Welcome

Cash, bank, and payroll - Payroll testing and analytics

ResourcesCash, bank, and payroll - Payroll testing and analytics

Learning Outcomes

After reading this article, you will be able to describe and apply the key controls in payroll systems, explain and perform substantive and controls-based audit procedures for payroll, and understand the application of analytics and automated tools for payroll and cash testing. You will also recognize common deficiencies and risks in payroll and appreciate how controls, testing, and analytics work together to provide assurance over payroll, cash, and bank flows.

ACCA Audit and Assurance (AA) Syllabus

For ACCA Audit and Assurance (AA), you are required to understand how to test and evaluate cash, bank, and payroll systems in the audit context. For payroll in particular, you should be able to:

  • Describe control objectives and control procedures over payroll, including the design of effective direct controls.
  • Explain and perform tests of controls and substantive procedures for payroll balances and transactions.
  • Apply analytical procedures and use automated tools for payroll and cash analytics.
  • Identify payroll and cash risks, deficiencies in internal controls, and recommend improvements.
  • Recognize the use and limitations of data analytics in payroll and cash audits.
  • Evaluate the auditor’s approach when using automated tools and when relying on payroll service organizations.
  • Communicate payroll-related control deficiencies to management and recommend appropriate controls.

Test Your Knowledge

Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision.

  1. State two direct control activities commonly found in an effective payroll system and describe briefly how you would test each control.
  2. Which substantive procedures could detect the inclusion of fictitious employees in a payroll listing?
  3. True or false? Analytical procedures are required at the overall review stage for payroll, but are optional at planning.
  4. List two risks associated with payroll payments handled by third-party service providers and suggest one audit response to each.

Introduction

Cash, bank, and payroll balances carry high inherent and control risks due to the movement of liquid assets and the potential for errors or fraud. Payroll, in particular, is often a significant expense and vulnerable to manipulation. In the audit, you need to evaluate and test payroll controls, perform tests of controls and substantive procedures, and deploy data analytics to assess trends, anomalies, and potential misstatements. Automated tools also allow for more efficient testing of large payroll and cash populations.

Key Term: payroll system
The set of processes and controls an entity uses to calculate, authorize, record, and pay employee wages, salaries, and related deductions, as well as to record payroll costs and liabilities.

Payroll System Risks and Control Objectives

Payroll risks include the possibility of payments to fictitious or departed employees, incorrect earnings or deductions, unauthorized changes to payroll data, and timing or completeness issues in recording payroll expenses. The main control objectives over payroll are:

  • Payments are made only to valid, current employees who have provided services.
  • Employees are paid at correct rates for authorized hours worked.
  • All payroll expenses, deductions, and liabilities are accurate and completely recorded.
  • Payroll standing data (such as rates or bank details) is changed only with proper authorization.
  • Payments are properly authorized and made on time, and recorded in the correct period.

Key Term: direct control
A control procedure designed to address a specific risk of material misstatement at the assertion level, such as authorizing changes to payroll data or reconciling payroll outputs to general ledger records.

Key Term: payroll analytics
The application of analytical procedures or automated tools to payroll data to identify trends, anomalies, or unusual transactions that may indicate error, fraud, or control weaknesses.

Payroll Controls

Typical controls over payroll include:

  • Segregation of duties: Different staff are responsible for authorizing starters/leavers, entering data, approving payroll, and distributing payments. This reduces fraud risk.
  • Authorization: Only approved changes to payroll standing data (e.g., bank accounts, pay rates) are processed, supported by written evidence.
  • Timesheet approval: All hours or overtime claimed are reviewed and authorized by line managers before being processed.
  • Sample recalculation: A payroll manager independently checks and recalculates a sample of payroll calculations.
  • Review: Each pay run is reviewed and authorized by a senior official.
  • Payroll reconciliation: Payroll control accounts are reconciled monthly to payroll summaries and general ledger postings.
  • Exception reports: Unexpected or unauthorized changes to standing data (e.g., sudden pay increases, multiple account changes) trigger exception reports for management review.

Worked Example 1.1

A company employs warehouse staff who clock in and out using a computerized system. The HR department authorizes hires, and the payroll clerk enters new starter details into the system. Overtime must be approved by supervisors. Each month, the payroll manager reviews and signs off the payroll register.

Question: Identify two direct payroll controls and design a test of control for each.

Answer:

  1. Only HR can approve new starters—inspect HR authorization forms for a sample of new employees.
  2. Overtime is approved by supervisors—select a sample of overtime claims and check for supervisor signatures.

Audit Procedures: Tests of Control and Substantive Testing

Audit evidence for payroll relies on both tests of control and substantive procedures.

Tests of Control (examples)

  • Observe approval of timesheets and overtime forms for compliance.
  • Inspect documentation authorizing changes in pay rates or employee bank details.
  • Review exception reports and confirm management has investigated flagged items.
  • Reperform reconciliations between payroll outputs and general ledger entries.

Substantive Procedures (examples)

  • Select a sample of final payroll listings and agree employee names to HR records (to identify any fictitious staff).
  • Recalculate gross and net pay for a sample of employees and agree deductions to statutory tables.
  • Trace net pay amounts to bank statements and verify that amounts paid match payroll records.
  • Review a sample of leavers and confirm removal from payroll after leaving date.
  • Perform analytical procedures (e.g., compare total payroll expense to prior period or budget, or examine gross/net pay ratios for unusual variances).

Worked Example 1.2

As an auditor, how would you obtain assurance that payroll does not include 'ghost' (fictitious) employees?

Answer:
Select a sample of employees from the payroll list and trace to personnel/HR files or physically confirm their employment (e.g., by attending the premises or checking ID). Compare recent leaver lists to current payroll to ensure departing staff have been removed.

Exam Warning

Mixing up a substantive procedure with a test of control is a common mistake. For example, reviewing payroll authorizations is a test of control; recalculating gross pay for employees is a substantive procedure. In exams, specify the correct category and tailor your answer to the risk or assertion involved.

Payroll Analytics and Automated Tools

Analytical procedures and automated tools are increasingly used at both planning and substantive stages. Examples include:

  • Comparing gross pay, hours worked, or deduction amounts month-on-month, and investigating abnormal variations.
  • Using software to detect duplicate bank account numbers, payments over authorized thresholds, or unusual pay patterns.
  • Stratifying payroll costs by department or employee type and benchmarking against industry data.
  • Employing test data to check that system controls prevent unauthorized changes or invalid transactions.

Automated tools allow the whole payroll data set to be screened rapidly for anomalies, reducing sampling risk and supporting a more focused audit.

Limitations

  • The effectiveness of analytical procedures depends on the reliability of the source data.
  • Automated tests may identify exceptions, but follow-up investigation and judgement are still required.
  • Analytics cannot replace substantive testing of key assertions, such as existence and occurrence.

Worked Example 1.3

You use audit software to analyze a client's payroll and find three employees receiving both salary and hourly pay in the same month, which is not company policy.

Question: How should you respond?

Answer:
Investigate further by inspecting employee records and payroll inputs. Determine if the payments were errors or if controls over pay type coding are deficient. Obtain management explanations and consider testing for further instances.

Payroll Outsourcing and Service Organizations

Many entities use external providers to process payroll. In these cases, the auditor must:

  • Obtain an understanding of the controls at the service organization as they affect payroll data.
  • Consider requesting a service auditor’s report (type 1 or type 2) on controls at the payroll provider.
  • Supplement with audit procedures at the client for authorizations, data submission, and review of payroll outputs.

Reporting Payroll Control Deficiencies

Where payroll controls are deficient or fail during testing, communicate findings to management with actionable recommendations. For significant deficiencies, report to those charged with governance.

Payroll, Cash, and Bank Linkages

Payroll payments impact both cash and bank—testing should ensure all payroll amounts recorded in the expense accounts are properly reflected in actual cash disbursements, and that all bank outflows are authorized, correctly recorded, and reconcilable to payroll records.

Summary

Effective audit of payroll, cash, and bank transactions requires a balanced approach of control evaluation, substantive testing, and analytics. Reliable controls over payroll reduce fraud and error risk, while substantive and analytical procedures provide assurance over recorded balances and transactions. Auditors must tailor audit responses based on risk assessment, controls environment, and technology use.

Key Point Checklist

This article has covered the following key knowledge points:

  • Describe key payroll system risks and control objectives.
  • Identify direct controls in payroll and design appropriate tests of control.
  • Distinguish between tests of control and substantive procedures for payroll, cash, and bank.
  • Apply analytical procedures and automated tools for payroll audit and highlight their limitations.
  • Evaluate risks and audit responses where payroll functions are outsourced.
  • Communicate payroll control deficiencies and recommend control improvements.

Key Terms and Concepts

  • payroll system
  • direct control
  • payroll analytics

Assistant

How can I help you?
Expliquer en français
Explicar en español
Объяснить на русском
شرح بالعربية
用中文解释
हिंदी में समझाएं
Give me a quick summary
Break this down step by step
What are the key points?
Study companion mode
Homework helper mode
Loyal friend mode
Academic mentor mode
Expliquer en français
Explicar en español
Объяснить на русском
شرح بالعربية
用中文解释
हिंदी में समझाएं
Give me a quick summary
Break this down step by step
What are the key points?
Study companion mode
Homework helper mode
Loyal friend mode
Academic mentor mode

Responses can be incorrect. Please double check.