How to mitigate the risk of payroll fraud
Payroll fraud is an inherent risk in every organisation that has a payroll function, but many companies don’t know how to manage this risk or what to look out for. The following tips will help get you up to speed with your risk mitigation strategies.
Payroll fraud generally refers to the gaining of any form of financial advantage by an individual by deceptive means, using an organisation’s payroll systems and associated procedures. The basic reason why people commit payroll fraud is — because they can! They have the know-how and they have a need.
Luckily, there are several different things you can do to mitigate the risk for your organisation, and to help you out we have provided a list below.
1. Know your payroll staff
When employing payroll staff there are a number of important steps to take, such as:
- Verify past employment history directly with the former employer(s).
- Sight original qualification documents or contact institutions that issued the qualifications.
- Use social networking sites to gain further confirmation of your future employee’s background.
2. Be aware of red flags
Ongoing, you should be vigilant on commonly known and accepted employee ‘red flags’ (being an indication that there may be an issue for further consideration), such as:
- Regularly working outside of business hours or rarely taking leave.
- Known spending or living beyond the employee’s means.
3. Separation of duties
The person who prepares the payroll should not be the same person to authorise it or create/enable the payroll payments. This reduces the risk of fraud and the possibility of collusion. Where the scale of operations does not allow for a proper separation of duties, it is advised that you engage independent resources to conduct frequent review of payroll transactions.
4. Errors of omission and commission
Regularly performed and properly prepared accounting reconciliations of payroll to the general ledger should be conducted by a person who sits outside the payroll department and who is not engaged in payroll preparation. Reconciliation should consider what should be there as opposed to what is actually present. This approach should make payroll fraud concealment more difficult.
5. Security access to payroll system
The system administrator should control user access levels to system data relevant to the organisational roles and responsibilities.
6. Payroll system audit file
Pay critical data should be flagged to report any changes on the encrypted system audit file. This should include: bank details, salary details and any new or terminated staff.
7. System reports and warnings
Your payroll software should have key payroll reports available for the authorising agent and relevant payroll staff. These reports should outline details of each payrun including any variations to help you determine the accuracy of each pay. Automatic warnings should be set up in your payroll system to notify you about any irregular activities, such as when maximum salary limits are reached and overtime.
It's time to fortify your network, especially against attackers that have already found a way...
A report has identified cybersecurity vulnerabilities, outdated infrastructure and remote...
The complex online ecosystems governments work with today demand equally sophisticated defences...