Because payroll involves sensitive data, including employees’ Social Security numbers and direct deposit details, employers must take measures to protect this information against payroll fraud. In a 2017 report by Hiscox Inc., payroll fraud was listed as one of the most common types of embezzlement suffered by U.S. companies. The report also stated that employee theft cost these companies $1.13 million in 2016.
No matter your business size, it’s important to establish robust internal controls that not only safeguard against payroll fraud but also allow you to meet the fundamental objectives of payroll, such as paying employees accurately and on time. Following are some suggestions.
Ensure Separation of Duties and Provide Oversight
Separation of duties means assigning different payroll duties to different individuals to minimize the risk of payroll fraud. For example, separation of duties makes it harder for payroll employees to engage in “ghost employee” fraud, such as setting up fake payroll accounts or fraudulently paying employees who no longer work for the company.
Large businesses usually have a more sophisticated separation of duties structure than small businesses. In a large business, you may find multiple payroll specialists and payroll supervisors plus a payroll director or payroll manager. Payroll system access is given to each of these employees based on their job duties, with the payroll director or payroll manager having the highest level of access.
A small business may have only one payroll employee, who’s responsible for reviewing timecards, making timecard edits, and processing and distributing paychecks. Your lone payroll employee should be closely supervised to ensure that payroll funds are appropriately distributed. Also, he or she should not be unilaterally responsible for issuing stop payments and manual checks.
Establish General Internal Controls
In addition to separating payroll duties, general internal controls can help your business establish important safeguards. Your business should do the following:
- Hire a qualified onsite employee to act as a liaison, if you outsource payroll to a service provider. The liaison double-checks the service provider’s work and performs the necessary oversight while serving as a go-between between the employer and the service provider.
- Have your payroll employees sign a confidentiality agreement that forbids them from disclosing payroll-related information to unauthorized individuals.
- Maintain physical payroll records in a secure storage space that is accessible only to authorized personnel.
- Restrict payroll activities to a private area. Payroll should not be processed in the open, such as from a cubicle that makes it easy for nonpayroll employees to see the payroll processor’s computer screen.
- Require that payroll change authorizations—such as changes to employees’ withholding allowances, direct deposit, and pay rates—are made in writing. With written authorizations, you have a paper trail for the requests.
- Reconcile payroll at the end of each pay period to ensure employees’ paychecks and your financial reports are accurate.
- Perform internal payroll audits at least once or twice per year. Periodic audits can help you detect compliance issues and internal payroll problems.
- Document your internal payroll controls and train your payroll staff on how to use them.
Whatever the size of your business, if you need help establishing internal controls and safeguarding against fraud, contact our specialists today.