In today’s modern business world, security is a high priority and payroll internal controls help you secure your business information and protect confidential employee information. In addition to protecting against data leaks and ensuring that sensitive information remains confidential, it also helps to prevent the possibility of financial fraud. Employees are one of the most important assets of your business and healthy HR practices help impact and ensure your bottom line and budget. Show
Patriot Software notes, “Payroll internal controls are the procedures your business follows to protect its payroll information. Payroll controls and procedures prevent employees from accessing confidential information. Internal controls also prevent employees from stealing money from your business through overpayments and false time records. In large businesses, payroll internal controls involve dividing payroll tasks among departments and employees. Dividing tasks ensures many people have their eyes on the payroll process, meaning someone has less ability to commit fraud. With your small business, dividing payroll tasks is probably not practical.” Payroll internal controls best practices for your businessNot matter what size your business, it’s important to pay payroll internal controls. Here are the payroll internal controls best practices your business should know. 1. Change reportA change report runs every payroll cycle can help you identify anything that’s changed since the last payroll run. This is a good way to keep an eye on the goings-on of your HR operations, allowing you to monitor anything different, such as payroll rate changes, addition of employees, or employee bank account changes and to ensure that terminated employees aren’t continuing to be paid after their departure. Not only can this prevent any unauthorized changes, but it also makes it easier to approve changes that have been requested. It’s advisable that this report is run by someone outside of direct HR control, such as the CIO or other executives. 2. Review the payrollA payroll internal controls best practice is to continue reviewing all payroll registers before and after it’s submitted to anyone running the payroll, particularly 3rd-party payroll company. This process is additional steps to what should be a straightforward payroll process, but this kind of review is necessary as a step to prevent theft, data leaks, and theft. 3. AutomateKreischer Miller reminds businesses, “Many payroll packages now offer an electronic timekeeping module directly in the payroll system. At the end of each week, supervisors can log into the module and approve employee hours, which are then automatically transferred to the payroll processing module. By eliminating the use of manual time cards, organizations reduce the risk of error through data entry, while also making the payroll cycle more efficient.” Not only does automation make things faster and more efficient, but it also creates a reduced risk of financial errors for businesses. 4. Use access controlTwo vital system elements will help safeguard your HR and employee data. Payroll systems should be, whenever possible run electronically. Any physical files that need to be stored should be restricted to those with physical keys or access cards. Use digital checks and direct deposit whenever possible, making sure that check stock is kept in a secure location and regularly inventoried. 5. Create segregation of dutiesIn some businesses, having different people performing different tasks related to payroll can reduce the risk of too much access. As Kreischer Miller notes, “Sufficiently segregating responsibilities will help to control the risk of unauthorized changes or transactions.” This means that only certain individuals can access the entirety of the payroll system information log, for instance. For some companies, this kind of segregation of work can create too many specialized roles for some department or series of tasks. Other companies aren’t large enough to have that many employees involved in the first place. For those who are, it might make sense to divide responsibilities this way
Protecting your payroll is part of protecting your business. Establish payroll internal best practices keeps your finances in order and keeping employees from being able to take advantage of your business. Ensuring that all your HR employees are trained in the correct and accurate processes is essential in maintain safety in your HR and payroll operations.
In order to continue enjoying our site, we ask that you confirm your identity as a human. Thank you very much for your cooperation.
In order to continue enjoying our site, we ask that you confirm your identity as a human. Thank you very much for your cooperation.
Here's what you need to know about what payroll internal controls are and why you need them:
Your payroll department contains sensitive information, which must be protected at all costs. The best way to safeguard this information is to adopt and maintain payroll internal controls. What are payroll internal controls?Payroll internal controls are measures employers implement in their payroll department to protect payroll information and ensure accurate payroll transactions. These controls come in various forms and ultimately depend on the risk factor involved. Before we get into the different types of payroll internal controls, let’s examine why employers need them. The importance of payroll internal controlsPayroll is privy to the following employee or employer information (and more):
Without payroll internal controls, this information can be compromised through:
Let’s go through each of these in more detail. Payroll Diversion ScamsBetween January 1, 2018, and June 30, 2019, the FBI’s Internet Crime Complaint Center (IC3) received claims regarding total reported losses of $8.3 million due to payroll diversion scams.
This type of scheme involves someone in the HR or payroll department receiving a direct deposit change request from a criminal impersonating an actual employee. When this occurs, the change in direct deposit routes the employee’s paycheck to an account that’s under the criminal’s control. Time TheftThis is an instance of when an employee intentionally inflates their hours worked. For example, they have a coworker clock in and out for them — known as “buddy punching.” Or, they record more hours on their paper timesheet than they worked. W-2 Phishing SchemesCybercriminals attempt to access employees’ Form W-2 data, such as their:
They may use this information to file fraudulent tax returns, or they might sell the data on the dark web. Pay Rate ModificationA payroll employee colludes with a non-payroll employee. In this fraud scheme, the payroll employee increases the non-payroll employee’s pay rate in the payroll system. The payroll employee then returns the pay rate to normalcy after a few pay periods to lower the odds of detection. Ghost EmployeesA payroll employee defrauds the company by paying a “ghost” employee through the payroll system and pocketing the payments. The ghost employee may take the form of:
Answer to see the results
Simplify benefits administration
Improve our virtual onboarding experience
Streamline HR processes
Automate repetitive and time-consuming tasks The Compliance FactorEmployers must execute their payroll obligations — including paying employees — accurately and on time. Otherwise, they can face a slew of headaches and governmental penalties. Internal payroll controls help employers meet their payroll obligations. Types of payroll internal controlsPayroll internal controls come in many forms. Below we detail the more prominent controls to help you verify that your compliance processes are in place and effective. Automated Time and Attendance SystemThis eliminates paper timesheets and employees padding their hours worked. Modern time and attendance systems allow employees to clock in and out from anywhere, from any device. They come with fraud protection features that confirm the employee’s identity and geographic location, thereby eradicating buddy punching. Timecard VerificationManagers should verify their employees’ timecards before submitting the data to payroll. They should clear up any timecard inconsistencies with the employee beforehand. In addition, managers should know the consequences of falsifying employees’ timecards. Segregation of DutiesThis is vital to reducing fraud by payroll employees.
At a minimum, consider segregating the following tasks:
If you have only 1 payroll employee, designate a qualified individual (e.g., someone in accounting) to verify payroll transactions before and after each payday. Training on Payroll Diversion ScamsEducate your payroll employees on the dangers of payroll diversion scams and how to combat them. These email scams often contain tell-tale signs like grammatical errors and incorrect sender email addresses. You can thwart direct deposit email scams by verbally verifying the direct deposit change request with the actual employee. Dedicated Payroll Bank AccountEstablish a separate bank account dedicated solely to payroll. Put only the amount for the upcoming payroll into this account. This way, if someone tries to fraudulently cut a check afterward, the bank will reject it due to insufficient funds. Check Signing AuthorityKeep your list of authorized check signers current. If a check signer leaves the company, remove them from the list immediately and inform your bank accordingly. Pay Raise VerificationVerify pay increases with the employee’s boss. To further reduce the risk of collusion, you can institute a 2-step verification process. For example, verify the pay raise with not only the employee’s supervisor but also the supervisor’s boss. Payroll AuditsPayroll audits help you determine how well you’re meeting your payroll obligations. They show strengths and weaknesses in your payroll:
Payroll audits often reveal the need for stronger payroll internal controls. You can hire an external auditor or assign someone in-house who is qualified. Either way, the goal is to examine your payroll function microscopically to see what’s working and what improvements are needed. Access to Payroll SystemDue to the confidential nature of payroll, only a limited number of authorized individuals should have access to the payroll system. Designate access based on a “need-to-know” basis. For example, your payroll manager needs higher-level access than your payroll clerk. Terminated Payroll EmployeesIf you’re not careful, a disgruntled or untrustworthy payroll employee can harm your company on their way out the door. For example, during their 2-week termination notice period, they may commit embezzlement or steal employees’ personal information. Unless an employment contract says otherwise, many employers make payroll employees’ termination effective immediately and pay them for their two-week notice. This is true regardless of whether the termination is voluntary or involuntary. Employers need payroll internal controlsThis is the best way to protect your employees and your company’s sensitive information. As we’ve demonstrated, payroll threats can be external (e.g., cybercriminals) and internal (e.g., payroll employees). Therefore, you need formidable payroll internal controls. We’ve provided some solutions, such as:
However, you’ll need to take additional measures. For example, run reports to help you detect errors in your payroll transactions. Coordinate with your bank, as well, to improve your payroll security controls. Implementing payroll internal controls is just the start. You must also monitor and update them. Consider using payroll software that strengthens payroll internal controls, not weakens them. Ultimately, the software should safeguard payroll data and boost compliance. To learn more, check out Zenefits all-in-one HR software.
|