Sunday, July 26, 2009

Payroll Master File Fraud

Payroll fraud has been a common fraud for many years and continues to be so. One area of the payroll system susceptible to fraud is the payroll master file. Issues in relation to the payroll master file include the following:

  • Unauthorised changes being made to a persons pay classification, pay rates, allowances paid.
  • Adding an additional person on the payroll – ghost employee.
  • Not removing an employee who no longer works for the organisation from the payroll.
  • Unauthorised changing of bank account details.

So how do we go about making it difficult for someone to commit fraud using the payroll master file? The following are examples of controls that will help reduce the likelihood of fraud occurring:

  • Develop an exception report that details any changes made to the payroll at each pay run. The report should be forwarded to someone not in the payroll section and any changes that do not appear reasonable should be investigated.
  • The person who has authority to make changes to the payroll master files does not have authority to process the regular payroll or have access to this section of the payroll function.
  • Develop a report that shows any duplicate payments to one employee or one bank account. Again, this report should be forwarded to someone not in the payroll section and anything listed on the report should be investigated.
  • HR should, on a periodic basis review the payroll for any names of employees that are no longer in the employ of the organisation.

Sunday, July 19, 2009

Be aware of red flags

I find it amazing that every time I do a fraud investigation that I still hear the same comment – “why didn’t we see that”. Every fraud investigation I have done, familiar red flags have been present and unfortunately have gone unnoticed for some time allowing the fraud to go unnoticed.

A red flag is a set of occurrences that are unusual in nature or vary from what would be considered the normal activity of the organisation. It is a signal that something may be wrong or out of the ordinary and needs further investigation. However, it must be remembered that a red flag does not mean that fraud has happened, it is a trigger that something may have happened and therefore the issue needs to be investigated.

There are many red flags. Here are just a few:

  • unexplained items on reconciliations
  • inconsistent or vague responses from inquiries made
  • excess voids or credits
  • multiple remittance addresses for the same creditor
  • lack of segregation of duties
  • infrequent bank deposits allowing cash to accumulate
  • a delay in issuing of monthly, quarterly or annual financial reports
  • key financial or operating personnel leaving the organisation
  • missing assets
  • questionable handwriting on documents
  • a poor culture within the organisation

Sunday, July 12, 2009

Undertake regular bank reconciliations

Undertaking regular bank reconciliations is a very useful fraud detection control. How regularly you undertake bank reconciliations should depend on the number of transactions made through the bank account on a daily basis and the value (in dollar terms) of funds flowing through the bank account. The higher the number and value of transactions, the more frequently bank reconciliations should be conducted (eg daily or weekly). Bank reconciliations should be done at least monthly for smaller organisations with few transactions in number and volume.

Any unusual transactions on the bank reconciliation should be investigated immediately. To hide fraud, a person conducting the bank reconciliations will need to ‘force’ the bank reconciliation to reconcile. To do this, one of the methods used is to create a ‘balancing item’ such as an outstanding deposit. However, that deposit remains as a reconciling item from one bank reconciliation to the next, growing in size as the value of the fraud increases over time.

To confirm that the bank account has been reconciled and actually does balance, the bank reconciliation as well as a copy of the last page of the bank statement should be included as part of the board pack provided for each board meeting.

Sunday, July 5, 2009

Understand why people commit fraud

To be able to be in a position to understand how fraud is committed, reduce the likelihood of it happening and if it does, investigate it thoroughly, we must first understand why people commit fraud.

There are four components to why a person commits fraud, as follows:

Pressure

Pressure on the person is the reason people make the decision to commit fraud. Pressure includes:

  • Living beyond ones means;
  • Greed;
  • Poor credit;
  • Personal financial loss;
  • Unexpected financial needs.

Rationalisation

Rationalisation is how a person who commits the fraud believes what they are doing is reasonable. It must be remembered that rationalisation is in the mind of the person committing the fraud, not what a reasonable person would consider to be rational. Some of the ways a person committing fraud rationalises what they are doing are as follows:

  • “It’s only a loan. I’ll pay it back as soon as I can."
  • “They didn’t give me the pay rise I deserve.”
  • “Nobody will get hurt. It’s only a company not a person.”

Opportunity

Opportunity is what within the organisation allows the person to commit fraud including a lack of controls, poor culture within the organisation or failure of management to handle fraud appropriately. Consider opportunity as follows:


A perceived opportunity
+
Ability to conceal the fraud
+
Avoidance of it being discovered
+
Avoidance of it being punished
=
Opportunity


Capability

Capability means that a person is able to commit the fraud, for example:

  • The person’s position in the organisation provides them with the ability to exploit an opportunity to commit fraud that may not be available to others;
  • The person is smart enough to understand and exploit weaknesses in internal controls and be able to use their position and access to exploit the weakness;
  • The person has a strong ego and confidence that he/she will not be detected or he/she believes he/she could talk himself/herself out of trouble if caught – a person’s arrogance;
  • He/she can coerce others to commit or conceal fraud – he/she has a persuasive personality;
  • He/she lies effectively and consistently – he/she must be able to look management, auditors, investors, bankers and others in the eye and lie convincingly;
  • He/she deals very well with stress – committing and managing the fraud over time can be very stressful.