Payroll Audit Checklist
36 checkpoints to audit your payroll process — from pre-payroll validation to statutory compliance and internal controls. Covers India and UAE regulations.
1. Pre-Payroll Validation
Before running payroll, validate all input data. Most payroll errors originate from stale employee records, missed attendance entries, or unprocessed changes.
| Checklist Item | Risk If Missed | Status |
|---|---|---|
| Verify employee master data (name, bank account, PAN/tax ID) updated | Wrong bank transfers, failed tax filings | ☐ |
| Confirm all new hires added with correct joining date and salary structure | Missed salary payments in first month | ☐ |
| Process all resignations/terminations with correct last working day | Overpayment to exited employees | ☐ |
| Reconcile attendance data with leave records | LOP (Loss of Pay) miscalculations | ☐ |
| Validate overtime hours approved by managers | Unauthorized OT payments or wage theft claims | ☐ |
| Confirm salary revision/increment letters processed for current cycle | Old salary paid despite approved increment | ☐ |
2. Salary Calculation & Statutory Deductions (India)
Verify that salary structures comply with the Code on Wages 2019 and that all statutory deductions are calculated on the correct wage base.
| Checklist Item | Risk If Missed | Status |
|---|---|---|
| Basic + DA is at least 50% of gross (India Code on Wages compliance) | Retrospective PF/gratuity recalculation + penalties | ☐ |
| HRA calculated correctly based on metro/non-metro city classification | Incorrect tax exemption claims | ☐ |
| PF calculated on correct wage base (basic + DA, capped at ₹15,000 unless opted) | PF department notice, interest, and damages | ☐ |
| ESI deducted for eligible employees (gross ≤ ₹21,000/month) | ESIC penalty: 5% simple interest + 12% per annum damages | ☐ |
| Professional Tax deducted per state slab | State-level compliance notice | ☐ |
| Gratuity provision calculated correctly (4.81% of basic for eligible employees) | Underfunded liability at exit | ☐ |
India 50% Wage Norm Alert
Under the Code on Wages 2019, basic + DA must be at least 50% of gross salary. Non-compliant structures trigger retrospective PF recalculations. Read the full guide →
Struggling with the 50% basic salary mandate? Read our complete guide to India's 50% Wage Rule for detailed before/after salary tables and PF impact analysis.
3. Tax Filing & Statutory Compliance (India)
Payroll compliance isn't just about calculating correctly — it's about filing on time. Late PF/ESI payments attract compound penalties.
| Checklist Item | Frequency | Status |
|---|---|---|
| TDS deducted per employee's declared tax regime (old vs new) | Monthly | ☐ |
| Investment declarations (80C, 80D, HRA, LTA) verified against proofs | Quarterly / Year-end | ☐ |
| Form 24Q (TDS return) filed with TRACES | Quarterly | ☐ |
| Form 16 generated and distributed to employees | Annual (by June 15) | ☐ |
| PF ECR (Electronic Challan cum Return) filed and paid | Monthly (by 15th) | ☐ |
| ESI contribution challan filed | Monthly (by 15th) | ☐ |
| Labour Welfare Fund deducted and remitted | Bi-annual (state-specific) | ☐ |
4. UAE Payroll Compliance
UAE employers must process salaries through WPS within 15 days of the due date. Non-compliance triggers MOHRE penalties and can block work permit renewals.
| Checklist Item | Regulation | Status |
|---|---|---|
| WPS (Wage Protection System) SIF file generated and submitted | MOHRE | ☐ |
| Salary paid through WPS-registered bank/exchange house | MOHRE / Central Bank | ☐ |
| End-of-service gratuity calculated per UAE Labour Law | Federal Decree-Law No. 33/2021 | ☐ |
| DEWS (Difc Employee Workplace Savings) contributions remitted (if DIFC) | DIFC | ☐ |
| Salary breakdown matches employment contract | MOHRE | ☐ |
5. Internal Controls & Audit Trail
Strong internal controls prevent payroll fraud (which accounts for 8% of all occupational fraud cases according to ACFE). Segregation of duties is the foundation.
| Checklist Item | Why It Matters | Status |
|---|---|---|
| Payroll maker-checker workflow enforced (no single-person processing) | Prevents fraud; segregation of duties is a basic audit requirement | ☐ |
| Payroll variance report reviewed (>5% change from last month flagged) | Catches bulk errors, unauthorized changes, or ghost employees | ☐ |
| Bank reconciliation done post-salary transfer | Confirms all payments credited; catches rejected transactions | ☐ |
| Payslips distributed to all employees with breakdown | Legal requirement in most jurisdictions; transparency builds trust | ☐ |
| Payroll data backed up and access restricted to authorized personnel | Payroll contains PII — breach is a DPDPA/GDPR violation | ☐ |
| Year-end reconciliation: total payroll expense matches GL entries | Audit-ready books; prevents misstatement in financial reporting | ☐ |
Automate Your Payroll Audit
Kiework's payroll module auto-validates salary structures, runs statutory compliance checks, and generates audit-ready reports — before you hit "Process."
45-day go-live · 90%+ adoption · No lock-in