Payroll System Controls

Audit
Change authorizations
Change tracking log
Error-checking reports
Expense trend lines
Issue payment report to supervisors.
Restrict access to records
Separation of duties

Automated timekeeping systems

Calculation verification
Hours worked verification
Match payroll register to supporting documents
Match time cards to employee list
Overtime worked verification
Pay change approval

Update signature authorizations.

Hand checks to employees
Lock up undistributed paychecks
Match addresses.
Payroll checking account
. Have either internal auditors or external auditors conduct a periodic audit of the payroll function to verify whether payroll pa
. Only allow a change to an employee’s marital status, withholding allowances, or deductions if the employee has submitted a
. If you are processing payroll in-house with a computerized payroll module, activate the change tracking log and make sure th
. Some types of payroll errors can be spotted by running reports that only show items that fall outside of the normal distributi
. Look for fluctuations in payroll-related expenses in the financial statements, and then investigate the reasons for the fluctuati
Send a list of payments to employees to each department supervisor, with a request to review it for correct payment amount
. Lock up employee files and payroll records at all times when they are not in use, to prevent unauthorized access. Use passwo
. Have one person prepare the payroll, another authorize it, and another create payments, thereby reducing the risk of fraud u

. Depending on the circumstances, consider installing a computerized time clock. These clocks have a number of built-in contr
. If you are manually calculating payroll, then have a second person verify all calculations, including hours worked, pay rates us
. Always have a supervisor approve hours worked by employees, to prevent employees from charging more time than they ac
. The payroll register shows gross wages, deductions, and net pay, and so is a good summary document from which to trace ba
. There is a considerable risk that an employee will not turn in a timesheet in a timely manner, and so will not be paid. To avoid
. Even if you do not require supervisors to approve the hours worked by employees, at least have supervisors approve overtim
. Consider requiring not just one approval signature for an employee pay change, but two signatures – one by the employee’s

When check signers leave the company, remove them from the authorized check signer list and forward this information to th
. Where possible, hand checks directly to employees. Doing so prevents a type of fraud where a payroll clerk creates a check f
. If you are issuing paychecks directly to employees and someone is not present, then lock up their check in a secure location.
If the company mails checks to its employees, match the addresses on the checks to employee addresses. If more than one ch
. You should pay employees from a separate checking account, and fund this account only in the amount of the checks paid ou
 to verify whether payroll payments are being calculated correctly, employees being paid are still working for the company, time records a
e employee has submitted a written and signed request for the company to do so. Otherwise, there is no proof that the employee wanted
racking log and make sure that access to it is only available through a password-protected interface. This log will track all changes made to
side of the normal distribution of payroll results. These may not all indicate certain errors, but the probability of underlying errors is highe
e the reasons for the fluctuations.
for correct payment amounts and unfamiliar names. They may identify payments being made to employees who no longer work for the co
thorized access. Use password protection if these records are stored on line. This precaution is not just to keep someone from accessing t
y reducing the risk of fraud unless multiple people collude in doing so. In smaller companies where there are not enough personnel for a p

e a number of built-in controls, such as only allowing employees to clock in or out for their designated shifts, not allowing overtime withou
g hours worked, pay rates used, tax deductions, and withholdings. A second person is more likely to conduct a careful examination than th
ging more time than they actually worked.
ment from which to trace back to the supporting documents for verification purposes.
d so will not be paid. To avoid this problem, print a list of active employees at the beginning of payroll processing, and check off the names
supervisors approve overtime hours worked. There is a pay premium associated with these hours, so the cost to the company is higher, as
es – one by the employee’s supervisor, and another by the next-higher level of supervisor. Doing so reduces the risk of collusion in alterin

orward this information to the bank. Otherwise, they could still sign company checks.
ayroll clerk creates a check for a ghost employee, and pockets the check. If this is too inefficient a control, consider distributing checks man
r check in a secure location. Such a check might otherwise be stolen and cashed.
dresses. If more than one check is going to the same address, it may be because a payroll clerk is routing illicit payments for fake employe
mount of the checks paid out. Doing so prevents someone from fraudulently increasing the amount on an existing paycheck or creating an
 r the company, time records are being accumulated properly, and so forth.
oof that the employee wanted a change to be made. The same control applies for any pay rate changes requested by a manager.
will track all changes made to the payroll system, which is very useful for tracking down erroneous or fraudulent entries.
y of underlying errors is higher for the reported items. The payroll manager or a third party not involved in payroll activities should run and

who no longer work for the company.

eep someone from accessing the records of another employee, but also to prevent unauthorized changes to records (such as a pay rate).
e not enough personnel for a proper separation of duties, at least insist on having someone review and authorize the payroll before payme

, not allowing overtime without a supervisory override, and (for biometric clocks) eliminating the risk of buddy punching. Also, you should
a careful examination than the person who originated the calculations.

sing, and check off the names on the list when you receive their timesheets.
st to the company is higher, as is the temptation for employees to claim them.
the risk of collusion in altering pay rates.

nsider distributing checks manually on an occasional basis.

cit payments for fake employees to his or her address.

xisting paycheck or creating an entirely new one, since the funds in the account will not be sufficient to pay for the altered check.
ested by a manager.
ulent entries.
ayroll activities should run and review these reports.

records (such as a pay rate).

orize the payroll before payments are sent to employees.

dy punching. Also, you should send any exception reports generated by these clocks to supervisors for review.

or the altered check.