Your are currently engaged in planning the audit of the payroll system of Ujenzi Ltd a manufacturing company, for the year ending 30 June 2005, Ujenzi Ltd‘s payroll system is fully computerized.
(a) Explain four ways in, which the use of a computerized payroll system Ujenzi Ltd, would affect your work as the auditor. (8 marks)
(b) Explain three controls which should be instituted Ujenzi Ltd to ensure that only authorized persons are allowed access to information on personal files and to input updates for the calculation of wages. (6 marks)
(c) Outline how audit tests could be performed ―around the computer‖ in relation to
Ujenzi Ltd‘s payroll (4 marks)
(d) List any two fraudulent activities likely to be perpetrated in relation to Ujenzi Ltd‘s
payroll (2 marks)
(Total: 20 marks)
• The auditor will have to gain an understanding of the programs to be tested otherwise he will not do a good job. This will call for some kind of training, which in consequence will affect the audit plan.
• The auditor will have to seek other means of following up transactions from initiation to final recording, since use of audit trail may not be practical.
• When evaluating the system of control, the auditor should avoid becoming too immersed in detail. He must obtain an overall view of the system, including the user-accounting staff and the computer department who maintain the payroll system. These are primary controls which cover completeness i.e. all input data is processed and accuracy.
• Having identified the primary controls, the auditor will know at which point the system controls is being established. In most cases, most of the work will be of clerical nature and that done the computer is of secondary importance. In this case, it will be unnecessary to examine the program and system development controls in details and administrative controls will only become important if clerical controls are exercised in the computer department
• When the system of control is largely dependent on program control, it becomes necessary to review those in details and in addition to examine the system development and administrative controls so as to ensure that the program control have been designed and implemented correctly.
• Use of test packs: This consists of test data which will be processed in the same way as actual data. By using them in the payroll system, the program being tested will process normal data correctly and react correctly to deliberately invalid data.
• Issuing of passwords to the staff that process personal files will prevent other parties not concerned with the process from gaining access to the files.
• These passwords should be changed frequently since it is possible for others to crack the existing ones with time.
• Any update on the wage system e.g. to incorporate overtime rate should be authorized a higher authority.
• Constant review of the personal files should be carried out to verify that only authorized alterations have been effected. This could be checked against the master file.
1. Checking authorization: Here, the auditor is only interested in verifying whether a certain entry was authorized or not, for instance whether a given pay increment was authorized before being effected in the payroll.
2. Checking output totals for reasonableness. Here, the auditor may compare the total salaries to staff between two or more periods.
3. Checking the output against source documents and clerical control totals.
4. Verifying consistency in the system of coding, for the various departments in the organization.
• Existence of ghost workers. In this case, there could be workers who‘ve passed away but their names still appear on the payroll. Some party somewhere could be benefiting from the remissions without knowledge of the company.
• The absence of an audit trail may be a loophole for the accountants to embezzle some money and alter the programs to disguise the fraud.