Payroll fraud schemes fall under the asset misappropriation category of occupational fraud. This type of scheme involves fraudulent disbursements of company funds and can be committed by both employees and employers. Per the Occupational Fraud 2024: A Report to the Nations issued by the ACFE, payroll fraud accounted for 10% of the cases submitted by CFEs in response to a survey regarding investigations during the period of January 2022 through September 2023. It was determined that payroll schemes that led to investigations typically lasted about 18 months before being uncovered and these cases amounted to an average loss of $383,000.
Common Payroll Fraud Schemes
Falsified Wages – Per the ACFE Fraud Examiners Manual, the overpayment of wages is the most common method of payroll fraud. This method consists of hourly employees overstating the number of hours they have worked (e.g., manually reporting more hours worked via a paper timesheet, conspiring with their supervisor or forging their supervisor’s signature to obtain approval of inflated hours, an accomplice clocking in for the perpetrator, etc.). Hourly and salary employees can also commit this payroll scheme by increasing their pay rates in the payroll system through unauthorized access, altering their personnel records, or collusion with HR or Payroll personnel.
Ghost Employees – The ACFE Fraud Examiners Manual defines a ghost employee as “someone on the payroll who does not work for the victim company.” These nonemployees will be issued a check through the manipulation of a company’s payroll system by a fraudster or accomplice. This ghost employee can be a friend or relative of the fraudster, someone who does not exist, or a former employee that was never removed from payroll. This scheme is perpetrated through a process whereby an individual who does not work for the company is added to the payroll system, time records and pay rates are falsified for this fictitious employee, a paycheck is issued to this individual, and the paycheck is then distributed to the offender or co-conspirator.
Commission Schemes – Commission is a form of compensation calculated based on a percentage of sales an employee makes. This scheme is similar to the falsified wages method, but it involves inflating the revenue output an employee generates for the company or an employee wrongfully increasing their commission rate. According to the ACFE Fraud Examiners Manual, this can be done by creating fictitious sales with real or fake customers and falsifying the documents related to these fake sales or ringing up fake sales on a register. A salesperson could also inflate legitimate sales by altering related sales documents or ringing up a larger sale on a register. Additionally, an employee could increase their rate of commission through altering their personnel records, collusion with HR or Payroll personnel or their supervisor, or unauthorized access to the payroll system. This scheme will typically end in a salesperson or accomplice writing off fake sales as bad debt, posting real payments from other legitimate customers to the fake customer accounts, destroying sales records, or utilizing timing differences to conceal false accounts receivable amounts by not recording subsequent sales.
Red Flags
Per the State of New York Office of the State Comptroller and the ACFE Fraud Examiners Manual, organizations should look out for some of the following red flags in order to detect payroll fraud:
- Inconsistent overtime hours for a cost center, during a slow business period, or for employees who typically do not have overtime wages.
- Excessive budget to actual variances for payroll by cost center.
- Employee records that share Social Security numbers, addresses, names, contact information, or bank account direct deposit details.
- Employees who have few or no payroll deductions or withholdings for payroll taxes or benefits.
- Former employees who remain on the payroll register after their termination date.
- Inconsistent sales amounts for an employee and/or unusual levels of uncollected receivables.
- Employees are not taking vacations.
Case Example
We recently investigated a case, in which a hospital employee reported over 400 hours of onsite work that lacked corresponding badge entry swipe data. This indicated substantial misuse of timesheet reporting. This individual had also claimed multiple hours that were ineligible for stipend pay. This finding alone resulted in over $25,000 of stipends that should not have been paid to this individual. These findings were from a short four-month period.
Tips for Internal Controls & Safeguards to Prevent Payroll Fraud
Per guidance from Thomson Reuters Checkpoint Tools for PPC, organizations can implement the following controls to prevent payroll fraud from occurring:
Segregation of duties – Separate individuals should hold the responsibility for preparing the payroll and personnel duties (e.g., timekeeping, distributing paychecks, and hiring employees) and they should be restricted from access to other payroll data or cash. Responsibility for other activities such as opening the mail or the general ledger function should also be separate from payroll. If the organization uses physical checks, have someone outside the payroll function mail or deliver them and require identification at delivery if necessary. Designate someone independent of the payroll department to be the organization’s contact with other entities, such as taxing authorities, vendors who are sent any payroll withholdings, or a payroll service company (if applicable). Require mandatory vacations of employees in the personnel and payroll roles and ensure employees are cross trained so they can fill in for duties during absences. Separate the responsibilities of check stock custody and check signing or electronic payment approval. A separate bank account for only payroll disbursements should be utilized and only the amount required to cover the actual payroll amount should be deposited each period.
Restricted access – Physical and electronic access to payroll records and systems should be properly restricted. Lock up personnel files, unused payroll checks, signature stamps (or ensure electronic signature approvals are password protected), and unclaimed paychecks. When these unclaimed checks are eventually collected, obtain signatures and evidence of employment and/or other identification. Utilize physical or technological controls to prevent unauthorized access to check writing, the payroll systems, and other data.
Supervisory review and approval – Supervisor approvals should be obtained and documented as needed. A manager or another appropriate person should sign all payroll checks that have been filled out and review payroll registers for any unusual items. Supervisors should also review and approve all employee additions and terminations, employee timecards, reconciliations performed, payroll related adjusting entries, changes made to the payroll master file, changes in pay rates, and changes in payroll deductions. The owner/manager or another appropriate person should compare current payrolls and previous payrolls, as well as budgeted and actual payroll, and investigate any significant variances.
Periodic reconciliations – Reconciliations should be performed on a periodic basis. Reconcile the totals of paychecks/and or direct deposits (in dollar amount and number of individuals) to corresponding payroll registers. Payroll registers and the general ledger should be reconciled to the gross and net pay amounts per the payroll tax returns. Compare total W-2 wages to the general ledger and payroll register wages paid. Periodically check for any missing check numbers or numbers that are out of sequence and compare to the payroll registers. Additionally, someone separate from the payroll function should reconcile the payroll bank account each month, with review performed by the owner/manager or another appropriate person.
Obtain and retain documentation – Employee payroll documentation should be obtained and kept on file. Employees should be required to complete and sign a Form W-4 and other appropriate forms to set up withholdings and deductions. Additionally, obtain and retain copies of employee identification and perform background checks of new hires. These documents should be maintained in their personnel files. Require employees to also document their hours worked via timesheets or time clocks, which should be subject to review by a supervisor.
Payroll fraud poses a significant risk to businesses of all sizes, leading to financial losses, reputational damage, and legal consequences. A proactive approach to payroll security not only protects company assets but also fosters a culture of accountability and trust within the organization.
Stay Tuned
This is the fourth article in our “Leader’s Guide to Fraud Prevention” series, designed to provide ongoing guidance on simple, effective actions leadership can take to prevent fraud, waste, and abuse. Future articles will explore everything from emerging fraud trends to critical risk areas like cybersecurity, as well as entity-wide recommendations for strengthening controls. By making a few strategic improvements to your fraud prevention environment, your organization can build a stronger foundation for long-term financial success.
Missed the first few articles of the series? Check them out here:
- Risk Mitigation Starts with You | The Bonadio Group
- Fraud Facts & Misconceptions | The Bonadio Group
- How to Protect Your Business from Cash Fraud | The Bonadio Group
This material has been prepared for general, informational purposes only and is not intended to provide, and should not be relied on for, tax, legal or accounting advice. Should you require any such advice, please contact us directly. The information contained herein does not create, and your review or use of the information does not constitute, an accountant-client relationship.
