Payroll Risk Management – Everything You Need to Know 

In 2018, two former employees of the Indianapolis Bond Bank were charged with theft and insurance fraud after being accused of stealing nearly $400,000 in unauthorized pay and benefits. One of the employees, who handled the bank’s payroll, was paid $170,000 in the 12 months before being fired, although her annual salary was $57,500.

Payroll security fraud has become a serious issue worldwide, but it’s just one of the many payroll risks global companies face these days. To protect from payroll risks, more and more businesses are putting an emphasis on payroll risk management: the process of identifying, assessing, and mitigating potential risks associated with an organization’s payroll operation.

Payroll risks to be aware of

1. Payroll security fraud

Payroll security fraud refers to any illegal activity that involves manipulating an organization’s payroll system for financial gain. This can include various types of fraud, such as embezzlement, identity theft, and false claims.

In the last couple of years, payroll security fraud has posed a growing threat to companies. 46% of the surveyed organizations in PwC’s latest Global Economic Crime and Fraud Survey reported experiencing fraud, corruption, or other economic crimes in the last 24 months. In 31% of the cases, the main perpetrator was a company employee.

2. Withholding taxes at the wrong rate

Withholding taxes incorrectly results in non-compliance with tax laws. This can lead to fines and penalties, legal expenses, audits from government agencies, and damage to the company’s reputation.

3. Not keeping adequate payroll records

Most countries have labor laws requiring employers to keep records related to employee pay, hours worked, and other payroll information. If a company fails to keep these records, it may be out of compliance with the law and subject to fines, penalties, and other legal action.

4. Employee misclassification

Employee misclassification is the illegal practice of labeling workers as independent contractors – usually to reduce labor costs – when they should be classified as payroll employees. It can result in penalties and fines for the employer.

5. Outdated security software

Outdated security software can render your payroll system vulnerable to cyberattacks. This can lead to data breaches, resulting in employee personal data – such as addresses, Social Security numbers, and bank account numbers – being compromised.

6. Under and overpayments

Under and overpayments refer to errors in the amount of money employees are paid for their work. This can happen due to various reasons, such as incorrect pay rate, incorrect calculation of hours worked, failure to include overtime pay or withholding taxes at the wrong rate.

Both under and overpayments can create problems for employers and employees. Underpayments can cause financial strain for employees, while overpayments can cause financial losses for the employer. Both errors can also lead to legal issues if they are not corrected.

7. Centered and controlled access of one employee to payroll software

Centered and controlled access refers to a system of granting access to payroll software to specific employees. Centered access means that only a designated group of employees who are responsible for managing payroll get access to the software. Controlled access means assigning different levels of access and permissions to different users, depending on their roles and responsibilities in the payroll process.

Having only one employee with centered and controlled access to payroll software creates a single point of failure, increases the risk of data breaches, and can lead to mistakes or fraud going unnoticed due to lack of oversight.

Payroll risk management – definition

Payroll risk management is the process of establishing and maintaining guardrails for combating potential risks associated with an organization’s payroll operation. This includes payroll fraud, risks related to compliance with labor and tax laws, errors in calculating and distributing employee pay, and data security and privacy issues.

Internal payroll controls to mitigate your risks

Internal payroll controls are procedures and policies implemented to protect payroll information and ensure the accuracy, integrity, and security of the payroll process. These controls help prevent errors, reduce the risk of fraud and misuse of payroll information, and comply with laws and regulations. The following internal payroll controls are essential:

• Payroll audits

  A payroll audit is a periodic review of a company’s payroll processes and records to verify that it’s paying employees accurately, timely, and in compliance with the law. Whether you conduct the audit internally or with the help of a third party, reviewing your payroll operation can help keep your company’s payroll records organized and strengthen its financial control.

• Automated time and attendance system

  An automated time and attendance system is a computerized system that companies use to track and record employee hours worked. This can include clocking in and out via a computer, a mobile device, or biometric technology such as fingerprint or facial recognition.

  An automated time and attendance system can help mitigate payroll risk by reducing time theft, also known as timesheet falsification; increasing the accuracy of the data used to calculate employee pay; and ensuring compliance with labor laws and regulations related to tracking and reporting employee hours worked.

• Segregation of duties

  Segregation of duties is the practice of dividing the various tasks involved in the payroll process among different individuals to ensure that no one has complete control over the entire process. Segregation of duties in the payroll process can help organizations detect fraud and comply with laws and regulations.

• Access to the payroll system

  Limiting who can access the payroll system and setting up different levels of access based on the user’s role and responsibilities can help mitigate risk in several ways: it prevents fraud by limiting opportunities for individuals to manipulate the payroll records; protects sensitive payroll information from being disclosed to unauthorized parties; and provides oversight that ensures payroll data is accurate and complete.

• Training on payroll diversion scams

  Payroll diversion scams are a type of fraud in which an attacker redirects an employee’s paycheck or direct deposit funds to an account under their control. This can be done by stealing an employee’s personal information and using it to change the bank account information on file with the employer, or by tricking an employee into providing their personal and financial information through phishing emails or social engineering tactics.

  Training employees on payroll diversion scams can help prevent them from occurring by raising awareness of the types of scams and how to recognize them. It also helps detect scams early by providing employees with the knowledge and tools to spot red flags and take appropriate action.

• Dedicated payroll bank account

  A dedicated payroll bank account is a specific account used solely for payroll transactions. Having a dedicated payroll bank account can help ensure that payroll funds are appropriately accounted for and that transactions are recorded accurately. A payroll checking account also makes it easier to detect any unauthorized or fraudulent transactions.

• Check signing authority

  Check signing authority is the process of verifying and limiting who is authorized to sign payroll checks and releasing them for payment. This is typically done by having a clear and well-documented list of authorized signatories and comparing it with the signature on the payroll check before releasing it. It can also include a dual control system, where two authorized individuals must sign a payroll check before it can be released. Having a check signing authority process in place safeguards the payroll operation by reducing the chances for individuals to misuse the payroll records for personal gain.

• Verifying pay rates

  Verifying employee pay rates is crucial, given all the changes in an employee’s pay over time (due to promotions, shifting to different schedules, etc.) It prevents errors like overpaying or underpaying employees and helps ensure compliance with labor laws and regulations related to pay rates, such as minimum wage and equal pay laws.

The six steps of managing a payroll system

1. Apply for an employer identification number (EIN)

An employer identification number (EIN) is a unique, nine-digit number assigned by the Internal Revenue Service (IRS) to identify a business entity. Businesses are required to use their EIN on all tax forms and documents that they file with the IRS.

2. Gather employee tax documents

As part of managing a payroll system, several employee tax documents must be gathered to accurately calculate and report employee taxes and ensure compliance with legal requirements. These documents include the following:

• Form W-4 – Employee’s Withholding Allowance Certificate. This form is used to determine the employee’s federal income tax withholding.
• Form I-9 – Employment Eligibility Verification. Used to verify the identity and employment eligibility of all employees hired after November 1986.
• Form W-2 – Wage and Tax Statement. Used to report an employee’s wages, tips, and other compensation, as well as the taxes withheld from their pay. Employers are required to provide this form to employees by January 31 of each year, and must also file a copy with the Social Security Administration (SSA) by the end of February.

3. Determine a payroll schedule

A payroll schedule refers to the frequency with which a business pays its employees. Commonly used payroll schedules include: weekly, biweekly, semimonthly, and monthly. When weighing options between payroll schedules, it’s important to consider the following factors: state requirements, the company’s cash flow, market expectations, and employee needs.

4. Document terms of compensation

Managing a payroll system requires outlining and recording how employees will be compensated for their work. This includes information such as salary or hourly rate, any bonuses or commissions they may be eligible for, and any benefits they are entitled to, such as paid time off, health insurance, or retirement savings plans.

Companies are also required to gather written consent from employees before making any voluntary deductions from their paychecks, and to obtain their preferred method of wage payment.

5. Choose a method for processing payroll

Common methods for processing payroll include:

• Manual payroll – calculating and recording employee hours, pay rates, and deductions and then issuing paper checks or direct deposit payments. This method can be time-consuming and prone to errors.
• Payroll software – using payroll software allows companies to automate significant parts of the payroll process. This method can save time and reduce errors compared to manual payroll.
• Outsourced payroll services – hiring a third-party company to handle all aspects of payroll. This method can save companies time, prevent errors, and reduce compliance risks.

6. Open a bank account for payroll

Opening a dedicated payroll checking account can prevent errors or fraud, allows companies to set up direct deposit for their employees easily, and provides a clear record of all payroll transactions, making it easier to reconcile payroll records and taxes.

How can a payroll management system help your business?

A state-of-the-art payroll management system, like Papaya Global, centralizes payroll processes – from onboarding to cross-border payments – through a single dashboard. It supports all types of workers (payroll, EoR, and independent contractors), merges data streams, produces a global view, automates workflows, and ensures accuracy and compliance. Schedule a demo to learn more.