Be aware of the red flags that increase risk
Fraud is an assumed risk in most businesses. Where there is an opportunity, such as lax internal controls and employees who may be motivated or pressured by personal financial or other similar needs who can rationalize their actions, the perfect recipe exists for fraud to occur.
Payroll is one of the areas particularly vulnerable to fraud due to the volume and frequency of transactions that occur throughout the year. Fraudsters can add a fictitious or “ghost” employee to the payroll, record false wage or benefits or file false expense reimbursement claims.
Unbeknownst to many organizations, payroll departments may be exposed to greater risk for these types of fraud when internal controls designed to prevent and detect fraud are not functioning effectively or have been overridden due to lack of proper oversight.
For example, limited or deficient access controls over electronic and physical payroll records can lead to fraud. These should not be accessible to anyone who creates or approves payroll documents.
In addition, employees should not have the ability to make changes to historical payroll periods that have already been closed as this can lead to unauthorized changes to be made to previously approved payroll transactions.
The fraudster could use a former or deceased employee’s social insurance number or create a fake one for a fictitious employee and then have cheques or direct deposits sent to the “ghost” employee at an address or account the fraudster controls.
Lack of adequate supervisory oversight of employees can also lead to fraud. Department heads should regularly review and sign off their headcount and employees paid through payroll.
The lack of segregation of duties between the persons responsible for various payroll duties can also lead to misconduct. These duties should always be segregated especially for individuals responsible for the submission and approval of timecards or timesheets and the person who analyzes the period-over-period fluctuations in payroll expense. This is a critical mitigation strategy as many fraudulent acts involve, and often require, collusion.
The absence of timely, independent review of exception reports regarding changes made to payroll can also open the door to fraud. Someone in a trusted position — preferably at arm’s length from payroll — should review the exception reports generated internally or provided by the third-party payroll provider.
Ideally, this role should be rotated and organizations should ensure there is a paper trail for all payroll transactions, such as receipts, cheques, stubs or invoices to facilitate the tracing and recovery of the misappropriated funds.
False expense reimbursement fraud
False expense reimbursement fraud involves a variety of manipulations, including personal expenses claimed as business. Inflated, false and duplicate expenses and advances being made, and then expenses subsequently claimed without reconciliation between the two is a common form of this fraud.
The absence of formal written policies surrounding the processing of payroll, including expense reimbursement and timely testing of compliance with such policies, can increase the likelihood of occurrence of this type of fraud.
Expenses should only be reimbursed if supported by original receipts and have been verified to comply with the company’s expense reimbursement policy.
Lack of timely reconciliations of bank accounts, including accounts held for payroll, can pose significant problems. There should be frequent reconciliations between advances paid and expenses claimed to ensure employees are not double-dipping, particularly when there is a significant gap between the date the advance is made relative to the date of the expense reimbursement.
This risk further increases when a different department, such as accounts payable, processes the advance while payroll processes the expense reimbursement.
Fraud can also be caused by lack of timely, independent investigation of anomalies identified in payroll and expense reimbursement reports. Employees should be aware that random audits will occur throughout the year, regardless of seniority or position.
Anti-fraud policies are an effective way to communicate to employees their obligations to the organization and the repercussions should fraudulent acts be encountered — including the investigation process that will be carried out to confirm or dispel suspect activity.
Prevention
Prevention — rather than detection — is the best deterrence against payroll and other financial frauds.
Although payroll fraud will never be completely eliminated, it can be reduced significantly by having effective checks and balances in place and, more importantly, by regularly testing their effectiveness. No one in the organization should be exempt from any of the controls.
Furthermore, organizations should provide periodic fraud awareness training to employees, especially those in positions of authority or trust. Internal controls and well-written policies are a necessity. However, don’t underestimate the effectiveness of empowering employees with the knowledge of what are the red flags of fraud and how to spot them.
Even where there is a cost involved in establishing the controls or upgrading existing ones, organizations should not hesitate to pay it. It is invariably a lot less costly to prevent a large fraud in the first place than to fix the damages that invariably follow a fraud.
Edward Nagel is principal and founder of Nagel and Associates, a Toronto-based boutique forensic and investigative accounting firm that specializes in forensic investigations, anti-fraud consulting and anti-fraud training. He can be reached at [email protected]. or visit www.nagel-forensics.com for more information.
What to do when fraud is suspected
•Assemble the investigation team that may include internal legal counsel, HR and corporate security in addition to other persons of authority.
•Review internal corporate policies and fraud response plans.
•Determine the required communication and timing thereof, such as board/audit committee, insurers, unions and police.
•Consult external professionals, such as legal counsel, forensic accountants and public relation consultants, to determine the necessary action.
•Identify and secure potential sources of evidence, both physical and electronic. •Cut off a suspended employee’s access to corporate records and facilities.
•Perform investigative procedures including: Gathering background intelligence on the suspected fraudsters; performing a physical search of the offices; obtaining and analyzing supporting documentation; and conducting interviews.
•Following the conclusion of the investigation, take steps to reassess and remediate non-existent or ineffective controls that permitted the fraud to occur.
