Wage compliance as a risk governance issue

Current site :    AU   |   EN
China Hong Kong SAR
United Kingdom
United States

In recent years there has been a steady chorus of news from Australian employers – including those in the ASX50 – who have identified wage compliance issues in their organisations.

Those events are usually coupled with a range of consequences: identification of millions of dollars in underpayment, superannuation and interest costs; prosecution or enforceable undertakings from the Fair Work Ombudsman; and threats of class action claims from former and current employees. All industries appear to be affected. In March 2022, the Senate published a report exploring whether the legal framework (including penalties) are sufficient to deter intentional wage underpayment (i.e. wage theft).[1] Cumulatively, since 2010 Australian employers have incurred more than $1.2B in wage underpayment compensation.

The common feature of all unintentional wage underpayment events is that underpayments tend to be discovered years after the initial error, with the damage compounding over time. Historically, when underpayment issues have been flagged little or no systemic risk response is initiated to ensure the wage compliance issue is comprehensively dealt with.

Despite the monetary value and reputational damage associated with wage compliance issues, Australian organisations have often failed to recognise wage compliance as a risk governance issue that should be dealt with the same proactive urgency as any other risk governance issue.

This article examines what boards and senior management should be doing to proactively manage wage compliance risk as part of their risk governance frameworks.

Wage compliance as a risk governance value chain proposition

Wage compliance issues arise for a variety of reasons. In general, we see issues arise where:

  • Legal interpretation errors – where enterprise agreements, awards, or statutory minimum entitlements are incorrectly interpreted by functions within an organisation. For example, failing to correctly classify certain employees in accordance with an industrial instrument.
  • Payroll coding errors – where wage rules are incorrectly entered or coded into payroll systems. For example, miscoding when overtime penalty rates commence.
  • Data entry errors – where managers or employees incorrectly enter time into wage or leave systems.

Organisations can seek to address these issues through (among other things) implementing appropriate governance, wage compliance value chains, and robust review and audit exercises.

What we mean by wage compliance value chains is that wage compliance is a matter that is dealt with by a range of functions within an organisation: employee relations, payroll, employee data security, and human resource functions. Each function plays a critical role in end-to-end wage compliance, but insufficient resources and talent capabilities tend to be devoted to ensuring wage compliance issues are managed systemically between each function as a value chain. This is typically compounded by an absence of monitoring and auditing of processes, and the absence of appropriate controls. For example, we commonly see employees complain about the calculation of their salary or leave to a human resource function, which is usually resolved on an ad hoc basis. However, the identification of systemic issues related to the calculation of the employee’s salary or leave may be left uncovered, and insufficient escalation occurs to ensure the systemic identification and remediation of issues. Consequently, while wage compliance flags may be raised, the lack of end-to-end to systemic resolution of wage compliance issues gives rise to the risk of underpayment.

Proactive wage compliance governance practices entail:

  • Mapping obligations – all legal obligations (for example, statutory, award, and enterprise agreement obligations) in the wage compliance value chain should be mapped and inter-related obligations identified.
  • Mapping the wage compliance value chain – having mapped the obligation, the wage compliance value chain should map compliance systems and process, including: identification and escalation processes between the functions in the wage compliance value chain; and investigation and remediation processes to determine the cause of wage compliance issues, and make proactive changes to wage compliance systems. As part of this process the functions in the wage compliance value chain should proactively coordinate their responses in accordance with their mapped obligations.
  • Compliance controls should be allocated to obligations – the mapped obligations should be assessed and allocated as appropriate having regard to an organisation’s existing risk and compliance frameworks.
  • Audit oversight and assurance – conducting regular audit and risk assessments reviews of the wage compliance controls will permit an organisation’s audit oversight function to determine whether the wage compliance value chain is operating effectively. Periodic reviews of the design of controls, and the effectiveness of wage compliance outcomes will assist in the early identified and remediation of wage compliance issues.

Role of the Board – assurance reporting and audit

Treating wage compliance as a risk governance issue and in accordance with conventional risk management practices ensures that Boards can receive information about the wage compliance systems and processes, like:

  • the identification of key risk factors
  • the identification of where further resources and talent capabilities are required to ensure functions operate effectively
  • the results of monitoring and audit activities, and assurance that wage compliance systems actually work in practice.

Key to providing assurance and accurate information to Boards is the internal audit function of an organisation. Commonly referred to as the third ‘line of defence’, internal audit oversight functions are key to identifying whether wage compliance systems operate effectively. By conducting annual reviews, internal audit can assist in analysing how wage compliance functions (like payroll) comply with value chain controls to identify where risk factors may arise and where further resources may be required. However, given the technical complexity associated with some wage compliance issues (e.g. ensuring that specific wage payment rules in enterprise agreements are interpreted and applied correctly) internal audit would be well served by ensuring that they have appropriate qualified and experienced staff adept at analysing wage compliance issues. Internal audit teams could be supplemented by internal subject matter experts or external experts to build talent capabilities within the oversight functions. In additional, Boards should ensure that wage compliance systems are externally reviewed by independent advisers to ensure the effectiveness of those systems at least every three years.

There is an organisational cost to the wage compliance systems described above. However, the cost of wage compliance failure is higher, particularly where those costs comprise: underpayment compensation plus interest, the risk of external investigation, enforceable undertakings or prosecution by the Fair Work Ombudsman, any penalties that may follow a successful prosecution, risk of class action litigation from disgruntled current and former employees, and most importantly the reputational fallout from being perceived by customers, employees, and shareholders as engaging in wage theft – when the more probable answer is an unintentional failure of wage compliance systems.

Boards should get ahead of the curve and proactively manage wage compliance risk, rather than reactively dealing with the fallout.




In person and online, stages are being set for the biggest annual event on Australian listed companies’ corporate calendar. What to expect this AGM season? The KWM Corporate M&A team has pulled together a quickfire list of seven points to watch, and five key issues for every company to consider as they prepare…

15 August 2022

With the promise of cost savings, greater flexibility and ability to scale, it is not surprising that companies are continuing to move their key business applications and data to the cloud.

15 August 2022

APRA has released its proposed new remuneration disclosure and reporting requirements for APRA-regulated entities for consultation. This article explores the key features of the new and enhanced disclosure requirements proposed by APRA.

12 August 2022