HR Management & Compliance

Finding Internal Fraud–How to Do Your Audit

“Oh, it wouldn’t happen here” is a naïve attitude to take toward internal fraud, says consultant Vicki M. Lambert CPP. It’s more common than you might expect, but fortunately it’s not that hard to detect and prevent.

Lambert, who offers payroll training as “The Payroll Advisor,” says that if you are doing an audit, might as well audit for fraud as you go. She’s found a lot of fraudulent behavior that way.

Auditing for Fraud

Payroll fraud is defined as “anything that uses payroll to take money from the company in a deceptive or illegal manner.” It can take many forms, the most common which are:

  • Phantom employees 
  • Deduction reversals 
  • Fraudulent additions to time cards 

Phantom Employees 

How it works: A fake or phantom employee is “hired” and set up in the payroll system. This phantom employee is then paid normally, with no excess hours or overtime to make the employee stand out on an edit report. 

Phantom employees are usually not supervisors, but lower level “employees” making the normal average wage. They usually “work” in a place where they cannot be seen by the office staff. Typically they work in sales or in a warehouse where only the manager “sees” them.

Usually a payroll staff member works with a supervisor of another department to pull off the fraud.  This allows a time record to be submitted that would pass auditing.  

Once the phantom employee is set up it is almost impossible to detect and can go on for years, says Lambert. This is especially true in large companies where one extra employee in a large department could go undetected.

The Phantom Employee Check

The best method for finding phantom employees or to make sure there are none on the system is to conduct a headcount of employees to payroll checks. This is called a phantom employee check.

During a phantom employee check, a team of employees not related to the payroll department pass out the paychecks in person to each employee.  

Each employee must show identification before receiving his or her paycheck. This confirms that the employee whose name is on the payroll check is available in person. 

Phantom employee checks cannot be announced in advance; it must be done in secret.  The direct deposits are cancelled for this phantom employee audit. This is particularly true in the case of electronic payments into bank accounts where a check does not need to be collected.

Announce that due to a system change everyone has to get a paper check for one pay period. Apologize for the inconvenience. Some companies do the phantom employee check department by department, says Lambert.


Managing an HR Department of One was recently recognized as one of SHRM’s “Great 8” best-selling products. Examine it at no cost or risk for 30 days and find out what all the buzz is about.


Other Fraud Methods 

Reverse Deductions. Reversing a deduction is a rare input and any reverse deductions should always be verified immediately, says Lambert. For example, a reversal called  “Overpaid insurance” should be checked.

Garnishments: Garnishment checks should be processed as a third party check directly from the payroll system if possible. If accounts payable checks are used, then proof of a deduction from the payroll should accompany each check request.

Fraudulent additions to time cards. A fairly obvious but not easy to detect act is adding unworked hours to time cards. Make sure supervisors are tracking hours and comparing to time sheets.

Pay Raise. If payroll inputs pay raises or has access to input on this master screen, all pay raises should be compared to the actual paperwork. 

Tax Refunds or Adjustments. The payroll department should avoid refunding taxes to employees. Whenever this is done an audit should be conducted.

Bottom line, says Lambert, if you can think of it—so can they—so think of it!.

Preventing Fraud 

The first thing to do to prevent fraud is to make sure that you know your system inside and out. Then make sure that the duties in the payroll department are properly distributed among the staff so that a separation exists for all check-producing or input-to-checks tasks. 

Implementing Internal Controls 

Have internal controls in place for every single payroll process no matter how small, says Lambert.  Every process has to have a break somewhere for a review by a 2nd party. 

For example: A person inputs timecards and processes paychecks on a normal payroll run—where is the break?  

The following are some of the control features that should be in place when running a payroll: 

  • Auditing procedures prior to input 
  • Auditing procedures to verify input 
  • Reconciliation of the payroll 
  • Error correction controls 
  • Manual checks, void checks and check stock controls. You must have a check log for all off-cycle checks
  • Procedures for the proper distribution of payroll checks and unclaimed checks 
  • Audit trail requirements 
  • Controls on distribution of payroll information and reports to prevent identify theft 
  • System documentation 

Feel as if you’re all alone in HR? Take on a partner—Managing an HR Department of One. Examine it at no cost or risk for 30 days. Get more information.


Best Practice for Protecting Data

Finally, says Lambert , as a first step toward protecting your data, always ask two questions of staff members:

  1. Do you need access to do your job or just want access to do your job?
  2. Do you have access as a requirement of your job or as a promotion or reward?

In other words, Lambert says, start by limiting the number of people with access to your confidential data.

In tomorrow’s Advisor, more on auditing, plus an introduction to BLR’s popular guide for smaller, or even one-person, HR departments, HR department of One.

Print

Leave a Reply

Your email address will not be published. Required fields are marked *