It is almost inevitable, given that large amounts of money are regularly being received and transferred out, that payroll systems and processes can be subject to potentially fraudulent activity, both from within an organisation and from without. It can be perpetrated both by employees and employers alike, as well as outsiders with no connection to an organisation.
The way in which payroll processes are set up and organised, plus the fact that a large number of people can have access to payroll systems (especially in enterprises with large numbers of employees and/or contractors based in multiple jurisdictions around the world), are also significant contributing factors as to why payroll is regularly subject to attempted fraud.
In particular, this is why global payroll, i.e., when you engage and pay people in multiple locations simultaneously, can be susceptible to fraud, simply through the fact that it is often very decentralised, with teams in different locations operating without appropriate oversight or auditing. Not having up-to-date fraud prevention and detection systems in place can also encourage fraud both from within and without.
This can be exacerbated in cases where payroll processes are carried out to a large extent manually or using basic payroll software packages. Paper documents can be easily forged, stolen, altered, or lost, for instance, while it can be challenging to control access to physical or unsecured documents and data, especially in small in-house teams located away from central admin services.
Automated payroll services can, however, go a long way toward mitigating such risks.
How is Payroll Fraud Committed?
Essentially, there are four key areas where frictions are most apparent, and where organisations are most vulnerable to payroll fraud: onboarding; identity theft; payments; and payroll. However, you can reduce these risks by using payroll providers with high-standard data security.
One of the most common forms of payroll fraud, which is committed by employers in order to take advantage of workers, occurs during the onboarding process.
In this scenario, employees are not classified correctly and so may not receive the appropriate rate of pay and workplace benefits to which they are entitled, as well as not paying tax, superannuation, and other deductions correctly. This can have a long-term impact on employees, who because of not making sufficient contributions to social security, for instance (through no fault of their own), have difficulties claiming a pension or other state benefits later in life.
This type of fraud is often committed by employers as a means of saving money on payroll taxes and employee benefits and can go undetected for some time. It is a serious offence in most jurisdictions, and so if uncovered can lead to significant penalties.
Employers too can be victims of payroll fraud in a variety of different ways, often involving a form of phishing or identity theft.
A common way in this sort of payroll fraud is perpetrated through the stealing (via a hack or data leak) of an employee’s personal information. A fake email, that for all intents and purposes looks as though it is coming from an employee, is then sent to the payroll department notifying it of a change in bank details and asking for subsequent pay checks to be credited to this new, bogus account. This enables the hacker to steal an employee’s wages, and then withdraw the money from the account before the fraud is detected.
Payroll managers can take some relatively simple steps to prevent this type of fraud from being successful. In the first place, all bank accounts should be validated when a new employee is taken on. Then, it should ideally be company policy that an employee’s banking details cannot be changed by HR or finance teams unless any requested change has been validated by the employee in person. In the case of remote, hybrid, or foreign workers, this should be done using teleconferencing software.
Payroll fraud can also be perpetrated against a company by its own employees, very often by those working in HR or payroll departments. Most commonly this is through the creation of what are known as ghost employees.
A ghost employee can be a non-existent person who has been created and then added to the company’s payroll, or alternatively take the form of a former employee who has left the organisation but who has been intentionally kept on the payroll as a means of defrauding the company. In both instances, the wages of the ghost employee will in fact usually be claimed by the corrupt member of staff who has falsified the records.
This type of payroll fraud can generally be gotten away with more easily in organisations that do not use a payroll provider but instead manage things in-house. It is also more likely to occur in businesses where payroll is largely managed manually with a generic software package, or in enterprises where the workforce is remote and located around the globe, making accurate record keeping more difficult.
A regular payroll audit (at least every 12 months), where employee records are reviewed and cross referenced with HR, is one of the simplest and most effective ways of preventing ghost employee fraud.
Another similar form of payroll fraud is when the actual amount a worker is paid is deliberately altered and increased. This may be done so that the person who falsifies the records is the direct beneficiary, or they may alter records on behalf of someone else.
In this scenario, it can be that the rate of pay recorded in the system is altered so that a worker is being paid more per hour than they should be, or are paid for hours they didn’t in fact work. It might also be the case that they are falsely awarded bonuses, or receive commissions to which they are not entitled. The fraud could also take the form of deductions not being correctly applied.
In some cases, a worker could add extra unworked hours on the timesheet of their own accord without any collusion from payroll staff, or they can indulge in what is widely known as ‘buddy punching’ where a colleague punches in on the time clock on behalf of another employee who is not actually present at work.
Payroll auditing is the most effective and efficient way of discovering these and similar payroll frauds. This is because a key task in any such audit is to review the accuracy of all employee records, especially rates of pay. Any changes should have been recorded when they occurred and why, so anomalies between what a worker is receiving and what they are actually entitled to can be easily spotted.
Jason is the Marketing Manager at a local advertising company in Australia. He moved to Australia 10 years back for his passion for advertising. Jason recently joined BFA as a volunteer writer and contributes by sharing his valuable experience and knowledge.