Learnaboutgmp Community

A Case Study

You are auditing the controls over employees’ master data as part of a review of the Payroll application system (EPAY). The client has 22000 employees and the turnover of employees is very high. You have noted that changes to the master data can be made by everyone in the payroll department. The VP Payroll mentions that given the huge number of employees that join every month it is not possible to restrict the edit access to the employee master to only a few people. The Payroll Manager informs you that due to the very large volume of master data changes required to be processed every day, all employees in Payroll have been given a generic ID and password so that as soon as the HR phones the Payroll department with details to process changes it can be handled immediately by anyone who is available in Payroll. The HR Manager mentioned that he carries out a 5% sample check of pay-slips every month for accuracy of pay data and has never found any discrepancies with master records. At any point in time EPAY is capable of reporting on who made changes to the master.

Please list down any further questions that you want to ask.

Write a report based on the stated fact.

Would your report be any different if the number of employees in the organization was 120 ? Please highlight which parts of the report would differ and how.

Guidance for rating:

Rating 1: Very critical / having material impact on financial statements / of strategic importance to the client/ needs to be addressed immediately as a matter of priority/ has major regulatory or legal implications.

Rating 2: Critical /possibility of having material impact on financial statements / needs to be addressed in the short term / potential for cost saving.

Rating 3: Suggestion for better practices / not of immediate consequence / issues that need to be addressed in the long term / does not have a material consequence.

Lets discuss and solve this case??