schools In this issue
Payroll Controls
Payroll Controls Page 1
While we all like to think that our internal financial processes are robust and the risk of fraud and error in our organisation is low, the reality is often significantly different.
Tax diary reminders Page 2
Garry Murphy Partner - Canberra
AASB Issues Not-For-Profit Entity Consolidation Guidance Page 3 Business risk or risky business? Page 4
Australia Adelaide Jamie Dreckow t: 08 8139 1165 e: jdreckow@edwardsmarshall.com.au Brisbane Daniel Gill t: 07 3023 1300 e: dgill@pilotpartners.com.au Canberra Garry Murphy t: 02 6279 5400 e: garry.murphy@dnexia.com.au Melbourne George Dakis t: 03 9608 0106 e: gdakis@nexiamelbourne.com.au Newcastle Martin Matthews t: 02 4926 2699 e: mmatthews@forsythes.com.au Perth TJ Spooner t: 08 9463 2463 e: tj.spooner@nexiaperth.com.au Sydney Andrew Hoffmann t: 02 9251 4600 e: ahoffmann@nexiacourt.com.au
Cases over recent years, including a $1.2m payroll fraud within the school sector in Canberra, highlight the need for greater scepticism by management and continual review of financial procedures. Payroll is an area of particular concern. The number of transactions in any pay period is significant and includes a range of variables depending on the nature of employment, the particular award or contract, salary sacrifice arrangements, allowances, deductions and leave. These variables increase the risk not only of error, but also of fraud. While fraud and error cannot be eliminated, the risks of fraud and error occurring can be reduced. The following are some common examples of fraud and error in the payroll cycle: Fraud ■■
not deleting former employee records and making payments into a personal bank account subsequent to the termination of that employee;
■■
manipulating data for casual or relief staff and having payments processed into a personal bank account;
■■
creating “ghost” employees and having the salary of these “ghost” employees paid into a personal bank account;
■■
adjusting pay rates or superannuation contributions in the payroll system;
■■
processing additional leave entitlements in the payroll system;
New Zealand Auckland Kumar Aravinda t: 09 262 2595 e: karavinda@nexianz.co.nz Christchurch Graeme Marriott t: 03 379 0829 e: graeme@marriotts.co.nz Independent member of Nexia International
FEBRUARY 2014
■■
submission of incorrect timesheets; and
■■
inflated reimbursement claims and claims for allowances and overtime.
Errors ■■
incorrect standing data being recorded in the payroll system (including salary rates, allowances, deductions, leave entitlements, bank details etc);
■■
errors in the processing of timesheets;
■■
incorrect leave entitlements being calculated within the payroll system for annual leave, personal leave and long service leave;
■■
leave taken not being recorded in the payroll system; and
■■
payroll expenses not recorded in the correct period.
Many controls can be implemented to help guard against fraud and error in the payroll cycle. Segregation of duties and authorisation/checking processes are the most effective given the large number of individual transactions that are often processed in each pay period. While not an exhaustive list, the following are some common processes that could be implemented to reduce the risk of payroll fraud and error: Preventative controls ■■
ensure that payroll processes are documented in detail and are being followed by staff;
■■
payroll information for new employees should be supported by appropriately
approved documentation. All entries for new employees should be checked by a second staff member and initialled and dated as evidence of this review; ■■
all changes to standing data, such as bank account details and pay rates, should be supported by a request from the staff member or management as relevant. Changes to the standing data should be checked by a second staff member and initialled and dated as evidence of this review;
■■
timesheets (where relevant) should be approved by management;
■■
where manual timesheets are entered into the payroll system, these entries should be checked by a second staff member. The timesheet should be initialled as entered and checked;
■■
travel expenses should be supported by appropriate documentation and approved by management;
■■
a checklist of processes and reports required for each pay period should be implemented;
■■
changes to standing data, including the addition and deletion of employees, should be processed by an individual without access to process any other payroll information;
■■
■■
consider having one person process the payroll, another authorise it and a third person process the payment. In smaller schools, as a minimum, somebody independent of the preparer should review and authorise the payroll; ensure appropriate processes are in place to protect the integrity of data within electronic payment files. Payment files should be ‘read only’ once they have been created;
■■
ensure systems are adequately password protected and that staff do not share passwords; and
■■
ensure the payroll manager is not a signatory to the bank account.
Detection controls ■■
2
each pay period a report should be printed detailing all changes to standing data. This should be reviewed by an appropriate level of management and initialled and dated as evidence of the review;
■■
■■
■■
■■
■■
where relevant, a reconciliation could be performed between leave forms processed and relief staff paid in the absence of those employees; pay audit reports should be printed, reviewed and retained, showing major variations from the previous pay period. These reports record information such as employees with no pay, pay in excess of normal hours, paid this period but not last period, paid last period but not this period etc; trial pay run reports should be printed and reviewed by a second officer or authoriser. The reviewer should focus on employee names, gross wages, overtime, allowances and other expenses for reasonableness; employee entitlement reports should be reviewed to ensure that amounts accrued are reasonable for employees; review monthly management accounts to ensure that payroll expenses are consistent with expectations;
■■
ensure a mechanism is in place for staff to report suspicious behaviour;
■■
have internal or external auditors undertake specific reviews of payroll to verify that calculations are undertaken appropriately and are supported by appropriate documentation. Specific checks, such as on ‘ghost’ employees and allowances, could also be undertaken; and
■■
the payroll should be reconciled between the payroll system and the general ledger on a monthly basis. Ideally this would be performed by somebody independent of the preparation of the payroll. This reconciliation should be reviewed and initialled by a second officer.
If you require any assistance or advice in reviewing your internal control process, please do not hesitate to contact your Nexia advisor.
Tax diary reminders 21 February 2014 Payment of 2nd instalment for 2013-14 for quarterly payers (who are not deferred BAS payers). Monthly BAS and IAS payments for January 2014. PAYG withholdings from payments made in January 2014 by medium payers (who are not deferred BAS payers). 28 February 2014 Payment of 2nd instalment for 2013-14 for quarterly payers who are deferred BAS payers. PAYG withholdings from payments made in December 2013 and January 2014 by medium payers who are deferred BAS payers. PAYG withholdings from payments made during December 2013 quarter by small payers who are deferred BAS payers. 21 March 2014 Monthly BAS and IAS payments for February 2014. PAYG withholdings from payments made in February 2014 by medium payers (who are not deferred BAS payers). 28 March 2014 PAYG withholdings from payments made in February 2014 by medium payers who are deferred BAS payers. 21 April 2014 Payment of 3rd instalment for 2013-14 for quarterly payers (who are not deferred BAS payers). Payment of 1st instalment for 2013-14 for quarterly payers eligible to make 2 instalments annually (who are not deffered BAS payers). Monthly BAS and IAS payments for March 2014 and quarterly BAS and IAS payments for March 2014 quarter. PAYG withholdings from payments made in March 2014 by medium payers (who are not deferred BAS payers). PAYG withholdings from payments made during March 2014 quarter by small payers (who are not deferred BAS payers). 28 April 2014 Payment of 3rd instalment for 2013-14 for quarterly payers who are deferred BAS payers. Payment of 1st instalment for 2013-14 for quarterly payers eligible to make 2 instalments annual who are deferred BAS payers. PAYG withholdings from payments made in March 2014 by medium payers who are deferred BAS payers. PAYG withholdings from payments made during March 2014 quarter by small payers who are deferred BAS payers.
Financial Reporting ...
AASB Issues Not-For-Profit Entity Consolidation Guidance Martin Olde, Nexia Australia and NZ Accounting and Audit Technical Director
On 31 October 2013 the AASB issued Australian Accounting Standard AASB 2013-8 Amendments to Australian Accounting Standards – Australian Implementation Guidance for Not-for-Profit Entities – Control and Structured Entities. The amendments provide guidance to assist not-for-profit (“NFP”) entities apply AASB 10 Consolidated Financial Statements and AASB 12 Disclosure of Interests in Other Entities. These Standards are to be first applied from 1 January 2014. The new NFP Guidance explains various principles in AASB 10 regarding the criteria for determining whether a notfor-profit entity controls another entity. For example, it is not necessary that one party actually ‘invests’ in, or has a direct ownership interest in, the other party for control to be present. More information on the new consolidation Standard and NFP guidance can be found in our June 2013 Accounting Standards Update Webinar and our NEXT Newsletter - Summer 2014 edition. Educational institutions may have relationships with building funds and trusts; scholarship funds; P&F committee funds; student and alumni unions; sporting associations; or foundations used to centralise fundraising activities. Each of these would need to be analysed to ascertain whether they needed to be consolidated into the educational institution’s financial statements. Power The first criterion in determining whether control exists is the ability of an investor to direct the relevant activities of the investee. In an NFP environment, an investor can exercise power over an investee even though it holds no equity shares in the investee. For example, the investee may be a company limited by guarantee, a trust, a foundation or
other form of entity. However, for control to exist there must be a mechanism, whether contractual or non-contractual, whereby the investor can direct the activities of the investee.
To date, all distributions have been to MNO but is not compelled to do so. The Foundation has an eight-member board, with five members appointed by MNO and three by MNO school alumni.
For example, in the absence of other factors, an institution that establishes a charitable foundation will not consolidate that foundation solely because it is the only source or recipient of the foundation’s resources. It would also need to have the ability to direct the activities of the foundation, through any means.
Although it is unable to demand direct financial returns, MNO is considered to have exposure or rights to variable returns from its involvement with the foundation. MNO obtains both direct financial returns, and indirect nonfinancial returns through the foundation’s objectives. Therefore, the ‘returns’ criterion is met by MNO.
Returns
MNO School controls the Foundation because MNO also has power to appoint the majority of the board which gives it the ability to direct the operations of the Foundation. MNO therefore meets both control criteria.
The definition of ‘returns’ in AASB 10 is broad and encompasses all returns whether they are financial or non-financial; direct or indirect; positive or negative. Returns include the achievement of the institution’s objectives, the furtherance of its social policies, and increased efficiency and effectiveness of its service delivery. Therefore vehicles used to outsource or provide services and facilities that the institution would otherwise provide itself, may meet this criterion. Example MNO is a private secondary school. MNO established the MNO Foundation to undertake fundraising activities associated with the MNO school. The Foundation’s constitution states that its objective is to financially support MNO and similar schools in providing best practice teaching outcomes for their students. MNO contributed initial capital to the Foundation and all secretarial and bookkeeping services are provided by MNO at no charge. The Foundation retains any surplus resulting from its operations. Under its constitution the Foundation may make distributions and grants to any other school or party decided by the Foundation’s board.
However, consider the same facts above except that MNO can not appoint the board of the Foundation but has the right to veto any board appointments and can remove board members. In this case, MNO’s right of veto and removal are protective rights that only serves to protect MNO’s reputation and operations but does not give MNO the ability to direct the activities of the Foundation. Consequently, in this scenario, MNO does not control the Foundation. The introduction of AASB 10 has the potential to have significant financial reporting impacts on the NFP sector. It is possible that some special purpose trusts and foundations created by NFP entities would cease being consolidated because of the power criterion. Meanwhile, the extension of the concept of returns to incorporate indirect non-financial returns may result in other NFP entities consolidating entities for the first time. Because NFP entities in the education sector can vary considerably in their design, purpose and structure, each arrangement needs to be carefully considered to determine the potential implications of adopting AASB 10. 3
Risk Management Practices ...
Business risk or risky business? Lester Wills Partner - Sydney
Risk management is an integral part of good management practice. Whatever the size of the school, a critical element when delivering effective risk management is to apply a process consisting of well-defined steps, which when taken in sequence, support better decision making by contributing to a greater insight into risks and their impacts. It is as much about identifying opportunities as it is about avoiding losses.
Figure 1: Risk & Process Categories
Governance Compliance
Organisational Risks Information
Implementing a formal risk management process is intended to identify, document, manage and communicate a school’s “enterprise risk”. The underlying premise of Enterprise Risk Management (ERM) is that every entity exists to provide value for its stakeholders. All entities face uncertainty and the challenge for management is to determine how much uncertainty to accept as they strive to grow stakeholder value. The Components of Enterprise Risk Management Enterprise risk management requires categorisation tools to help organisations group and prioritise their risk and process management. A typical risk and process categorisation diagram can be depicted as in figure 1 opposite. With an increasing variety of risks – and the impact this may have in terms of financial and reputational loss – risk management has become a priority for independent schools.
Integrity
Operational
Financial
The ISO 31000 standards provide principles and generic guidelines on risk management and are considered best practice. Have you implemented or are you currently implementing an enterprise risk management strategy and program? Implemented or implementing ERM
Human Resources
Overview of survey findings Nexia recently conducted a risk management survey in the independent school sector. We received over 100 responses from Bursars across Australia and New Zealand. We have provided below a summary of the key findings. Do you have a senior executive staff member who has been allocated responsibility for Enterprise Risk Management (as opposed to workplace safety)? No. of students
Yes
Less than 400
69%
400-600
64%
600-1000
60%
Greater than 1000
84%
Overall
72%
The survey found that 72% of respondents have a staff member allocated with the responsibility for Enterprise Risk Management (ERM). Of those that have implemented or were
4
implementing an ERM program, 73% were using the ISO 31000 family or standards as the framework.
Without allocated ERM resource
8%
With allocated ERM resource
80%
All respondents
60%
The survey results indicate how important it is to allocate responsibility for ERM. Without a dedicated resource, or person responsible, only 8% of respondents had implemented or were implementing an ERM program.
If you do not have a dedicated risk management resource or employee or are not currently implementing a risk management program, what are the main impediments? Impediment
% of respondents
Cost
49%
Not our culture
5%
Not seen as a key focus
22%
Don’t believe there is any value
0%
Lack of internal skills
24%
Too dificult to implement
11%
Organisation too bureaucratic
11%
Other
Theme was lack of time
For those who had not implemented an ERM program the main impediment seemed to be cost, with lack of internal skill considered second. Implementing an ERM does not need to be an expensive exercise. Each ERM program should be tailored to the school and can begin by establishing objectives for ERM, which can lead to an ERM framework and ERM policy. Benefits of implementing a ERM What do you believe are the key benefits of implementing a risk management program? Benefits
Not implemented
Implemented
All/both
Identifies weakness
81%
75%
77%
Explores opportunities
32%
45%
40%
Enforces accountability
46%
51%
49%
Protects the organisation
70%
75%
73%
Allocates resources to key appropriate focus areas
49%
45%
47%
Engages members of the organisation
19%
45%
35%
Generally, survey respondents believed the main benefits to having an ERM program was that it identified weaknesses and protected the school. Among schools that had implemented an ERM program, ERM was viewed more positively as a means of identifying opportunities for the school. As schools work to gain a clearer understanding of the value of ERM, they need to look to quantify its costs and benefits. It should not be seen as a compliance exercise, but an integrated method of managing risks and seizing opportunities relating to the achievement of the school’s objectives. It involves a high level of engagement by employees throughout the school enabling individuals to think beyond their immediate areas of responsibilities. If done properly, it creates value for parents, students, employees and the community. Managing Risks How effective do you believe your organisation is at managing the following risks? Risk Area
Effective
Somewhat effective
Neutral
Somewhat ineffective
Ineffective
Mitigated
Opportunity
Student welfare
47%
51%
1%
1%
0%
98%
2%
Budgets
67%
30%
1%
1%
1%
97%
3%
Regulatory requirements
43%
48%
7%
2%
0%
91%
9%
Funding
52%
37%
9%
2%
0%
89%
11%
Reputation
43%
46%
9%
2%
0%
89%
11%
Liquidity
46%
42%
10%
2%
0%
88%
12%
Strategic Direction
34%
54%
9%
3%
0%
88%
12%
Staff welfare
39%
46%
14%
1%
0%
84%
16%
IT security
34%
50%
9%
8%
0%
84%
16%
5
Continued... Risk Area
Effective
Somewhat effective
Neutral
Somewhat ineffective
Ineffective
Mitigated
Opportunity
Staffing resources
27%
54%
16%
2%
0%
81%
19%
Operations
35%
46%
15%
2%
1%
81%
19%
Fraud & corruption
41%
40%
17%
2%
0%
81%
19%
Privacy
30%
48%
20%
2%
0%
78%
22%
Stakeholders
31%
46%
21%
2%
0%
77%
23%
Asset Management
19%
49%
20%
11%
0%
69%
31%
Respondents were generally strong in mitigating risks around Budget, Student Welfare and Regulatory Requirements and saw more opportunities in managing risks around Asset Management, Stakeholders, and Privacy. For those that have implemented or are implementing an ERM program there seems to be a high degree of satisfaction in what they have put in place. The road ahead What do you believe are the top 5 risks facing your organisation at present? And what do you believe are the top 5 risks facing your organisation over the next 5 years? Risk Area
Presently
Over 5 years
Enrolment
15%
14%
Funding
13%
10%
Staffing
13%
14%
Reputation
8%
4%
IT / Technology
8%
7%
Affordability
8%
11%
Asset management
7%
6%
Solvency
6%
7%
Safety
5%
4%
Competition
3%
3%
Economy
2%
4%
Other (one-off risks)
13%
15%
Grouping the responses by themes, enrolments, funding uncertainty and staffing concerns were the strongest responses in the survey in the short-term and continue as concerns over the next five years. Longer-term affordability was a trending theme with concerns raised over the increasing costs and ability to pass these on to parents. Looking ahead, schools will focus on a number of different areas within their risk management initiatives. Some schools will begin or advance their ERM program development efforts. Others may include additional risk types within their ERM program - particularly those where risk methodologies are not as developed and the risks themselves less understood. The trend towards schools adopting a more corporate approach to risk is likely to continue and schools that take a leading role in this will be in a position to use risk management as a key competitive tool. If you would like to receive the full report of our risk management survey or further information on how you can start implementing an ERM process into your school – please contact your Nexia Advisor.
The material contained in this publication is for general information purposes only and does not constitute professional advice or recommendation from Nexia Australia. Regarding any situation or circumstance, specific professional advice should be sought on any particular matter by contacting your Nexia Representative. Independent member of Nexia International
Adelaide | Brisbane | Canberra | Melbourne | Newcastle | Perth | Sydney | Auckland | Christchurch
6