Payroll Basics
What are the two main types of workers a company can have, and how does that affect payroll?
W-2 employees have taxes withheld by the employer. 1099 independent contractors handle their own taxes and nothing is withheld.
Name one of the tax forms involved in the payroll cycle that companies must report/have/give to employees
Form 941, Form 940 , W-2, or W-4
What framework do auditors use to evaluate a company's internal controls, and how many components does it have?
The COSO framework — it has five components.
When an auditor verifies that everyone receiving a paycheck is a real, authorized employee, what audit assertion are they testing?
Existence
How must an auditor act when performing an audit?
With independence
What is the record that summarizes employee pay for a pay period?
Payroll register
Name a required payroll tax a company must pay and account for
Federal Income Tax, FICA, FUTA, or SUTA
What is segregation of duties and why is it especially important in a payroll process?
It means no single person should control all steps of a transaction. In payroll, the person who prepares payroll should not also be the one processing payments and reconciling the bank account.
What audit procedure would check for unusual payroll changes over time?
Analytical Procedures
An auditor is testing payroll and wants to make sure every hour worked was actually recorded and paid. What assertion are they testing?
Completeness — making sure nothing was left out or missed.
What is the difference between hourly and salaried pay, and why does that distinction matter when auditing payroll?
Hourly employees are paid based on hours worked, so auditors must verify both the rate AND the hours. Salaried employees receive a fixed amount, so auditors mainly verify the approved rate.
What assertion are auditors testing when they recalculate payroll tax expense?
Valuation and Allocation
A small business owner reviews bank statements only every few months and lets the bookkeeper handle them first. What two COSO components does this weaken and why?
Monitoring — because infrequent review means problems go undetected longer. Control Activities — because the review itself is supposed to be a control that catches unauthorized transactions.
Name a common payroll fraud that we have talked about today and assertion(s) relevant to the fraud
Ghost employees: existence, Unauthorized raises: valuation/allocation, Misclassification: presentation/disclosure, Unapproved direct deposit: Rights/obligations
What is the difference between a payroll audit and a forensic accounting investigation?
A payroll audit examines whether payroll records are accurate and controls are working properly. A forensic investigation goes further — it is specifically looking for evidence of wrongdoing that could be used in legal proceedings.
An employee receives a direct deposit every two weeks. Walk through the basic steps of how that payment got calculated and processed before it hit their bank account.
Hours are recorded, gross pay is calculated using the approved rate, deductions and withholdings are applied, and then the net amount is deposited — each step should have some form of authorization and review.
An auditor is reviewing a company's payroll tax filings and notices the amounts reported on Form 941 do not match the company's internal payroll records. What could this indicate and what should the auditor do next?
It could indicate errors, omissions, or intentional misreporting. The auditor should obtain supporting records from independent sources such as the IRS and bank to reconcile the discrepancy
An auditor assesses a company's internal controls and concludes that control risk is very high. What does that mean and how does it change the audit?
It means the auditor cannot rely on the company's own controls to catch errors or fraud. They must significantly increase the amount of substantive testing they perform on actual payroll transactions.
Who should approve new employees before being added into the system?
HR/Management – NOT payroll
How does low control risk impact an auditor’s testing of payroll?
Low control risk means the auditor can rely more on the company's own controls and reduce the amount of detailed transaction testing.
Why is it important for an auditor to understand the full payroll cycle before they begin testing?
Understanding the cycle helps the auditor identify where the risks and control weaknesses are so they can design the right tests to catch errors or fraud at each stage.
What audit procedure would an auditor perform if they are testing the completeness assertion regarding payroll taxes?
Test the accrual of payroll taxes through a search for unrecorded liabilities
A company has no written policies, no employee handbook, and relies on informal understanding of who is in charge. Which COSO component is most affected and what specific risks does this create for the payroll process?
Control Environment — without written policies there is no formal guidance on who authorizes pay changes, who approves new hires, or how payroll is reviewed, leaving the door open for unauthorized activity with no accountability.
An auditor is recalculating gross pay for a sample of employees and finds that three employees were paid at a higher rate than what is documented in their personnel files. Walk through what the auditor should do next and what assertion is this finding affects.
The auditor should document the discrepancy, obtain evidence of the authorized rate such as a signed pay authorization, determine whether the change was approved, and expand testing to look for a pattern. This affects the Accuracy assertion — pay must match approved rates — and potentially Occurrence if unauthorized changes were made
Under what circumstances would companies detail test payroll?
In an unpredictable test for fictitious employees or when the risk is assessed at max/high, more substantive procedures are required which could include detail testing