the risk management blog

Protecting Against Ghost Employee Fraud

byLowers & Associates | March 26, 2014
fraud perpetrators

Payroll fraud accounts for about 9.3% of occupational fraud at a cost of over $300 million per year across all types of organizations. One of the most common forms of payroll fraud is the use of “ghost employees” to divert money to fraudulent identities. Like all organizational frauds, this is a hidden crime that can best be prevented by controls designed to expose all payroll transactions.

The Ghost in the Payroll Machine

A “ghost employee” exists only as an identity in payroll records, although the ghost may be a real person who does not actually work for the company. The ghost employee scam is only successful if the perpetrator has unmonitored access to company systems, so it is typically an inside job. The scheme works if:

  • The ghost identity can be added to payroll records.
  • The system has to be set up to make payments to the ghost, either for false time and/or wages, or for other types of payments, e.g., expense reimbursements.
  • Payments made to the ghost must be concealed, especially from existing controls.
  • Actual disbursement – the point of the fraud – occurs. 

Making the Ghost Employee Visible

Preventing ghost employee fraud is an important issue for organizations of all types.  Here’s a list of some of the steps you can take. We are summarizing these in this post, but you can find more detail in our whitepaper, Payroll Fraud: Hidden Dangers in Every Transaction.

HR best practices:

HR professionals need to ensure that hiring, payroll, and termination are conducted according to high standards. Some practices that can help thwart ghost employees include:

  • Payroll policies, including all relevant controls, are written and current.
  • Additions to payroll will occur only after a formal application process, and as approved by the HR director.
  • Terminated employees are immediately removed from the payroll database, a report to that effect is generated for HR, and the employee roster is updated.
  • Payroll registers are audited frequently.

Separation of duties:

This general principle of good financial control is evident in many of the best practice payroll standards. For example:

  • No one person should be able to add a new employee to the payroll, set wages, enter time, and pay the person.
  • There should be a monthly reconciliation between the payroll ledger and the HR employee list performed by someone outside the payroll department.
  • The person authorizing a check run should not be authorized to retrieve the printed checks.
  • The payroll accounting function should be independent of the general ledger function.
  • IT should not have access to HR or payroll application programs.

Creation of exception reports:

The accounting system should be designed with controls that red flag results that are outside normal parameters.  These might include:

  • Additions or deletions to payrolls should generate an automatic report to the relevant supervisor.
  • The payment of overtime or incentive pay that is above established parameters should generate an exception report.

Payroll process controls:

Every organization will have some unique circumstances that dictate its payroll process, but there are some standard controls, in addition to separation of duties, that may be useful in most organizations:

  • Payroll documentation is maintained and current, and supervisors are responsible for verifying it.
  • General IT controls are in place to define access to systems, applications, and data.
  • Data entry is automated where possible (e.g., time clock entries), and manual entries are approved by the responsible supervisor.
  • Payroll distribution is by direct deposit if possible, and manual check runs are immediately reconciled via dual review.
  • Manual payroll distribution is done directly by the payroll department, and is not delegated to a supervisor or other person.
  • Recipients of payroll checks offer appropriate identification.

Auditing controls:

Finally, accounts should be audited on a regular basis. Some typical auditing controls include:

  • At least annually, the master HR payroll records are reconciled with the computer generated payroll record.
  • Periodic audits of employee’s pay are conducted.

Is it worth it to go through all this work? We know it is. Organizations without these controls can be losing substantial sums to payroll fraud without knowing it. Controlling the risk protects the bottom line and helps to create an atmosphere of trust.

Learn More:  Download our whitepaper: Payroll Fraud: Hidden Dangers in Every Transaction.

ABOUT THE AUTHOR

Lowers & Associates provides comprehensive enterprise risk management solutions to organizations operating in high-risk, highly-regulated environments and organizations that value risk mitigation.
View all posts by Lowers & Associates >