What makes an unprotected payroll process such a rich target?  

Seven tips for payroll fraud prevention

What makes an unprotected payroll process such a rich target? 

  • Diversity of how and where payroll may be processed from pay period to pay period
  • Predictable payroll processing schedule
  • Complexity of the accounting such as wage attachments, multiple bank accounts and EFT
  • Technology
How can HR and payroll practitioners get a better handle on fraud prevention practices and heighten their awareness of the opportunities for fraud? To prevent payroll fraud, look at the complete payroll process -- a chain of controllable events. These events are closely aligned with the employment life cycle. Hiring, terminating and transferring employees and their compensation data create payroll events with unique vulnerabilities to fraud.


Payroll fraud by the numbers
 

$2,900,000,000,000
Estimated amount of revenue that business loses to all fraud 

8.5%
Portion of workplace fraud related to payroll processes 

$72,000
Median amount lost per payroll fraud event 

24 months
Median time to discover payroll fraud

Segregate payroll duties 
The new hire onboarding process brings a unique set of exposures. Personal and banking information may be exposed as a new hire provides personal data online and on paper. Reviews of new employees to confirm the validity of their information and verify their existence should be done by individuals outside the payroll function. The objective of segregating duties is not to add cost or work but to highlight where an opportunity for fraud may exist. The focus is segregation of duties between individuals, not functions. Segregation of duties and regular rotations of individuals in key functions prevents the potential for collusion. 

Inspect payroll offices and computers regularly 
Regular inspections of the payroll office and the payroll records by someone outside of the payroll department are valuable to help reduce exposure of the records to loss. Technology assets used to enter new employee data should be regularly reviewed to ensure they are free from electronic devices such as key stroke loggers or other hidden programs to surreptitiously gather data. 

Audit the communication path 
When money and records are exchanged between the payroll provider and the employer, there is a shared exposure to loss. The technology team at all points of the communication path must ensure the link that they oversee is protected from exposure and regularly audited for unintended content that could alter or affect data. Whenever possible, a closed loop communication is preferable. 

Avoid complacency 
The repetitive nature of the payroll process lends itself to potential complacency. Regular oversight and vigilance remain critical aspects of fraud prevention. Understanding the mutual security practices and technology offerings of both the payroll provider and employer is critically important when transferring data and money. 

Perform exception reporting 
Exception reporting that highlights certain aspects of payroll transactions is helpful. Changes made to employee bank accounts, anomalies in check amounts, differences in frequencies of pay and withholding changes are all transactions worthy of exception oversight. The key to good exception reporting is developing reports based on unexplained anomalies in such a manner that reviews can be done efficiently without a high degree of false positives. Efficient exception reporting not only helps in identifying potential fraud but also heightens awareness and enhances the perception of detection. 

Eliminate "ghost employees" 
To keep ghost employees off of the payroll, watch for employees who have no withholdings or personnel files independent of their payroll records. Other tips to identify ghost employees include: 

  • Salaries that are different, especially those that are not repeated or are exceptionally large.
  • Bank deposits listed by bank account number that have different employee names but common bank account numbers.
  • Employees' pay made in varying payroll frequency usually set up as a one-time or unique pay.
  • Dormant but resurrected payroll records in which individuals may take advantage of temporary absences or seasonal employment lapses.


Ghost employee records often contain unique information such as a decedent's Social Security number. The Social Security Administration offers a list called the Death Master File, which can be searched to determine the legitimacy of the Social Security numbers. Running the issued Social Security numbers in your payroll file against this list is a useful exercise that can be conducted on an ad-hoc or annual basis. 

Final thoughts about preventing payroll fraud 
After being captured, prolific Depression-era bank robber Willie Sutton was asked why he robbed banks. Mr. Sutton replied, "Because that's where the money is." In business today, payroll may represent a large portion of an organization's expenses. An unprotected payroll process can create a "perfect storm" of opportunity for potential fraud. When an employer and a payroll provider work together, follow published security and privacy standards, and conduct basic exposure analyses, the loss of funds and data can often be prevented. 

-- by Paul B. Cogswell, CFE 

Paul Cogswell is the vice president of Corporate Security and Safety at Ceridian. Prior to his position at Ceridian, he was the vice president of Corporate Security and Safety for USF Corporation. Former positions included the director of Corporate Investigations for Sears, Roebuck and Co., president and chief operating officer of IFPC Worldwide, Inc., an international investigation and due diligence firm, and the director of Loss Prevention for Marshall Fields and Gimbel's Midwest. 

Cogswell has served the government and private sector in security, investigations and compliance assignments for the past 25 years. 

Cogswell has a bachelor's degree from St. John's University in New York where he also attended law school and a master 's degree in business administration from the University of Phoenix. He is a certified fraud examiner and certified protection professional.