Enterprises with hundreds of employees across multiple locations, using disparate systems for payroll, running multiple monthly payroll cycles, and having high attrition are breeding grounds for payroll fraud.
Per the ACFE Occupational Fraud Report 2022, payroll fraud accounts for 9% of asset misappropriation schemes with a median loss of $45,000 to organizations.
Payroll fraud is a long-running risk.
Typically, it takes 18 months to get detected after it starts. On the other hand, small businesses lacking documented payroll policies and relying on spreadsheets for processing payroll in-house are at risk of human errors and security breaches resulting in non-compliance.
This article discusses 10 common payroll risks and controls you can implement to mitigate them:
- Employee Onboarding Programs
- Why does Employee Onboarding Matter?
- Best Practices for Onboarding New Employees
- Wrong Categorization of Employees
- Security Breaches
- Fraudulent Expense Claims
- Reliance on a Single Employee
- Compliance Errors
- Payroll data loss
- Poor downstream data
10 Common Payroll Risks
Payroll risk is a reality irrespective of the size of your organization or the industry vertical it operates in. Major common payroll risks are as follows:
1. Ghost Employees
It is a type of payroll fraud resulting in overpayments. Generally, a member of the payroll team executes it.
Ghost workers exist when payroll team members leave a terminated employee on the payroll. They change the ghost worker’s bank account details to route the payout to their own or a third-party account. Illegitimate payments or bribes can also be disguised as salary payouts this way.
2. Timekeeping Fraud
A lack of direct supervision, remote working environments, or manual timekeeping methods could lead to employees entering more billable hours in timesheets than worked. Generally, the number of hours added is small enough to escape cursory timesheet reviews. Timesheet padding benefits employees working on hourly wages or those eligible for overtime pay.
Payroll Risk Mitigation Kit
Download Cheatsheet and Checklist to Avoid Payroll Mistakes
3. Proxy Attendance Punching
It is another type of timekeeping fraud where an employee punches in and out times for a fellow employee who is not at work. It can quickly snowball into widespread behavior if not checked immediately. Tight supervision, strict penalties, and biometric attendance systems are methods to eliminate this risk.
4. Wrong Categorization of Employees
Incorrect classification of contractors, part-time and full-time employees can lead to miscalculations as the payroll tax laws, labor rules, and benefits that apply to each of these categories differ. If this is intentional, done to save on employee costs, it amounts to payroll fraud.
As per the 2020 National Employment Law Project report, 10-30% of US employers misclassify their employees as independent contractors, saving as much as 30% of payroll and related taxes otherwise paid for regular employees.
5. Security Breaches
Payroll information contains sensitive data such as tax identification, bank account data, and KYC documents. Lax security measures or unsophisticated cyberattacks could result in salary data leaks which could put employees at risk of identity theft or financial fraud. It could also result in the routing of payroll transactions to incorrect accounts.
6. Fraudulent Expense Claims
Expense reimbursement fraud occurs when employees claim reimbursement for fictitious or inflated expenses or tag personal expenses as business expenses. Employees may also submit duplicate claims or claim out-of-policy expense reimbursement by error or intent. Enterprises that rely heavily on field agents or have employees travelling to client locations are more susceptible to this risk.
7. Reliance on a Single Employee
Over-reliance on a single employee is a commonplace internal control deficiency in the payroll process, specifically in smaller organizations. Consider a situation where a single employee is responsible for adding and removing employees from the payroll system, entering time and pay rates, approving payouts, and reconciling the bank account statement.
There are high chances of process errors going unnoticed as well as fraud. It also adds to key-person risk in which the absence of this employee for an extended period can be a significant disruptor of the payroll function.
8. Compliance Errors
Payroll involves tax calculations as per statutory rates and rules. It also includes adhering to various labor laws like EPF, Gratuity, Pension schemes, etc. These rules change as per government policies, and your payroll process must keep pace with these changes to avoid non-compliance penalties and litigation.
9. Payroll Data Loss
If your enterprise payroll information is stored in physical documents or on individual devices, there are high chances of damage, data corruption, or loss. Regulations require enterprises to store payroll information securely with adequate backups and disaster recovery mechanisms for specific periods.
10. Poor Downstream Data
According to the latest EY Global payroll survey, poor source data is among the top two challenges that payroll functions face globally.
Enterprises lack structured data governance models that assign data ownership and set data quality standards. As a result, data entering the payroll application may not be accurate, complete, and consistent, resulting in payroll mistakes and non-compliance.
Payroll Control Measures
Payroll controls are guardrails for preventing and mitigating risks in the payroll process. They encompass the people, process, and technology aspects of payroll.
These can be concurrent, like real-time fraud alerts and reports, or they can also be retrospectives, like forensic audits and management reviews.
1. Audit Controls
Ensure periodic internal and external audits to cover every aspect of the payroll process, from policy creation to payout disbursals. The audits must check if the employee list and bank account details configured in the payroll system are current.
Auditors must check all expense invoices, timesheets, investment proofs, and other documents submitted by employees for payroll calculations. They must also ensure payroll calculations are as per the latest tax rates and labor laws and that the salary structures adhere to company policies.
2. Calculations Controls
Consider implementing biometric timekeeping systems with in-built controls to eliminate buddy punching and timesheet padding. Use automated payroll software to minimize calculation errors and send auto-generated exception reports to supervisors for review. If manual timekeeping and calculations are necessary, ensure supervisors double-check timesheets and payouts before approval.
3. Payout Controls
Ensure a separate current account for payroll transfers for easy reconciliation. Enable electronic transfers to employee bank accounts to ensure timely and accurate payments. It eliminates the chances of check fraud.
Set automatic alerts for multiple payouts in the same bank account in the same payroll cycle. It can alert you to possible ghost employees. Before the payment transfers, double-check for any significant month-on-month variance in employee salary amounts.
4. Process Controls
Ensure that crucial tasks are segregated between payroll team members to minimize key-person risk and fraudulent activity. Separate personnel must handle employee records in the payroll application, preparation, and disbursements.
Automate payroll processes to minimize manual data entry and increase accountability with electronic audit trails. Consider secure self-service portals to empower employees with clear visibility into the payroll process and quick resolution of complaints.
Risk Management in Payroll
Payroll risk management requires a structured approach. Following are the steps towards implementing a sustained payroll risk management function.
1. Identify Risks
Conduct a thorough AS-IS assessment of payroll processes, IT applications, and third-party partners to understand the possible errors or frauds.
2. Prioritize Risks
Prioritize risks basis the probability of occurrence and severity. For example, if you use manual timesheets without supervision, timekeeping fraud is a high probability risk with severe impact.
3. Define Response Strategies
Based on the prioritization, choose to eliminate risks where possible, increase risk controls where elimination is not possible, transfer the risk to an outsourcing partner or tolerate the risk within acceptable limits.
4. Monitor Risk
Monitor the error and fraud rates concurrently through automated reports and conduct forensic audits at regular intervals.
Payroll challenges are on the rise.
The rise of the gig workforce, remote workplaces, and flexible timings expose enterprises to higher risks of payroll errors and fraud.
PwC’s Global Economic Crime and Fraud Survey 2020 revealed that companies that actively invested in fraud prevention control programs incurred 42% lower response costs and 16% lesser fines and penalties.
HR leaders must ensure cross-functional collaboration to develop an enterprise-wide payroll risk management strategy and leverage automation to tackle these challenges.