Auditing Sales Incentive Programs: Follow the Money—and the Behavior

Auditing the incentive plans

Few things motivate salespeople like a well-designed incentive plan. Commissions, bonuses, accelerators, sales contests, and President’s Club trips have been driving sales performance for decades. Done well, incentive programs align employee behavior with company strategy, reward high performers, and fuel growth.

Done poorly, they can encourage questionable sales practices, create financial reporting problems, generate costly disputes over commission calculations, and even attract regulatory scrutiny.

For internal auditors, sales incentive programs occupy an interesting space. They are part financial process, part operational process, part compliance function, and part behavioral science. An effective audit is not simply about verifying whether commissions were calculated correctly. It is about understanding whether the organization is rewarding the right behaviors, whether controls prevent manipulation, and whether management has sufficient oversight over a process that often involves significant financial expenditures.

The challenge is that incentive programs have become increasingly complex. Many organizations now use multiple compensation plans based on products, territories, customer segments, quotas, profitability, customer retention, or cross-selling objectives. Layer in acquisitions, changing sales territories, CRM systems, ERP integrations, and specialized incentive compensation software, and the process quickly becomes one of the more complicated operational areas an internal auditor may encounter.

And that’s precisely what makes these audits so interesting.

Unlike an audit of accounts payable or fixed assets, a sales incentive audit isn’t just evaluating whether a process functions as designed. It’s evaluating whether one of management’s most powerful tools for influencing employee behavior is producing the intended results. That makes the engagement as much about governance and organizational behavior as it is about controls and calculations.

When Good Incentives Go Bad

Business schools have been teaching for decades that people respond to incentives. Indeed, one HR executive I know once said, “sales people will always do exactly what they get paid to do.” Sales executives don’t need an academic study to tell them that. They see it every quarter.

Increase commissions on a particular product, and salespeople suddenly become much more enthusiastic about discussing that product with customers. Add a generous accelerator for exceeding quota, and end-of-quarter activity often surges. Introduce bonuses tied to customer retention or recurring revenue, and account management tends to receive considerably more attention.

None of this is surprising. Incentive plans are designed to shape behavior. The more interesting question for internal auditors is whether they are shaping the right behavior.

Few examples illustrate that risk more dramatically than the sales practices scandal at Wells Fargo.

For years, the bank aggressively promoted its cross-selling strategy, encouraging employees to deepen customer relationships by selling multiple financial products to each household. Internally, the initiative became known as “Eight is Great,” reflecting management’s goal of increasing the average number of products each customer held with the bank, with a goal of eight.

There was nothing inherently inappropriate about encouraging cross-selling. Many financial institutions pursue similar strategies. The problem arose when ambitious sales goals, intense performance pressure, and incentive structures collided with weak oversight and an unhealthy corporate culture.

As later investigations by regulators, lawmakers, and the bank itself revealed, thousands of employees opened millions of deposit accounts and credit card accounts that customers had neither requested nor authorized. In some cases, small amounts of money were transferred from legitimate customer accounts to activate the unauthorized accounts. Customers incurred fees they didn’t understand, credit scores were affected, and public trust eroded.

The financial consequences were staggering. Wells Fargo ultimately paid billions of dollars in fines, settlements, customer remediation, and legal costs. The bank’s CEO resigned, numerous senior executives departed, congressional hearings followed, and the organization spent years rebuilding its reputation.

Importantly, investigators did not conclude that incentive compensation alone caused the misconduct. The scandal resulted from a toxic combination of unrealistic performance expectations, ineffective management oversight, cultural failures, inadequate escalation mechanisms, and compensation practices that rewarded sales production without sufficient consideration of customer outcomes.

That distinction matters. It’s tempting to reduce the Wells Fargo story to a cautionary tale about “bad commission plans.” But the real lesson is more nuanced. Incentives are extraordinarily powerful, and when governance fails to keep pace, even well-intentioned performance programs can begin encouraging behaviors that no one originally intended.

For internal auditors, the question isn’t whether a similar scandal could occur inside their own organization. Few companies will experience a failure on that scale. The more practical question is whether smaller versions of the same dynamics are quietly taking shape.

Could sales representatives be discounting products excessively because revenue matters more than profitability? Are quarterly targets encouraging deals that haven’t been fully vetted? Are multiple representatives receiving credit for the same customer? Has the commission plan become so complicated that even experienced managers struggle to explain how payments are calculated? Those are the kinds of questions that can transform an ordinary process audit into a meaningful assessment of organizational risk.

Looking Beyond the Commission Statement

One of the easiest traps for internal auditors is allowing the commission statement to define the scope of the engagement. Certainly, commission calculations deserve testing. If employees are being paid incorrectly, management needs to know. But experienced internal auditors recognize that calculation accuracy is often the final step in a much longer process.

Long before a commission appears on someone’s paycheck, dozens of decisions have already been made. Sales leadership has determined which behaviors deserve to be rewarded. Finance has evaluated the expected cost of the program. Human resources has helped structure compensation plans. IT has configured system rules. Legal or compliance may have reviewed regulatory considerations. Sales operations has established territories, quotas, and credit assignment rules. Payroll eventually processes the payments.

By the time an employee receives a commission statement, the transaction may have passed through multiple systems and several departments, each introducing opportunities for misunderstanding, error, or inappropriate manipulation.

That’s why the first phase of the audit should rarely begin with selecting commission samples. Instead, internal auditors should spend time understanding how the program is intended to operate.

Who actually owns the incentive program? Is there a formal governance committee, or does the sales department make compensation decisions largely on its own? How frequently are compensation plans revised? Are changes documented and independently reviewed before they are implemented? When exceptions arise—they always do—and who has authority to approve them? The answers often reveal far more about the health of the process than recalculating a handful of commission payments.

Complexity Has a Way of Sneaking In

One characteristic seems almost universal among mature sales organizations. Their compensation plans become increasingly complicated over time.

The original commission plan may have fit comfortably on two pages. Then came a new product line that required special incentives. A year later, the company acquired another business with different compensation practices. International operations were added. New subscription offerings appeared. Strategic accounts required unique commission treatment. Management introduced quarterly contests, temporary accelerators, customer retention bonuses, and special incentives for selling bundled solutions. Every one of those decisions probably made perfect business sense at the time.

Five years later, however, the incentive program may resemble an old house that has been expanded so many times that no one remembers where the original structure ends and the additions begin.

Compensation plans become filled with exceptions. Sales operations maintains increasingly elaborate spreadsheets to reconcile transactions. Business rules exist partly within the incentive management application and partly inside undocumented manual procedures known only to a handful of experienced employees. None of those developments necessarily indicate poor management. They do, however, increase risk.

Complexity makes processes harder to administer consistently. It increases dependence on key individuals. It makes employee training more difficult. Most importantly, it creates more opportunities for errors to remain hidden because fewer people fully understand how the entire process operates.

One of the most valuable observations an internal auditor can sometimes make is surprisingly simple: the organization may have reached the point where simplifying the incentive program would reduce operational risk more effectively than adding another layer of controls.

Following the Data

Ask experienced internal audit leaders where commission errors usually originate, and many will give the same answer. “Upstream.” Modern incentive programs depend upon data flowing accurately through a surprisingly long chain of business systems.

A sales opportunity may begin in a CRM application. Once the contract is finalized, order information moves into the ERP system for fulfillment and billing. Revenue recognition processes determine when revenue can be recognized. Customer master files, product tables, territory assignments, pricing information, and quota data all contribute additional pieces of information before the transaction finally reaches the incentive compensation platform where commissions are calculated. By then, the calculation engine is only as good as the information it receives.

That is why auditors should devote significant attention to data governance rather than assuming technology has eliminated most of the risk. How are interfaces monitored? What happens when transactions fail overnight? Are rejected records investigated promptly? How are manual uploads controlled? When sales territories change mid-quarter, how are historical transactions affected? If customer data is corrected after a commission has already been paid, does the system automatically identify the need for an adjustment?

These questions may not sound as exciting as recalculating a commission payment, but they often lead internal auditors much closer to the root causes of recurring problems. In many organizations, the formulas work exactly as designed. It’s the data that quietly tells a different story.

Where Experienced Internal Auditors Spend Their Time

Once internal auditors understand how the incentive program is designed, the work shifts from understanding the process to evaluating whether it is operating as management intended.

That doesn’t necessarily mean expanding testing. In fact, experienced auditors often become more selective. A newer auditor might spend most of the engagement recalculating commission payments. A seasoned auditor is just as interested in the handful of transactions that didn’t fit neatly within the rules. Those are usually the transactions that reveal how well the process really functions.

Almost every sales organization has exceptions. A major customer renegotiates a contract after the commission has already been paid. Two sales representatives dispute who deserves credit for closing the deal. A strategic pricing concession receives executive approval. A territory realignment occurs halfway through the quarter. None of these situations are unusual.

What separates a well-controlled process from a risky one is how those exceptions are handled. Are adjustments supported by documentation? Does someone independent review significant overrides before payments are released? Are recurring exceptions analyzed to determine whether they point to weaknesses elsewhere in the process, or has management simply accepted them as “the way we’ve always done things?”

One of the most valuable observations an internal auditor can make is that a process requiring constant manual intervention probably has problems that no amount of review and approval will fully solve. Manual adjustments should be the exception, not a parallel operating system.

Controls That Matter Most

Internal auditors don’t need another article reminding them that approvals, reconciliations, segregation of duties, and system access reviews are important. Those controls are part of virtually every audit.

Sales incentive programs, however, tend to place particular pressure on a handful of controls. Change management is one of them.

Compensation plans are rarely static. Sales leadership introduces new products, launches promotional campaigns, modifies quotas, changes territories, or adjusts commission rates throughout the year. Every change introduces risk—not because change is inherently bad, but because compensation rules often become embedded in multiple systems, reports, and manual procedures.

A seemingly simple decision to increase commissions on one product line may require updates to the incentive management platform, reporting logic, payroll interfaces, sales dashboards, and documentation provided to employees. Missing just one of those updates can create confusion, payment errors, or disputes that consume countless hours to resolve.

Access management deserves similar attention. In smaller organizations, convenience sometimes wins the battle over good governance. The same administrator who maintains the compensation system may also update sales territories, modify commission rules, and process manual adjustments. Everyone involved may be completely trustworthy, but concentrating that much authority in a single role creates unnecessary risk.

Experienced internal auditors also pay close attention to monitoring controls. Organizations often devote significant effort to preventing errors while spending relatively little effort looking for them.

Yet some of the most effective detective controls are surprisingly straightforward. Management should periodically compare commission expense with sales trends, review unusually large payments, investigate duplicate commission credits, monitor manual overrides, and analyze adjustments by business unit, manager, or sales representative. Those reviews not only identify errors—they often reveal process weaknesses long before they become significant operational problems.

The Questions Data Analytics Can Answer

Few business processes lend themselves to data analytics as naturally as sales incentive programs. Traditional sampling will always have its place, particularly when verifying the accuracy of complex commission calculations. But today’s internal audit tools allow auditors to examine the entire population of transactions rather than relying exclusively on samples.

That changes the conversation. Instead of asking whether five sampled commission payments were calculated correctly, auditors can begin asking broader questions.

Why did commission payments spike dramatically during the final three business days of the quarter?

Why does one sales region consistently require more manual adjustments than every other region?

Why do certain managers approve significantly more overrides than their peers?

Why are commission reversals concentrated within a particular product line?

Questions like these often lead internal auditors toward operational issues that would never appear through traditional sampling alone. Artificial intelligence promises to make this work even more powerful.

Although many organizations are still experimenting with AI, its greatest value may not lie in replacing traditional audit procedures but in helping internal auditors identify patterns that deserve human investigation. Large language models can summarize thousands of commission adjustments, while machine learning tools can identify unusual payment patterns or relationships that would be difficult to detect manually.

Like every emerging technology, AI requires thoughtful governance and healthy skepticism. It should inform professional judgment—not replace it. Still, incentive compensation may become one of the areas where AI delivers practical value much sooner than many auditors expect.

Don’t Forget the People

At some point during the audit, close the laptop. Walk down the hall. Talk to the people who actually live with the compensation plan every day. Ask sales representatives whether they understand how their commissions are calculated. Ask managers whether disputes are common. Ask sales operations how much time is spent researching payment questions each month. Speak with Payroll about recurring adjustments. And ask finance whether commission expense has become more difficult to forecast. Those conversations often reveal issues that never appear in policy manuals.

One sales operations manager once joked that the company’s compensation plan had become “a full-employment program for spreadsheet experts.” Most internal auditors have probably encountered some version of that comment.

Employees create shadow spreadsheets because they don’t fully trust the system. Managers keep separate records “just to double-check.” Sales representatives develop their own commission calculators because they cannot predict what their paycheck will be.

Those workarounds may seem harmless, but collectively they tell an important story. When employees lose confidence in the process, they begin building alternative processes of their own. That observation, by itself, may justify management taking a fresh look at the entire incentive program.

Looking for Behavior, Not Just Errors

Perhaps the most interesting part of the audit comes after the control testing is complete. Step back from the workpapers and ask a broader question: If someone knew nothing about the organization’s compensation plan and simply observed employee behavior for six months, what would they conclude the company values most?

  • Revenue growth?
  • Profitability?
  • Long-term customer relationships?
  • Cross-selling?
  • Speed?
  • Discounting?

Whatever employees consistently do is probably what the incentive plan is encouraging—even if unintentionally. This is where internal audit can provide value that extends well beyond traditional assurance.

Perhaps sales representatives are routinely offering significant discounts during the final week of every quarter because quotas reset the following month. Maybe implementation teams struggle because deals are being closed before customers are operationally ready. Perhaps customer retention suffers because incentives focus almost exclusively on acquiring new business. None of those observations necessarily indicate control failures.

They do, however, provide management with valuable insight into whether the incentive program continues to support the organization’s strategic objectives. That may ultimately be the most important question the audit answers.

Aligning Incentives with What the Organization Values

Sales incentive programs are sometimes viewed as technical exercises involving compensation formulas, payroll interfaces, and system configuration. They are certainly all of those things. But they are also something much larger.

Every incentive plan is, in effect, a statement from management about what the organization values. Employees hear that message every day—not through speeches at town hall meetings or carefully crafted mission statements, but through the goals they are asked to achieve and the behaviors they are rewarded for demonstrating. That is why these audits deserve thoughtful attention.

Yes, internal auditors should verify that commission calculations are accurate. They should examine system controls, review manual adjustments, test data integrity, and evaluate segregation of duties. Those responsibilities remain fundamental.

But the most valuable audits don’t stop there. They ask whether the organization has designed an incentive system that encourages sustainable growth rather than short-term wins, collaboration rather than internal competition, ethical decision-making rather than corner-cutting, and customer success rather than simply customer acquisition.

The Wells Fargo scandal demonstrated what can happen when incentive structures, governance, and culture fall badly out of alignment. Most organizations will never face a failure of that magnitude. Even so, the underlying lesson applies to companies of every size and in every industry: incentives are extraordinarily powerful, and they deserve equally strong oversight.

For internal auditors, that makes sales incentive programs one of the profession’s most fascinating assignments. They combine governance, technology, financial controls, operational effectiveness, organizational culture, and human psychology into a single engagement.

That’s not just an audit of a compensation process. It’s an audit of how an organization motivates people to achieve its objectives. And few responsibilities are more important than making sure those two things remain aligned.  Internal audit end slug


Joseph McCafferty is Editor & Publisher of Internal Audit 360°.

Leave a Reply

Your email address will not be published. Required fields are marked *