AUDIT OF THE BOARD'S PAYROLL PROCESS
Other format: PDF (300 KB) (Download Accessible PDF Plug-in)
Board of Governors of the Federal Reserve System
AUDIT OF THE BOARD'S PAYROLL
PROCESS
OFFICE OF INSPECTOR GENERAL
|
BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, D. C. 20551 |
|
| OFFICE OF INSPECTOR GENERAL | ||
|
December 5, 2006 |
The Honorable Kevin M. Warsh
Chairman, Committee on Board Affairs
Board of Governors of the Federal Reserve System
Washington, DC 20551
Dear Governor Warsh:
The Office of Inspector General (OIG) of the Board of Governors of the Federal Reserve System (Board) is pleased to present its report on the Audit of the Board's Payroll Process. Based on a risk analysis performed during initial audit scoping work, we focused our audit fieldwork on the Board's higher-risk core payroll processes, including the new hire process, the biweekly payroll cycle, and the processing of overtime and other types of premium pay. Our objectives were to ensure that the processes are adequately controlled, that they operate efficiently and effectively, and that they result in accurate pay and deduction calculations.
While our audit did not identify significant data errors, due in part, we believe, to a conscientious, dedicated staff who collectively possess considerable knowledge about the payroll process, we did find that the Board's payroll processes are inappropriately controlled, relying more on people than processes to pay Board staff. As a result, payroll-related activities are labor-intensive and inefficient, characterized by multiple data transcriptions, unnecessary document hand-offs, and redundant recordkeeping. Our field work also found inadequate separation of duties; incomplete policies and procedures; and opportunities to increase the use of, and strengthen the controls over, automation.
We believe that the Board needs to fundamentally redesign its payroll-related processes. Responsibilities are presently misaligned between benefits and payroll staff, and processes for recording overtime and other types of premium pay are inconsistent and rely on manual forms and multiple spreadsheets to process the same information. In our opinion, this redesign effort needs to be completed before payroll can be outsourced as currently contemplated, and before an opinion is requested on the adequacy of internal controls as part of future financial statement audits. Our report contains five recommendations designed to address our control and process efficiency concerns.
Our testing also identified compliance issues related to the payment of overtime for law enforcement personnel and the withholding of state income taxes for a defined group of employees. Specifically, our review of overtime payments identified about $487,000 paid to law enforcement personnel that was not paid in accordance with established Board guidelines; we are classifying these payments as questioned costs. We also found that the Board has not complied with requirements to withhold state taxes for employees who live and work outside the Washington, D.C., metropolitan area. Our report contains two recommendations to address these compliance issues.
During the course of our audit, we also identified a potential issue related to compliance with requirements of the Fair Labor Standards Act. We plan to perform additional fieldwork related to this issue, and will separately report on the results of our analysis.
We provided a copy of our report to the director of the Management Division (MGT) for review and comment. We also provided copies of process flowcharts and narratives prepared during the audit to MGT staff for their use in ongoing work related to documenting and evaluating the adequacy of internal controls over financial reporting. In the director's response, included as appendix 1, she indicates agreement with the report recommendations and discusses actions already underway or that will be taken to implement the recommendations.
We are providing copies of this audit report to Board management officials. The report will be added to our public web site and will be summarized in our next semiannual report to the Congress. Please contact me if you would like to discuss the audit report or any related issues.
Sincerely,
/signed/
Barry R. Snyder
Inspector General
Enclosure
| cc: | Vice Chairman Donald L. Kohn |
| Governor Randall S. Kroszner | |
| Mr. Stephen Malphrus | |
| Ms. Fay Peters | |
| Mr. Darrell Pauley |
Board of Governors of the Federal Reserve System
AUDIT OF THE BOARD'S PAYROLL
PROCESS
OFFICE OF INSPECTOR GENERAL
TABLE OF CONTENTS
BACKGROUND Return to table of contents
The Board of Governors of the Federal Reserve System (Board) employs approximately 1,800 individuals and, in 2005, the Board paid these employees over $174 million, including more than $3.2 million for overtime and other premium pay. The Board's Management Division (MGT) has overall responsibility for payroll processing. Staff in MGT's payroll section administer, control, and coordinate the biweekly payroll cycle. Their activities include entering data for newly hired employees, changing existing employee data that may affect pay, and recording and paying overtime and other premium pay when warranted. Separate staffs within MGT have responsibility for related processes such as benefits and compensation.
In 1997, the Board implemented a customized version of an off-the-shelf software application to manage its payroll and other human resources information. MGT's Administrative Systems Automation Program (ASAP) provides technical, infrastructure, and administrative support for the application. Most information is entered into the payroll application by MGT staff, although information may be entered by Board divisions or entered by individual employees through a web-based interface. This interface (referred to as e-Personnel) allows employees to change tax withholding information and to elect or change benefit options during the annual benefits open enrollment period. During each payroll cycle, the application creates a paycheck file which is sent electronically to the Federal Reserve Bank of Atlanta (FRB Atlanta) to generate direct deposits into Board employees' bank accounts.
The Board's personnel costs are non-appropriated expenses and most federal personnel rules do not apply to the Board, given that section 10 of the Federal Reserve Act allows the Board to establish its own rules and regulations governing the employment and compensation of its employees. The Board is, however, subject to title 5, United States Code § 5517, regarding the withholding of state, city, and county taxes from the salaries of its employees. The Board's policy is also to follow the Fair Labor Standards Act (FLSA), which prescribes the basic requirements for overtime pay.
OBJECTIVES, SCOPE, AND METHODOLOGY Return to table of contents
We conducted our fieldwork from January through September 2006. Based on a risk analysis of payroll data performed during our initial audit scoping work in late 2005, we focused our audit fieldwork on higher-risk core payroll activities, including the new hire process, the biweekly payroll cycle, and the processing of overtime and other types of premium pay. Additional areas identified by our risk analysis as medium-to-high risk--such as variable pay, academic assistance, and lump sum payments--were beyond the scope of this audit but may be reviewed as part of future audit activities. Our complete risk analysis is summarized in appendix 1.
Our audit objectives were to ensure that payroll processes (1) are adequately controlled, (2) operate efficiently and effectively, and (3) result in accurate pay and deduction calculations. To accomplish our objectives, we reviewed payroll-related documentation, interviewed MGT staff, and met with representatives in other divisions to understand the methods used to record and submit payroll information. Based on these meetings, we developed detailed flowcharts and narratives for each process included in our audit. These flowcharts were then used to identify key controls for testing during fieldwork; appendix 2 contains details regarding our testing methodology. During fieldwork, we surveyed all employees hired in 2005 who were still employed at the Board to solicit their payroll-related experiences during the hiring process. We also met with ASAP staff to discuss automation issues and with staff in the Legal Division to address compliance-related questions. In addition, we discussed procedures and practices with staff at the Federal Reserve System's centralized payroll function, which was established to consolidate payroll processing for the twelve Reserve Banks. We performed our audit in accordance with generally accepted government auditing standards.
FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS Return to table of contents
Overall, we did not identify significant data errors in our testing, and our new hire survey results did not indicate any systemic payroll-related problems with the new hire process. We did find, however, that the Board's payroll processes are inappropriately controlled, relying more on people than processes to pay Board staff. As a result, payroll-related activities are labor-intensive and inefficient, characterized by multiple data transcriptions, unnecessary document hand-offs, and redundant recordkeeping. We also found inadequate separation of duties within the payroll section, a lack of verification of payroll amounts prior to disbursement, and incomplete policies and procedures governing the payroll processes. Our audit work showed that responsibilities are misaligned between benefits and payroll staff, and that processes for recording overtime and other types of premium pay are inconsistent and rely on manual forms and multiple spreadsheets to process the same information. We also identified opportunities to increase the use of e-Personnel to further streamline transaction processing.
In our opinion, staff involved in payroll processes (including MGT staff, as well as staff in other divisions) are conscientious, dedicated individuals collectively possessing considerable institutional knowledge. Staff's commitment to the process is, we believe, one reason why we found few data errors during our fieldwork. However, the current operating environment is dependent on the staff's institutional knowledge rather than on well-designed and well-documented processes and, in our opinion, represents "the way things have always been done."
We believe the Board needs to fundamentally redesign its payroll-related processes. Specifically, the Board should move much of the responsibility for data input from the payroll section to areas closer to the data source. Because staff in other areas already enter the information either manually on a form or into spreadsheets or other electronic documents, we do not believe this change will create any additional administrative burden. The Board should also review additional automation options to further streamline the current processes and rely more on the payroll application, and not on ancillary spreadsheets, to control data accuracy. As part of this redesign effort, the Board should also strengthen automation controls related to separation of duties, access to audit logs, and data transmissions to FRB Atlanta, and should ensure that all payroll-related policies and procedures are properly documented. We believe this redesign effort needs to be completed before payroll can be outsourced, as currently contemplated, and before an opinion is requested on the adequacy of internal controls as part of future financial statement audits. Our first five recommendations address our control and process efficiency concerns.
In addition, our testing identified compliance issues related to the payment of overtime for law enforcement personnel and the withholding of state income taxes for a defined group of employees. Specifically, our review of overtime payments identified about $487,000 paid to law enforcement personnel not in accordance with established Board guidelines, and we are classifying these payments as questioned costs1. In addition, we found that the Board has not complied with requirements to withhold state taxes for employees who live and work outside the Washington, D.C., metropolitan area. Our report contains two recommendations to address these compliance issues.
1. |
We recommend that the Director of MGT redesign existing payroll processes to increase efficiency and strengthen controls by reducing or eliminating multiple data transcriptions for overtime and other types of premium pay. |
The Board's policy is to pay overtime or allow compensatory time off to employees who are not exempt from coverage under FLSA and, at the discretion of supervisors and with the approval of the Staff Director for Management, to pay overtime in rare instances to exempt employees. All overtime claims are to be approved by a designated division representative. The Board also compensates employees for other types of premium pay, including night differential, shift differential, holiday pay, Sunday pay, and availability pay. During 2005, the Board processed approximately 11,900 overtime and other premium pay transactions totaling over $3.2 million.
To process premium pay transactions, we found that division staff prepare different documents in different formats, which are sent to payroll so that information can be entered into the payroll application. For example, shift supervisors in the Board's Law Enforcement Unit (LEU) record daily attendance by entering shift and overtime information on a color-coded report. An example of the report, which contains over 150 names, is shown in figure 1.
On a weekly basis, administrative staff enter the information from the hand-written daily reports into an electronic spreadsheet. The spreadsheet is printed, approved, and hand-carried to payroll. Payroll staff then reenter data from the printed spreadsheets into different spreadsheets, print them, and finally enter the information into the payroll application from the new spreadsheets. As shown in figure 2, the other three areas that routinely process premium pay follow a similar process; i.e., staff complete spreadsheets, work reports, or overtime cards which are provided to payroll staff, who enter the information first into spreadsheets and then into the payroll application. Other areas in which staff only occasionally earn overtime use overtime cards which are approved and submitted to payroll; payroll enters the information onto a spreadsheet and then into the payroll application. We were told that payroll staff reenter the information onto a spreadsheet to consolidate it for the two-week pay cycle and to validate the payroll application's calculations. For all of these processes, we found inadequate controls over data input, since payroll staff review their own data entries.
Figure 2: Current Premium Processes
To more efficiently process overtime and other premium pay, we believe that the Board needs to redesign the process so that the divisions, not the payroll staff, input information into the payroll application. This fundamental change will reduce the number of data entry points for the same information, thus increasing efficiency and decreasing the potential for error. We do not believe this change would increase the divisions' workload because staff already enter the information into spreadsheets, other reports, or timecards. The Board could, for example, implement an automated time and labor module which would allow division staff to enter information directly into the application. Implementing the module's workflow feature would also allow someone other than the individual initially preparing the data to review and approve the transaction, thus enhancing controls. Figure 3 shows a revised and streamlined process for premium pay using this approach.
Figure 3: Revised Premium Pay Process
We note that the LEU is considering the acquisition of a third-party software tool to record and manage overtime and other premium pay. ASAP staff also informed us that they could develop a customized time and attendance application which they believe would be better suited to the Board’s operating environment. Each of these options—a time and labor module, a separate software package, or a customized application—would satisfy the intent of our recommendation. However, any automation effort needs to be coordinated Boardwide to ensure consistency and avoid unnecessary duplication of effort.
Until an automated solution is implemented, the premium pay process could be streamlined by uploading information directly from division spreadsheets, once the spreadsheets have been reviewed and approved. This change alone would eliminate two of the current data transcriptions. We caution, however, that the continued use of spreadsheets must be carefully controlled. A standard spreadsheet should be developed for use throughout the Board, and the spreadsheet’s formulas should be locked and revisions centrally controlled to prevent unauthorized changes. Under this interim process, divisions processing overtime cards would probably continue to do so.
2. |
We recommend that the Director of MGT realign roles and responsibilities between payroll and benefits staff to streamline the new hire and benefits elections processes. |
When a new employee is hired or an existing employee has a “qualifying event,” such as marriage or the birth of a child, processing the resulting benefit elections or changes involves both benefits and payroll staffs. Figure 4 depicts the current process for new hires and other benefit elections and changes. As the figure shows, an employee submits completed forms to benefits staff who review the forms for completeness, add additional coding information, sign off on any sections requiring authorization, make copies of the forms, prepare a transmittal document, and send the package to payroll. Payroll staff enter the coded information from the forms into the payroll application and run various reports to verify that the benefit deduction entries are accurate. Similar to premium pay processing, we found that payroll staff review their own data entries. In addition, we found that the forms are stored in multiple locations: the forms are scanned into the Board’s electronic recordkeeping system, the original forms are filed in an HR file room, and copies are filed in a payroll file room.
Figure 4: Current Process for New Hires and Benefits Elections
Under the existing process, benefit election forms may change hands up to five times (between benefits and payroll staff) before the transaction is approved and entered as a payroll deduction. We believe this process can be streamlined. By moving the data entry from payroll staff to benefits staff, one set of document hand-offs and one set of document copies can be eliminated. Given that benefits staff already enter much of the information on the individual forms or transmittal documents, realigning responsibilities should not increase their workload; since the information would not be entered twice (once on the forms or transmittal and then again into the payroll application) the number of data transcriptions would also be reduced. Implementing an automated workflow process that mirrors the current paperwork flow would ensure that data entries are independently verified, thus establishing an effective separation of duties. Although this reengineering effort would help increase processing efficiency, we believe that even greater efficiencies can, in the long run, be gained through expanded use of e-Personnel as discussed below.
3. |
We recommend that the Director of MGT increase the use of automation to allow employees to directly update more information in the Board’s payroll application. |
Board employees currently use e-Personnel to directly update personal information, such as home address, telephone numbers, and emergency contact information. In addition, employees can use e-Personnel to change federal and state tax withholding information and, during the annual benefits open enrollment period, can elect and/or change certain benefits options. MGT staff told us that they are currently looking at options to enhance the self-service capabilities within e-Personnel to allow newly hired employees to enter basic HR and payroll information online. In addition, they have been exploring options to allow employees to update benefit elections triggered by a qualifying event. We are encouraged by this effort and believe that implementing these automation enhancements will help streamline the process and increase efficiency. However, we also recognize MGT’s competing priorities that may affect the timely implementation of these initiatives. The changes discussed in recommendation 2 will help streamline processing until additional automation solutions can be implemented.
During our audit, we also found that employees who wish to change their direct deposit account information are currently required to submit a hard copy form to payroll staff, who enter the information into the payroll application after manually verifying the accuracy of the financial institution’s routing number. Our discussions with Reserve Bank staff found that most Reserve Banks have implemented online self-service functionality permitting employees to update direct deposit account information. Through the use of a third-party software product, the online functionality also allows for an automatic verification of the financial institution’s routing number. We believe that the Board should implement this functionality as an additional e-Personnel enhancement.
As MGT moves forward to allow employees to directly update additional benefits and payroll-related information, the division should also review controls over these self-service activities. The payroll application currently sends email messages to multiple payroll staff when an employee changes federal and/or state tax withholdings or amounts. We believe that these email messages should instead be sent to and retained in a central mailbox location to ensure that they are available if any issues arise regarding the change, while avoiding the potential for deletion.
4. |
We recommend that the Director of MGT enhance controls over the payroll application by (a) restricting edit access to payroll data for any payroll staff, (b) reducing edit access to audit log tables, and (c) requiring electronic verification when the payroll file is sent to FRB Atlanta. |
Three payroll staff are currently responsible for processing premium pay transactions. We were told that application controls were in place to prevent these staff from entering their own payroll transactions. During our audit, however, we identified one instance in which a payroll staff member entered his own overtime hours. According to ASAP staff, the payroll application does not prevent staff from updating their own records within the tables used to record overtime hours. We were also told that a compensating control is the use of a custom audit report that provides details for any information added, changed, or deleted by payroll staff. Further customization would be required to prevent staff from updating their own records within the specific overtime tables. Although our audit testing showed that the overtime entry was a valid, properly authorized transaction, we believe that staff should be precluded from entering their own overtime information into the payroll application. We recognize that this will require further customizing the application, but we believe that implementing such a fundamental internal control warrants the change. As a further control enhancement, we believe that any transactions (not just overtime) for payroll staff should be processed only by the payroll supervisor. If this additional enhancement cannot be accomplished within the application, then procedural controls should be established and enforced.
Audit logs, a key control in any automated system, identify when data is modified, the modifications made, and who made the modification. The payroll application has the capability to maintain audit logs and the application allows organizations to selectively choose which data elements the logs should capture. Since audit logs can increase in size over time, potentially degrading system performance, it is common practice to purge the logs on a periodic basis to maintain an acceptable level of performance.
During our audit, we found that payroll supervisors and ASAP staff had access to run the software module that purges the payroll application’s audit logs. Although we did not identify any inappropriate activity with regard to the logs, we believe that allowing any payroll staff this type of access compromises the control’s value to monitor transaction history and the associated audit trails. We believe that only select ASAP staff should have edit access to the audit logs and that these individuals should be responsible for archiving the logs according a pre-established schedule.
Once the two-week payroll cycle is complete, the Board transmits payroll information to FRB Atlanta, which electronically distributes the funds to Board employees’ bank accounts. The Board’s payroll supervisor confirms that FRB Atlanta receives the transmission in one of two ways: either through an electronic confirmation, which only confirms receipt of the payroll file, or via a phone call. The dollar amount and the number of transactions are generally not confirmed under either process. We believe that the Board could strengthen the control over this process by requiring an automated verification from FRB Atlanta of the dollar amount and number of transactions received for all electronic transmissions. Our review showed that the centralized payroll function for the Reserve Banks receives this type of automated verification.
5. |
We recommend that the Director of MGT (a) develop, document, and disseminate procedures for all payroll-related processes and (b) enhance the current policy regarding premium pay. |
An effective set of documented procedures helps establish direction, control, and consistency for business functions. Procedures can serve as a training tool for new employees and help ensure that business processes do not rely solely on the institutional knowledge of current staff. Documented procedures are also a fundamental component of any internal control framework.
Our audit work showed that MGT lacks sufficient, up-to-date procedures for any of the payroll processes we reviewed. We found that the payroll section did not have any formally documented procedures, although staff individually maintained their own informal procedures manuals; we were also told that a formal procedures manual was under development. Although a manual for the payroll application was available, the document was outdated and did not take into account the most recent application upgrades. In addition, while benefits staff maintained a set of procedures related to the new hire process that generally provided adequate guidance, we found that several of the procedures were outdated and staff were also in the process of updating the documents.
We believe MGT should develop a comprehensive set of procedures for all payroll-related activities. The guidelines should clearly identify the processes to be followed, describe which positions are responsible for performing particular functions, be approved by an appropriate level of management, and be communicated to all affected individuals. Establishing clear guidance will be particularly important to effectively implement the process changes described in our first two recommendations. Since these changes represent fundamental realignments of roles and responsibilities, clearly established procedures will be necessary to help maintain accurate payroll transaction processing. Once the guidance has been promulgated, supervisors in all affected areas must ensure that the guidance is consistently followed.
During our audit, we also found that the current policy for premium pay is incomplete. The Board’s Internal Administrative Procedures Manual, which contains management policy statements that address the compensation and benefits for Board employees, includes the Board’s policy on premium pay. However, the policy addresses the eligibility and rates only for overtime and holiday pay. It does not include other categories of premium pay, such as night differential, Sunday pay, availability pay, and shift premiums. The policy also requires that overtime claims be signed by the employee, although we found that much of the overtime processing is based on spreadsheets and forms prepared by supervisors or administrative staffs; these documents may not contain the employees’ signatures.
We also found that the current policy is unclear regarding maximum overtime rates. The policy states that the overtime rate for employees who are exempt from FLSA coverage is limited to one and one-half times the basic hourly rate of pay at the midpoint salary of the highest nonexempt grade; the policy does not, however, specify what that grade is. We believe that this language could be open to interpretation; the Board’s grade structure reflects one grade level at the top of the “nonexempt range” although individuals in other higher grades may, on a case-by-case basis, be designated as non-exempt. The policy also states that overtime for nonexempt employees will be capped if leave is taken in the same week that overtime is earned. According to MGT staff, however, leave is not a consideration in the determination of overtime pay for nonexempt employees and the overtime rate for these individuals is not capped.
We believe that the Director of MGT needs to expand the current policy to include other premium pay categories and to update processing guidelines. The director should also clarify how overtime rates are capped for both exempt and nonexempt employees. In revising the policy, we also believe that the director should address any policy exceptions or special situations, such as the requirements related to premium pay for the Board’s law enforcement personnel as discussed more fully in recommendation 6 below.
6. |
We recommend that the Director of MGT establish specific guidelines for paying overtime to all law enforcement personnel and ensure that law enforcement procedures clearly describe work requirements. |
The Board’s Law Enforcement Unit (LEU) is responsible for safeguarding Board personnel, property, and material against unauthorized entry, damage, theft, or other illegal acts. The LEU’s Manual of General Orders (the general orders) serves as the unit’s internal operating procedures and covers administrative and organizational issues, as well as daily operational activities. Specifically, General Order # 40 prescribes the basic work requirements for LEU personnel. It states that LEU personnel normally work an eight-hour shift, preceded by a fifteen- minute roll-call period used for training and briefing; when roll call does not extend to the full fifteen-minute period, scheduled duties are to be assumed immediately when roll call is completed. The order also authorizes an additional fifteen-minute period for personnel to dress into the uniform of the day; the order does not, however, mandate that this period be used for dressing and the time may also be utilized for special training purposes. In addition, the order authorizes LEU personnel breaks during their shift, including a thirty-minute lunch break. The order notes that personnel are considered “on call” while on break and will respond to emergencies as required. The order further notes that, although other Board employees are required to work an eight-and-a-half hour day (i.e., eight hours of paid work time and a one-half hour unpaid lunch break), LEU personnel are exempt from the extra half-hour of work due to roll call and dressing requirements.
During our audit, we found that the half-hour period for dressing and attending roll call is paid as overtime. However, neither the general orders nor the Board’s premium pay policy explicitly authorize this time to be paid as premium pay. MGT staff were unable to provide any additional justification for the overtime payments, although staff told us that this has been a long-standing practice. MGT staff did provide a May 2005 memo which extended overtime eligibility to sergeants and lieutenants. Although the memo stated that paying overtime was in accordance with Board’s policies, we could not find any policy that addressed this issue. In our opinion, the 2005 approval memo appears to be a more general authorization to pay overtime to sergeants and lieutenants and does not provide specific justification for the half-hour for dressing and roll call.
The current practice of regularly paying LEU personnel one-half hour of overtime is an exception to Board policy that has not been appropriately authorized. The Director of MGT should review the Board’s premium pay policy to specifically address the overtime payment to LEU personnel and the exception from the Board’s standard eight-and-one-half hour work schedule. Our analysis of overtime payments made to LEU personnel during 2005 estimated that the Board paid about $487,000 for the half-hour associated with dressing and roll call. (The methodology we used to estimate the total questioned costs can be found in appendix 3.) Because the overtime was not paid in accordance with established Board guidelines, we are classifying this amount as questioned costs.
The Director of MGT should also ensure that the general orders clearly specify the work requirements for LEU personnel. Our review of General Order #40 raised several questions with regard to the “mandatory” nature of the fifteen-minute dressing period and the on-call status of LEU personnel during the thirty minute lunch break. Resolution of these questions could affect how the Board pays LEU personnel for roll call, dressing, breaks, and lunch periods.
7. |
We recommend that the Board withhold state income taxes for employees that reside and regularly work in locations other than Maryland, Virginia, or the District of Columbia. |
Several federal statutes and regulations define the parameters for federal agencies to withhold state, city, and county income taxes from their employees’ salaries. The Secretary of the Treasury, on behalf of the head of each federal agency, has established agreements with those states that require employers to withhold state income taxes and that request such an agreement.2,3 As a result of these agreements, federal agencies must comply with each state’s income tax withholding requirements for employees who reside in the state and whose regular place of employment is within the same state.4 Department of the Treasury regulations define a regular place of employment as the location where an employee actually and normally works, excluding locations that may be a temporary assignment.5
We found that the Board does not comply with the withholding requirements for all employees. Currently, the Board withholds state income tax only for employees that reside in one of the three jurisdictions in the Washington, D.C., metropolitan area: the District of Columbia, the commonwealth of Virginia, and the state of Maryland. We identified thirteen employees who reside in states other than these three locations who do not have state income tax withheld from their salary. Payroll staff told us that the Board was not withholding state taxes for these employees because staff believe that the Board was not obligated to withhold state income taxes for jurisdictions other than the District of Columbia, Maryland, and Virginia. Staff also felt that doing so would be too costly for such a small number of employees.
We recognize that some of the thirteen employees we identified may commute into the District or be on temporary assignment; for these individuals, tax withholding is not mandatory. The remaining employees may be full-time telecommuters for whom withholding is required. Payroll staff should review the residency and work arrangements for all thirteen employees identified during our audit and implement withholding as appropriate. In our opinion, the Board is required to withhold state income taxes for any employee residing in a state outside the Washington, D.C., metropolitan area who is regularly working in their state of residence (i.e., the employee is not working in that state on a temporary basis). Going forward, staff should also establish procedures for identifying employees who are subject to withholding requirements. For those employees who reside outside the Washington, D.C., metropolitan area, staff should ensure that supporting documentation regarding an employee’s state of residency and work location are retained to substantiate withholding determinations.
ANALYSIS OF COMMENTS Return to table of contents
We provided a copy of this report to the director of MGT for review and comment. Her response, included as appendix 1 to this report, indicates agreement with the report recommendations and discusses actions already underway or that will be taken to implement the recommendations. Specifically, the director plans to streamline overtime and premium pay processing and enhance controls over the payroll application. The director also plans to offer additional employee self-service features and update payroll-related policies and procedures. While the director notes that a recent MGT reorganization was designed to better align the compensation, benefits, and payroll staffs, she agrees that there are additional opportunities to further streamline the processes between these sections. The director’s response states that the Staff Director for Management recently approved the Board’s historical practice of paying overtime to law enforcement personnel and that updates to the formal guidelines are underway to reflect this approval. MGT staff are also working with Legal Division staff to clearly define those situations where the Board has a responsibility to withhold and remit state income taxes.
Appendix 1 - Risk Analysis Summary of Payroll Processes Return to table of contents
| Risk Level | Reviewed in this audit? | Process | |
|---|---|---|---|
| High | X | Overtime (Component of Premium Pay) | |
| X | Additional Premium Pay:
|
||
| X | Availability Pay | ||
| Medium to High | X | New Hire Processing | |
| X | Standard hours | ||
| X | Routine Deductions:
|
||
| Academic Assistance Reimbursement | |||
| Lump Sum Payment | |||
| Variable Pay | |||
| Low to Medium | Leave Without Pay | ||
| Academic Assistance Collection | |||
| Garnishments | |||
| Imputed Income | |||
| Tax Processing and Disbursements | |||
| Leave Resignation | |||
| Cash Awards / Performance Award | |||
| Low | Gain sharing | ||
| Common Law | |||
| Relocation Reimbursement taxable | |||
| Savings Bond Refund | |||
| Bar Dues / Licensing | |||
Other Pay Related Processes:
|
|||
| Bonds | |||
| Combined Federal Campaign Contributions | |||
Other Deductions:
|
Appendix 2 – Testing Scope and Methodology Return to table of contents
To test selected controls, we reviewed supporting documentation for completeness and appropriate authorization. We also verified data accuracy by comparing information in the payroll application to source documents. For both control and accuracy testing, we evaluated payroll transactions processed during calendar year 2005. Specifically:
-
For the new hire process, we randomly selected 25 of the 259 employees hired in
2005.
-
For the biweekly pay cycle, we randomly selected a judgmental sample of
transactions for routine deductions; table 1 shows the total number of
transactions and our sample size for each transaction type we reviewed.
-
For premium pay transactions, we focused on four functional areas where staff
regularly receive premium pay (law enforcement, engineering and maintenance,
protective services, and information technology). We randomly selected four pay
periods and, for each pay period, we randomly selected five employees from each
of the four areas. For employees in other areas who may occasionally earn
overtime, we randomly selected twenty-five transactions. In addition, we tested
all premium pay transactions for the payroll staff.
Table 1 – Biweekly Cycle Transaction Testing
| Transaction Type | Population | Sample Selected | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Health, dental, or vision benefit election changes, excluding the annual benefits open enrollment period | 59 | 30 | |||||||||
| Flexible Spending Account changes, excluding the annual benefits open enrollment period | 9 | 9 | |||||||||
| Life insurance changes | 26 | 13 | |||||||||
|
|||||||||||
Appendix 3 – Computation of Questioned Costs Return to table of contents
To estimate the dollar value of payments made to Law Enforcement Unit (LEU) employees during 2005 for the half-hour of dressing and roll call, we performed the following steps:
-
We obtained fifty-two spreadsheet files from the LEU administrative officer
showing hours and earnings code (i.e., overtime, night differential, etc.) for
each LEU employee. We then formatted the spreadsheets to include only overtime
hours.
-
For each day that an LEU employee earned overtime, we assumed that the first
half-hour pertained to the time associated with dressing and roll call. We then
computed the total half-hours earned by each employee during 2005. (The LEU
also includes four individuals designated as dog handlers who are authorized to
receive overtime for the care of the canines during non-duty time, including
weekends. We excluded from our calculation any overtime hours that may have
been associated with weekend duties for these four individuals.)
- For each employee, we computed an overtime rate based on salary as of January 2005. Specifically, we divided total regular earnings by the total regular hours and multiplied by the overtime factor of 1.5. Because LEU sergeants and lieutenants are exempt employees, their overtime rate is capped. The maximum overtime rate for these employees in 2005 was $34.31; we used this rate for exempt employees, rather than the calculated rate. We applied the appropriate rate to the total dressing/roll call hours calculated above.
Using this methodology, we estimate that the Board paid LEU employees about $487,000 for time spent dressing or in roll call during 2005.
Appendix 4 – Division Director’s Comments Return to table of contents
 |
BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, D. C. 20551 |
|
| OFFICE OF INSPECTOR GENERAL |
| DATE: | October 31, 2006 |
| TO: | Barry Snyder |
| FROM: | H. Fay Peters /signed/ |
| SUBJECT: | Comments on the draft OIG Report, Report on the Audit of the Board’s Payroll Process |
Thank you for the opportunity to review and comment on the draft Report on the Audit of the Board's Payroll Process. As you are aware, our division welcomed a comprehensive review of our payroll operations, especially considering the Board's decision to voluntarily comply with Section 404 of the Sarbanes/Oxley Act (SOX), and our emphasis on compliance and efficiency in all division activities. We appreciate your office's support of this objective and, specifically, we appreciate the opportunity to collaborate with you on the scope of this particular audit during its planning phase. As discussed below, we concur with your recommendations.
In evaluating the effectiveness of a security program, we believe it is important to recognize that FISMA includes cost as a consideration in the risk decision. FISMA as well as the National Institute for Standards and Technology (NIST) guidance, allows for making prudent, cost-effective information security risk decisions for information systems. For example, FISMA states that federal agencies are responsible for “providing information security protections commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of information…”. Further, the guidance permits the agency to consider risk on a broader perspective. NIST 800-53, which provides guidance on information security control selection, states that “…The selection and specification of security controls for an information system is accomplished as part of an organization-wide information security program that involves the management of organizational risk—that is, the risk associated with the operation of an information system. The management of organizational risk is a key element in the organization’s information security program and provides an effective framework for selecting the appropriate security controls for an information system—the security controls necessary to protect the operations and assets of the organization.”
| 1. | Recommendation: We recommend that the Director of MGT redesign existing payroll processes to increase efficiency and strengthen controls by reducing or eliminating multiple data transcriptions for overtime and other types of premium pay. Response: Concur. We agree that there are opportunities to significantly
streamline the processing of overtime and other types of premium pay. As we
address this recommendation, we will be guided further by the control
objectives of SOX. |
| 2. | Recommendation: We recommend that the Director of MGT realign roles and responsibilities between payroll and benefits staff to streamline the new hire and benefits elections processes. Response: We concur with this recommendation but wish to point out that
we have already made organizational changes that support the OIG's
recommendation. One of the purposes of the Management Division reorganization
in 2005 was to better align areas of the division that needed to work in a more
synergistic manner. The compensation, benefits, and payroll sections were
combined under one manager for this purpose. We do agree that there are
opportunities to further streamline the processes between the sections and that
work is on-going. |
| 3. | Recommendation: We recommend that the Director of MGT increase the use of automation to allow employees to directly update more information in the Board’s payroll application. Response: Concur. The ASAP and Human Resources areas have been working
over the past several years to continually upgrade the automated services
available to employees. An on-going project to further automate the new hire
process will enhance the capabilities of employees to directly enter their
personal data into the PeopleSoft system. |
| 4. | Recommendation: We recommend that the Director of MGT enhance controls over the payroll application by (a) restricting edit access to payroll data for any payroll staff, (b) reducing edit access to audit log tables, and (c) requiring electronic verification when the payroll file is sent to FRB Atlanta. Response: Concur. The ASAP and Payroll staffs will take the appropriate
actions to implement this recommendation. |
| 5. | Recommendation: We recommend that the Director of MGT (a) develop, document, and disseminate procedures for all payroll-related processes and (b) enhance the current policy regarding premium pay. Response: Concur. The Payroll staff is in the process of updating and/or
documenting all operating procedures and processes. Staff is currently working
with the Legal Division to update the premium pay policy. |
| 6. | Recommendation: We recommend that the Director of MGT establish specific guidelines for paying overtime to all law enforcement personnel and ensure that law enforcement procedures clearly describe work requirements. Response: Concur. While the Board's historical practice of paying
overtime to law enforcement personnel has been followed consistently,
documentation approving this practice could not be located. The Staff Director
for Management has now approved this practice and our formal guidelines are
being updated to reflect this approval. |
| 7. | Recommendation: We recommend that the Board withhold state income taxes for employees that reside and regularly work in locations other than Maryland, Virginia, or the District of Columbia. Response: Concur. We are working with the Legal Division to clearly
define those situations where the Board has a responsibility to withhold and
remit state income taxes.
|
I have asked my officers and staff to continue working with your audit team for ideas on how to successfully implement your recommendations. Again, thank you for your report and recommendations. |
Appendix 5 – Principal Contributors to this Report Return to table of contents
Kimberly Whitten, Senior Auditor and Auditor-in-Charge
Victor Calderon, IT Auditor
Timothy Rogers, Auditor
Alvaro Soto, Auditor
Silvia Vizcarra, Auditor
Jacqueline Becker, Senior Attorney
William Mitchell, Assistant Inspector General for Audits and Attestations
Footnotes
1. The Inspector General Act of 1978 defines “questioned costs” as costs questioned by the Office of Inspector General because of an alleged violation of a provision of a law, regulation, contract, grant, cooperative agreement, or other agreement or document governing the expenditure of funds. Return to text2. Authorized under 5 U.S.C. § 5517 Return to text
3. United States Treasury Manual, Volume I Part 3 Chapter 5000, entitled “Withholding of District of Columbia, State, City, and County Income for Employment Taxes.” Chapter includes standard terms for state income tax withholding agreements and the list of states with established agreements with the Secretary of the Treasury. Return to text
4. 5 U.S.C. § 5517(a) Return to text
5. 31 CFR § 215.2(k) defines “Regular place of federal employment” as “the official duty station, or other place, where an employee actually and normally (i.e., other than in a travel or temporary duty status) performs services, irrespective of residence.” Return to text