USA: +1 725-224-8795 
Sign in
Need Help in resolving answers that has a ? question mark as scroll down the page:
| BFF Payroll Audit | |||
| Risk & Control Matrix | |||
| Note: For this assignmetn, you’ll need to assume that at least 1 risk is inadequately designed) | |||
| Control Activity | Key (Y/N) | Design Adequacy evaluation | TOE Approach |
| Control activity A (Example: Employees sign own timesheets attesting to its accuracy). | Y | (Example: The indicated key control activities are adequate to manage this risk to an acceptable level) | Test A & B (Select a population of …….) |
| Control activity B (per assumptions) | ? | ||
| Control activity A (per assumptions) | ? | (Example: The indicated key control activities are NOT adequate to manage this risk to an acceptable level; And, discuss why there is a design gap). | TBD |
| Control activity B (per assumptions) | ? | ||
| Control activity C (per assumptions) | ? | ||
| TBD | ? | TBD | TBD |
Expert Answer
Case 1:
Control activity A : Employees sign own timesheets attesting to its accuracy
Control activity B : Timesheets signed by Employees is sent to Manager for Approval if there is exception(Time captured by system and time entered by employee).
if Control activity B Key is Y, then Design Adequacy evaluation will be correct.
Case 2:
Control activity A :Y
Control activity B :Y
The indicated key control activities are NOT adequate to manage this risk to an acceptable level
because Manager Can Approve Employee timesheet based on Employee Feedback as why there is exception.
In this case we can use Control activity C: Y
Control activity C: Employee Selects the Exception reason while submitting Timesheet and has to inform manager on day to day basis if there was issue in timesheet(employee can check his timesheet for previous day using tool).
Manager’s Manager keeps track of how many exceptions is the manager approving.
