Dotting the I’s and crossing the T’s

A spate of high-profile and costly payroll failures has shone a light on compliance in this business-critical function. Is it time to review what your organisation has in place?

Dotting the I’s and crossing the T’s

A spate of high-profile and costly payroll failures has shone a light on compliance in this business-critical function. Is it time to review what your organisation has in place?

You possibly saw the headlines or perhaps laughed at the punchlines from late night talk show hosts when celebrity chef George Calombaris’ restaurant group was found to be paying staff incorrectly over a long period, leading to $2.6m in back payments. However, given that some employees were also overpaid, the general consensus was that this was an honest mistake – and as poor an excuse as it sounds, Calombaris himself never claimed he was an accountant or payroll professional; he was merely a chef.

Indeed, an independent review found that outdated systems and processes were to blame for the discrepancy in payments that did not meet the latest industry awards.

While it was a regrettable – and costly – error, Calombaris is unlikely to see any lasting damage to his organisation’s reputation, primarily because he has proactively sought the assistance of an external auditor to help rectify the situation. However, it’s these kinds of payroll errors that Jason Low, head of TAPS (The Association of Payroll Specialists) sees time and time again.

“You can make a tiny mistake and it compounds so quickly,” he warns. “Before you know it you’re in the headlines for all the wrong reasons. Six months ago, Chemist Warehouse made a little mistake in interpreting one of their awards. It was an honest mistake, but by the time it was rolled through their employee base they had a back-pay situation of $3.5m. They were upfront and paid it. But the fact it was an honest mistake almost makes it scarier.”

From something as innocuous as an out-of- date system or a failure to keep abreast of changes to awards, through to outright fraud, compliance (or lack thereof) has emerged as a topic of note recently.

Change – and change again
Compliance means more than just changes dictated by the Australian Tax Office. There may also be requirements from Fair Work Australia, such as the recent 3.3% increase to the minimum wage, and additional tweaks to superannuation and workers’ compensation. While many of these will typically occur at the start of a new financial year, Low says in reality changes can occur at any time. Add in already-complex individual awards, and industries that hire a high proportion of casuals, contractors and freelancers, and mistakes are almost bound to happen.

Looking ahead through the rest of 2017, Low says further changes can possibly be expected to penalty rates.

“The cutback on Sunday penalty rates, if it does go through on 1 July, will cause massive problems for business,” he says. “If you’ve got an electronic time and attendance system, which has all those rules programmed in the background, you’re going to need to get that all reprogrammed. So there’s potential in the short term for people being overpaid until you update your systems.”

Meanwhile, the ATO is introducing Single Touch Payroll – a government initiative intended to streamline business reporting obligations – in a number of phases from 1 July 2017.

“We see legislative changes coming through in dribs and drabs, often with very short turnaround times in terms of implementing the changes,” says Low. “This is stressful for businesses; oftentimes they’re not making the taxes easier, they’re making them harder.”

What should organisations look out for when selecting an outsource provider for payroll? Anij T Janardhanan suggests that, as a minimum, attention should be paid to areas like:

• Robust programs to understand and apply data privacy and payroll tax legislation as they occur
• Existence of a risk-based internal control framework practice that is independently audited. The easiest way to demonstrate this is through an ISAE 3402 SOC1 Type II report
• An information security management system that is based on widely accepted international standards like ISO 27001:2013
• A program for business continuity and disaster recovery that covers risks affecting people, infrastructure and technology

“The commitment of management towards compliance is absolutely critical for any organisation to drive compliance,” says Janardhanan. “This is often demonstrated by setting up an independent function with experts for compliance and internal audit. Organisations that lead the way in compliance are the ones where the leaders set such examples of priorities. As a customer, you will easily differentiate those providers who have compliance as their second nature.”

Compliance in an age of outsourcing
One key mistake that too many organisations make is to assume that out of sight means out of mind – in other words, because the payroll function is outsourced to a third party, the employer washes its hands of compliance issues. This is not the case.

“You can’t outsource your obligations,” says Low. “It’s not enough to say, ‘We outsource to this company; they made the mistake’. What you’ve outsourced is the labour and expertise. At the end of the day you still need to sign off on it.”

In addition to the obvious requirements around legislative compliance, organisations that outsource payroll to service organisations also face the risk of not being able to extend the same level of internal controls to the service organisation.

“With payroll being one of the most important, if not the most important, functions, controls assuring the completeness, accuracy and integrity of the process are very critical,” says Anij Janardhanan, Head of Global Compliance, Ascender.

Janardhanan adds that the ability of a service provider to demonstrate an effective control framework based on full understanding of inherent risks in payroll processes through independent auditors’ reports like ISAE 3402 SOC1 (International Standard on Assurance Engagements (ISAE) No. 3402, Assurance Reports on Controls at a Service Organization) is critical. Similarly, he says business continuity and disaster recovery of the payroll services and systems are often overlooked, with no back-up for payroll data. Availability of back-up personnel with the right skills and capabilities in the absence of primary staffis also critical to the success of any business continuity program. While this has been a very familiar challenge for in-house payroll departments, outsourcing payroll adds little value in mitigating this risk if the provider does not have enough breadth and depth of talent pool to be used for contingencies.

The ‘elephant in the room’ for all payroll professionals, whether they work in-house or as part of an outsource consultancy, is data privacy. Low says this is a critical issue for outsource payroll providers.

“The Privacy Act in Australia puts the onus on you as a business to protect the data of your clients – so as a payroll outsourcer they absolutely have a responsibility to protect that data. Increasingly, we’re seeing businesses outsource using software in the cloud, like Ascender, but they still need to go through really rigid checks to ensure they are compliant with the Act.”

It is also important to understand that information security does not just stop at privacy. For example, ensuring that access to perform transactions is limited to only authorised personnel is a key priority for a financial process such as payroll.

“Data privacy is ensuring that personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and applicable legislations. In addition to managing the privacy requirements, a mature payroll provider should also be able to manage confidentiality, security, availability and processing integrity for its customers’ payrolls,” says Janardhanan.

The Office of the Australian Information Commissioner provides some excellent guidelines for Australian businesses on its website ( Information security is a much broader domain, and there is significant interest in the security of data being stored in the cloud. “Data privacy and security concerns are often more significant when there is a service organisation involved in the payroll process with technology and personnel outside Australia,” says Janardhanan.

Ascender uses a multi-tiered approach to managing compliance by sourcing legislative and data privacy updates from leading firms and providers and combining that with Ascender’s in-house capabilities to interpret and apply in a timely manner. Ascender has also appointed dedicated personnel at leadership levels to drive other aspects of compliance, like data privacy, information security, business continuity, etc.

“At Ascender, we are trusted with the prosperity of millions of employees,” says Marjukka Mäki-Hokkonen, CEO, Ascender.

“That is millions of people who rely on Ascender to act with the highest level of integrity, security, privacy and compliance. Our executive leadership has the responsibility to ensure compliance is lived and breathed across every function and process so it can weave its way into the strands of our cultural DNA. It has simply become the way we do business and why we are different.”

It’s often said that payroll is only ever noticed when something goes wrong, and sadly Jason Low of TAPS says this is true. “This kills me,” he says. “Payroll often seems to be forgotten. The expectation is you type some numbers into the payroll software and it spits out the answer. It’s not as easy as that. There is so much legislation and so much you need to know. If you don’t know the right information, if you don’t know the right questions to ask, you don’t know the right information to punch into the payroll system. Look at termination, for example. That can split into 15 different categories. There are different sets of rules for redundancy, which also gets split into 15 different categories. Depending on the types of payments and reasons behind the payments, that impacts on how it’s taxed. The computer doesn’t know the questions to ask. If you want to get your payroll right you need a properly trained payroll person who is getting updated on the latest information because it changes so quickly.”

A focus on getting it right
Low is keen to shift the standing of the payroll function in businesses away from a function that costs money to one that can potentially save money. He cites an example of one of his members who recently started a new payroll job. One of the first things he did was examine the parameters of the payroll system, to get a feel for what was happening. He noticed that in the past six months multiple redundancies had been made. These redundancies were pegged in the payroll system as being subject to payroll tax, which is a tax that companies must pay based on the size of their payroll. Spotting this mistake and making the necessary changes, the new hire was able to save his company $30,000.

“Payroll is a big part of your business,” says Low. “Business leaders must pay attention to it and must train payroll staff – it’s only in their best interests to do so.”

Ascender’s 900 highly trained employees work across 19 countries, delivering compliant, accurate and timely payroll and HR services. They use their expertise and proprietary software to power an efficient, cost-effective and intuitive solution so businesses can mitigate the risk of in-country payroll compliance and unlock the power of data-driven insights. 

Recent articles & video

Alphabet layoffs later this year to be 'much smaller in scale': reports

Elon Musk: Jobs to be optional in 'benign' AI future

2 in 3 Australians OK with date change for Australia Day

Former security services firm fined for failing to act on Compliance Notice

Most Read Articles

1 in 8 new hires leaving during probation: report

FWC finds early notice of end to fixed-term contract amounts to dismissal

Spotless entities plead guilty to long service leave underpayments