In many small businesses, governments, and not-for-profits, a limited number of persons (often one or two) handle the entire payroll function. In such situations, appropriate segregation of duties may not exist and you may well meet up with a ghostly payroll fiend.
Common payroll fraud fiends, I mean schemes, include:
- Inflating hours worked
- Duplicate payments
- Ghost employees
- Inflating pay rates
Once we explore how these frauds occur, we’ll see if we can find appropriate incantations and actions to chase them away (in the form of segregation of duties).
Inflating Hours Worked
Many organizations use time-clocks which are activated by a swipe of the employee’s identification card. This is better than using a paper based payroll system, but the use of biometric systems is more effective in eliminating buddy-punching. Biometric systems read physical features of the employee (e.g., fingerprint). The problem with payroll identification cards is they can be left near the time-clock and workmates can clock in for a buddy while that friend is still in bed, enjoying a morning snooze. Another simple preventive measure is to install a video camera at the clock-in site; then if buddy-punching does occur, it will be captured.
Regardless of the payroll system used, it is imperative that supervisors review and approve the time records for their department – prior to the remittance of these records to accounting. Once the time records are received in accounting, it is important that the payroll clerk review the submitted information for significant variances; this should be done prior to the processing of payroll.
Another common payroll scheme is the issuance of duplicate payroll checks, especially to the payroll clerk or finance director since they often control payroll disbursements. This is even more prevalent when these persons can also sign checks, whether physically or electronically. Be wary of situations where one person can issue payroll checks (including direct deposits) and record the transaction in the general ledger without review by a second party.
Most any discourse about payroll fraud includes a discussion of ghost employees (fictitious employees on the payroll); so I won’t disappoint. Regardless of the payroll system, the existence of ghost employees can be expensive. But in order to have a ghost employee, someone must create the employee or leave a terminated employee in the payroll system. The later is the more prevalent practice (since it’s easier to do – no drug test required, for example). By leaving a terminated employee in the payroll system, the fraudster (usually the payroll clerk or finance director) can simply change the terminated employee’s bank account number to his or her own, and, with direct deposit, the ghost employee payments are sent to the fraudster’s bank account. So how do we prevent and detect the existence of ghost employees?
- Periodically compare each employee in the payroll system to individual personnel files – ghosts don’t normally have personnel files.
- Examine any returned W–2s. If the ghost has a ghost address, the W–2 will be returned; compare returned W–2s to personnel files.
- Separate the duty of adding or deleting an employee from the payroll processing function. Assign the duty to add and delete employees to the HR director, for example, and the duty to process payroll to other payroll personnel.
- If possible, have the computerized payroll system generate an email to someone outside the payroll department (e.g., finance director) for each change of address or each person added or deleted from the system; alternatively have the system generate a monthly report of all changes to payroll – again going to a reviewer outside of payroll.
- Use a payroll system that requires second party approval of any new personnel additions or changes to payroll records.
Inflating Pay Rates
One of the easiest ways to commit payroll theft is to inflate pay rates (e.g., hourly rates) in the master payroll file. To mitigate this risk, the organization should limit who has access to the master pay rate file. Make sure appropriate passwords are established and that those passwords are known only to authorized persons. In addition, all pay rates should be documented in each employee’s personnel file. The person authorizing the pay rate should sign and date the approval sheet.
Segregation of Duties
Most of these threats can be eliminated or greatly diminished by implementing appropriate segregation of duties. Where possible, the organization should segregate the following payroll responsibilities:
- Setting up new employees and deleting terminated employees
- Authorization of wage rates
- Entering pay rates into the accounting system
- Entering time into the accounting system
- Processing and printing of checks
- Distribution of physical checks
- Reconciling the payroll bank account
If you can’t segregate these functions, have a second person review and sign off on payroll, or have a periodic audit of your payroll performed.
Any Fiends in Your Payroll?
Have you had any payroll frauds at your place of business? If yes, please share.