Payroll Security: How to Prevent 5 Types of Payroll Fraud

By: on August 8, 2018

Left undetected, payroll fraud can grow from a small dent in the company coffers to a major financial drain. According to the Association for Certified Fraud Examiners (ACFE), the average case of payroll fraud lasts two and half years and results in losses upwards of $63,000.

As a small business owner or payroll manager, your risk is even greater. The ACFE found that:

  • Payroll fraud is more than twice as likely to occur in businesses with fewer than 100 employees than those with 100 or more.
  • The median loss for small businesses was almost twice as much per scheme than for large ones.

“It’s OK,” you’re thinking. “We just bought new payroll software, so we’re safe.”

Except you’re not.

Small businesses that adopt payroll software without utilizing the right features or implementing important protocols are still highly susceptible to payroll fraud.

Below, we’ll look at five common types of payroll fraud and detail ways that you can use software and policy in tandem to prevent them from taking place at your small or midsize business (SMB).

Time Theft

 WHAT IT IS:   Also known as “timesheet falsification,” time theft occurs when an employee reports working more hours than they actually did, inflating their paycheck in the process. Time theft most often takes the form of a worker clocking in for a shift early, clocking out late or clocking in for a co-worker who isn’t there (i.e., “buddy punching”).

In all of its various forms, time theft is the most common form of payroll fraud:

Chart showing the prevalence of time theft

Source: Time Theft Report 2015

A one-off instance of a worker clocking in five minutes early isn’t going to sink your business, but a pervasive culture of even minor time theft can add up to a significant cost. If 10 employees at your company who make $12/hour add just 10 minutes to their shifts a day, that’s a loss of $10,000 a year.

 HOW TO PREVENT IT:   You want to let workers clock in and out of shifts themselves to not only give them a sense of autonomy, but to also take an enormous administrative burden off of management.

What you don’t want is to give your employees too much free reign over their hours to the point where they can easily abuse this policy.

Integrating your payroll software with the right time and attendance system can help you strike the perfect balance through two critical features that help prevent egregious time theft:

  1. Predefined shift rules limit the time frame during which workers can clock in and out of work. If they try to do so outside of the predefined time window, the system won’t let them. Rules can be set for individuals, departments or the company as a whole.
  2. User authentication eliminates buddy punching by requiring workers to produce a unique identifier when they clock in and out of shifts. Depending on the sophistication of the system and whether it’s able to integrate with any hardware, such as a scanner, this identifier could be an ID badge, a fingerprint or even a photo of the worker’s face.

GIF showing a mobile shift clock in with user authentication on Humanity

User authentication in Humanity (Source)

 

With regard to the payroll system itself, ask your vendor if it has any features that can automatically flag out-of-the-ordinary time entries. These features are fairly common.

You should also pair your software with sound attendance policies. For example, a best practice is requiring workers that miss their approved window for clocking in or out to request a manual entry from their manager. The manager can review the circumstances surrounding why that employee was early or late and determine if the entry should be allowed or not.

Finally, all timesheets should be reviewed and signed off by managers before they are processed for payroll to ensure that all of the entries are legitimate.


Falsifying Wages

 WHAT IT IS:   Working alone or in coordination with the payroll manager, workers can falsify their wages before a payroll run either by upping their wage rate, increasing their sales numbers (for commission-based pay) or tampering with the actual paycheck itself.

That last method is especially costly. The ACFE found the average check tampering scheme results in losses upwards of $150,000—the highest among payroll fraud types. And that’s just the average.

A recent case of falsifying wages was uncovered at the Indianapolis Bond Bank, where two employees stole nearly $400,000 in unauthorized pay and benefits over nine years.

 HOW TO PREVENT IT:   Putting all of your eggs in one basket is always a recipe for disaster, and that’s no less true when it comes to payroll, according to Mason Wilder, research specialist at the ACFE.

“If only one person is responsible for approving timesheets, producing and signing checks, while also managing the files that include employee wage information and classification, there is a huge vulnerability in terms of payroll fraud,” Wilder says.

Even if you’re a personnel-strapped startup, you need to segregate your payroll duties. In general, it’s recommended that one party handles authorization, a second party handles distribution and a third party handles reconciliation.

The best practice for desegregation of payroll duties

Typically, the business owner or payroll manager will authorize, the payroll service provider will distribute and the CPA will reconcile, but this can change depending on your needs and size. You may even consider outsourcing all of your payroll responsibilities to a professional employer organization (PEO).

When it comes to your payroll software, there are a few things you can do to prevent employees from falsifying their wages:

  • Flag wage and bonus amounts out of the ordinary. Alongside flagging strange time entries, many payroll systems can also automatically flag strange wage rates or bonus payouts. Talk to your vendor if this feature isn’t enabled.
  • Leverage auditing capabilities. Your payroll system should include audit capabilities, allowing you to see what changes were made to your payroll, when they were made and who made them. If you suspect an employee is altering their wages, check the audit.
  • Look into your system’s user permissions. You should be able to limit every user’s access based solely on their needs, so rank-and-file workers can’t change their pay rates. You may also be able to limit when pay rates can be changed, for example, after performance reviews.
  • Get rid of paper checks. Physical paychecks are much easier to forge and steal than their digital counterparts, so consider going the direct deposit or pay card route if you haven’t already. Your software should allow you to change payment methods with ease.

Adding a direct deposit account in Patriot Payroll (Source)
 

If you’re worried about salespeople inflating their numbers to increase their commission pay, investing in a formal customer relationship management (CRM) system can bolster your payroll security.

Not only can you fix item prices and commission rates in place, preventing employees from fudging their numbers on a paper ledger, you can also use embedded analytics and dashboards to more easily scrutinize your top performers. If sales across the company are going down, but certain folks’ commission is going up, that’s a big red flag.


Ghost Employees

 WHAT IT IS:   A ghost employee is simply a non-existent worker at your organization who is receiving a paycheck. This can take the form of a former worker still being paid after they left the company or a current worker setting up a fake account in your payroll system.

Though they’re more prevalent in massive organizations where people can more easily get lost in the fold, ghost employees can pop up in SMBs as well. In 2010, an ex-worker at a 300-person city-funded agency was found to be collecting paychecks for 12 years after they were fired.

 HOW TO PREVENT IT:   According to a TEKsystems survey, only 14 percent of IT leaders strongly agree their organization has an effective offboarding process. Without an effective offboarding process, your company can easily forget important steps such as purging exiting employees from the payroll system.

Formalizing a comprehensive offboarding workflow in a project management or HR software system can ensure the process is the same every time an employee leaves and nothing falls through the cracks.

Read about everything a good offboarding process should have here.

But what about those workers who create ghost employees for their own gain?

You should already be double-checking your payroll system user permissions and converting cash and checks to direct deposits or pay cards where possible to more easily track payments. But sometimes that’s not enough.

A formal quarterly payroll audit can help you catch any fake accounts and prevent long-term damage.

Working with your CPA or payroll processor, here are the things you should look for during a payroll audit:

Checklist showing six things to do during a payroll audit

If you suspect you have a ghost employee on the payroll, talk to the manager of that worker’s listed department to confirm.


Expense Reimbursement Fraud

 WHAT IT IS:   Expense reimbursement fraud occurs when a worker gets paid back for a company expense that either:

  • Didn’t take place.
  • Was actually a personal expense.
  • Or, cost less than the employee reported, allowing them to pocket the difference.

Should SMBs look out for workers blowing millions of company dollars on timeshares? No. But a few expensive dinners for clients or fraudulent claims for office supplies a quarter can add up to substantial damage over time.

 HOW TO PREVENT IT:   What qualifies as “office supplies” at your company? What’s the exact per diem allotment for traveling workers? What are the approved types of purchases with that per diem?

If you can’t answer those questions, neither can your workers. That vagueness opens the door for abuse, so if you haven’t formalized a travel and expense (T&E) reimbursement policy at your SMB, now’s the time.

Work with your legal counsel to suss out the details, then ensure a copy is included in your new hire materials, and that current employees are trained on the policy too. It should include specific punishments for malicious fraudulent claims so workers know the consequences.

When it comes to monitoring for reimbursement fraud, there should be two security checks in place at your organization: a micro check and a macro one.

  • The micro check looks at every submitted receipt to ensure it’s authentic, that the receipt amount lines up with the account charge and that the expense is part of a company-approved category.
  • The macro check happens once a quarter looking at expense reimbursements company-wide. You’re looking for any individual employees or departments where reimbursements are abnormally above average.

Because these checks can be tedious and error-prone when done manually, ask your payroll software vendor if their system has an application for expense reimbursements or if one is in the pipeline to be added in the future.

Employees can submit expenses for approval on their phone with Xero (Source)


Employee Misclassification

 WHAT IT IS:   So far, we’ve only touched on types of payroll fraud where the employee steals from the employer. Employee misclassification is the opposite, but is growing more prevalent with the emergence of the gig economy—state-level studies have shown that as many as one in five employers are guilty.

Employee misclassification occurs when companies, either purposefully or accidentally, mislabel employees as independent contractors, allowing them to avoid paying for overtime, employment taxes, insurance or workers’ compensation.

SMBs should take special care to avoid misclassification because the penalties for being caught can be severe. Companies can face fines from $50 to $1,000 per worker, and even jail time if the misclassification is deemed intentional by the Department of Labor or the IRS.

 HOW TO PREVENT IT:   In some cases, determining if a worker is an independent contractor or a full-fledged employee can be tricky. The one critical question you need to ask to make this distinction though comes straight from the IRS: “How much control as a business do I have over the worker?”

The more control you can exert on a worker, the more likely they’re an employee instead of an independent contractor. Your level of control is based on three criteria:

Behavioral control
  • Are you training the worker on how to do the work?
  • Are you providing the tools or equipment to do the work?
  • Do you mandate how results are to be achieved?
Financial control
  • Is the worker being reimbursed for business expenses?
  • Is the worker free to seek out other business opportunities?
  • Can the worker make a profit or loss?
Type of relationship
  • Does the worker provide a key aspect of your business?
  • Do you provide the worker with benefits?
  • Is your company’s relationship with the worker indefinite?

If you’re still having trouble classifying workers on the fence, consult your legal counsel. You can also submit Form SS-8 to the IRS to get their determination.

Once you’re confident in your classifications, record them for every employee in your payroll system to ensure you’re withholding the right taxes, offering necessary benefits and using the right forms.


Your Best Line of Security to Detect Payroll Fraud Is People

Payroll fraud can be the death by a thousand cuts for a small business. Yet, when you consider the amount of resources an SMB has to invest in to provide suitable protection from fraud, you understand why so many remain vulnerable.

“Most small businesses don’t have the resources to implement robust anti-fraud programs and controls,” Wilder says.

Leveraging the right software in tandem with best practice protocols can set you on the right path, helping you avoid long-term damage and even prevent fraud from happening in the first place.

But there’s another element here that’s just as, if not more, vital to protect your SMB: your people. According to the AFCE, more instances of fraud are initially detected by tips than audits and IT controls combined, and a majority of tips (53 percent) come from employees.

Talk to your workers and encourage them to speak up if they see anything suspicious. If fraud negatively impacts your bottom line, it ultimately negatively impacts them as well.

You may also like

4 Steps to Create a Compensation Plan That Makes Dollars and Sense

Respect Employee Rights: 3 Lessons from Lawsuits Against Small Businesses

Tech Answers: The Ins & Outs of Employee Monitoring

Which Bonus Structure Is Best for Your Company?