CFMA.org is currently experiencing technical difficulties and may be unavailable

Ten Tips to Help Businesses Avoid Payroll-Related Fraud

By Steven T. Buccigross & Christopher S. Ernest

Payroll is one of the largest expenses on a company’s income statement. Accordingly, companies should design, implement, and maintain a system of controls over payroll to ensure that transactions are properly authorized and recorded.

Payroll-related fraud is not industry-specific and can be difficult to detect. The Association of Certified Fraud Examiners (ACFE) estimates that payroll fraud occurs in 27% of businesses and that the average payroll fraud lasts approximately 24 months.

Payroll fraud often starts out small and grows over time as the perpetrator finds success. Some common examples are as follows:

  • Ghost employees ― Fake or fraudulent employees created by an individual who processes payroll. Checks are then deposited into an account where the individual can access the funds.

  • Inflated time records ― Time cards (or equivalent records) that include hours that were not worked. The most obvious example would be an hourly employee attempting to gain additional compensation by inflating the hours worked on his or her time card. However, salaried employees whose compensation has a bonus component tied to a goal involving hours worked would also have motivation to inflate time records.

  • Unauthorized payroll or bonus checks ― Fraudulent payroll disbursements made to an individual without proper approval.

  • Manipulation of leave time ― A payroll claim and disbursement for fictitious or inflated leave time.

  • Manipulation of withholdings ― Failure (by an individual with payroll processing authority) to withhold items such as 401(k) or health insurance deferrals from an employee’s paycheck, while funding the items from company cash when initiating transfers to benefit administrators.

  • Expense report fraud ― A claim and reimbursement for fictitious, inflated, or personal expenses.

The following are simple, cost effective controls that can be put into place to prevent and detect payroll fraud:

  1. Maintain a timekeeping system with the appropriate authorizations and reviews. In particular, overtime (for hourly employees), sick, vacation, and other leave time should require review and approval.

  2. Have the owner or CEO review each payroll, focusing particularly on those employees involved in the payroll function and spot-checking several others on each report. This review should include a review of pay rate, withholdings, etc.

  3. Keep note of the total of each payroll before and after processing to ensure that no manipulation has taken place after the initial review.

  4. Review the entire payroll report for duplicate and/or fictitious employees.

  5. Ensure all changes to salaries are approved by either the owner or CEO and that someone independent of the payroll processing and accounting function is designated to set up new employees in the payroll system.

  6. Have the owner or CEO review a payroll change report, which lists any and all changes (e.g., new employees, pay rate changes, changes to withholdings, etc.) made to payroll for that particular period. This serves as a control to ensure that all changes are properly approved.

  7. Implement a segregation of duties so that the individual who prepares bank reconciliations for the payroll account does not have the ability to record payroll transactions to the general ledger. Ideally, the person preparing bank reconciliations should not have access to the general ledger or check-signing authority.

  8. Reconcile payroll registers to the general ledger payroll accounts on a quarterly basis. This exercise will assist in detecting if payroll has been misposted to another area of the general ledger or if other fraudulent transactions (e.g., cash-related fraud or fraudulent financial reporting) have been posted to payroll accounts.

  9. Require approval of all expense reports by a person outside of the accounting function with the appropriate level of authority.

  10. Ensure that the individual signing the expense reimbursement check is not the one approving the reimbursement.

Many of the controls listed above can be implemented without significant financial costs; however, they do require some time investment. While it is important for organizations to create an efficient environment, it is equally critical to ensure that there are processes in place safeguard a company’s assets.


Steven Buccigross, Principal at BlumShapiro, has 13 years of public accounting experience specializing in audits of privately held businesses in the construction, manufacturing, technology, and real estate industries as well as non-profit organizations. He can be reached at 617-658-5225 or sbuccigross@blumshapiro.com.

Christopher Ernest, CPA, MSM, is a manager with BlumShapiro, specializing in providing accounting and business advisory services to clients in a variety of industries. Chris also specializes in audits of employee benefit plans. He can be reached at 781-610-1226 or cernest@blumshapiro.com.