In 2020, the IRS published an alert urging employers and taxpayers to beware of tax scams, including payroll phishing schemes. And that’s only the beginning when it comes to payroll threats.
In general, employers must also guard against:
- Noncompliance with payroll laws, whether intentional or unintentional.
- Payroll fraud by employees.
- Misuse of self-service technology.
- Unforeseen disasters that can disrupt the payroll function, such as fires, storms, hurricanes, pandemics and terrorist attacks.
These threats can severely hinder business operations, damage the bottom line, or harm the company’s reputation. So, it’s essential to have payroll risk management procedures in place.
Payroll risk management is about establishing and maintaining guardrails for preventing and combating payroll threats.
Also called “internal payroll controls,” these guardrails help protect your business against payroll scams, noncompliance, and disturbances stemming from disasters.
To develop appropriate safeguards, you’ll need to take a sweeping look at your payroll responsibilities, processes and systems. Then, create solutions to improve weaknesses.
Below are situations to consider.
Phishing Scams
The IRS has warned that employers, tax professionals and taxpayers need to guard against phishing schemes designed to steal Form W-2 details and other tax information. In addition, direct deposit and gift card scams are on the rise since more people are working from home because of the COVID-19 pandemic.
Be sure to train your payroll employees on how to spot, thwart and report payroll phishing scams.
Payroll Compliance
Determine the federal, state and local wage-and-hour and employment tax laws your business must comply with. Generally, these include hours worked, minimum wage, overtime, meal and break periods, exempt employee compensation, child labor, timekeeping, recordkeeping, and mandatory and voluntary deductions.
Create standardized procedures for administering your wage-and-hour and employment tax responsibilities, and for verifying accuracy.
Employee Payroll Fraud
Use a timekeeping system that vastly reduces the chance of time theft by employees, such as an automated platform that eliminates “buddy punching.”
Route timecard information to the employee’s manager or supervisor for approval before sending the data to payroll for processing.
Segregate payroll duties to avoid one employee or department having sole control over your payroll function. If your business has only one payroll employee, assign a qualified backup, such as someone in accounting.
Double-check your payroll transactions for each pay period to verify that wages are paid to employees who actually earned the wages.
Perform a thorough preemployment background check on employees who will be handling payroll duties.
Confirm that your bank has procedures for detecting and reporting fraudulent payroll checks.
Employee Self-Service Technology
Inform employees that:
- Unauthorized use of the self-service portal is prohibited.
- They should keep their login credentials for the portal private.
- They must enter only accurate information when updating their payroll/HR information through the self-service portal.
Disasters and Emergencies
Develop a payroll continuity plan that enables you to fulfill your payroll obligations in the event of a disaster or emergency.
If you outsource payroll, the provider should have a contingency plan for meeting designated payroll duties during disasters and emergencies.