The document discusses payroll fraud, highlighting its prevalence, types, and potential controls to detect and prevent it. It presents statistics indicating that payroll fraud costs organizations significantly and identifies common schemes, such as ghost employees and timesheet manipulation. The author outlines red flags and recommended anti-fraud measures, emphasizing the importance of monitoring and auditing payroll processes to mitigate risks.

1. Detecting and Preventing
Payroll Fraud
Peter Goldmann, MSc., CFE, CFCI, FraudAware LLC

2. Peter Goldmann
President and Founder of FraudAware LLC
Author of Fraud in the Markets (Wiley)
Founder, FraudAware (Employee Fraud Awareness Training)
Monthly columnist, The Fraud Examiner, ACFE Newsletter
Member of Editorial Advisory Board, ACFE
Speaker at numerous fraud prevention association events.
Author of “Anti-Fraud Risk and Control Workbook” (Wiley)
University of Michigan, BA; London School of Economics, MSc

3. Agenda
 Introduction
 Fraud Statistics
 Payroll Fraud Types
 Red Flags of Payroll Fraud
 Detecting Payroll Red Flags
 Basic Anti-Fraud Controls
 Your Questions
 Conclusion

4. Fraud: The Big Picture
According to major accounting firms, professional fraud examiners
and law enforcement:
Fraud costs the world $3.5 TRILLION per year. (5%) (ACFE)
75% of the companies surveyed experienced at least one incident
of fraud in the last 12 months (KPMG)
Payroll fraud incidents cost an average of $90K in losses (ACFE)
Payroll fraud cases represent 12.6% of all internal US fraud
(ACFE)
Approximately 67% of corporate fraud committed by insiders
(Kroll)
Payroll fraud occurs in 27% of all organizations (ACFE)

5. Payroll Fraud Duration

6. Payroll Fraud Overview
Payroll Manager, HR staff or anyone else with authority to make
changes to payroll has some opportunity to:
 Add “ghost” employees
 Manipulate hours worked/timesheets
 Manipulate commission records
 Misclassify employees (1099 vs W-2)
 Embezzle from payroll account(s)

7. Case Study
Payroll Fraud Example:
Forty-nine-year-old payroll specialist, Janice Nieman of Milwaukee was
charged with four felonies – for a 10-year payroll scheme.
Details: From 2004 through June of 2013, Nieman made more than 2,000
fraudulent pay increases through the payroll system of Wheaton
Franciscan Services, a not-for-profit health services organization, using the
identities of 848 different employees. She added “ghost” hours to the
employees, made special payroll transfers for the extra time to HER
account, then destroyed the paper trail.
Nieman admitted to the theft and told police she used much of the money
to play the slots at Potawatomi Bingo Casino.

8. Main Types of Payroll Fraud
Common payroll schemes:
 Ghost employees. Usually initiated
by payroll manager—in absence of
tight controls.
--- New subcategory: “Synthetic
identities”. Employees with stolen
SSN’s, and fictitious ID factors—
gender, address, phone, DL#, etc.

9. Main Types of Payroll Fraud
Common payroll schemes:
Timesheet schemes. Hourly
employees fail to punch out … have
a co-worker from a later shift punch
out … or manually alter timesheets to
show more hours.
Double-dipping. Work for a client
while on the full-time payroll of an
employer.

10. Main Types of Payroll Fraud
Common payroll schemes:
Commission schemes.
Typically carried out by
salespeople and involve
manipulation of commission
policies and structures … as
well as use of side
agreements to record sales or
revenue prematurely or
without basis (“phantom
sales”).

11. Cyber Payroll Fraud
Common payroll schemes:
Data Theft
Hacking into your payroll
processor’s files to steal PII of
employees.
Use PII to file phony W-2
forms and submit phony tax
returns and receive tax refund.

12. The All-Important Red Flags of Fraud

13. Why You Should Focus on Red Flags
 Red flags are the indicators of possible fraud. (May also
indicate honest error)
 Knowing the red flags of each payroll fraud risk scenario
allows you to audit for these indicators and remediate
control weaknesses where actual fraud is found
 Knowing the red flags of each type of payroll fraud allows
your employees to blow the whistle

14. Intro to Red Flags of AP Fraud: Soft Indicators

15. Red Flags of Payroll Fraud
 Employees with duplicate addresses and/or bank account information
 Invalid Social Security numbers (SSN)
 Employees with few or now deductions and/or employee files
 Fluctuations in a department’s payroll expense as compared to prior
periods, including inconsistencies between the level of payroll as
compared to department productivity
 Timesheets with notations in different handwriting or color
 Extra pay stubs left over after distribution to employees
 Changes in total payroll from one pay period to the next that are
unsupported or unauthorized
 Excessive overtime compared to previous periods
 Questionable transactions in payroll ACH account reconciliation

16. Red Flag Detection Methods
Basic Red Flag Detection/Analytic Measures
and Methods
Surprise audits
Hotlines – to gather red flags and potential evidence (50% of
detected fraud is by employee tip—highest in the world)
Surveillance (in the mailroom, other key locations)
Regular internal audits (including review/testing for red flags
and assessment of effectiveness of payroll anti-fraud controls)

17. Specific Payroll Red Flag Detection
 Automated review/comparison of payroll records
against payees
 Automated comparison of employee addresses
 Audit for overtime amounts exceeding a set threshold
 Audit for commission “outliers” … or patterns of
unusually high commission rates
 Validate active employees. For each person who
received pay during the quarter, verify that the person
was employed during the time period for which the
check/DD was issued. (To find ghosts AND payments
to terminated employees).
 Compare payroll totals on payroll tax remittance
reports with reports generated by the payroll system
to identify discrepancies between payroll and tax
remittance documentation.

18. What Next?
Because red flags don’t ALWAYS indicate fraud, follow up with
“investigative reporting” to find additional evidence of possible payroll
fraud. Look for:
 E-mail and other communication between payroll staff and employees
 Management reports of suspicious payroll activity
 “Hard” information about a fraud transmitted via your Hotline
 Anomalies in pay amounts, changes to employee checking accounts,
changes in withholding, unusual pay amounts.
 Other evidence gained from interviews with key employees or managers
Aim: To gather sufficient information/evidence so management can
determine if investigation is needed.

19. Case Study
Lashondra Peebles, a former Chicago State University administrative
employee, was indicted for a scheme in which she hired her mother
in a “ghost payroll” scam arranged for her mother to be hired as an
employee.
According to prosecutors, Peebles posted an available part-time
position on the university’s website but after receiving more than
3,000 applications for the position, Peebles hired her mother, Shirley
Kyle, to fill the opening.
Kyle filled out hiring paperwork at Chicago State. But -- from the time
of her hiring in March, 2014 through May 30, 2014, Kyle was never
seen on campus and failed to report to her assigned department.
Despite never showing up for work or producing any recognizable
work product, Kyle received six checks totaling $4,450 in gross pay.

20. Payroll Fraud Controls

21. Payroll: Anti-Fraud Controls
 SoD: Have individuals outside payroll dept. review candidates’ financial
and employee background during onboarding
 Require minimum two/three sign-offs on new hires, depending on job
type.
 Job rotation: Rotate top payroll manager(s) to other departments
periodically—to prevent/deter collusion.
 Have someone from IS/IT or outside expert inspect payroll network(s)
and laptop(s) to ensure they are not infected with malware that could be
illegally gathering employee data.
 Use audit software to preemptively screen for red flags. Use the tools
to look for patterns in pay rate changes, withholding changes, changes in
employee bank accounts, etc.
 Require supervisors to review time cards—especially overtime—
every pay period.

22. Payroll: Anti-Fraud Controls
 SoD: The individual who posts the payroll to the general ledger
should not be the same individual who processes the payroll
within the payroll module of the accounting software or with the
third-party payroll provider.
 Use the SSA “Death Master File” to look for SSN’s of new
“employees” that belong to deceased individuals.
 Prepare a detailed payroll budget each fiscal year. Compare
actual payroll results to budget on a monthly or quarterly basis to
look for anomalies.

23. Thank-you for participating
If you have any questions, please email them to:
Peter Goldmann, MSc., CFE, FraudAware LLC
pgoldmann@fraudaware.com
www.fraudaware.com
Questions about i-Sight:
Joe Gerard, CEO
j.gerard@i-sight.com