Skip to main content

Risk Management in Payroll

What are the risks in a payroll department?   There are many variations of the three below, but it all comes down to them.
  1. Fraud
  2. Error
  3. Confidentiality
Good processes and governance go a long way to preventing all of them, and, of course, the positive effect of getting it right the first time, is so much better than having to constantly correct problems.   Payroll errors have a very negative impact on morale.

Fraud   

From ghost employees to duplicate bank accounts, payroll fraud is wide ranging and yet we are frequently told that payroll administrators manage the full process from data entry to EFT without anybody else checking the output.   While it is clearly not good governance, it is also quite simply putting temptation on the table.

Another concern is that there are many repeat offenders out there, protected by the employer who chooses to not take action, and by the companies who do not insist on full background checks when hiring into such a sensitive role.

Errors

Payroll departments work under extreme pressure, and deadlines are not always adhered to by the rest of the company.   This increases the opportunities for errors of omission, unclear communication or a lack of understanding of the requirements.

The majority of people operating in payroll departments have grown up in the position, ie they have no formal training in payroll administration, are trained on the job, and their skill set is often deep knowledge of a particular payroll software package.

We have also noticed that there is very little formal training in spreadsheet products which can be very valuable for controls.

The risk of an underpayment not being reported is low, but overpayments and incorrect calculations are frequently unreported.

Confidentiality

With the PoPi bill on its way, keeping people information confidential has never been more important, and yet there is significant risk in many payroll departments.   Some of the main areas of concern are:
  • Designing security levels that allow only the relevant people access to the information
  • Setting up firewalls correctly
  • Understanding whether the IT department has access to the encrypted data, and ensuring that there is full signed contractual confidentiality.   For convenience, in larger IT departments, the access is spread quite broadly, and it is in the interests of companies to confirm who should and shouldn't have access.
Governance and controls need to be in place.   The way the payroll is checked each month should also be standardised.   Variance reports are particularly useful as a first step, so that it is easy to see where the differences are, month on month.   Line management need to sign off on their direct reports, and should have a check list to work through eg
  • Employees who are in their last month of work
  • Employees terminated in the previous month
  • New employees
  • Increases given
  • Bonuses given
  • Savings and loans
  • Commissions
  • Travel claims
  • Reimbursements
This checking by line management subjects the payroll to an external review process, and reduces risk immediately.  Terminations and new hires should be checked with the employment contract at hand.   Audit reports should also be checked each month to confirm that all changes in the system are valid.

No matter what systems are in place, it is possible to commit fraud, make errors and break confidentiality, particularly as processes often become less tight over time.   It is advisable to ensure that payroll departments are regularly submitted to an external risk management /health check process, which confirms best practice, as well as process flows and reporting models that highlight anomalies.

Risk Management
e-Mail: support@accsys.co.za
Enquiry: Contact Form 

Payroll Training
Payroll Administration Diploma


Popular posts from this blog

Resignation - keep building relationships

Resignation – avoid burning those bridges It has been a great pleasure working with a colleague like you. Now, you are off to your next big challenge! Good luck and farewell!
Isn’t that what we all want to hear when we leave?  We were appreciated and we will be missed.
The need for all parties to maintain professional conduct in the event of resignation is critical, particularly now when we are working within an unsettled socio-economic climate. Employees should avoid damaging relationships, and employers need to adopt a neutral approach and ensure that there are policies and processes that enable the separation to be objectively handled.  For example: ·A formal resignation letter is required·A formal acceptance of resignation is issued confirming any special conditions·An exit interview takes place·Handovers are planned and executed
Our HR team advise those who resign their position to adhere to a few golden rules. Failure to do so could harm whatever bonds have been formed at the workpla…

It's Not Your Fault, But..

It’s Not Your Fault, But…
Its’s not mine, either. When something goes wrong, whether at work or home, most people immediately start casting around for somebody to blame. Over the weekend, I was reading and drinking a cup of coffee which was perched on the arm of the couch.  I do this daily, and have never spilled it.   My daughter came into the room, I put my reader down next to me and we started chatting.  A little later, I picked the reader up, turned to my coffee, and knocked it over.  Something in my expression caused her to ask whether it was her fault.  Of course, it wasn’t, but a mean, small part of me was thinking, well, no, but if you hadn’t come in the room…  And she was kind enough to help me clear it up!
If that lamp post wasn’t there If that faster person wasn’t in the race If the traffic light hadn’t turned red at just that moment If we hadn’t hired Joe, I would have got the promotion If, if, if….. We are very quick to accept the “if” when it is about us, and much slower to do so…

It's Not My Job

It’s Not My Job
Assuming that there are reasons for saying this: 1.It’s not your job and is totally is outside of your skill set 2.It’s not in your KPIs and you don’t want to do it 3.You believe you are being exploited and want to draw a line as to what you will and won’t do. Outside your skill set This is reasonable and there could be many scenarios where this is appropriate
·Where there is a safety or special licence requirement to do the job eg driving a forklift truck
·Where there is a formal qualification like giving legal advice
·Where additional qualifications are required as in a medical doctor without surgical qualifications or experience


Not in my KPIs This response could be perceived as a lot more negative, not to mention career limiting. If there is a good reason why you can’t step outside your pure job description, share that immediately.  ·“I would love to be able to help, however, I need to complete this project by 5 pm today and I am out of the office all day tomorrow at our larg…