rapid! PayCard

Developing and Maintaining Payroll Controls

by

BY GRETCHEN INOUYE, CPP

rapid blog photo

Payroll, which includes taxes and benefits, is frequently the largest operating expense of an organization. Then when you factor in the confidential payroll information to the financial aspects, developing and maintaining adequate controls within the payroll environment is essential.

Controls generally fall within three areas: physical controls, staffing practices, and system controls. The size and complexity of an organization will determine the levels and types of controls to implement, although some controls are applicable in all environments.

Physical controls involve restricting access to payroll by establishing actual physical barriers such as using locks on doors, desks, and filing cabinets. If access to the payroll department is not strictly limited to authorized individuals, control of paper and other factors may require more thought and creativity. Do not leave paperwork open to unauthorized view or theft. Do not leave computer screens open to view. Make proper disposal and destruction of paper containing personally identifiable information a routine practice. Inventory and control company check stock.

Staffing practices include exercising due diligence in hiring and assigning appropriate levels of access to payroll. One best practice is to segregate job duties so that a single employee does not have full, end-to-end control of payroll processes. This is not always possible in a single-person office or a small department, so personnel outside of payroll may need to provide assistance or oversight. Accounting should review and reconcile the payroll bank account, for example. Provide department managers with listings of employees being paid in their units so that they can review and confirm. Another useful control is to periodically rotate the duties of employees in a larger payroll department to help facilitate cross training and to help identify inconsistent practices within processes that can lead to lapses in controls.

System controls should include restricting access to authorized personnel only through the assignment of user identification and requiring the use of strong passwords, which should expire at set intervals. Periodically review authorized access, and automatically revoke the access of terminated employees with payroll processing capability on termination. Activate audit trails in the system to track and identify changes to data by user. Employ encryption software when sensitive, identifiable employee data is being electronically transmitted.

Establish system edits as alerts to help ensure payrolls are processed within set rules and data falls within valid parameters. Some common edits are those that identify when payroll transactions are being created for a terminated employee or when there are no transactions for an active employee. Both of those situations may be legitimate, but the edits would allow for review and verification or correction if necessary. Some other edits may be used to help identify payments that would fall outside of expected norms, exempt employees not receiving full salary, or nonexempt employees not receiving required overtime. Design all edits to meet the needs of the particular organization.

Document all internal and external controls and periodically test them for effectiveness.

Gretchen Inouye, CPP, is a Payroll Consultant and the APA’s 2015 Payroll Woman of the Year. Author note: The Payroll Source® was used in preparing this article.

This article was sponsored by rapid! PayCard® and is available in the February issue of APA PAYTECH.

The information contained in this article and any other article do not reflect the views of rapid! PayCard®. The opinions, conclusions and other information expressed are neither given nor endorsed by rapid! PayCard® or its representatives, but provided for the sole purpose of presenting updates on current research in this sector.

Ready for a better way to pay?
Online Privacy Statement    

The rapid! PayCard® Mastercard® Payroll Card is issued by Green Dot Bank, Member FDIC, pursuant to a license by Mastercard International Incorporated. The use of this Card is subject to the terms and conditions.

The rapid! PayCard® Visa® Payroll Card is issued by Green Dot Bank, Member FDIC, pursuant to a license from Visa U.S.A. Inc. This card can be used everywhere Visa debit cards are accepted.

The Savings Account is established by Green Dot Bank, Member FDIC.

The rapid! PayCard blog and any information contained within do not reflect the views of Green Dot Bank or Mastercard or Visa, nor are they endorsed by Green Dot Bank or Mastercard or Visa.

The rapid! PayCard® Mastercard® is issued by Pathward®, N.A., Member FDIC, pursuant to license by Mastercard International Incorporated. Prepaid card can be used wherever Debit Mastercard is accepted. Mastercard is a registered trademark, and the circles design is a trademark of Mastercard International Incorporated.

The rapid! PayCard® Visa® Payroll Card is issued by Pathward, N.A., Member FDIC, pursuant to a license from Visa U.S.A. Inc. This card is accepted everywhere Visa debit cards are accepted.

The Savings Account is established by Pathward, N.A., Member FDIC.

The rapid! PayCard blog and any information contained within do not reflect the views of Pathward, N.A. or Mastercard or Visa, nor are they endorsed by Pathward, N.A. or Mastercard or Visa.

Green Dot Bank operates under the following registered trade names: GoBank, GO2bank and Bonneville Bank. All of these registered trade names are used by, and refer to, a single FDIC-insured bank, Green Dot Bank. Deposits under any of these trade names are deposits with Green Dot Bank and are aggregated for deposit insurance coverage.

© 2025 Green Dot Corporation. All rights reserved. Green Dot Corporation NMLS #914924; Green Dot Bank NMLS #908739.