Payroll fraud: what it is and how to prevent it

By Gary Anders

At its zenith in 2008, the publicly listed Australian computer and electrical goods retailer Clive Peeters operated a national chain of 48 stores, had an annual turnover of over A$600 million and employed more than 1000 people.

In 2010, Clive Peeters collapsed, unable to cover the repayments on its A$160 million in debts. A key reason for this was internal fraud.

It was discovered through an audit that an employee – a former senior accountant – had embezzled more than A$19 million from the company over a two-year period.

Clive Peeters is among the largest examples of payroll fraud committed in Australia to date – not to be confused with the more recent A$105.6 million PAYG and GST tax siphoning scam at payroll operator Plutus Payroll Australia.

The total value of the Clive Peeters fraud pales in significance compared with the hundreds of millions of dollars that businesses lose every year because of fraudulent activities mostly committed by their employees.

Payroll fraud explained

Payroll fraud is a broad term that covers a range of deceptive activities that are mainly committed by employees. It involves illicit manipulation of a payroll system or processes – directly or indirectly – for financial gain.

“The practice can range from minor infractions to large-scale schemes costing companies millions of dollars,” says Mick Symons, managing director of Anti Corruption Consultants Australia (ACCA). ACCA is a member of the Association of Certified Fraud Examiners and the Australian Institute of Professional Investigators.

“Payroll fraud is a hidden danger in any organisation,” Symons adds. “It is important to be aware of how it can occur and how to prevent it. This will ensure organisations remain financially secure, ethical and free from fraud.”

CEO of the Australian Payroll Association Tracy Angwin says many businesses are simply not aware that payroll fraud is happening. “I call it a silent crime because if you are not looking for it, you will not find it.”

“Unless an organisation has got their payroll to a point where anyone in the pay office, or anyone who might have access to the payroll system, is above suspicion, your governance and controls and your processes are not up to scratch. That should be your number one priority,” Angwin adds.

Fraud detection

Payroll fraud is generally undertaken by internal offenders, but it can also be committed via cyber security breaches by external hackers.

Research conducted in 2023 by payroll services and workforce management software provider Automatic Data Processing (ADP) found that protecting payroll systems from cyber security breaches is among the biggest priorities for payroll senior leaders.

ADP surveyed more than 1463 business leaders responsible for payroll to identify the factors that will drive global payroll in the next two to three years.

“Organisations are aware of the urgency of putting the systems in place to protect their data,” says Kylie Baullo, ADP’s managing director for Australia and New Zealand.

From an internal perspective, Angwin says ghost employees are by far the most common type of payroll fraud, especially for employers with a large casual workforce spread across multiple locations.

“Say you go into the payroll system and change the bank details of a couple of casuals to your own bank details, and you pay them a couple of days here and a couple of days there. The casual is never going to figure that out from their employment summary at the end of the year.

The manager who approves the payroll is probably not going to pick that up. That sort of activity is the most common for payroll fraud, and it is so easy to find. You only need to look at your processes and audit trails.

 

"Unless an organisation has got their payroll to a point where anyone in the pay office, or anyone who might have access to the payroll system, is above suspicion, your governance and controls and your processes are not up to scratch. That should be your number one priority."

 

“The problem with the audit trails is they are often turned off. Anyone who wants the audit trail turned off has probably got other reasons for wanting that.

“Obviously, if you are seeing things like multiple bank account changes before you run a payroll, and they change again afterwards, that is a red flag for fraud,” Angwin says.

PwC’s Global Economic Crime and Fraud Survey 2022 found that internal fraud can become visible in times of transition, because fraudster behaviour lags the shift to new goals and targets.

“For example, corrupt employees may be taking illegal actions to achieve sales targets that leaders know are unobtainable heading into a down economy, and [are] therefore suspicious,” the report says.

Symons says regular audits may not be the best method to identify payroll fraud.

“An offender, knowing an audit is scheduled, can falsify documents to deceive the auditor. Random and surprise payroll audits can address this.

“The auditor should seek patterns such as consistent overtime claims, rounding of figures, multiple employees having the same banking details, multiple employees having the same or a similar address. These are red flags that indicate fraud.”

Symons adds that regular reconciliation of payroll expenses with bank statements may identify unauthorised transactions.

Action against fraud

Angwin points out that only a small percentage of payroll fraudsters are ever prosecuted because their employers choose not to act.

“One thing I continue to see when there is payroll fraud - and when an organisation discovers payroll fraud - is they are reluctant to actually report it to police,” Angwin says.

“The reason is that there is a belief by the employer generally that they have a better chance of getting the money back if they negotiate directly with the fraudster, but that is almost never the case.”

When payroll fraud is detected, Symons adds, businesses should secure all evidence before confronting the “offender”. Evidence may include time sheets, payroll records, bank statements, communication logs, mobile phone records for company-issued phones and any other pertinent documentation to support suspicions.

“Some fraudsters may have introduced a program to let them destroy any records within the computer system,” Symons says. “You may need the assistance of computer forensic experts.

“It may be appropriate, where applicable, to speak with legal advisers to determine a course of action. You must investigate with procedural fairness as your actions may be subject to scrutiny by an external agency.”

• Segregate duties to make sure no individual employee has control over all parts of any critical financial transaction. This means permission must be, at a minimum, double approved.
• Ensure staff undertake regular training on ethical conduct within the workplace. Discuss case studies of payroll fraud during training. Employees should know the repercussions of engaging in fraud within the workplace.
• Put a whistleblower program in place, because this is one of the most effective methods to identify potential fraud within the workplace.
• Conduct thorough due diligence checks on all employees, including police checks, especially those with financial responsibilities within the company.
• Ensure that any changes in payroll, especially those about rates, benefits, or commissions, are passed through several layers – at least two independent signatories – of approval.
• Implement advanced payroll and human resources management systems with built-in controls to prevent unauthorised changes and manipulations of the system. These could include technologies such as fingerprint access, required activation of entry using an employee card, use of CCTV, and (where appropriate) independent verification of activities.

Types of payroll fraud

Match each type of payroll fraud to its definition.

Buddy punching, Commission schemes, Expenses/benefits fraud, Ghost employees, Manipulation of pay rate, Unauthorised overtime

1. This is a more sophisticated form of fraud that often involves salaries being disbursed to “employees” who do not exist in the company. These could be fictitious employees or former employees whose payroll records have not been terminated. It can also involve using the names of current casual employees to fabricate hours being worked within a business and then making payments based on those falsified casual hours into a third party’s bank account. This type of fraud is commonly linked to businesses involved in outsourced labour hire and with large casual workforces, and it normally involves people with ready access to payroll records.
2. This occurs when employees, either by manipulating time records or through deceit, claim overtime for hours not worked.
3. Employees claim benefits for fake or inflated personal expenses. This may include travel expenses, use of a company credit card, use of a company vehicle, or any extra benefit provided to an employee.
4. This occurs when commission is paid on contracts obtained, sales, or other activities directly linked to their duties. Fraud occurs when inflated sales and/or inflated performance figures are provided to obtain higher commissions.
5. Occurs when an employee (in liaison with someone in the human resources or payroll department) changes their pay rate, leading to higher salaries.
6. This is common in businesses where there is a requirement to record hours worked by clocking in and out of work physically or logging in and out of computer systems digitally. Perpetrators generally get other employees to impersonate them, so it appears they have attended work (and are paid accordingly) when they are absent.