Skip to main content

Risk Management in Payroll

What are the risks in a payroll department?   There are many variations of the three below, but it all comes down to them.
  1. Fraud
  2. Error
  3. Confidentiality
Good processes and governance go a long way to preventing all of them, and, of course, the positive effect of getting it right the first time, is so much better than having to constantly correct problems.   Payroll errors have a very negative impact on morale.

Fraud   

From ghost employees to duplicate bank accounts, payroll fraud is wide ranging and yet we are frequently told that payroll administrators manage the full process from data entry to EFT without anybody else checking the output.   While it is clearly not good governance, it is also quite simply putting temptation on the table.

Another concern is that there are many repeat offenders out there, protected by the employer who chooses to not take action, and by the companies who do not insist on full background checks when hiring into such a sensitive role.

Errors

Payroll departments work under extreme pressure, and deadlines are not always adhered to by the rest of the company.   This increases the opportunities for errors of omission, unclear communication or a lack of understanding of the requirements.

The majority of people operating in payroll departments have grown up in the position, ie they have no formal training in payroll administration, are trained on the job, and their skill set is often deep knowledge of a particular payroll software package.

We have also noticed that there is very little formal training in spreadsheet products which can be very valuable for controls.

The risk of an underpayment not being reported is low, but overpayments and incorrect calculations are frequently unreported.

Confidentiality

With the PoPi bill on its way, keeping people information confidential has never been more important, and yet there is significant risk in many payroll departments.   Some of the main areas of concern are:
  • Designing security levels that allow only the relevant people access to the information
  • Setting up firewalls correctly
  • Understanding whether the IT department has access to the encrypted data, and ensuring that there is full signed contractual confidentiality.   For convenience, in larger IT departments, the access is spread quite broadly, and it is in the interests of companies to confirm who should and shouldn't have access.
Governance and controls need to be in place.   The way the payroll is checked each month should also be standardised.   Variance reports are particularly useful as a first step, so that it is easy to see where the differences are, month on month.   Line management need to sign off on their direct reports, and should have a check list to work through eg
  • Employees who are in their last month of work
  • Employees terminated in the previous month
  • New employees
  • Increases given
  • Bonuses given
  • Savings and loans
  • Commissions
  • Travel claims
  • Reimbursements
This checking by line management subjects the payroll to an external review process, and reduces risk immediately.  Terminations and new hires should be checked with the employment contract at hand.   Audit reports should also be checked each month to confirm that all changes in the system are valid.

No matter what systems are in place, it is possible to commit fraud, make errors and break confidentiality, particularly as processes often become less tight over time.   It is advisable to ensure that payroll departments are regularly submitted to an external risk management /health check process, which confirms best practice, as well as process flows and reporting models that highlight anomalies.

Risk Management
e-Mail: support@accsys.co.za
Enquiry: Contact Form 

Payroll Training
Payroll Administration Diploma


Popular posts from this blog

Salespeople - Just Answer the Question.

How we love to elaborate…     Both in our personal and business lives.   It is rare to find somebody who simply answers the question.
In sales, it is becoming more and more critical to just say yes or no.   If you want to embroider afterwards, by all means, but tell the client you can or you can’t do it, first.

That’s what they remember, the yes or the no. Being married to an engineer, I have learnt that if I don’t answer the question, he simply repeats it, until he gets a definitive answer..
As the above is extremely bad for marital relationships, I try to say yes or no first and then give the details.

I thought it was just me, but I have been observing my friends and the people I work with, and it is fascinating how few one word answers are immediately available. When you are selling and a client asks you:
If the widget turns blue in the dark, say yes if it does, then ask if that is a key part of the decision making processIf they ask when you can deliver, give them a…

Hi, 22 year old me..

If I were 22 May is my birthday month, so a time for celebrations and introspection. In interviews, I often ask our applicants to pretend they are 60, and look back on their careers.   Their dreams range from leaving a legacy to being able to retire by the age of 45. At 22, I had taken my first steps on the career ladder.   I had been promoted from being a PA and Installation Secretary (setting up PoS installations for NCR’s large retailers) to becoming a full time programmer. I had made some extremely poor academic decisions, and realised I had to make some very good career choices.   Software development was a relatively new field when I was in my early 20s, and it became an exciting and fulfilling career. Based on my history what advice would I give myself or a new graduate? It doesn’t matter what you have studied, or what your first job is. Keep looking for your passion, find what makes you happy. If it’s money, and you don’t mind being a little unchallenged, as long as there is eno…

3 things to do BEFORE you resign

or sign a new contract…
1.Confirm your notice period ·A lot of companies allow 30 days from date of resignation, but many ask for a calendar month
2.Check your restraints ·If you are joining a competitor ·If you are joining a client
3.Find out when your last payment will be transferred ·Companies have been burned by paying over on the 25th, and people not returning, so they may delay payment transfer until the last official working day, or even the first day of the following month.  You may need to make special arrangements regarding debit orders ….
Both your current company and your new one deserve to be fairly treated.   Knowledge of the policies makes this possible.
Even if the policies don’t make sense to you, you agreed to them when you signed your contract.
HR managers will tell you how many great working relationships are damaged because people don’t follow policy when resigning. It’s worth taking the time for many good reasons.  Building a solid career can depend just as much on how you …