Top

View Cart
Accounting Bestsellers
Newsletter Sign Up
This form does not yet contain any fields.

    Home >> Payroll Accounting Topics

     

    Payroll Internal Controls

    The types of payroll controls that you should consider implementing will vary by the type and size of a business, as well as whether the payroll is processed internally or by a supplier.  Because the control risk will vary so much by a company’s individual circumstances, it is best to review the following list of controls and then select only those that will improve the control environment.  The controls are as follows:

    Employee Advances.  Employees may ask for advances on their next paycheck, or to cover the cost of their next trip on the company’s behalf.  In either case, it is easy to lose track of the advance.  The following controls are needed to ensure that an advance is eventually paid back.

    • Continually review outstanding advances. When advances are paid to employees, it is necessary to continually review and follow up on the status of these advances.  A simple control is to have a policy that requires the company to automatically deduct all advances from the next employee paycheck, thereby greatly reducing the work of tracking advances.
    • Require prior approval of all employee advances. When employees request an advance for any reason – as a draw on the next paycheck or as funding for a company trip – this should always require formal signed approval from their immediate supervisors.  The reason is that an advance is essentially a small short-term loan, which would also require management approval.

    Payroll checks.  The storage, printing, and distribution problems associated with checks of all types certainly apply to payroll checks.  The following list of controls is particularly applicable to those companies that process their payrolls in-house, since they handle check stock.  However, even companies that outsource their payroll should consider the controls related to bank reconciliations, uncashed checks, and signature cards.  If employees are paid solely through direct deposits, then these controls do not apply.  They are as follows:

    • Control check stock. The check stock cannot be stored in the supply closet along with the pencils and paper, because anyone can remove a check from the stack, and then is only a forged signature away from stealing funds from the company.  Instead, lock the check stock in a secure cabinet, to which only authorized personnel have access.
    • Add security features to check stock.  Checks can be successfully modified or copied.  To counteract this, purchase check stock with such security features as a “Void” logo that appears when a check is copied, microprinting that is difficult to copy, and holograms that are difficult to reproduce.  A particularly effective method is to print a small lock icon on the face of a check, which warns a bank teller that the check contains security features that are listed on the back.  The teller can then check the list of features and verify that they exist.
    • Control signature plates.  If anyone can access the company’s signature plates, then it is not only possible to forge checks, but also to stamp authorized signatures on all sorts of legal documents.  Accordingly, these plates should always be kept in the company safe.
    • Fill in empty spaces on checks.  If the line on a check that lists the amount of cash to be paid is left partially blank, a forger can insert extra numbers on words that will result in a much larger check payment.  This can be avoided by having the software that prints checks insert a line or series of characters in the spaces.
    • Mutilate voided checks.  A voided check can be retrieved and cashed.  To keep this from happening, a stamping device that cuts the word “void” into the surface of the check should be used, thereby sufficiently mutilating it that it cannot be used again.
    • Perform bank reconciliations.  This is one of the most important controls anywhere in a company, for it reveals all possible cash inflows and outflows.  Compare the bank statement’s list of checks cashed to the company’s internal records to ensure that checks have not been altered once they leave the company, or that the books have been altered to disguise the amount of the checks.  It is also necessary to compare the bank’s deposit records to the books to see if there are discrepancies that may be caused by someone taking checks or cash out of the batched bank deposits.  Further, compare the records of all company bank accounts to see if any check kiting is taking place.  In addition, it is absolutely fundamental that the bank reconciliation be completed by someone who is completed unassociated with the payroll function, so that there is no way for anyone to conceal their wrongdoings by altering the bank reconciliation.
    • Review uncashed checks.  If checks have not been cashed, it is possible that they were created through some flaw in the payroll system that sent a check to a non-existent employee.  Contact these employees to see if there is a problem.
    • Update signature cards.  A company’s bank will have on file a list of check signatories that it has authorized to sign checks.  If one of these people leaves the company for any reason, he or she still has the ability to sign company checks.  To void this control problem, update the bank’s signature card as soon as a check signer leaves the company.

    Payroll Expenses.  The controls used for payroll cover two areas – the avoidance of excessive amounts of pay to employees, and the avoidance of fraud related to the creation of paychecks for non-existent employees.  Both types of controls are addressed here.

    • Verify hours worked.  Employees may pad their timesheets with extra hours, hoping to be paid for these amounts.  Alternatively, they may have fellow employees clock them in and out on days when they are not working.  Supervisors should review and initial all timesheets to ensure that hours have been worked. 
    • Require approval of all overtime hours worked by hourly personnel.  One of the simplest forms of fraud is to come back to the company after hours and clock out at a later time, thereby creating false overtime hours.  This can be resolved by requiring supervisory approval of all overtime hours worked.  A more advanced approach is to use a computerized time clock that categorizes each employee by a specific work period, so that any hours worked after his or her standard time period will be automatically flagged by the computer for supervisory approval. 
    • Require approval of all pay changes.  Pay changes can be made through the payroll system if there is collusion between a payroll clerk and any other employee.  This can be spotted through regular comparisons of pay rates paid to the approved pay rates stored in employee folders.  It is best to require the approval of a high-level manager for all pay changes, which should include that person’s signature on a standard pay change form.  It is also useful to audit the deductions taken from employee paychecks, since these can be altered downwards to effectively yield an increased rate of pay. 
    • Obtain computer-generated exception reports.  If the payroll software is sufficiently sophisticated, the programming staff can create exception reports that reveal if payments are being made to terminated employees, the amount of payments to new employees, whether negative deductions are being processed, or when unusually high base pay or overtime amounts are being processed. 
    • Issue checks directly to recipients.  A common type of fraud is for the payroll staff to either create employees in the payroll system, or to carry on the pay of employees who have left the company, and then pocket the resulting paychecks.  This practice can be stopped by ensuring that every paycheck is handed to an employee who can prove his or her identity. 
    • Issue lists of paychecks issued to department supervisors.  Give supervisors a list of paychecks issued to everyone in their departments from time to time, because they may be able to spot payments being made to employees who are no longer working there. 
    • Compare the addresses on employee paychecks.  If the payroll staff is creating additional fake employees and having the resulting paychecks mailed to their home addresses, then a simple comparison of addresses for all check recipients will reveal duplicate addresses (though employees can get around this problem by having checks sent to post office boxes – this control issue can be stopped by creating a policy to prohibit payments to post office boxes).

    The preceding set of recommended controls only encompasses the most common ones.  These should be supplemented by reviewing the process flows used by a company to see if there is a need for additional (or fewer) controls, depending upon how the processes are structured.  Thus, these controls should only be considered the foundation for a comprehensive set of controls that must be tailored to each company’s specific needs.

    Related Topics

    Payroll accounting
    Payroll fraud
    What is payroll?