the final two components (Monitoring Activities and Information & Communication) are the next logical steps. These will ensure that separate evaluations on the function of control are conducted and that information is communicated properly and timely. Make sure to read Part III, where I also will address the Global Payroll Operating Model for you to start the design of your own GPCF. ■ Control Types and Definitions Control type Definition Detective Designed to detect errors or irregularities that may have occurred before the output of a process is delivered to the customer or stakeholder. Preventive Designed to keep errors or irregularities from occurring in the first place; this is the most favorable type of control for the global payroll team. Corrective Designed to correct errors or irregularities that have been detected and therefore already have occurred. The Global Payroll Management Institute (GPMI), www.GPMInstitute.com, is the world’s leading community of payroll leaders, managers, practitioners, researchers, and technology experts. Our subscribers connect with each other through networking discussions, collaborative opportunities, and access to education and publications dedicated to global payroll strategies, knowledge, research, employment, and training. GPMI also publishes several global payroll texts and white papers as a benefit to our subscribers. Get more information at www.GPMInstitute.com.

Recommended

Internal Control COSO
Internal Control COSOInternal Control COSO
Internal Control COSOJesús Gándara
 
Improving and Implementing Internal Controls
Improving and Implementing Internal ControlsImproving and Implementing Internal Controls
Improving and Implementing Internal ControlsTommy Seah
 
Internal controls myths and best practices
Internal controls myths and best practicesInternal controls myths and best practices
Internal controls myths and best practicesPamela Mantone
 
Effective Internal Controls (Annotated) by @EricPesik
Effective Internal Controls (Annotated) by @EricPesikEffective Internal Controls (Annotated) by @EricPesik
Effective Internal Controls (Annotated) by @EricPesikEric Pesik
 
Evaluation of the effect of monitoring and control activities on fraud detect...
Evaluation of the effect of monitoring and control activities on fraud detect...Evaluation of the effect of monitoring and control activities on fraud detect...
Evaluation of the effect of monitoring and control activities on fraud detect...Alexander Decker
 
Coso Monitoring - Templates
Coso Monitoring - TemplatesCoso Monitoring - Templates
Coso Monitoring - TemplatesAviva Spectrum™
 
Risk assessment facilitation guide
Risk assessment facilitation guideRisk assessment facilitation guide
Risk assessment facilitation guideCenapSerdarolu
 
Chap 2 procedure
Chap 2 procedureChap 2 procedure
Chap 2 procedureDr Manu H Natesh
 

Recommended

Internal Control COSO
Internal Control COSOInternal Control COSO
Internal Control COSOJesús Gándara
 
Improving and Implementing Internal Controls
Improving and Implementing Internal ControlsImproving and Implementing Internal Controls
Improving and Implementing Internal ControlsTommy Seah
 
Internal controls myths and best practices
Internal controls myths and best practicesInternal controls myths and best practices
Internal controls myths and best practicesPamela Mantone
 
Effective Internal Controls (Annotated) by @EricPesik
Effective Internal Controls (Annotated) by @EricPesikEffective Internal Controls (Annotated) by @EricPesik
Effective Internal Controls (Annotated) by @EricPesikEric Pesik
 
Evaluation of the effect of monitoring and control activities on fraud detect...
Evaluation of the effect of monitoring and control activities on fraud detect...Evaluation of the effect of monitoring and control activities on fraud detect...
Evaluation of the effect of monitoring and control activities on fraud detect...Alexander Decker
 
Coso Monitoring - Templates
Coso Monitoring - TemplatesCoso Monitoring - Templates
Coso Monitoring - TemplatesAviva Spectrum™
 
Risk assessment facilitation guide
Risk assessment facilitation guideRisk assessment facilitation guide
Risk assessment facilitation guideCenapSerdarolu
 
Chap 2 procedure
Chap 2 procedureChap 2 procedure
Chap 2 procedureDr Manu H Natesh
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information Systemarif prasetyo
 
Nov15 gpr gcf part i_re_print
Nov15 gpr gcf part i_re_printNov15 gpr gcf part i_re_print
Nov15 gpr gcf part i_re_printMax van der Klis-Busink
 
Technology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal ControlTechnology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal ControlZefren Edior
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controlsCenapSerdarolu
 
Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Hisyam
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDITRos Dina
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guideCenapSerdarolu
 
Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guideCenapSerdarolu
 
Management Control System Characteristics
Management Control System CharacteristicsManagement Control System Characteristics
Management Control System Characteristicstidkevishal
 
Controlling, Information, and Technology
Controlling, Information, and TechnologyControlling, Information, and Technology
Controlling, Information, and TechnologyEyad Al-Samman
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Sharing Slides Training
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guideCenapSerdarolu
 
Internal controls
Internal controlsInternal controls
Internal controlsappan_k
 
CM Introduction 081414
CM Introduction 081414CM Introduction 081414
CM Introduction 081414aidanc5
 
Il fiore
Il fioreIl fiore
Il fioreelisamariamagdici
 
Top inspirational quotes 2013
Top inspirational quotes 2013Top inspirational quotes 2013
Top inspirational quotes 2013Daniyal Munir
 
Il fiore
Il fioreIl fiore
Il fioreelisamariamagdici
 
Social media
Social mediaSocial media
Social mediaDaniyal Munir
 
Yahoo
YahooYahoo
YahooDaniyal Munir
 
Culture in Business Process Management
Culture in Business Process ManagementCulture in Business Process Management
Culture in Business Process ManagementDaniyal Munir
 
Constitutional Development Of Pakistan
Constitutional Development Of PakistanConstitutional Development Of Pakistan
Constitutional Development Of PakistanDaniyal Munir
 
Unique Enterpreneur Logics
Unique Enterpreneur LogicsUnique Enterpreneur Logics
Unique Enterpreneur LogicsDaniyal Munir
 

More Related Content

What's hot

Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information Systemarif prasetyo
 
Technology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal ControlTechnology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal ControlZefren Edior
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controlsCenapSerdarolu
 
Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Hisyam
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDITRos Dina
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guideCenapSerdarolu
 
Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guideCenapSerdarolu
 
Management Control System Characteristics
Management Control System CharacteristicsManagement Control System Characteristics
Management Control System Characteristicstidkevishal
 
Controlling, Information, and Technology
Controlling, Information, and TechnologyControlling, Information, and Technology
Controlling, Information, and TechnologyEyad Al-Samman
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Sharing Slides Training
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guideCenapSerdarolu
 
Internal controls
Internal controlsInternal controls
Internal controlsappan_k
 
CM Introduction 081414
CM Introduction 081414CM Introduction 081414
CM Introduction 081414aidanc5
 

What's hot (14)

Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information System
 
Nov15 gpr gcf part i_re_print
Nov15 gpr gcf part i_re_printNov15 gpr gcf part i_re_print
Nov15 gpr gcf part i_re_print
 
Technology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal ControlTechnology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal Control
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controls
 
Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guide
 
Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guide
 
Management Control System Characteristics
Management Control System CharacteristicsManagement Control System Characteristics
Management Control System Characteristics
 
Controlling, Information, and Technology
Controlling, Information, and TechnologyControlling, Information, and Technology
Controlling, Information, and Technology
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guide
 
Internal controls
Internal controlsInternal controls
Internal controls
 
CM Introduction 081414
CM Introduction 081414CM Introduction 081414
CM Introduction 081414
 

Viewers also liked

Top inspirational quotes 2013
Top inspirational quotes 2013Top inspirational quotes 2013
Top inspirational quotes 2013Daniyal Munir
 
Culture in Business Process Management
Culture in Business Process ManagementCulture in Business Process Management
Culture in Business Process ManagementDaniyal Munir
 
Constitutional Development Of Pakistan
Constitutional Development Of PakistanConstitutional Development Of Pakistan
Constitutional Development Of PakistanDaniyal Munir
 
Unique Enterpreneur Logics
Unique Enterpreneur LogicsUnique Enterpreneur Logics
Unique Enterpreneur LogicsDaniyal Munir
 
The Role of Business
The Role of BusinessThe Role of Business
The Role of BusinessDaniyal Munir
 
Working of Institutions
Working of InstitutionsWorking of Institutions
Working of InstitutionsDaniyal Munir
 
Mutual funds in Pakistan
Mutual funds in PakistanMutual funds in Pakistan
Mutual funds in PakistanDaniyal Munir
 
Comparative analysis of marketing strategies of automobiles companies 1
Comparative analysis of marketing strategies of automobiles companies 1Comparative analysis of marketing strategies of automobiles companies 1
Comparative analysis of marketing strategies of automobiles companies 1ShikharGwalre57
 
Types of reading.ppt
Types of reading.pptTypes of reading.ppt
Types of reading.pptDaniyal Munir
 

Viewers also liked (18)

Il fiore
Il fioreIl fiore
Il fiore
 
Top inspirational quotes 2013
Top inspirational quotes 2013Top inspirational quotes 2013
Top inspirational quotes 2013
 
Il fiore
Il fioreIl fiore
Il fiore
 
Social media
Social mediaSocial media
Social media
 
Yahoo
YahooYahoo
Yahoo
 
Culture in Business Process Management
Culture in Business Process ManagementCulture in Business Process Management
Culture in Business Process Management
 
Constitutional Development Of Pakistan
Constitutional Development Of PakistanConstitutional Development Of Pakistan
Constitutional Development Of Pakistan
 
Unique Enterpreneur Logics
Unique Enterpreneur LogicsUnique Enterpreneur Logics
Unique Enterpreneur Logics
 
Il fiore
Il fioreIl fiore
Il fiore
 
Il fiore
Il fioreIl fiore
Il fiore
 
The Role of Business
The Role of BusinessThe Role of Business
The Role of Business
 
Reading skills
Reading skillsReading skills
Reading skills
 
Case study
Case studyCase study
Case study
 
4G vs 3G
4G vs 3G4G vs 3G
4G vs 3G
 
Working of Institutions
Working of InstitutionsWorking of Institutions
Working of Institutions
 
Mutual funds in Pakistan
Mutual funds in PakistanMutual funds in Pakistan
Mutual funds in Pakistan
 
Comparative analysis of marketing strategies of automobiles companies 1
Comparative analysis of marketing strategies of automobiles companies 1Comparative analysis of marketing strategies of automobiles companies 1
Comparative analysis of marketing strategies of automobiles companies 1
 
Types of reading.ppt
Types of reading.pptTypes of reading.ppt
Types of reading.ppt
 

Similar to GPMI December 2015

Bt8901 objective oriented systems2
Bt8901 objective oriented systems2Bt8901 objective oriented systems2
Bt8901 objective oriented systems2Techglyphs
 
Workflow, Governance & Reporting
Workflow, Governance & ReportingWorkflow, Governance & Reporting
Workflow, Governance & ReportingSecondFloor
 
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...Grant Thornton LLP
 
Cyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive SummaryCyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive SummarySteve Leventhal
 
Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Habib Ullah Qamar
 
Internal control.. control env
Internal control.. control envInternal control.. control env
Internal control.. control envPhillys Sebastiane
 
Earnings Management, the Influence of Size, Indebtedness and Performance The ...
Earnings Management, the Influence of Size, Indebtedness and Performance The ...Earnings Management, the Influence of Size, Indebtedness and Performance The ...
Earnings Management, the Influence of Size, Indebtedness and Performance The ...ijtsrd
 
topic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptxtopic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptxvailethmwaisanila
 
Assessment of Tone at the TopA C C O U N T I N G & A U D .docx
Assessment of Tone at the TopA C C O U N T I N G & A U D .docxAssessment of Tone at the TopA C C O U N T I N G & A U D .docx
Assessment of Tone at the TopA C C O U N T I N G & A U D .docxdavezstarr61655
 
Assessment of Tone at the TopA C C O U N T I N G & A U D .docx
Assessment of Tone at the TopA C C O U N T I N G & A U D .docxAssessment of Tone at the TopA C C O U N T I N G & A U D .docx
Assessment of Tone at the TopA C C O U N T I N G & A U D .docxfredharris32
 
Designing Effective Financial Controls
Designing Effective Financial ControlsDesigning Effective Financial Controls
Designing Effective Financial ControlsStephen G. Lynch
 
Best Practices For Implementing Revenue Cycle Management System In Healthcare...
Best Practices For Implementing Revenue Cycle Management System In Healthcare...Best Practices For Implementing Revenue Cycle Management System In Healthcare...
Best Practices For Implementing Revenue Cycle Management System In Healthcare...Matthew Clark
 
Strategic control
Strategic controlStrategic control
Strategic controlRohit Kumar
 
SOX ICMS Implmenetation - 2007
SOX ICMS Implmenetation - 2007SOX ICMS Implmenetation - 2007
SOX ICMS Implmenetation - 2007Slava Gorbunov
 
Understanding Risk Management Through COSO ERM.pdf
Understanding Risk Management Through COSO ERM.pdfUnderstanding Risk Management Through COSO ERM.pdf
Understanding Risk Management Through COSO ERM.pdfMaAnneLuisSarillana1
 
Whs ps building
Whs ps buildingWhs ps building
Whs ps buildingtasnimfaiz
 
422017 Copyright © 2017, Association of International Certif.docx
422017 Copyright © 2017, Association of International Certif.docx422017 Copyright © 2017, Association of International Certif.docx
422017 Copyright © 2017, Association of International Certif.docxBHANU281672
 
422017 Copyright © 2017, Association of International Certif.docx
422017 Copyright © 2017, Association of International Certif.docx422017 Copyright © 2017, Association of International Certif.docx
422017 Copyright © 2017, Association of International Certif.docxtaishao1
 

Similar to GPMI December 2015 (20)

GPMI January 2016
GPMI January 2016GPMI January 2016
GPMI January 2016
 
Bt8901 objective oriented systems2
Bt8901 objective oriented systems2Bt8901 objective oriented systems2
Bt8901 objective oriented systems2
 
Workflow, Governance & Reporting
Workflow, Governance & ReportingWorkflow, Governance & Reporting
Workflow, Governance & Reporting
 
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
 
Cyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive SummaryCyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive Summary
 
Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3
 
Internal control.. control env
Internal control.. control envInternal control.. control env
Internal control.. control env
 
IA PRESENTATION-4.pptx
IA PRESENTATION-4.pptxIA PRESENTATION-4.pptx
IA PRESENTATION-4.pptx
 
Earnings Management, the Influence of Size, Indebtedness and Performance The ...
Earnings Management, the Influence of Size, Indebtedness and Performance The ...Earnings Management, the Influence of Size, Indebtedness and Performance The ...
Earnings Management, the Influence of Size, Indebtedness and Performance The ...
 
topic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptxtopic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptx
 
Assessment of Tone at the TopA C C O U N T I N G & A U D .docx
Assessment of Tone at the TopA C C O U N T I N G & A U D .docxAssessment of Tone at the TopA C C O U N T I N G & A U D .docx
Assessment of Tone at the TopA C C O U N T I N G & A U D .docx
 
Assessment of Tone at the TopA C C O U N T I N G & A U D .docx
Assessment of Tone at the TopA C C O U N T I N G & A U D .docxAssessment of Tone at the TopA C C O U N T I N G & A U D .docx
Assessment of Tone at the TopA C C O U N T I N G & A U D .docx
 
Designing Effective Financial Controls
Designing Effective Financial ControlsDesigning Effective Financial Controls
Designing Effective Financial Controls
 
Best Practices For Implementing Revenue Cycle Management System In Healthcare...
Best Practices For Implementing Revenue Cycle Management System In Healthcare...Best Practices For Implementing Revenue Cycle Management System In Healthcare...
Best Practices For Implementing Revenue Cycle Management System In Healthcare...
 
Strategic control
Strategic controlStrategic control
Strategic control
 
SOX ICMS Implmenetation - 2007
SOX ICMS Implmenetation - 2007SOX ICMS Implmenetation - 2007
SOX ICMS Implmenetation - 2007
 
Understanding Risk Management Through COSO ERM.pdf
Understanding Risk Management Through COSO ERM.pdfUnderstanding Risk Management Through COSO ERM.pdf
Understanding Risk Management Through COSO ERM.pdf
 
Whs ps building
Whs ps buildingWhs ps building
Whs ps building
 
422017 Copyright © 2017, Association of International Certif.docx
422017 Copyright © 2017, Association of International Certif.docx422017 Copyright © 2017, Association of International Certif.docx
422017 Copyright © 2017, Association of International Certif.docx
 
422017 Copyright © 2017, Association of International Certif.docx
422017 Copyright © 2017, Association of International Certif.docx422017 Copyright © 2017, Association of International Certif.docx
422017 Copyright © 2017, Association of International Certif.docx
 

Recently uploaded

Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurSuhani Kapoor
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 DelhiCall Girls in Delhi
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfOnline Income Engine
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 

Recently uploaded (20)

Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdf
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 

GPMI December 2015

  • 1. BY MAX VAN DER KLIS-BUSINK Take Charge With a Part II Control Framework Global Payroll Editor’s Note: In the November issue of Global Payroll, Max van der Klis-Busink explained how he used the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework as the basis of his Global Payroll Control Framework (GPCF). He also laid out the objectives of the framework. In Part II, he lays out the first three components of internal control over payroll. T he next step toward designing the GPCF is addressing the (five) components of internal control. COSO’s framework extensively addresses these five components and it’s stated that without them, internal control simply cannot be achieved. The components apply to all objectives, processes, and functions within an organization and to the global payroll function specifically. Internal control is a dynamic process, so components are interrelated and influence each other. Risk assessment, for instance, not only influences the design of control activities to mitigate assessed risks, but also may highlight the need to implement monitoring activities. I will address the first three in this contribution and will address the other two (with the Global Payroll Operating Model) in Part III. Control Environment The control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. The executive management establishes the tone at the top and externalizes it in policies and codes applicable to all functions of an organization. Take notice of which policies allow the global payroll function to embed internal control in its processes. These could be codes of conduct related to social compliance, business ethics, or for instance information security. If the code of conduct says employees should strictly comply with applicable laws and regulations or that all digital and hard copy information must not be disclosed BY MAX VAN DER KLIS-BUSINK GLOBAL PAYROLLThe official magazine of the Global Payroll Management Institute Reprinted From December 2015
  • 2. without prior consent, it influences daily payroll operations and the tone set in global payroll objectives. Company policies reveal either explicitly or implicitly whether internal control is taken seriously, whether decisions affecting payroll tax are taken opportunistically, or if ethical values and integrity prevail in these situations. This tone has an effect on how risks are assessed and labeled and thus how control activities are designed. This is also the reason why a GPCF is different for each organization. The control environment also includes information on the IT infrastructure, the customers and stakeholders of the global payroll function, and an overview of the global operating model. Finally, summarize the payroll environment to gain insight into the complexity of the payrolls and countries in the GPCF’s scope, such as the number of employees, currency, time zone, processing period (weekly, biweekly, monthly, etc.), and the turnover in employees. Use these insights to identify and assess risks and to manage the workload within the global payroll function in assigning responsibilities. Risk Assessment For internal control to be effective, organizations must identify risks that have or may have an adverse effect on achieving global payroll objectives. This is not a one-time event when designing the GPCF, but should be systematically implemented and evaluated as circumstances change. Numerous changes can affect internal control for payroll, such as starting business in a new country, implementing a new HR-system, or adding new employment terms. Risks can roughly be categorized in two categories: those present in payroll processes, and those that occur outside of payroll but that may have an effect on the organization’s position on payroll taxes. These two risk categories then apply to the global payroll operating model and need to be specified as country-specific risks to reach the level of detail required to really be in control of global and local payroll. These local risks could include the difference in how new hires are processed and the timing of registering them. In assessing local risks, these factors typically increase local payroll complexity and thus increase risk: benefits in kind, travel and business expenses, hiring and firing employees, and global mobility (expats). Before assessing risks, identify them by analyzing the global payroll function’s current processes and control environment. The global payroll function can identify risks alone, but collaborating with other internal and external stakeholders will enable a more objective analysis. This analysis can be done by interviewing other support functions (finance, HR, treasury, etc.) and payroll vendors, sending questionnaires to customers, or analyzing payroll data. As long as the risks are identified, the method succeeds. Once the risks are identified, assess and describe them in a standardized order. Include a risk header, risk classification, and the intended response to the risk. In the header, describe the risk and the global payroll objective on which the risks may have an adverse effect. Below are three examples of common risks identified in global payroll operating models: • Payroll changes (new hires, contract changes, and departing employees) not being included in the payroll change sheet, causing inconsistencies in payroll master data resulting in incorrect payroll output; • Not meeting payroll timelines in accordance with the GPCF, having an adverse effect on deadlines communicated to stakeholders, customers, vendors, and filing deadlines; • Insufficient funds on payday, which prevents salary payments and the payment of payroll taxes, resulting in non-compliance. Control Activities The actions an organization or function establishes to mitigate identified and assessed risks are control activities. It’s common to build control activities into processes as routine controls and everyday business decisions, such as segregation of duties, sign-offs on output, four-eye principle (two-person rule), automated system blocks, and authorizations. Control activities are normally a response to assessed risks, such as those described before. Since payroll is mainly a transactional process, business processes usually include so-called transaction controls with a direct and clear link to an assessed risk. Start designing control activities by analyzing current control activities, inventorying the assessed risks, and identifying the potential the current global payroll operating model provides to mitigate it. The aim should always be to mitigate all assessed risks or to knowingly accept not mitigating them. An organization also should stop control activities that do not mitigate risks and add no (business) value. After gaining insight into the required controls and the feasibility of implementing them, describe them. Include these elements: a description in the header; a classification of
  • 3. key or non-key; the control objective, type and method; and the systems utilized to perform the control activity. Label the controls as key or non-key based on three discretionary items: the level of complexity of the activity, the level of professional judgment required to execute the activity, and the risk of management being able to override the activity to get things done. Each control has an objective such as accuracy, completeness, validity of data, or the segregation of duties. Have a combination of control objectives that together mitigate interrelated risks. Here are three control activities typically incorporated in the processes of the global operating model: • Payroll changes processed on the payroll change sheet are checked and approved prior to further processing by another member of the global payroll function in accordance with sections 3 and 4 of the GPCF; • In the online banking system, the global payroll function has a profile setup that allows only initiating and partly authorizing a payment before it is executed by the global controller; • Sign-off on the preliminary payroll output is only given to the payroll vendor after the global payroll manager has approved the last preliminary output via email. These control activities pursue different objectives. The first one, for instance, pursues accuracy, completeness, and validity, while the second and third pursue correct authorization and segregation of duties. They also differ in type, which can be defined as either detective, preventive, or corrective (see table below). A combination of control activities will ensure better control over risks. Next, list the systems utilized to perform the control. In order for the auditors to easily write their audit plans, include evidence obtained as proof of the control, if performed, and the frequency of the control on a global and local level. Finally, map each control activity to one or more described risks and add it to the Risk and Control Matrix (RCM). This RCM provides the necessary insight enabling you to answer the question CFOs tend to ask: “Are all of our identified risks mitigated with control activities?” It’s a great document to share with internal and external auditors. In Summary In this contribution, I have exemplified the first three components of internal control. Once these are designed and addressed, the final two components (Monitoring Activities and Information & Communication) are the next logical steps. These will ensure that separate evaluations on the function of control are conducted and that information is communicated properly and timely. Make sure to read Part III, where I also will address the Global Payroll Operating Model for you to start the design of your own GPCF. ■ Control Types and Definitions Control type Definition Detective Designed to detect errors or irregularities that may have occurred before the output of a process is delivered to the customer or stakeholder. Preventive Designed to keep errors or irregularities from occurring in the first place; this is the most favorable type of control for the global payroll team. Corrective Designed to correct errors or irregularities that have been detected and therefore already have occurred. The Global Payroll Management Institute (GPMI), www.GPMInstitute.com, is the world’s leading community of payroll leaders, managers, practitioners, researchers, and technology experts. Our subscribers connect with each other through networking discussions, collaborative opportunities, and access to education and publications dedicated to global payroll strategies, knowledge, research, employment, and training. GPMI also publishes several global payroll texts and white papers as a benefit to our subscribers. Get more information at www.GPMInstitute.com.