Payroll Fraud – An Often Overlooked Risk and How to Address ItMay 15, 2015
Christopher S. Ernest, CPA
We often hear or read stories in the news about fraud occurring within businesses. Frequently, such businesses are victimized when an individual in a position of financial authority makes unauthorized withdrawals or disbursements from bank accounts, or misdirects cash deposits. In response to these risks, controls are often implemented to prevent and detect fraud relating to cash, but what is often overlooked is the potential for payroll fraud.
According to a 2014 report by the Association of Certified Fraud Examiners (ACFE), payroll fraud is the top source of accounting fraud and employee theft. The ACFE indicates that payroll fraud occurs in 27% of businesses (for-profit and not-for-profit) and happens twice as often in organizations with less than 100 employees. Finally, they note that the average payroll fraud lasts approximately 24 months. In short, the risk is too great not to be addressed. While adding additional controls and steps in the payroll process may seem cumbersome, the benefit of reducing the risk for payroll fraud is worth it. The following are a few simple steps that can be taken to prevent and detect fraud in this important area.
Maintain timecards for all employees, and supervisors should be required to review and approve them each pay period. Particularly, overtime (for hourly employees), sick time, vacation and other leave time should require an approval. The timecards should be filed as support with the payroll registers each period so they can be reviewed along with the registers.
Maintain an adequate segregation of duties within the payroll processing function. For example, the individual who posts the payroll to the general ledger should not be the same individual who processes the payroll within the payroll module of the accounting software or with the third-party payroll provider. This will allow for a reasonableness review of each period’s payroll at the time it is paid.
Reconcile payroll registers to the general ledger payroll accounts quarterly. This exercise will assist in detecting if payroll has been mis-posted to another area of the general ledger, or if other fraudulent transactions (i.e. cash-related fraud or fraudulent financial reporting) have been posted to payroll accounts in an attempt to “bury” it within typically large numbers.
Prepare a detailed payroll budget each fiscal year. Comparing actual payroll results to budget on a monthly or quarterly basis can be helpful in identifying fraudulent activity. Any significant variances from budget should be easily explainable. Reviewers should also keep in mind known variances from budget (i.e. an open position that was budgeted for but not filled), and ensure that these variances are being realized.
- Have an executive of the organization, who is independent of the payroll and accounting function (such as the president, executive director, treasurer, etc.), review the payroll registers periodically for unusual or unexpected activity. He or she should review the hours worked (for hourly employees) along with employee pay rates to ensure they are consistent with expectations. Further, he or she should review the listing of employees paid to identify potential “ghost employees” (individuals being paid who do no work for the organization), or terminated employees who continue to be paid. Many organizations outsource their payroll processing to a third party provider. Through the online platforms made available by payroll providers or within payroll modules embedded in the accounting software, companies will typically have access to a variety of useful reports, including an “audit report” that can be run for a specific payroll period or other period of time and provides a detailed listing of all changes made within the payroll system, such as employees added, employees terminated, rate changes, withholding changes, etc. This is an especially important control for smaller organizations in which the individuals processing and posting payroll also have responsibility for maintaining the employee database, pay rates, withholdings and deductions. Reviewing such a report in connection with a review of the payroll registers can be very useful. Changes identified by an “audit report” should be supported by the appropriate paperwork and authorizations within the employee files.
In the end, the key to payroll fraud prevention is identifying how it could occur within your organization and adding reasonable controls, such as those recommended above, to address the risks.