Will your business withstand a payroll compliance issue?

Upbeat intro music

Rebecca Archer 

Welcome back to Beyond the Numbers with Grant Thornton – a podcast unpacking marketplaces shifts in today’s dynamic business landscape.

I’m Rebecca Archer, and today I’m joined by Risk Consulting Partner Katherine Shamai and Forensic Consulting Director David Mintz.

Australia’s payroll compliance landscape has changed significantly. Wage underpayments are now criminalised at a federal level, and payroll errors have had serious reputational consequences for organisations. As regulators shift from remediation to prevention, businesses must be ready to act when payroll issues arise.

Welcome Katherine & David!

David Mintz

Thanks Rebecca. Great to be here.

Katherine Shamai

Great to be here Rebecca.

Rebecca Archer 

Now, on the 1st of January 2025, Australia's Wage Theft legislation made the intentional underpayment of wages or employee entitlement a criminal offence under the Fair Work Act. How did this shift the landscape?

David Mintz

So, there's really been a very significant shift. So, prior to the legislation the Fair Work Ombudsman dealt with the enforcement through civil mechanisms. You would see some companies have enforcement undertakings or even penalties, but there was no criminal aspect to it.

So, for example, if a Director for a company didn't pay the employees correctly, there might be a penalty for organisation but the HR department or the Directors wouldn't face criminal action such as jail time or personal fines. One thing to reflect on though is that since legislation has come in, there has been no enforcement as of today, but it's going to be interesting to see over the next six months, 12 months, even two years when the first cases come out. One thing we don't know right now is what is meant by the intentional aspect of the non compliance. There has been some consideration on what is meant by intentional, and it will likely be more than just a mistake or a systems issue, but something that is where an organisation attempts to pay someone incorrectly or knows employees are being underpaid but is not correcting and it's not trying to make improvements to rectify the issue.

Employees right now are dealing with a whole host of issues. You have Payday Super coming in, you have Awards getting more and more complex, and this new legislation just places more pressure on organisations that are dealing with everything that's going on in the payroll market right now.

So even if they have good intentions, organisations have to think about okay, with a good intention, “But do we have the records in place? Do we have the processes to ensure we're paying employees correctly and can we actually evidence that we are?” So, we have processes to show that we are paying our employees the correct entitlements.

Rebecca Archer

And so, David, I imagine that this has had a bit of an impact on accountability for leadership and culture. What can you tell us about that?

David Mintz 

Look, I think in terms of leadership, previously it was really the HR and payroll departments that felt the responsibility to pay employees correctly, but now it's kind of going to the Board and the Executive level. The Board and the Executive are responsible of making sure organisations pay their employees correctly, and now it's being enforced under this criminal legislation.

Rebecca Archer

So, what are some of the warning signs exposing businesses to potential issues? What do they need to see as red flags or keep a real awareness of out there?

David Mintz 

So, there are a number of early warning signs that we see organisations have pitfalls in which are in a way, indicators.

So, one of these is where a company has a payroll or time return system in place. Although that system might be set up correctly as per the award, it hasn't been adapted to that organisation's specific circumstances.

So, for example, if an organisation has specific rostering or they have an allowance specific to that organisation, some of these systems aren't set up for that organisation's process.

Another risk area we see is complex Awards. These are awards that have a lot of moving parts, such as penalty structures, multiple classifications, minimum engagements, on call recall or overnight shifts. When these rules aren't understood by an organisation, they're not always reflected in how the system is set up, and as such, these small errors can escalate.

Just by way of one example in the disability support and aged care sector, both of which are their words “priority areas”, the Awards and aged care are incredibly complex with lots of components, and if you operate in this industry and you're not 100 per cent across your award, more errors can grow and escalate.

Another risk area we see is if you often in your payroll process, make out of cycle payments. Out of cycle payments is where, in between the standard pay runs, you make additional payments. These could occur if there's an error found if an employee submits timesheets late. If entitlements aren't always picked up on time, an ad hoc additional pay run every now and again is okay, but if every single month you make added pay runs to correct prior issues, these build up and it's an indicator there is something wrong in your payroll process.

Another red flag is when your time and attendance system has a notes field and this notes field is filled up with additional criteria and entitlements. So instead of a timesheet system having a field specific to each allowance or entitlement, all this added information goes in the notes, and when that happens, your payroll team has to sort through these text field notes, extract the relevant information and manually calculate the amounts due, rather than assist them doing these calculations. They might over rely on spreadsheets as a result of these note fields, and when you over rely on spreadsheets, errors can occur due to human error.

Finally, another warning sign is lack of documented controls. This includes unclear ownership of who's in charge of the payroll process? Is the same person preparing it, the same person signing it off? Or is there segregation of duties? Or is the process in the head of the payroll manager?

So, is the person processing the payroll the only person who is aware of the process? When that person leaves, can somebody else take over and continue the process, business as usual? So together, each of these areas aren't a risk in themselves, but don't mean the company is not compliant, but they may be an indicator that something is going wrong.

Rebecca Archer

Yeah, some really good examples there and lots of things that you mentioned that I'm sure many, many businesses can relate to. So, I guess my next question is what are organisations doing to be confident in their payroll compliance?

Katherine Shamai

Great question, Rebecca, and I think this needs to be looked at from two perspectives: one which is management and one which is the board. I might start off with the management perspective first. I think as a starting point, consider how the red flags David just posed, how does that impact your business? Do you have that complexity that David just talked about? Do you get queries or complaints from staff? Do you have like endless notes – to David's points – in the notes field, about, “Oh, I had to make this adjustment, that adjustment.” Or, you know, somebody's queried their pay or their super, “I don't understand it. What's in my pay slip?” How confident are you in your internal controls and how they're operating and when were they last independently tested?

Have you ever had an outsider have a look at those processes, controls to say, “Yep, that makes sense, or that is in line with industry practice?” Because I think sometimes when we're in our own business, we can be quite mild. Pick to what other people are doing and better practices out there.

And then how you proceed once you identify issues is dependent on your environment and priorities and what you find, of course. Right. So for example, if you find that you need to uplift your systems because they're end of shelf life or they're really not suited for it because your business has outgrown those systems and processes, you will focus on those elements as a priority because you have limited ability to focus on multiple things in terms of resources and cost as well.

So, focus on the uplift and making sure you have the right control environment, but as management, I would also start to try to understand what do those control gaps mean from a compliance perspective. Does it mean you're exposed from a fraud perspective, or does it mean you're exposed from a legal compliance perspective? Understanding that will help determine what your next steps would be in terms of either figuring out whether you have an issue or not. So, doing some diagnostic testing or figuring out do we just need to uplift our internal processes and controls? And that should fix whatever gaps or issues we've identified.

And I think it's tougher for smaller businesses because, generally speaking, you have the same complexity as a big organisation, but you generally have less to invest in terms of resources and budget to fixing issues. So how do you make that work for a smaller business? And I know David mentioned manual controls and spreadsheets – that might actually be okay for a smaller business with less complexity, for example, or a smaller workforce, because that is, I guess, your offsetting against having to comply with the same thing but with a much smaller set of resources available, but again, to reiterate David's point, it's still really important to have documented policies, procedures and any steps or notes from employee queries and how you've resolved them. I think the general governance practice doesn't change. It still needs to be maintained because that's your evidence to demonstrate that you've done the best that you can and you've taken reasonable steps, which goes to address that intentional point that David mentioned earlier. If you are underpaying or you haven't done the right things, but you have the documented proof or the trail to show that you've made every attempt to do the right thing, that would go somewhat towards, you know, explaining to regulator any issues that have occurred as well, and some businesses are opting for real time assurance. What that means is they monitor every payslip, so at every pay period they're doing a check to say, “Have we paid people correctly?” Which can be great from an assurance perspective because you're doing it in real time, but I guess you have to think about and out and assess against the cost of the time and effort to do such a monitoring activity, and also would it potentially delay payroll? So, what's the decision point? If you do find an issue in a particular payslip, do you hit pause on the whole pay run and fix it or do you keep going and then fix it after?

So, there are a couple of decisions points by implementing something like that, and one of the things that I will say is a bit of a double-edged sword is, don't bury your head in the sand. We know from experience working with different clients that this topic can be quite personal. Quite often payroll managers feel this is my responsibility and I should have done it right. I would say that it is a very complex area.

So, you do need to be proactive and try and resolve and identify any issues yourself before an employee, for example, goes to fair work, et cetera, to make a complaint. But on the other hand, you do need to fix what you identify. You can't sit on it to that point of intentionality.

Rebecca Archer

I think the health check point here is such a good one because, you know, businesses that haven't maybe looked at their payroll and their wage compliance for many, many years, they've just, you know, rolled along thinking everything is fine. Probably would be wise to just check in and say, “Look, are we operating legally? First and foremost, but also to the most efficient manner that suits our business.”

So, it's probably a really timely thing to check in with for a start, but in doing so, is it the case that you find – and the feedback that you're getting and the work that you're doing with clients – that businesses are having to sort of then invest of money up front to try to fix these systems? Or is that a bit of a myth?

Katherine Shamai

Yeah, so I think it depends on the environment that they have and their complexity. There are instances where clients have had to go and invest a significant amount of money to uplift processes and systems that they have outgrown, and it's sort of held together by sticky tape, for a better word, but there are instances where there are quick wins.

Not everything is a system fixed and the system won't fix everything either. Sometimes it's behavioural, sometimes it's cultural, and sometimes it's not actually the payroll process nor the interpretation itself. If you think about payroll as an end-to-end process, it starts with rostering and time capturing. So, how are people upstream of payroll doing those activities to improve the quality of data coming through to payroll, which reduces then the manual intervention, the discrepancies and the need to reconcile anything.

So, I think it needs to be looked at from an end-to-end perspective as part of that health check to go well, what are some of the causes for any inefficiency or control issues or things that result in the payroll team having to do fixes and changes?

Rebecca Archer

What are the three questions that you think Boards need to be asking their management teams when it comes to this issue?

Katherine Shamai

I don't think there are any set three questions, but I'll describe the nature of the questions that you should ask.

One is to not make assumptions. Just because everyone gets paid every pay period, fortnight, monthly, whatever the rhythm is, it doesn't mean they've been paid correctly. So asking probing questions of management and making sure you're getting the answers, you need to be comfortable as a Board member, bearing in mind what David said about criminalisation of wage theft as well as your general Director's duties, you need to be really clear on what the process controls are and how you get comfort from those?

Also being aware of what's happening in broader industry, so certainly in your sector, absolutely, but also broadly in the Industrial relations space, understanding what's happening more broadly from a news perspective will give you the heads up in terms of, “Well, hang on, can that apply to us? Do those principles apply to us?”

It's important to understand the different types of assurance you can get. So, I've worked with some Boards who go, but we have a payroll, our payroll audited every year as part of our financial statement audit.

That's a different kind of assurance. That's one flavour of assurance where the focus is on the dollars, because that is generally one of the biggest costs to an organisation – the payroll – but it may not be focused on legal compliance with obligations. Whereas a compliance audit is focused on whether the employer has met its legal obligations, and you might look at things like how employees are classified. You might look at how time is interpreted and the ‘should be’ pay versus the ‘actual pay’ and whether you've complied with how you should be paying your employees, and we've talked a bit about the diagnostic, Rebecca, the health check, and that's the, I guess I'll describe as a process review. That's looking at how you comply, looking at how you do things and the controls in place to help you comply.

So, understanding what you need to get comfortable with as a Director, as a Board member, would drive which kind of review or which kind of assurance you want from management.

Rebecca Archer 

Considering the current climate, what decisions are companies currently tackling?

Katherine Shamai

One of the decisions they're tackling is a recent change in the Industrial Relations space. As I said before, there's a lot of changes in this sector; there's a lot of changes in the environment, and a good example of this is the recent ruling about the General Retail Award, and whilst it directly impacts the retail sector, we're seeing a ripple effect in how it's been applied in the principles of the ruling, how it's been applied to other awards. Noting that this is an interim ruling, so it hasn't been finalised yet. We are already starting to see legal practitioners weaving those principles into recent advice that we've received, and there are a few things to think about when changes like this occur, and in working with our retail clients, there's a simple step, of course, of understanding what does this decision mean from a financial perspective and how to manage this interim ruling. Employers are working to understand the impact, what systems might need to be changed, what business practices might need to be changed, what the remediation cost might look like.

And at a very simplistic level, this means performing the calculations to understand the financial impact, what data they have to support the recalculation or annualisation, and not offsetting between periods, but the next decision is a little bit more strategic and one that needs a little bit more unpacking, I think, and that's really around, what do you do after that? So, you understand what changes need to happen, you understand your potential financial exposure. You have the option then of deciding, do you remediate now or do you remediate later, when the ruling has been finalised?

There are benefits and considerations to both. Of course, if you remediate now, there is an expectation from the regulator that you do remediate when issues are identified. However, if the decision isn't finalised or if it's appealed or changed in some way, shape or form, clawback from your employees may not be possible, or indeed it may not be preferable anyway, from a relationship perspective with your employees, but if you wait, is there the perception of, well, we're not really interested in complying as the worst case scenario, so it's a difficult juggle to make that decision and find that balance. But also, what we're also seeing a lot of clients work on right now is the juggling of systems, processes and controls.

We're seeing, because of the complexity, a lot of our clients looking at more sophisticated systems to support time capture, to support payroll compliance, and trying to automate some of those decisions and reduce reliance on manual intervention, reversals or changes needed. That in itself brings a degree of risk and really needs some thinking around, how do we plan this project? How do we ensure that our new system is configured the way that it should? And we've got comfort that is working as intended.

So, there's a bit of project management thinking that needs to go into it, systems change thinking, but also from a compliance perspective. How do we ensure we comply? We have clients who have picked up their old configuration in the existing system and transported it into the new one. But what they never tested was whether the old system was compliant with their obligations. So, you're transplanting potentially existing problem into a new space and thinking that it's fixed the original issue that you were wanting to fix.

So those are the things that we're seeing in the in the market right now.

Rebecca Archer

It's really clear that there is obviously a lot going on. I wonder though, if you could leave the listeners today with one key takeaway, what might that be?

Katherine Shamai

My takeaway would be understand where you stand and make an assessment on a reasonable step for your business and the environment that you're working in. You need to understand the problem before you can try to start to tackle it.

David Mintz 

I would say previously it was mostly management and payroll that were focused on are we paying correctly? But this now needs to be a Board-level discussion.

Rebecca Archer

Both excellent points. Thank you so much and thank you for coming onto the show today. For those who are listening who might want to connect with you and delve a bit deeper into the work that you're doing or maybe even explore potential ways that you can assist them, what's the best way for them to reach out and get in touch?

Katherine Shamai

Information is available on our website, but also feel free to reach out on LinkedIn and always happy to have a conversation.

Rebecca Archer

If you enjoyed this episode, make sure to follow Grant Thornton Australia on Apple Podcasts or Spotify so you never miss new insights. Do you have a burning question or a challenge keeping you up at night? Drop us an email. We’d love to hear from you. Our experts are here to break down the business, tax, advisory and consulting landscape, so you can focus on building your business. Thanks for listening.

Upbeat outro music