COMPLIANCE
The key areas for consideration generally fall into three categories. First, people. Suitably trained and motivated staff can be a huge contributor to effective compliance. The roles, responsibilities, and accountabilities of everyone involved in the payroll function should be evaluated; appropriate skills, qualifications, and training required to perform the payroll functions should be measured against the roles and those people identified. Second, processes. Understand and document the end-to-end payroll processes; identify gaps in controls; monitor and review controls; ensure segregation of duties; manage data effectively and efficiently. Third, systems. Constantly review to identify potential weaknesses in software security; map IT general controls over payroll systems and supporting infrastructure; and evaluate and future- proof system requirements to ensure they remain fit for purpose. Jaspal Randhawa-Wayte: Payroll departments need to look way ahead and focus on the political and regulatory changes that are likely to be introduced over the next few years, so that they are planned for in advance. Perhaps the most important part of this is having the right discussions with software suppliers to determine whether functionality will be built into their products to make compliance easier and avoid manual workarounds that can result in errors. What are the most effective ways of measuring compliance and auditing processes? SD: It is important that the person measuring compliance and auditing the processes understands the end-to-end payroll process. This means they can identify gaps in controls and help with monitoring existing controls. The controls must be reviewed on a regular basis to ensure they are fit for purpose. Having a good compliance matrix to measure against will enable the operator to see if it is working as designed. The matrix to be measured must be relevant, and it is vital to involve the right people.
Organisations have to consider their key risk indicators, which can be: ● issue response times – how we must have a workable process to identify and report regular or potential issues ● change response – how quickly we can respond to changes in legislation or guidance ● competency of the payroll team – this needs to be continuously assessed, especially if there have been changes in technology or legislation ● system resilience – confidence that your systems are robust and resilient ● data security – with all the changes involved over the years, how much confidence do you have in your systems and processes to keep the data secure? EG: We have a significant number of controls in place at Dataplan, such as message prompts in our software, trackers to ensure deadlines are met and monitored, exception reports and regular auditing of customer records to ensure we are fulfilling their needs in an accurate and timely manner. We ensure excellent communication channels between our payroll professionals and customers. One of our greatest measures is the customer satisfaction and feedback we receive about our service provision. We don’t take this for granted though. To strengthen our service: we hold ISO 27001 accreditation; undertake an annual ISAE3402 audit providing assurance on our key controls; and work within the parameters of ISO 9001. In March this year we re-accredited for the CIPP Payroll Assurance Scheme, involving rigorous audit of our payroll service provision and our approach internally to ensure a positive culture and people processes. JM: I would recommend regular payroll checks, including birthdate triggers to transition on to the next NMW rate, as well as extra care around 1 April NMW annual rate increase. Start and end dates of apprentice require robust checks to ensure NMW compliance. Where a worker has entered into voluntary salary sacrifice agreements, it is imperative that the aggregate of all salary sacrifice amounts is included in a NMW calculation. This calculation is required for
each pay reference period to ensure no breaches have occurred. Regularly check the wage/pay codes to identify which pay elements are not to be included in the NMW calculation – for example, premium payments and allowances. Regularly review deductions from pay. Certain deductions will reduce pay for NMW purposes, such as administration fees for attachment of earnings, goods and services bought from the business – even voluntary deductions. JN: Some areas of compliance can be measured using key performance indicators. All documented procedures should be regularly reviewed. All personnel should be empowered to identify new risks and review existing ones. Business continuity and disaster recovery plans should not only exist but be tested. Internal audits should be conducted, and external/ independent audits should be carried out. CIPP’s PAS not only measures payroll compliance and audit processes, but it also provides a kitemark to successful organisations to endorse those processes as being effective. J R-W: Payroll teams should create a thoroughly documented and strongly enforced framework for compliance. This needs to be proactively reviewed to demonstrate its effectiveness to the board and the appropriate regulatory bodies. There are several tools that can be implemented for tracking and measuring compliance. A comprehensive checklist is an absolute must, stored digitally and securely to significantly reduce the chances that it will be deleted or lost. This checklist must be regularly reviewed and updated. With the rules, regulations, legislation and guidance changing on a continual basis – especially during the Covid-19 crisis – what methods should payroll employ to keep fully up to date? SD: Too often I have come across payrollers who expect to be kept up to date and do no research themselves. That is the difference between a payroller and a payroll professional. The payroll professional will research the changes, look at what other payroll professionals have said and ask questions. They will attend webinars and join one of the various chat groups that have been created since the pandemic started. Being part of the CIPP gives members invaluable resources
...controls must be reviewed on a regular basis to ensure they are fit for purpose.
| Professional in Payroll, Pensions and Reward | September2020 | Issue 63 28
Made with FlippingBook - Online magazine maker