Payroll Processing
1. Document Control
| Document Title | Singapore Payroll Processing |
|---|---|
| Document ID | SOP-ACC-001 |
| Version | 1.0 |
| Effective Date | [Insert Date] |
| Review Date | [Insert Date + 12 months] |
| Document Owner | Head of Payroll Operations |
| Approver | Managing Director |
| Status | Draft |
Version History
| Version | Date | Author | Changes | Approved By |
|---|---|---|---|---|
| 5.0 | [Insert Date] | [Insert Author] | Reformatted to standard SOP layout and updated orchestration controls | [Insert Approver] |
Distribution
| Role Title | Access Rights | |
|---|---|---|
| Client Representative | Read-only | |
| Payroll Executive | Edit | |
| Payroll Operations Lead | Edit | |
| Finance Manager | Read-only | |
| Quality Reviewer | Read-only | |
| AI Workflow Developer | Read-only |
2. Purpose and Scope
2A. Process Overview for New Staff
What is this process?
This process documents the controlled monthly Singapore payroll workflow where Infotech Payroll performs payroll computations and statutory output generation, and the Agentic Payroll Orchestration Engine (APOE) orchestrates client intake, extraction, validation, compliance trigger detection, exception routing, approvals, and audit logging.
When does this process occur?
This process is triggered monthly, when APOE initiates the payroll cycle for each active payroll client (standard trigger date is the 17th of the month, client time zone).
What are the deliverables?
- Validated payroll input pack (client-provided data and supporting documents)
- Infotech import or processing pack with export manifest and lineage mapping
- Draft payroll outputs and variance checks
- Client approval evidence
- Post-payroll evidence pack (bank disbursement confirmation, CPF acknowledgement, and IR21 evidence where applicable)
- Archived cycle record with immutable audit trail
Who is involved?
- Client Representative (CR)
- Payroll Executive (PE)
- Payroll Operations Lead (POL)
- APOE (orchestration and controls)
- Infotech Payroll (system of record for computation outputs)
2B. Applicable Legal Framework and Statutory Authority
Primary Compliance Areas (Singapore)
- CPF contribution preparation and submission readiness controls
- IRAS employment income reporting readiness (IR8A accumulation)
- IRAS tax clearance trigger controls for foreign employees upon cessation (IR21 detection and gating)
- MOM event tracking triggers where relevant (OED-related task creation)
Compliance Horizon
This SOP is designed to ensure that payroll processing does not proceed on incomplete or contradictory inputs, and that compliance-sensitive cases are stopped for human review and approval.
3. Definitions and Abbreviations
| Term/Abbreviation | Definition |
|---|---|
| APOE | Agentic Payroll Orchestration Engine, the automation layer that orchestrates intake, validation, compliance logic, routing, reminders, and audit logging |
| SPWP | Secure Payroll Webform Portal, the client-facing portal for payroll inputs and uploads |
| RTVE | Real-Time Validation Engine, evaluates field-level validations and completeness rules |
| DIE | Document Intelligence Engine, performs OCR, parsing, extraction, and confidence scoring |
| CRE | Compliance Rule Engine, evaluates CPF, IR21 triggers, IR8A readiness accumulation, and MOM task triggers |
| EM | Exception Manager, routes issues to PE and escalates to POL for approvals |
| AL | Audit Logger, creates an immutable audit trail for inputs, document hashes, overrides, approvals, and state transitions |
| SoD | Segregation of duties control, ensures the same person does not both amend inputs and approve final outcomes |
4. Roles and Responsibilities
| Role | Responsibilities | Competency Requirements |
|---|---|---|
| Client Representative (CR) | Submit payroll inputs, upload supporting documents, confirm extracted values, and approve draft payroll outputs | Understands internal client payroll policies and required source documents |
| Payroll Executive (PE) | Monitor cycle statuses, resolve exceptions, confirm export packs, upload Infotech outputs, and coordinate client queries | Payroll operations execution, Infotech workflow familiarity, exception management |
| Payroll Operations Lead (POL) | Approve overrides and exceptions, approve mandatory human gates, ensure compliance completion before archiving | Compliance judgment, review controls, escalation handling |
| APOE (system) | Automated intake, extraction, validation, compliance logic, reminders, and audit logging | Configured workflows and thresholds |
| Infotech Payroll | System of record for payroll computation outputs and statutory output generation | Infotech access and processing know-how (PE and POL) |
Segregation of Duties (SoD) Controls
- The party who submits or amends client payroll inputs must not approve final payroll.
- Any manual override of validation or compliance flags requires POL approval.
- Export pack creation is automated, but release requires PE confirmation, and POL approval when flagged.
5. Prerequisites and Entry Conditions
Before commencing this process, verify the following conditions are met:
- Client is an active payroll client for the cycle month.
- Systems access confirmed for relevant roles (SPWP, APOE dashboards, Infotech access).
- Prior-cycle baseline exists, or a baseline creation exception is approved by POL.
Entry Checklist
- [ ] Cycle ID convention confirmed:
{ClientCode}-{YYYYMM} - [ ] Baseline snapshot created (employee master list, prior month totals, ongoing flags)
- [ ] Client webform link generated with token and expiry
- [ ] Audit logging enabled for webform revisions and uploads
6. Detailed Process Flow
Process Map (high-level phases)
- CAPTURE: Client intake and document capture
- VALIDATE: Real-time validation and completeness scoring
- PROCESS: Infotech-ready export and compliance evaluation with mandatory gates
- REPORT: Draft outputs and client approval
- RECORD: Post-payroll evidence capture and archiving
Controlled States (State Machine)
S0 INITIATED
S1 DATA_REQUESTED
S2 DRAFT_IN_PROGRESS
S3 PARTIAL_SUBMISSION
S4 SUBMITTED
S5 VALIDATION_RUNNING
S6 INCOMPLETE
S7 COMPLETE
S8 READY_FOR_INTERNAL_REVIEW
S9 READY_FOR_INFOTECH_EXPORT
S10 INFOTECH_PROCESSING
S11 DRAFT_REPORT_GENERATED
S12 CLIENT_APPROVAL_REQUESTED
S13 CLIENT_QUERY_OPEN
S14 CLIENT_APPROVED
S15 FINALIZED
S16 ARCHIVED
General State Transition Rules
- A cycle must not proceed to processing until it reaches S7 COMPLETE and internal review is cleared.
- Any change after submission triggers re-validation and may roll back state.
- All transitions must be audit logged with actor and timestamp.
Step 1.0: Initiate Payroll Cycle and Request Client Data (S0 → S1)
Process Phase: CAPTURE
Actor: APOE
Action Description
Create the monthly cycle record, snapshot baseline, generate the client webform instance, and send the client request.
Statutory Basis
N/A (Internal control step)
Inputs
| Field Name | Format | Source | Validation Rule |
|---|---|---|---|
| client_code | String | Client master | Non-empty |
| cycle_month | YYYYMM | System date | Valid month |
| cycle_id | String | APOE | {ClientCode}-{YYYYMM} |
Micro-Steps
- Identify all active payroll clients for the cycle month.
- Create new cycle record with Cycle ID and baseline snapshot.
- Baseline snapshot must include:
- Employee master list (prior cycle)
- Prior month payroll totals (gross, net, CPF totals)
- Prior month variable pay totals
- Prior month claims totals
- Known ongoing flags (foreign employees, NS employees)
- Generate SPWP instance with a unique secure token.
- Send the data request email to the client with SPWP link.
Validation and Control Checks
- Check 1: Token is scoped to client and cycle, and is not reused.
- Check 2: Baseline snapshot exists and is linked to the cycle record.
Decision Points and Branching Logic
- IF baseline snapshot cannot be created, THEN stop and route to POL for approval before any client request is sent.
- ELSE proceed.
System Interaction
- System: APOE
- Action: Create cycle, snapshot baseline, create SPWP instance
Data Storage and Evidence
- Cycle creation log and baseline snapshot log must be written to AL.
Timeline and Deadlines
- Internal SLA: Initiate at 09:00 on the 17th (client time zone).
Common Mistakes to Avoid
- Do not use a token that is not unique per cycle.
When to Stop and Escalate
- Stop and escalate if baseline snapshot cannot be created or token generation fails.
Acceptance Criteria
- [ ] Cycle created, state S1 DATA_REQUESTED
- [ ] Baseline snapshot stored
- [ ] Client request sent
Step 2.0: Capture Inputs via SPWP with Real-Time Processing (S1 → S4)
Process Phase: CAPTURE
Actor: Client Representative (CR)
Action Description
Submit payroll inputs and supporting documents through SPWP, confirm extracted values, and attest accuracy.
Statutory Basis
N/A (Input capture step, supports downstream compliance controls)
Inputs
| Input Category | Examples | Required/Conditional |
|---|---|---|
| Attendance, leave, overtime | CSV, XLSX, PDF, or manual entry | Required |
| New joiners | Offer letter, joiner template, manual entry | Conditional |
| Resignations | Resignation letter, last working day details | Conditional |
| Salary revisions | Increment letter, salary revision list | Conditional |
| Variable pay | Bonus, allowance, commission, deduction details | Conditional |
| Claims and reimbursements | Receipt images or claim summary file | Conditional |
| NS claims | NS claim documentation | Conditional, blocking if applicable |
Micro-Steps
- Open SPWP link.
- Review read-only header (client name, payroll month, baseline totals).
- Complete Monthly Declaration.
- Provide Attendance data via upload or manual entry, per configuration.
- Complete all conditional sections triggered by changes.
- Review completeness percentage, blocking items, and warnings.
- Confirm attestation checkbox.
Validation and Control Checks
1. Document Control
| Document Title | Singapore Payroll Processing |
|---|---|
| Document ID | SOP-ACC-001 |
| Version | 1.0 |
| Effective Date | [Insert Date] |
| Review Date | [Insert Date + 12 months] |
| Document Owner | Head of Payroll Operations |
| Approver | Managing Director |
| Status | Draft |
Version History
| Version | Date | Author | Changes | Approved By |
|---|---|---|---|---|
| 5.0 | [Insert Date] | [Insert Author] | Reformatted to standard SOP layout and updated orchestration controls | [Insert Approver] |
Distribution
| Role Title | Access Rights | |
|---|---|---|
| Client Representative | Read-only | |
| Payroll Executive | Edit | |
| Payroll Operations Lead | Edit | |
| Finance Manager | Read-only | |
| Quality Reviewer | Read-only | |
| AI Workflow Developer | Read-only |
2. Purpose and Scope
2A. Process Overview for New Staff
What is this process?
This process documents the controlled monthly Singapore payroll workflow where Infotech Payroll performs payroll computations and statutory output generation, and the Agentic Payroll Orchestration Engine (APOE) orchestrates client intake, extraction, validation, compliance trigger detection, exception routing, approvals, and audit logging.
When does this process occur?
This process is triggered monthly, when APOE initiates the payroll cycle for each active payroll client (standard trigger date is the 17th of the month, client time zone).
What are the deliverables?
- Validated payroll input pack (client-provided data and supporting documents)
- Infotech import or processing pack with export manifest and lineage mapping
- Draft payroll outputs and variance checks
- Client approval evidence
- Post-payroll evidence pack (bank disbursement confirmation, CPF acknowledgement, and IR21 evidence where applicable)
- Archived cycle record with immutable audit trail
Who is involved?
- Client Representative (CR)
- Payroll Executive (PE)
- Payroll Operations Lead (POL)
- APOE (orchestration and controls)
- Infotech Payroll (system of record for computation outputs)
2B. Applicable Legal Framework and Statutory Authority
Primary Compliance Areas (Singapore)
- CPF contribution preparation and submission readiness controls
- IRAS employment income reporting readiness (IR8A accumulation)
- IRAS tax clearance trigger controls for foreign employees upon cessation (IR21 detection and gating)
- MOM event tracking triggers where relevant (OED-related task creation)
Compliance Horizon
This SOP is designed to ensure that payroll processing does not proceed on incomplete or contradictory inputs, and that compliance-sensitive cases are stopped for human review and approval.
3. Definitions and Abbreviations
| Term/Abbreviation | Definition |
|---|---|
| APOE | Agentic Payroll Orchestration Engine, the automation layer that orchestrates intake, validation, compliance logic, routing, reminders, and audit logging |
| SPWP | Secure Payroll Webform Portal, the client-facing portal for payroll inputs and uploads |
| RTVE | Real-Time Validation Engine, evaluates field-level validations and completeness rules |
| DIE | Document Intelligence Engine, performs OCR, parsing, extraction, and confidence scoring |
| CRE | Compliance Rule Engine, evaluates CPF, IR21 triggers, IR8A readiness accumulation, and MOM task triggers |
| EM | Exception Manager, routes issues to PE and escalates to POL for approvals |
| AL | Audit Logger, creates an immutable audit trail for inputs, document hashes, overrides, approvals, and state transitions |
| SoD | Segregation of duties control, ensures the same person does not both amend inputs and approve final outcomes |
4. Roles and Responsibilities
| Role | Responsibilities | Competency Requirements |
|---|---|---|
| Client Representative (CR) | Submit payroll inputs, upload supporting documents, confirm extracted values, and approve draft payroll outputs | Understands internal client payroll policies and required source documents |
| Payroll Executive (PE) | Monitor cycle statuses, resolve exceptions, confirm export packs, upload Infotech outputs, and coordinate client queries | Payroll operations execution, Infotech workflow familiarity, exception management |
| Payroll Operations Lead (POL) | Approve overrides and exceptions, approve mandatory human gates, ensure compliance completion before archiving | Compliance judgment, review controls, escalation handling |
| APOE (system) | Automated intake, extraction, validation, compliance logic, reminders, and audit logging | Configured workflows and thresholds |
| Infotech Payroll | System of record for payroll computation outputs and statutory output generation | Infotech access and processing know-how (PE and POL) |
Segregation of Duties (SoD) Controls
- The party who submits or amends client payroll inputs must not approve final payroll.
- Any manual override of validation or compliance flags requires POL approval.
- Export pack creation is automated, but release requires PE confirmation, and POL approval when flagged.
5. Prerequisites and Entry Conditions
Before commencing this process, verify the following conditions are met:
- Client is an active payroll client for the cycle month.
- Systems access confirmed for relevant roles (SPWP, APOE dashboards, Infotech access).
- Prior-cycle baseline exists, or a baseline creation exception is approved by POL.
Entry Checklist
- [ ] Cycle ID convention confirmed:
{ClientCode}-{YYYYMM} - [ ] Baseline snapshot created (employee master list, prior month totals, ongoing flags)
- [ ] Client webform link generated with token and expiry
- [ ] Audit logging enabled for webform revisions and uploads
6. Detailed Process Flow
Process Map (high-level phases)
- CAPTURE: Client intake and document capture
- VALIDATE: Real-time validation and completeness scoring
- PROCESS: Infotech-ready export and compliance evaluation with mandatory gates
- REPORT: Draft outputs and client approval
- RECORD: Post-payroll evidence capture and archiving
Controlled States (State Machine)
S0 INITIATED
S1 DATA_REQUESTED
S2 DRAFT_IN_PROGRESS
S3 PARTIAL_SUBMISSION
S4 SUBMITTED
S5 VALIDATION_RUNNING
S6 INCOMPLETE
S7 COMPLETE
S8 READY_FOR_INTERNAL_REVIEW
S9 READY_FOR_INFOTECH_EXPORT
S10 INFOTECH_PROCESSING
S11 DRAFT_REPORT_GENERATED
S12 CLIENT_APPROVAL_REQUESTED
S13 CLIENT_QUERY_OPEN
S14 CLIENT_APPROVED
S15 FINALIZED
General State Transition Rules
- A cycle must not proceed to processing until it reaches S7 COMPLETE and internal review is cleared.
- Any change after submission triggers re-validation and may roll back state.
- All transitions must be audit logged with actor and timestamp.
Step 1.0: Initiate Payroll Cycle and Request Client Data (S0 → S1)
Process Phase: CAPTURE
Actor: APOE
Action Description
Create the monthly cycle record, snapshot baseline, generate the client webform instance, and send the client request.
Statutory Basis
N/A (Internal control step)
Inputs
| Field Name | Format | Source | Validation Rule |
|---|---|---|---|
| client_code | String | Client master | Non-empty |
| cycle_month | YYYYMM | System date | Valid month |
| cycle_id | String | APOE | {ClientCode}-{YYYYMM} |
Micro-Steps
- Identify all active payroll clients for the cycle month.
- Create new cycle record with Cycle ID and baseline snapshot.
- Baseline snapshot must include:
- Employee master list (prior cycle)
- Prior month payroll totals (gross, net, CPF totals)
- Prior month variable pay totals
- Prior month claims totals
- Known ongoing flags (foreign employees, NS employees)
- Generate SPWP instance with a unique secure token.
- Send the data request email to the client with SPWP link.
- Check 1: Token is scoped to client and cycle, and is not reused.
- Check 2: Baseline snapshot exists and is linked to the cycle record.
Decision Points and Branching Logic
- ELSE proceed.
- System: APOE
- Action: Create cycle, snapshot baseline, create SPWP instance
Data Storage and Evidence
- Cycle creation log and baseline snapshot log must be written to AL.
Timeline and Deadlines
- Internal SLA: Initiate at 09:00 on the 17th (client time zone).
Common Mistakes to Avoid
When to Stop and Escalate
Acceptance Criteria
- [ ] Cycle created, state S1 DATA_REQUESTED
- [ ] Baseline snapshot stored
- [ ] Client request sent
Step 2.0: Capture Inputs via SPWP with Real-Time Processing (S1 → S4)
Process Phase: CAPTURE
Actor: Client Representative (CR)
Action Description
Submit payroll inputs and supporting documents through SPWP, confirm extracted values, and attest accuracy.
Statutory Basis
N/A (Input capture step, supports downstream compliance controls)
Inputs
| Input Category | Examples | Required/Conditional |
|---|---|---|
| Attendance, leave, overtime | CSV, XLSX, PDF, or manual entry | Required |
| New joiners | Offer letter, joiner template, manual entry | Conditional |
| Resignations | Resignation letter, last working day details | Conditional |
| Salary revisions | Increment letter, salary revision list | Conditional |
| Variable pay | Bonus, allowance, commission, deduction details | Conditional |
| Claims and reimbursements | Receipt images or claim summary file | Conditional |
| NS claims | NS claim documentation | Conditional, blocking if applicable |
Micro-Steps
- Open SPWP link.
- Review read-only header (client name, payroll month, baseline totals).
- Complete Monthly Declaration.
- Provide Attendance data via upload or manual entry, per configuration.
- Review completeness percentage, blocking items, and warnings.
- Confirm attestation checkbox.
- Submit.
Validation and Control Checks
- RTVE classifies issues into blocking errors and warnings.
- DIE returns extraction outputs with confidence scoring.
- CRE detects contradictions between client declaration and uploaded evidence.
Decision Points and Branching Logic
- IF required evidence is missing, THEN cycle must be INCOMPLETE.
System Interaction
- System: SPWP, DIE, RTVE, AL
Data Storage and Evidence
- Store webform revisions, upload hashes, extraction outputs, and attestation record.
Timeline and Deadlines
- Internal SLA: 17th to 18th client time zone.
Common Mistakes to Avoid
- Do not submit without confirming medium-confidence extracted values.
When to Stop and Escalate
- Stop and escalate if blocking errors cannot be resolved due to missing client inputs.
Acceptance Criteria
- [ ] Cycle reaches S4 SUBMITTED
Step 3.0: Run Validation and Completeness Computation (S4 → S7)
Process Phase: VALIDATE
Actor: APOE
Action Description
Validate inputs, apply blocking rules, compute completeness, and set cycle COMPLETE only when required items are resolved.
Statutory Basis
N/A (Internal control step)
Core Blocking Rules
A. Attendance completed per chosen method.
B. Any declared change section has required documents or confirmed manual entries.
C. Any resignation of foreign employee generates IR21 task or justified override.
D. Duplicate receipts require override approval.
E. Required NS documentation present if NS claims exist.
Micro-Steps
- Run rule evaluation and classify issues.
- Compute completeness percentage.
- If blocking items exist, set state INCOMPLETE and route via EM.
- If no blocking items exist, set state COMPLETE.
Evidence
- Validation report, rule outcomes, completeness computation log.
Acceptance Criteria
- [ ] Cycle reaches S7 COMPLETE
Step 4.0: Internal Readiness Review and Mandatory Approvals (S7 → S8)
Process Phase: VALIDATE
Actor: Payroll Executive (PE), Payroll Operations Lead (POL)
Action Description
Perform readiness review and approve any mandatory human-in-the-loop gates.
Micro-Steps
- PE reviews:
- Blocking errors resolved
- Medium-confidence extractions confirmed
- Major variance flags identified
- IR21 tasks created where required
- CPF ceiling risk flags reviewed
- If any mandatory gate condition is present, route to POL.
- POL approves with reason code and justification.
SoD Control
PE must not self-approve overrides.
Acceptance Criteria
- [ ] Cycle reaches S8 READY_FOR_INTERNAL_REVIEW
Step 5.0: Generate Infotech Export Pack and Run Compliance Evaluation (S8 → S10)
Process Phase: PROCESS
Actor: APOE (pack generation), POL (approvals)
Action Description
Transform validated data into Infotech format, run compliance rules, and enforce mandatory gates.
Mandatory Human-in-the-Loop Gates (Require POL Approval)
- Salary delta exceeds threshold
- CPF AW ceiling breach risk
- IR21 case open
- Duplicate receipts present
- OCR confidence below threshold and manual entry used
- Payroll variance exceeds threshold vs baseline
Evidence
- Export pack, manifest, lineage mapping, compliance engine results, gate approval records.
Acceptance Criteria
- [ ] Cycle enters S10 INFOTECH_PROCESSING
Step 6.0: Draft Report Generation and Client Approval (S10 → S14)
Process Phase: REPORT
Actor: PE, APOE, CR
Action Description
Upload Infotech outputs, generate draft payroll report, and obtain client approval or manage queries.
Micro-Steps
- PE uploads Infotech outputs to APOE.
- APOE validates totals against export manifest.
- APOE generates draft payroll report.
- APOE sends client approval link.
- Client approves or raises query.
- If query is raised, set state CLIENT_QUERY_OPEN, resolve and reissue approval.
Acceptance Criteria
- [ ] Cycle reaches S14 CLIENT_APPROVED
Step 7.0: Post-Payroll Evidence Capture and Archiving (S14 → S16)
Process Phase: RECORD
Actor: APOE, PE
Action Description
Capture statutory and disbursement evidence and archive cycle.
Micro-Steps
- Capture bank disbursement confirmation.
- Capture CPF submission acknowledgement.
- Capture IR21 acknowledgement where applicable.
- Store all records and set state ARCHIVED.
Acceptance Criteria
- [ ] Cycle reaches S16 ARCHIVED
7. System Architecture for AI Implementation
Process Input Schema (High Level)
| Field Name | Data Type | Validation Rules | Required/Optional | Source System |
|---|---|---|---|---|
| cycle_id | String | {ClientCode}-{YYYYMM} | Required | APOE |
| attendance_inputs | File or Table | Required fields per employee must be present | Required | SPWP |
| supporting_documents | Array[File] | Hash uniqueness and readability checks | Conditional | SPWP |
Process Output Schema (High Level)
| Output | Data Type | Format Specification | Destination | Retention |
|---|---|---|---|---|
| infotech_export_pack | File | Infotech import format | Records store | Per policy |
| draft_payroll_report | File | PDF or equivalent | Client portal and records store | Per policy |
Integration Points
| Integration | Protocol | Direction | Error Handling |
|---|---|---|---|
| SPWP to APOE | API | Inbound | Retry with backoff, alert PE if persistent failures |
| Infotech | Manual upload or file transfer | Outbound | Manifest validation and re-export on mismatch |
8. Quality Controls and Compliance Checkpoints
| Checkpoint | What to Check | Who Checks | Frequency | Record |
|---|---|---|---|---|
| Completeness gate | No blocking items before processing | APOE, PE | Per cycle | Validation report |
| Override approval | POL approval recorded for mandatory gates | POL | Per exception | Approval record |
| Client approval | Client approval captured prior to disbursement | CR, PE | Per cycle | Approval evidence |
9. Regulatory and Legal References
- CPF submission requirements (as applicable)
- IRAS employment income reporting readiness (IR8A)
- IRAS tax clearance trigger (IR21) for foreign employee cessation
- MOM OED update triggers
10. Records Management and Retention
Records to store for each cycle
- Webform revisions
- Final submission snapshot
- Uploaded documents with hashes
- Extraction outputs and confidence scores
- Validation results
- Compliance engine results
- Human approvals and overrides
- Client approval evidence
- Infotech export files and manifests
Retention
Minimum 5 years, or longer per policy.
11. Risk Assessment and Mitigation
| Risk Description | Likelihood (1-5) | Impact (1-5) | Risk Score | Category |
|---|---|---|---|---|
| Incorrect payroll due to incomplete inputs | 3 | 5 | 15 | Operational |
| Missed IR21 workflow for foreign leavers | 2 | 5 | 10 | Compliance |
| Duplicate or fraudulent claims | 2 | 4 | 8 | Fraud |
Preventive Controls
- Blocking validation and completeness scoring
- Mandatory approval gates for exceptions
- Receipt hashing and duplicate detection
Escalation
- Escalate mandatory gate approvals to POL.
- Escalate suspected fraud indicators to POL immediately.
12. Process Re-engineering and Continual Improvement
- Quarterly review of validation false positives and OCR confidence thresholds.
- Update extraction templates for recurring document formats.
- Update compliance rules after statutory changes.
- Track bottlenecks including client submission delays and internal approval cycle times.
13. Training and Competency Requirements
Minimum Competency Standards
- Ability to interpret validation issues and request remediation.
- Familiarity with Infotech workflow and export packs.
- Understanding of escalation triggers for compliance exceptions.
Training Program
- New staff shadow two payroll cycles.
- Supervised execution of one complete cycle before independent ownership.
- Quarterly refresher on compliance triggers and exception handling.
14. Related Documents and Cross-References
- KYC and due diligence SOP (if applicable to payroll onboarding)
- Records management SOP (if applicable)
- Internal policy thresholds for variance, overtime, and approvals
15. Appendices
Appendix A: Process Flow (Swimlane Description)
- APOE initiates cycle and sends request.
- Client submits inputs and documents via SPWP.
- APOE validates and routes exceptions.
- PE completes readiness review and routes mandatory gates to POL.
- APOE generates export pack and processing proceeds via Infotech.
- PE uploads outputs, APOE issues draft report for client approval.
- APOE captures evidence and archives.
Appendix B: Worked Example (Fictional Data)
ClientCode: ACME
Cycle: ACME-202602
- Attendance uploaded (CSV), 1 employee unpaid leave = 2 days.
- 1 new joiner with offer letter uploaded.
- 3 receipts uploaded, 1 duplicate detected and overridden by POL with justification.
Appendix C: Junior Staff Decision Guide
| If You See This... | Then Do This... | Escalate? |
|---|---|---|
| Blocking errors on validation | Stop processing and request missing items from the client | Yes, to PE |
| IR21 required for foreign leaver | Create or confirm IR21 task, block finalization until closed or overridden | Yes, to POL |
| Duplicate receipt detected | Block inclusion unless POL approves override with justification | Yes, to POL |
Appendix D: Escalation Matrix
- PE to POL: mandatory gate, contradictions, suspected fraud.
- POL to Managing Director: systemic control failure or repeated compliance breach risk.
Appendix E: Completion Checklist
- [ ] Cycle initiated and client request sent
- [ ] Client submission received
- [ ] All blocking errors resolved
- [ ] Internal readiness review completed
- [ ] All mandatory approvals completed
- [ ] Export pack generated and confirmed
- [ ] Draft report generated
- [ ] Client approval captured
- [ ] Evidence stored
- [ ] Cycle archived
End of SOP