A global company needs to guard against payroll-related crime. Tim Kelsey considers how to avoid having R. Dean Taylor’s nightmare coming true in your organisation
The non- existent employee (or payroll ghost) is just one of the “crimes against payroll” we need to be vigilant against – especially when operating on an international basis. Sophisticated payroll scams not only include the creation of fictitious employees, but also the perennial favourites of fiddling time clocking records, making exaggerated expenses claims, and awarding loans to employees who then find ways to write off the sums owed.
Payroll fraud is one of those difficult but necessary subjects to discuss and confront on a regular basis. On the one hand, the vast majority of us simply cannot contemplate such a breach of ethics. Envy and greed play no part in the role of a payroll professional—and if these emotions trouble you, then a career change is the only answer. On the other hand, we all know it does occur—and we have to be prepared to identify it and prevent it from happening in our employer’s business. The following are short summaries of recent payroll stories that the media has covered:
- United States—An employee of the U.S. Postal Service in Washington, D.C., claimed $40,000 in wages for jury service that the employee claimed lasted 144 days. In reality, the employee had been discharged from jury duty on the first day of service, but had forged court papers to persuade his employer to pay him for what turned out to be a very long vacation.
- United Kingdom—A payroll supervisor working for a recruitment agency created more than 20 “ghost” employees on the payroll and fraudulently paid himself £2.9 million over a six-year period before being caught in an audit. Most of the money was gone before detection, having been spent on fast cars, holidays, and a Thai fiancée.
- Italy—The Southern Italian town of Boscotrecase was forced to shut down most of its municipal operations after an audit revealed that more than 200 employees were not performing their jobs. The individuals had bona fide roles with the municipality but did very little work—clocking in, drawing their salaries, but not actually performing any services. A hidden camera captured one employee placing a cardboard box over their head to avoid detection while clocking in many colleagues.
- Tanzania—In 2016, a national audit revealed that the Tanzanian government’s payroll had at least 10,000 employees drawing a combined salary of $2 million per month but who did not exist.
Segregate Payroll Duties
These global cases suggest that the best way to guard against payroll fraud is to have a good segregation of duties. No one person should be able to perform all the functions of creating a new employee, and preferably there should be three people to complete the process from start to finish. Two people might collude with each other, but it’s unlikely that three employees would do so. The segregation of duties argument is one of the most compelling reasons for locating the payroll function within the finance sphere rather than HR (collusion is easier if you know your colleagues), so companies that do locate payroll within HR should give special consideration as to how a good segregation of duties is achieved and routinely test that this works in practice.
Use Headcount Reports
As can also be seen from the news stories above, the creation of ghost employees is one of the most common methods used to commit payroll fraud. Such fraud might utilise the valid payroll records for deceased or ex-employees. Within the European Economic Area (EEA), pay particular attention to the records of ex-employees who were migrant labour under the freedom of movement principle and who have returned to their home countries. Such individuals, having left the country where the business functions, make perfect ghost employees as they are less likely to be sent communications which would make them suspect a fraud was being perpetrated in their name, and therefore prompt an enquiry to the ex-employer.
Another area to check, particularly in companies with high staff turnover, involves “no-show” employees. These are employees who passed through the recruitment process, but never actually started work and are made live on the payroll by a fraudster. And, of course there’s always the chance that a fraudster simply creates a fictitious employee. This will often require collusion with an HR colleague to create the necessary personnel record to feed the payroll system. With the shift toward more payroll automation, a single point of control (i.e., creating a record in HR that automatically feeds payroll) can quickly become a single point of risk if not properly controlled.
So, how does an organization guard against the creation of ghost employees? Auditors often suggest headcount reports sent to line managers for verification. But how many line managers actually have the time or inclination to search through a line-by-line report and verify all of the members of a large department in the narrow timeframe usually available between running the trial payroll and executing the final net pay run?
Instead, why not ask line managers to verify the details of a handful of employees each month chosen at random? The check could include, for example, taking a photograph of the employee at the workplace to prove they are working (well at least for that moment anyway!). Another idea is to perform a check-off exercise comparing payroll with another company document that refers to the individuals working in a department, and which a fraudster would find difficult to manipulate. For example, checking off the payroll run against an internal telephone directory or list of active email accounts to see who is really there.
Ghost employees are not the only method by which payroll fraud can be committed. Many payroll systems include the functionality to allow an employee to split net pay over more than one bank account. This can be useful for employees, particularly those who might want to hide their true net income from a spouse. The apocryphal tale of workers having basic pay paid to the family joint account whilst overtime and bonuses are paid to a secret “fun” account can happen legitimately. But they can also give the criminally-minded an opportunity.
The fraudster adds an additional payment (often a one-off payment such as a season ticket loan) to a genuine employee’s pay record and sets the record to pay the loan funds to a second bank account controlled by the fraudster. Through their access to the payroll system, the fraudster manipulates the copy payslip that the employee receives to show only the usual salary—which, of course, matches the funds credited to the employee’s bank account. As a loan payment heading was used, there will be no reflection in year-to-date balances on the pay advice, so the genuine employee will have no reason to notice what the fraudster has done.
One check would bring the fraud suggested above quickly to the attention of the employer. Drawing a loan payment should create an accounting entry on a control account that in turn needs a corresponding loan repayment scheme to balance it off. But that assumes all control accounts are reconciled every month to the penny—it can be easy to let this work “slip” during busy periods. Equally, the fraudster may be the person responsible for performing the reconciliation–emphasising again the importance of a robust segregation of duties. So, make sure that control reconciliations are properly signed off by an appropriately senior manager who drills into the reconciliation and checks a number of the account transactions, rather than just checking that the debit and credit postings equal back to a zero balance.
The most successful frauds are more likely to be those that employ a “salami slicing” method. As Johnny Cash identified in his song “One Piece at a Time,” the best way to steal a Cadillac was to take a different part of it home every day in his lunchbox. Consider the payroll equivalent of this. Payroll practice in some countries may be to round net pay—for example, in Norway pay is routinely rounded to the nearest Krone (the current exchange rates sees $1 buy NOK8.5). If you utilise such a rounding method, do you then perform a reconciliation on the rounding? Can you be sure that a fraudster hasn’t syphoned off the roundings and manufactured a method of turning lots of pennies into a pile of cash?
Look for the Red Flags
Finally, here are some red flags to watch out for and independently check on a regular basis. While none of the following is definite fraud it does warrant further investigation:
- More than one employee using the same bank account number or the same or a very similar address. Any couples who do hold such joint arrangements should be verified and checked each month.
- A member of the payroll team who starts early, finishes late, and doesn’t take more than a week’s vacation at a time. You might feel that this describes lots of people in our profession in terms of the dedication shown to duty, but does such an individual want to ensure that other people don’t pick their work up, for fear of discovery?
- Employees with no deductions on the payroll for taxes or benefits. Many global businesses may have employees on a hard currency payroll (USD, GP, Euro, etc.) who work from home in a jurisdiction where there is no withholding obligation on the employer. The employee is paid gross and is left to declare their income to the local authorities via the usual tax return process. This means that the employee’s record is usually excluded from statutory reporting, making it “invisible” to outside scrutiny and therefore perfect to perpetrate a fraud.
- Look for high levels of manual cross-charging journals involving the same employee’s costs from a payroll run. Is an attempt being made to confuse the accounting trail to hide a theft?
- Employees who earn over 30% more than the average salary for employees performing their particular role—are they really outstanding or is something more sinister happening?
Fraud prevention isn’t easy. If one examines the growth in online fraud in recent years, you might get the sense that the banks and police have given up on chasing all instances of it in many countries. A robust fraud strategy involving plenty of real checks that verify the actual outcome rather than just ticking a list are essential. And, don’t forget to check those lunchboxes from time to time!
Do you like our content? Join the GPMI community to get free education and articles straight to your inbox!
Tim Kelsey has worked in the payroll industry for 28 years, working as a Payroll Manager for large U.K. public sector bodies paying up to 18,000 employees. His specialization is international payroll, and he has run payrolls from Kingston, Jamaica to Entebbe, Uganda, and most places in between. In 2007, he formed his own company, and now spends much of his time writing and lecturing on all aspects of payroll. Tim has been a full member of the Chartered Institute of Payroll Professionals (CIPP) in the U.K. for more than 20 years, serving as the lay member on the governance committee. He holds the Irish Payroll Association’s Payroll Technician Certificate and is a member of its association.