Updated: Apr 20
People expect payroll to be correct. They want to turn up to work and do their job. They also expect that their pay is accurate and delivered on time.
When we talk about payroll risk, we are really imagining the risk that someone’s pay doesn’t arrive on time or that it’s been incorrectly calculated. Strictly speaking, these are actually the impacts of the payroll risk becoming a payroll issue. The actual “risk” itself is that there might be a key person in your organisation who’s been doing payroll for twenty years and all payroll processes are in their head.
They’re the only person who knows the little tweaks that they need to do to get the payroll to work, and these tweaks aren’t documented anywhere. When that person leaves, the chance of somebody being able to come along and replicate what the previous person has done is very low.
One thing to note is that just because someone has been running your payroll for twenty years, doesn’t necessarily mean that they’re doing it right. It should mean that it’s consistent, which is also important.
From an employee’s perspective, nobody wants to work the same shifts this week as they did the week before and get paid differently for it. That can start to raise all sorts of questions in people’s minds around the company’s capabilities and cause them to lose faith in the organisation as a whole.
Companies spend hundreds of millions of dollars on employee engagement, but the moment the company is found to have paid their employees incorrectly (even just once), all of that money spent goes down the toilet. It’s very hard to forgive the perception of an organisation stealing your hard-earned money from your payslip.
What factors determine payroll risk?
Most people don’t understand how complicated payroll can be. It’s an incredibly complex environment where you have rule upon rule, and each rule can influence the other. The good news is that there are experts who can help with that. We’ve created a quick self-diagnostic tool that you can use to measure your risk profile.
A common source of payroll risk is long-term staff. Whilst having longstanding payroll people is a positive thing, it can also be a negative because chances are, they probably haven’t documented everything that they do. Then if they get ill, retire or resign, it leaves the organisation with no idea what to do to successfully run the pay. This can be a major cause of risk, even though it’s a positive thing that you’ve retained your staff for so long.
Due to the type of work they do, payroll staff tend to be quite secretive and introverted. That creates a barrier to the good practice of external review of the design and execution of the organisation’s processes. Ongoing external process review is absolutely critical to ensure payroll stays current and compliant.
Another source of payroll risk is perpetual change. Legislation and awards change all the time, and that’s why payroll is like a minefield. It requires people to be up to date and to proactively maintain their processes and their system configuration. This risk can be exacerbated if you don’t provide enough time to your payroll team for professional development or fail to bring external knowledge into the team.
Speaking of change, technologies very quickly reach the end of their working life. Organisations change their HCM systems on average every five years or so, providing both a risk and an opportunity. These systems must be configured to support the organisation’s business processes and rules, often ending up with twenty pages of rules explaining exactly what to do and when.
Every vendor needs to configure their technology to support an organisation’s way of working. There will always be compromises between the way the organisation wants to work, and the limitations of the technology being implemented. Significant risks lie within the compromises reached to implement a working HCM system within the established ways of working within any organisation.
Payroll also needs to be done on time. Payroll teams have a small window to close out timesheets and to run the pay. The systems that we implement help to automate much of that, but while automation can help with speed, it also needs to be an appropriate solution. No solution is perfect, and so there’s always going to be an amount of manual intervention needed to run pay in a complex organisation.
The manual interventions needed can encompass exception reports which highlight where fixes or workarounds need to be actioned and can even result in employees being intentionally overpaid as the most cost effective way to mitigate risk of underpaying staff or if the payrun taking too long to close out on time.
How can payroll risk be mitigated?
As a general rule, the more exception reports you have, the more you’re reducing risk. At the same time, it also increases the amount of time that it takes to run payroll. These exceptions and manual workarounds also need to be documented so that there isn’t a knowledge gap when someone leaves the organisation.
In fact, a lot of mitigation comes back to documentation, because without that, your organisation has no source of absolute truth when it comes to how it approaches payroll. With this documentation, an organisation can explicitly describe their requirements to vendors. Vendors need to be careful to only change processes which have been explicitly accepted as needing change by the organisation.
For effective risk mitigation, it’s also important to understand the “why”. Knowing the “what” is normally not enough to truly validate the correctness of a payrun. For every step needed to successfully conclude a payrun, there may be many reasons for that step. Without understanding the logic of “why” any step is executed, it would be very difficult to verify its correctness.
It’s like being given an Excel sheet that someone else has coded up. The sheet runs calculations as a black box so you use it, until it breaks for some reason. Now you need to look into the formulas in the cells to try to fix the problem. Reverse engineering someone else’s Excel sheet is incredibly difficult, but still nowhere near as difficult as reverse engineering an organisation’s payroll process and calculations.
Understanding “why” a process or calculation is done the way it’s done makes fixing it so much easier.
Another way to mitigate risk is to run real-time validation. If your data is accurate and you’ve defined and documented your processes correctly, running two different pieces of software in parallel to calculate the end result is a simple and effective way to mitigate risk. Real-time validation is useful to make sure that the rules configured into your technical system are correct.
One of the best ways to mitigate risk is to enable your team to be flexible and agile so that it can mitigate its own risk. Your payroll team should reflect upon its processes and outcomes in an ongoing cycle, so as to spot things that aren’t working and to proactively fix them.
Technical systems themselves are just a small component. Most of the issues we see when it comes to incorrect payments are down to human and process error. Most errors of pay occur when correct data doesn’t even make it into the technical system.
For example, if managers at a large organisation with hundreds of stores get into the habit of asking their employees to take out the rubbish at the end of the shift after they have ‘clocked out’, that’s a potential underpayment of $50 million per year that has not even reached the technical system.
So, what’s your business risk?
The penalties associated with systemic payroll abuse and incorrect payroll are massive. The maximum fines are insane, and they come on top of any underpayments that they owe. In 2019, Woolworths admitted that they’d underpaid thousands of staff by as much as $300 million. On top of having to pay that $300 million in wages, they also faced a maximum fine of $630,000 per worker. On top of this, company Directors can also be held personally liable for underpayments, with the potential punishment of imprisonment should the violation be severe enough.
And so, the real question is how big is your risk? And just how much might you have to pay out if you don’t actively investigate your payroll processes and systems, and resolve discovered issues?
Take our simple self-diagnostic that you can use to measure your risk profile and to get an indication of where you stand.
Take our self-diagnostic test
For each of the questions below, score yourself from 0 to 5.
Businesses can email firstname.lastname@example.org or call 1300 287 213 for free first-step advice on how to ensure your payroll processes can safeguard your payroll compliance. Follow us on Linkedin or sign up here to receive our articles direct to your email inbox.