Answer the case study:

Case Study 2
During a HC review you notice that the person performing the payroll processing activity
also has editable rights to modify the bank account and compensation details of an
employee. Document the issue/observation, risks, root cause and recommendations to the
issue that you would give as an internal auditor in your audit report.

Solution

Observation

Segregation of duties is missing between two departments of an organization. Payroll

processing and Human resource are two different departments Payroll Processing works
with HR department but it can’t / Shouldn’t perform the functions of HR department to
maintain prudence.

Risks

Payroll fraud is most common types of corporate fraud.

In this situation an employee may get the compensation for which he/ She is not eligible
if the payroll process owner has the right to edit compensation details.
Also if payroll process owner has right to edit the bank account details some bogus
employee not listed on payroll sheets may get the compensation.

Root cause and Recommendation

Root Cause – Payroll Processing department shouldn’t have right to edit bank account
details and compensation to maintain prudence and integrity.

Recommendation – This Compensation and bank account details should be maintained

by HR department as these functions belongs to HR department only shouldn’t be part of
payroll processing department.
Case Study 3
You observe significant mismatches in physical verification conducted for fixed assets by
the management at the year end. What steps would you perform as an internal auditor
pursuant to getting to know about the facts. Also document the issue/observation, risks,
root cause and recommendations to the issue that you would give as an internal auditor in
your audit report.

Solution

Observation

Represents Unfair Picture of Fixed Assets in financial statement of the Company.

Some Assets which might have been scrapped or sold could be the part of FAR of the
entity, it is depicting completely unfair picture of assets presents physically in an entity.

Risks

Mismatches will get reported by Statutory Auditor in his CARO 2020 Report. Because of
this mismatches entity might not be able to put reasonable control over theft of the assets.
Mismatch represents physical non-existence of assets which depicts incorrect asset
evaluation.

Root Cause and Recommendation

Root Cause- Non-Performing physical verification on regular intervals.

Recommendation- Company should perform physical verification of Fixed Asset on

timely basis to keep track and updated record of Fixed Asset, also it is now mandatory
statutory requirement under CARO.