No matter the size or nature of your business, payroll is something you have to monitor and manage carefully. The payroll process can be complex to understand, especially as the rules and regulations governing it are numerous and constantly changing. If you fall foul of legislation, you could face steep payroll penalty fines, potentially damaging your reputation in the market and the eyes of your customers and employees.
But the potential risks associated with payroll go beyond non-compliance with regulations (intended or unintended.) Other potential pitfalls include human error, negligence, fraud, natural disasters, and technology failures.
Here are the top 10 most common payroll risks and some of the strategies you can implement to avoid or mitigate them:
Yes, you read that right. Unfortunately, “phantom employees” are alive and well in our modern workplace. These individuals are people who either genuinely exist on paper only and are being paid “under the table” or who are deceased. Sadly, in cases where such errors are intentional, it’s not uncommon for those in positions of power or who are responsible for managing the payroll to be involved in this flavor of fraud.
More than half (58.1 percent) of the US workforce is paid according to the number of hours or days they work. Padding of hours happens when somebody misrepresents or overstates the amount of time they’ve been on the job. Legacy timekeeping mechanisms such as manual employee time clocks and time-stamping machines often fall short of avoiding this type of payroll fraud.
Remote working arrangements where people are allowed to perform their jobs from home can also result in the padding of hours creeping in.
A common area where companies fall in their payroll management is the incorrect categorization of different employee types. For example, if you use the services of freelancers and contractors, you’re not required by law to pay taxes on the fees you pay them.
It follows, therefore, that contractors and freelancers should not be included on your payroll but rather classified as a business expense.
Like any corporate system that contains confidential and personally identifiable information, payroll platforms require an additional layer of security. But too often, in-house payroll administrators protect their databases with little more than a single password to the effect of “password123.” This won’t do and opens up the organization to potential liability.
Hackers are known to target small and medium-sized businesses precisely because of this general lack of rigor when it comes to payroll security protection.
As we touched on earlier, there is a multitude of laws that govern employee compensation, tax, and payroll activities. These regulations exist at a federal, state, and local level.
The implication of these rules on payroll is that you need to record and be able to report on data such as the number of hours your employees have worked, minimum wages, overtime, break periods, timekeeping, and deductions, to name a few.
System failures and data loss can result from unforeseen events such as natural disasters (fires, floods, or earthquakes), equipment breakdowns, or old-fashioned human error.
However, a more common cause of these issues is cybercrime. In particular, phishing scams and ransomware attacks have become commonplace in recent years as they are effective means to trick unsuspecting users into sharing company confidential information. When this happens, sensitive employee data and financial information can be stolen or compromised. In the event of a ransomware attack, corporate systems, including payroll, are rendered inaccessible until the company pays over a ransom to the perpetrators.
As business becomes increasingly digital, more organizations are opting to outsource non-core functions to third parties. Today, it’s not uncommon for small and medium-sized enterprises to use the services of “fully virtual” bookkeepers and accountants.
The upsides of this arrangement include saving on the cost of hiring a dedicated in-house resource. However, it introduces the risk of errors being made on the provider’s part if they lack the depth of knowledge of the client’s business. Other risks include the payroll service provider hiring an unscrupulous employee who siphons off money from your payroll into their own pocket.
Performance issues and delays resulting from the non-compatibility of your technical systems and those of your payroll provider are other risks to consider if you choose to go this route.
Unfortunately, if you decide to keep your payroll function in-house, you’re not immune to problems either. One of the drawbacks of this arrangement is disruption or “brain drain” due to payroll administrators leaving the business.
This risk is especially high if you still use manual rather than digital payroll solutions.
Did you know that in some states, you’re legally obliged to pay your employees twice a month? Of course, if you run a business and are based in a single location, that’s not really an issue. But if you decide to open up a new branch or hire somebody in such a state to work for you remotely, you could quickly get into trouble.
To avoid running into problems with the IRS regarding your payroll tax obligations, it’s a good idea to bring in an external expert once a year to revisit your payroll processes and procedures and ensure you’re in compliance with the tax rules applicable to you. Unfortunately, the IRS is unlikely to accept ignorance as a valid excuse for payroll tax missteps.
No business owner likes to think that one of their own is secretly defrauding them behind their back. But you only need to read the news to understand that such occurrences are all too common, and sometimes such fraud goes undetected for months or even years.
A simple way to reduce the likelihood of this happening in your business is to segregate payroll duties. This means that no single employee has exclusive access to the payroll function and its associated systems.
And it goes without saying that you should always conduct thorough background checks on any prospective employees you’re considering hiring to work in your payroll department.
If you’ve found the above list of potential payroll risks a little overwhelming, don’t despair! With a little planning and careful selection of some of the technology tools at your disposal, you can avoid waking up one day to find yourself in a payroll nightmare.
Here are our top 4 recommendations:
For some people, hearing the term “audit” makes their heart beat a little faster. But audits don’t need to be overly stressful, time-consuming, or expensive. Essentially, an audit involves bringing in the services of an independent and qualified external financial expert to periodically review all your payroll data and ascertain that all is as it should be.
Changelogs involve being diligent about ensuring that only authorized and vetted employees in your organization have the authority to access and make changes to any of your payroll records and data.
Don’t assign a single person the responsibility of making payroll calculations and payroll transactions and checking them. Be sure to always have someone as a backup to review all the numbers and check that all data (such as the number of hours employees have worked, pay rates, overtime, and any deductions) are checked and double-checked.
If someone with payroll administrative privileges leaves your organization, be sure to revoke their access to your systems immediately.
Another aspect of payroll due diligence that should never be overlooked is monthly variance analysis. Segregate your payroll data by department and function and compare the results with your current payroll budget and your actual payroll spend the prior year.
Any major variances should alert you that something could be amiss.
Diligent record-keeping isn’t just part of good payroll practice, it’s also the law. As an employer, you’re legally obliged to keep hiring and employment records (including timesheets and expense claims, records of any disciplinary actions taken against an employee, and annual or periodic performance reviews.) It’s a good idea to ask your external auditor to review these documents as part of their regular services to you.
In our digital world, the days of records and archives gathering dust in a locked filing cabinet somewhere are gone (or at least they should be!) If you haven’t already, invest in a digital record-keeping solution as well as a robust off-site data backup and recovery service.
Responsible employers who ensure they follow the proper payroll risk management practices will be rewarded with few, if any, legal or tax worries or incidents of payroll fraud.
If you’ve been wondering if there are ways to safely enrich the scope and capabilities of your payroll function to the benefit of your employees, you might be interested in exploring a payment card solution, such as that offered by Payactiv. It’s not only an efficient way to get more employees to participate in direct deposit and on-demand pay, but also a great way to handle any off-cycle payment needs as well.
The market and use cases for on-demand pay apps are growing exponentially in every sector, and for good reason.
The first, most obvious reasons are speed and convenience. But beyond that, most instant cash apps are a safe way to allow employees to pay for goods and services and exchange money with friends, family, or co-workers. Reputable providers of these apps will ensure that all data in transit is encrypted, and they’ll be PCI-DSS level 1 certified. Many also offer fraud protection for any unauthorized charges.
Learn more about Payactiv’s service here.
The Great Resignation continues unabated; currently, one in five employees says...
* The Payactiv Visa Prepaid Card is issued by Central Bank of Kansas City, Member FDIC, pursuant to a license from Visa U.S.A. Inc. Certain fees, terms, and conditions are associated with the approval, maintenance, and use of the Card. You should consult your Cardholder Agreement and the Fee Schedule at payactiv.com/card411. If you have questions regarding the Card or such fees, terms, and conditions, you can contact us toll-free at 877-747-5862, 24 hours a day, 7 days a week.
** Central Bank of Kansas City is the issuer of the Payactiv Visa Prepaid Card only and does not administer, endorse, nor is liable for the Payctiv App.
1 Standard rates for data and messaging may apply from your wireless provider.
Google Play and the Google Play logo are trademarks of Google LLC.
Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc., registered in the U.S. and other countries.