Payroll often becomes the victim of fraud from within. We’ve said that before and repost some of that entry and add just a bit more. Very few people have access to timekeeping and salary systems and most organizations don’t review changes. This is not a good idea. Segregation of duties and a system enforced control process are often lacking – leaving the organization severely exposed.
Some months ago (see Fraud Friday) we posted a few examples of Payroll Fraud. Here is another:
Additional Address/ACH Information. The payroll operator adds an additional payment address (for example routing some or all of other employees pay to an account that they control). The change is often not reported or reviewed by another person in PR or HR. Infrequently is a change notice sent to the employee…so who notices? If anyone catches this it is substantially after the fact – and typically when the crook masquerading as a Payroll employee or manager gets greedy and keeps this scheme going too long.
Some control steps you’ll want to ensure are in place
- Ensure KEY changes are systematically approved by a different person. These include: Address, Banking Information, New Employees and Rate Changes.
- If you can’t have those KEY changes systematically approved before they happen, then make sure change reports are created and distributed to appropriate parties – so the quality will be high and the fraud will be low.
- Employees that leave must be removed- their Payroll records need to be rapidly updated so extra pay doesn’t inadvertently leave the building.