Combatting payroll fraud Combatting payroll fraud

Combatting payroll fraud
30 Jun 2017

Julie was a personal assistant to a senior executive in a reasonably large company. She had been with the company for a long time, was well respected and totally trusted by her colleagues and, more importantly, her boss.

The company decided to invest in fraud awareness training and, after one of these sessions, a member of HR just happened to mention that Julie had been working exceptionally long hours and her overtime pay had exceeded her normal salary. The HR person did not suspect J title to be a fraudster, but the fraud awareness session had raised doubts.

This chance remark led to an investigation, which revealed that Julie, as she was totally trusted, was aware of her boss's username and password. This meant she could apply for, overtime in her own name, approve it in his name and not have to work a minute over her contracted hours. She had, in fact, been committing overtime fraud - a relatively common type of payroll fraud - for nearly two years.

Payroll fraud may not be the most damaging kind of dishonesty that could affect your organization, but in the UK, for example, it is estimated to cost businesses approximately £12bn (US$15.4 billion) per year. In the US, the median loss to a company that has experienced this situation is estimated to be $189.500.

These frightening statistics show that payroll fraud is a risk that every business should be aware of and take preventative action to counter.

But, what actually is payroll fraud and how can you best combat it?

What is payroll fraud?

The term covers a multitude of different types of frauds, scams and misdeeds primarily undertaken by employees. Some of the more common payroll frauds comprise:

  • The submission of false records such as overtime claims, timesheets and expense claims. This is a very common problem and ranges from increasing expense claims by a small amount to a larger more serious ongoing fraud such as overtime fraud (as in the example above).
  • The creation of a  ghost employee, where a  real or imaginary person is on the payroll but does not actually work for the company. This situation includes paying, workers who have already left. One well-known counter-fraud expert once said that the first thing he looked for in an organisation was "nothing" - so does an employee have a telephone number or a computer username;  is there any record of s/ he being a  member  of a  union or company group?

If not, the chances are that the employee does not exist.

  • The falsification of commission reports, in which employees claim to have either produced more goods or generated more sales than they actually have. Such activity can again be relatively small beer compared with more serious frauds that affect share prices and the company's reputation.

The payroll fraud dichotomy

Payroll fraud normally involves one or more trusted members of staff, creating a dichotomy for businesses. Due to their intimate knowledge of how the company works, these employees are in an ideal position to take advantage of any lack of controls or, weaknesses in fraud prevention terms.

Nine times out of 10, fraudulent employees say they did not set out to defraud their bosses but simply saw weaknesses in the system and an opportunity to make some easy cash. While the majority of your workers will be trustworthy, some, unfortunately, will not be.

The problem is that these same employees are also your front line in the war against fraudsters. Due to their intimate knowledge of how the business operates, they are usually the first to spot if something is wrong.

The challenge you face is how to get the balance right between these two seemingly conflicting situations and encourage employees to report any concerns.  Following a fraud investigation, all too often workers will say they knew something was not quite right but did not raise their concerns.

How to combat the problem

Here are five relatively simple steps to help you tackle the fraud dichotomy:

1. Acknowledge and identify fraud risks

The first and most   important thing      to do is accept        there is a risk in the first place. Many businesses both large and small often refuse to accept they are open to fraud - and particularly fraud from employees. But accepting there is a risk is half the battle in defeating it.

 2.Develop a counter-fraud strategy

Once you accept a risk exists, it is possible to devise a strategy to manage it. Many companies resist this idea, believing that it will be a long and complicated process to come up with one. It is also common for organizations to believe that they have put together a counter-fraud strategy when, in fact, it is only a policy. A well-written strategy should be a concise statement of where you are, where you want to go and how you plan to get there.

3. Fraud awareness and training

It is essential that your strategy includes a means of raising fraud awareness among staff by providing them with training.  While such training will act as a deterrent to those employees who may feel inclined to commit fraud, the message sl1ould be implicit rather than explicit. The main of fraud awareness training should be to improve workers' understanding of the fraud risk and what to do if they have concerns.

4. Take appropriate action

If concern over possible payroll fraud is raised, it is imperative that appropriate and proportionate action is taken. If nothing happens, the employee who reported it will simply feel that they have wasted their time and will not do so again. On the other hand overzealous action could result in them feeling they have created a problem for the company and perhaps themselves too.

5. Seek help

If you are unsure or do not have the resources to implement the above steps, seek help. There are many online aids and guides available as well as consultancies that can help improve your approach to fraud risk management.

Risk management convergence

The responsibility for managing risk, particularly fraud risk, is all too often divided between different departments, each working in isolation from the other. For example, the HR function decides whether a particular employee is suitable in recruitment terms or not. The IT department ensures they are provided with appropriate IT access. The security team looks after their physical security, and departmental line managers are tasked with managing them.

But the Security Institute recommends converging the management of all of these risks together, particularly in relation to fraud and security. If department works together rather than in isolation, the Julies of this world are much less likely to get away with it.

By Alan Day, director, AKD Services

Alan Day is a director of AKD Services Ltd, an independent counter-fraud consultancy service that specializes developing counter fraud strategies and providing fraud awareness training. He is also honorary president of the London Fraud Forum and a fellow of the Security Institute.

Julie was a personal assistant to a senior executive in a reasonably large company. She had been with the company for a long time, was well respected and totally trusted by her colleagues and, more importantly, her boss.

The company decided to invest in fraud awareness training and, after one of these sessions, a member of HR just happened to mention that Julie had been working exceptionally long hours and her overtime pay had exceeded her normal salary. The HR person did not suspect J title to be a fraudster, but the fraud awareness session had raised doubts.

This chance remark led to an investigation, which revealed that Julie, as she was totally trusted, was aware of her boss's username and password. This meant she could apply for, overtime in her own name, approve it in his name and not have to work a minute over her contracted hours. She had, in fact, been committing overtime fraud - a relatively common type of payroll fraud - for nearly two years.

Payroll fraud may not be the most damaging kind of dishonesty that could affect your organization, but in the UK, for example, it is estimated to cost businesses approximately £12bn (US$15.4 billion) per year. In the US, the median loss to a company that has experienced this situation is estimated to be $189.500.

These frightening statistics show that payroll fraud is a risk that every business should be aware of and take preventative action to counter.

But, what actually is payroll fraud and how can you best combat it?

What is payroll fraud?

The term covers a multitude of different types of frauds, scams and misdeeds primarily undertaken by employees. Some of the more common payroll frauds comprise:

  • The submission of false records such as overtime claims, timesheets and expense claims. This is a very common problem and ranges from increasing expense claims by a small amount to a larger more serious ongoing fraud such as overtime fraud (as in the example above).
  • The creation of a  ghost employee, where a  real or imaginary person is on the payroll but does not actually work for the company. This situation includes paying, workers who have already left. One well-known counter-fraud expert once said that the first thing he looked for in an organisation was "nothing" - so does an employee have a telephone number or a computer username;  is there any record of s/ he being a  member  of a  union or company group?

If not, the chances are that the employee does not exist.

  • The falsification of commission reports, in which employees claim to have either produced more goods or generated more sales than they actually have. Such activity can again be relatively small beer compared with more serious frauds that affect share prices and the company's reputation.

The payroll fraud dichotomy

Payroll fraud normally involves one or more trusted members of staff, creating a dichotomy for businesses. Due to their intimate knowledge of how the company works, these employees are in an ideal position to take advantage of any lack of controls or, weaknesses in fraud prevention terms.

Nine times out of 10, fraudulent employees say they did not set out to defraud their bosses but simply saw weaknesses in the system and an opportunity to make some easy cash. While the majority of your workers will be trustworthy, some, unfortunately, will not be.

The problem is that these same employees are also your front line in the war against fraudsters. Due to their intimate knowledge of how the business operates, they are usually the first to spot if something is wrong.

The challenge you face is how to get the balance right between these two seemingly conflicting situations and encourage employees to report any concerns.  Following a fraud investigation, all too often workers will say they knew something was not quite right but did not raise their concerns.

How to combat the problem

Here are five relatively simple steps to help you tackle the fraud dichotomy:

1. Acknowledge and identify fraud risks

The first and most   important thing      to do is accept        there is a risk in the first place. Many businesses both large and small often refuse to accept they are open to fraud - and particularly fraud from employees. But accepting there is a risk is half the battle in defeating it.

 2.Develop a counter-fraud strategy

Once you accept a risk exists, it is possible to devise a strategy to manage it. Many companies resist this idea, believing that it will be a long and complicated process to come up with one. It is also common for organizations to believe that they have put together a counter-fraud strategy when, in fact, it is only a policy. A well-written strategy should be a concise statement of where you are, where you want to go and how you plan to get there.

3. Fraud awareness and training

It is essential that your strategy includes a means of raising fraud awareness among staff by providing them with training.  While such training will act as a deterrent to those employees who may feel inclined to commit fraud, the message sl1ould be implicit rather than explicit. The main of fraud awareness training should be to improve workers' understanding of the fraud risk and what to do if they have concerns.

4. Take appropriate action

If concern over possible payroll fraud is raised, it is imperative that appropriate and proportionate action is taken. If nothing happens, the employee who reported it will simply feel that they have wasted their time and will not do so again. On the other hand overzealous action could result in them feeling they have created a problem for the company and perhaps themselves too.

5. Seek help

If you are unsure or do not have the resources to implement the above steps, seek help. There are many online aids and guides available as well as consultancies that can help improve your approach to fraud risk management.

Risk management convergence

The responsibility for managing risk, particularly fraud risk, is all too often divided between different departments, each working in isolation from the other. For example, the HR function decides whether a particular employee is suitable in recruitment terms or not. The IT department ensures they are provided with appropriate IT access. The security team looks after their physical security, and departmental line managers are tasked with managing them.

But the Security Institute recommends converging the management of all of these risks together, particularly in relation to fraud and security. If department works together rather than in isolation, the Julies of this world are much less likely to get away with it.

By Alan Day, director, AKD Services

Alan Day is a director of AKD Services Ltd, an independent counter-fraud consultancy service that specializes developing counter fraud strategies and providing fraud awareness training. He is also honorary president of the London Fraud Forum and a fellow of the Security Institute.