CMS Case Study

C loyd Bank and Trust Risk Assessment Summary 2020-2021

Audit Area

Human Resources/Payroll

Definition (score range)

Risk Factor

Score

High (21-30)

Moderate (11-20)

Low (0-10)

Rationale

The payroll function is regulated by various labor laws. Some laws are not typically subject to significant and/or frequent change; however, DOL and ERISA laws related to employee benefit plans are subject to changes more frequently. In addition, the Affordable Care Act (ACA) requirements (Forms 1094 & 1095) have been implemented. The Bank has a standard 401k plan.

Regulatory requirements are limited to low-profile regulations and law issues that warrant action but have significantly lower levels of risk. Impact on accurate timely financial reporting is minimal. Likelihood of material financial reporting effect is negligible.

Significant regulatory requirements are evident; however, regulatory expectations are clear, seasoned, and considered routine. Violations if any will be technical in nature. Material financial effect is possible; however, activity is routine and noncomplex and errors would be readily evident in normal operations. Seasoned and complex manual or automated systems are important to management decision making or product delivery; however, collaborating or alternative back-up systems exist. There is no basis for control assessment, or they are thought to be weak. Minor changes since last audit are anticipated this year.

Potential violations of high profile regulations with potential fines, legal liability or costly corrective action are possible. Material financial misstatement is possible due to incorrect handling of infrequent, complex transactions or estimates. Critical management decisions may be based on these financial areas. Complex manual or automated systems are new, critical to management

Compliance

15

Management's salaries (including benefits) represent one of the Bank's largest non-interest expenses; therefore, a material financial effect is possible. Reimbursement of appropriate employee expenses also poses a slightly increased level of risk due to the nature of the expense reporting process. Other human resource activities (such as hiring practices, checking references, etc.) are traditionally non-financial in nature.

Nature of Transactions

9

Noncomplex systems and operations are seasoned, with well established back up routines.

The Bank's payroll recordkeeping function is outsourced to ADP, Inc. and transactions are mostly automated. Recent ADP SSAE 18 reports appear to show appropriate controls.

Nature of Operations

10

decision making, or important to product delivery.

Controls are nonexistent or known to be weak.

Controls are strong or adequate.

Control activities over payroll and Human Resources (HR) are in place and appropriate policies and procedures govern this function. Also, the Bank has a policy regarding excessive employee overdrafts and employee accounts are subject to periodic monitoring. The Bank plans to open two loan production offices (LPO) and hire two commercial lenders in 2021. Additionally, the Bank plans to open a second office, when opened the Bank will hire additional employees to staff this branch.

Internal Controls

9

Changes to systems, processes, or procedures

No changes since last audit are planned this year.

Major changes since last audit are anticipated this year or not recently reviewed. Management lacks experience or places low priority on internal controls.

16

Management has average experience.

Management is experienced and has high priority on controls.

Commitment has been made to sound hiring practices and monitoring of the human resources and payroll function. The Human Resource Director possesses above average experience levels. Senior Management stresses ethical behavior and places a priority on controls.

Management

9

68

Risk Score

- 7 -