Although it’s near impossible to accurately quantify, payroll fraud – defined as the theft of cash from a business via the payroll processing system – is less rare than many of us might think.
This is because incidents of payroll fraud are often not reported in the media and are managed instead by internal HR processes.
If you are a concerned business owner who suspects that something is amiss within your payroll system, it’s important to look into the common areas that give rise to suspected fraudulent payroll activity. Here are the 7 red flags for payroll fraud:
1. Payroll audit trail. If your payroll system doesn’t have a robust audit trail, this should be your number one priority. Even if it does, make sure you are auditing critical fields in your payroll system. A payroll audit trail will often point directly to fraudulent activity and shed light on the areas that need to be investigated. The activity that you are looking for could be varied, which is why it is important to have someone in your team who understands the process.
2. Regular masterfile changes. Look out for regular changes in employee bank details or leave balances, as this could signal unusual payroll activity. While there could be simple explanations for these changes, it is a very common red flag in payroll fraud.
3. Duplications of data and ghost employees. At the Australian Payroll Association, I have come across cases of twins that share a bank account and live at home with their parents being on the same payroll. However, this is very rare! If you identify duplicate names, addresses, dates of birth, tax file numbers or other masterfile details, you must investigate this issue further to eliminate the risk of ghost employees.
4. Out of hours access. Most fraudulent activity occurs outside of normal office hours and often through remote access to the payroll system. If people at your company are regularly accessing the payroll system outside of business hours, there might be a need for further investigation of the need for this access.
5. Loose security. I’m a firm believer that only individuals involved in the business of paying people should have access to the payroll system. Any other personnel, including senior management, should have restricted or ‘read-only’ access. Not only does this reduce the possibility of payroll fraud, but it also protects those with ‘read-only’ access from suspicion.
6. Sharing logins or using obsolete logins. Sharing logins or passwords is an absolute no-no and concerns should be raised about anyone who is doing this. If you have a genuine reason to access the payroll system, then you need to have your own login and password. Likewise, when there is a turnover of payroll staff, it is important you ensure that old logins are deleted so a third-party cannot access the payroll system.
7. High percentage of casual employees. Casual workers are not necessarily always to blame, however, payroll fraud is more often committed when there is a casual workforce. If your business has a high percentage of casual employees, then more attention needs to be given to the payroll processes, to minimise or eliminate the opportunity for payroll fraud.
Tracy Angwin is the CEO and founder of Australian Payroll Association, Australia’s leading network for payroll professionals that offers payroll advisory, training, qualifications and consulting. She is also the Director of Payroll HQ, a managed payroll service provider.
Read more of Tracy’s articles and commentary: