The importance and effects of minimising risk within a government payroll context

Abstract

The aim of this study is to examine four high risks that arise from the Malta Goverment Payroll System; these are Security Risk, Business Continuity Risk, Communication Risk and Manual Intervention Risk. It is also the intention of this study to identify adequate tools for the minimisation of these risks. The efficiency of the payroll is directly linked to the performance of the payroll department's management. Moreover training, standards, manual of procedures, automation and continuous auditing are universally acknowledged to be vital for the proper mitigation of high risks. Through the association of the five components of the COSO model to the four main risks of payroll one can deduce that internal controls are connected to the performance of the payroll. Furthermore the government payroll system is driven by human beings to a considerable degree; this leads us to infer that internal controls minimise risk which directly effects Government funds allocated to the payroll. The intention of the study was to provide a general view of the current processes, practices and controls in core departments within the government, most of which are related to payroll. An interesting area encompasses the experience and internal control awareness of the administrators and technical staff. Six different departments connected to payroll were selected in adherence to the maximum variation sampling strategy. Another objective was to gain an understanding of existing risks, also what risk management and internal control models were being adopted and if they could be enhanced or changed to provide better outcomes. The research concluded that the COSO model is fundamental to the payroll and can be used as a guideline in the mitigation of risks. This is despite internal controls, processes and procedures resulted to be weak and unstructured throughout the whole system. Following a best practice such as ITIL can be the initial stages in the creation of a customer service system for the logging of queries. Finally if the payroll departments become ISO certified, a list of controls should be enforced. All stakeholders are also required to abide to standards to develop a system where risks within a government payroll context are continuously minimised.