(i) Internal control objectives
Control objectives include policies and procedures designed by management to:
- Achieve the orderly and efficient running of the business including adherence to internal policies – this would include the regular, accurate processing and recording of payroll payments.
- Safeguard assets – this would include the physical safeguarding of cash and safeguarding money held in bank accounts by means of other controls.
- Prevent and detect fraud and error – fraud and error would include incorrect payments or deductions from the payroll and payments of incorrect amounts for tax and NSSF, payments for work not performed and payments to dummy employees, for example.
- Achieve accuracy and completeness of the accounting records and timely preparation of reliable financial information; this would include making correct payments and deductions from the payroll, correct payments for tax and (NSSF, NHIF), and making payments for work performed only (not to dummy employees, for example), in order that quarterly or half-yearly accounts can be prepared (possibly), but in any case in order that annual accounts can be prepared within the time limits for small companies.
(ii) Internal control environment and control procedures
The control environment relates to:
- Management‘s overall style in encouraging awareness of the need for good controls, for example.
- The existence of organisational controls such as review of the payroll by an independent person such as the managing director, and the rotation of payroll duties amongst staff responsible for processing it – this helps achieve all of the objectives set out above.
- Segregation of duties and supervisory controls to avoid the misappropriation of cash and to avoid fraudulent collusion to create, for example, dummy employees or to make inflated payments – this prevents the loss of assets and/or inaccurate records.
Internal control procedures include:
- Limiting direct physical access to the cash, such as the use of a security firm to deliver cash, locking doors to areas where cash is held, keeping cash in a fire-proof safe and the protection of the computer by password controls – this will help safeguard assets and ensure the completeness and accuracy of the records and financial statements.
- Controls over computerised applications, checking the arithmetical accuracy of documents and the maintenance of control accounts – this can be achieved by, for example, the use of timesheets or clockcards, the use of reliable software with programmed controls for the calculation of deductions, and the use of batch and hash totals for information that is input into the computer system – this helps achieve the orderly and efficient running of the
business and the accuracy and completeness of records and financial statements.
- Approval and control of documents, such as the authorisation of the payroll itself, and authorisation for the bank to make transfers and to deliver cash