LEARNING OBJECTIVES

After completing this section, you should be able to do the following:

•     Recall typical controls for the payroll and expense reimbursement cycles.

•     Identify various forms (electronic and paper) used in the payroll and expense reimbursement cycles.

•     Recall the processes in the payroll and expense reimbursement cycles.

•     Identify various types of errors or fraud that can occur if the payroll and expense reimbursement cycles do not have adequate procedures or adequate segregation of duties.

INTRODUCTION

Previous course materials have addressed several types of disbursement frauds, such as those that involve the creation of fake vendors or those that employ various methods of check tampering. Disbursement frauds can also occur in the payroll and expense reimbursement systems.

The Association of Certified Fraud Examiners' “Report to the Nations on Occupational Fraud and Abuse 2016 Global Fraud Study”¹ found that payroll and expense reimbursement frauds' median losses were $90,000 and $40,000 respectively. The median duration of these frauds was 24 months each. How could these frauds have occurred and lasted for so long without detection? It is most likely because the systems did not have adequate internal controls. It is important to address which internal controls should exist in a well-designed payroll and expense reimbursement system to decrease the likelihood of fraud. An example of a payroll system with strong internal controls and examples of frauds that can occur if adequate internal controls are not present is discussed within this section.

KNOWLEDGE CHECK

1.     Which document is a negative confirmation to the employee of current and year-to-date payroll information?

a.     Deposit ticket.

b.     Payroll stub.

c.     Payroll check.

d.     Payroll register.

SEGREGATION OF DUTIES

Segregation of duties in the preceding payroll system example exists between bookkeeping, access to assets, independent reconciliation, and authorization of transactions. These duties are segregated as follows:

•     Bookkeeping — Performed by the accounts payable and general ledger departments. These departments are under the controller's division.

•     Access to assets — The cashier initiates all processing for the generation of payroll checks and direct deposit information. Checks are distributed by an independent employee. The cashier and the independent employee are under the treasurer's division. The cashier transfers funds from the general cash account to the payroll account for total of all employees' net pay.

•     Authorization of transactions — The human resources department authorizes the employment of new employees and also interviews employees who are separating service from the entity. Human resources is the only department that can modify (add information about new employees, delete information about separated employees, and modify information about continuing employees) fields in each employee's personnel file. All current hours worked by employees must be approved by a departmental supervisor.

•     Independent reconciliation — The payroll software compares the sum of all current-period and year-to-date amounts contained in each employee's earnings with the corresponding amounts in the payroll register to provide assurance that the system is in balance and has integrity. Other controls not in the example include the reconciliation of the payroll bank account by an independent employee who also compares deposits to the payroll account (transfers from the general cash account) against the payroll register, and the checks that cleared the payroll bank account against those contained in the payroll register.

OTHER CONTROLS IN THE EXAMPLE PAYROLL SYSTEM

In addition to separation of duties, there are numerous other controls present in the example payroll system. These controls include the following:

•     Procedures are performed to provide assurance that applicants are qualified for the position.

•     The human resources department interviews employees before they separate service from the entity.

•     Employees use electronic time records to record their time for each pay period.

•     Each day employees record their time. (Accuracy in recording is enhanced if the employees record their time daily instead of waiting until the end of the week to record their time, as they might make errors in allocating the correct time to various jobs due to memory issues).

•     Access to each employee's time record is restricted by a password that is established by the employee.

•     In order to process payroll, the payroll system accesses employees' permanent payroll records, which contain relatively permanent data originally created by human resources. No other department can modify this data. The payroll system also accesses current-pay-period electronic time records as approved by a departmental supervisor.

•     Regular and overtime wages are calculated and reviewed by operational management.

•     The maintenance of payroll registers and separate earnings records for each employee provide a historical record of all payroll activity, which can be referenced in the case of payroll questions, disputes, and more. These registers cannot be modified by any employee. Additionally, the payroll register serves as the source for the payroll journal voucher prepared by the accounts payable department. The journal voucher is then sent to the general ledger department for posting to the appropriate accounts.

•     Edit tests are performed by the payroll system to provide assurance that significant errors do not occur.

•     A cash disbursements voucher is prepared by accounts payable to transfer funds from the general cash account to the payroll bank account based upon a review of the payroll register.

•     The general ledger department records the cash disbursements and payroll journal vouchers after receiving payment notices from the cashier.

•     The cashier initiates processing and produces numerically sequenced payroll checks which are imprinted with an electronic signature.

•     An independent employee distributes paychecks and direct deposit notices to employees.

•     Employees are required to present identification in order to obtain paychecks or direct deposit notices.

•     Pay stubs are provided to employees; they contain year-to-date and current-pay-period information.

•     The accounts payable and general ledger departments are under the controller's division (bookkeeping).

•     The cashier and payroll distribution employee are under the treasurer's department (access to assets).

•     A separate payroll bank account is used for the payroll disbursements.

KNOWLEDGE CHECK

2.     The only department that should be able to modify the fields in each employee's personnel file is the

a.     Human resources department.

b.     Payroll department.

c.     Production department.

d.     Accounts payable department.

ERRORS, FRAUD, AND CONTROLS

Errors or fraud could occur in the payroll cycle if the preceding controls discussed are not implemented. Some of the types of errors and fraud that might occur are addressed in the following sections.

SEGREGATION OF DUTIES

If there is not adequate segregation of duties between the bookkeeping, authorization of transactions, access to assets, and independent reconciliation functions, then some of the following scenarios of errors and irregularities could occur (the list is not exhaustive):

1.     If the cashier also has payroll bookkeeping duties, but not general ledger or other bookkeeping duties, then the cashier or bookkeeper could create an additional fictitious payroll check and not give that check to the clerk who distributes payroll. The cashier or bookkeeper could prepare a journal voucher to transfer cash from the general bank account to the payroll bank account for the total of all employees' net pay on the payroll register, plus the amount on the fictitious check. For example, if the total of all employees' net pay was $40,000 and the amount of the fictitious check was $1,000, then the amount of cash transferred from the general cash account to the payroll account by the cashier or bookkeeper would be $41,000. The cashier could then send a payment notice to the general ledger department in the amount of $41,000 to be in balance with the journal entry the general ledger department would receive from the accounts payable department (whose duties are assumed by the cashier).

      This fraud would be detected if there was an independent reconciliation of the payroll bank account. If the person performing the independent reconciliation traced the payroll account deposit ($41,000) to the total amount of net pay for all employees contained on the payroll register ($40,000), a red flag would be raised.

      Please note that in the model payroll system discussed previously, the cashier or bookkeeper is prevented by system access controls from adding a fictitious employee (who would be included on the payroll register) or making changes to the payroll register (which might show total net pay of $41,000 after the cashier or bookkeeper made changes to several valid employees' net pay amounts to make the total $41,000).

2.     Similar to preceding situation number one, if the cashier distributes paychecks and direct deposit notices, then the cashier could generate a fictitious check for his or her own use.

     This fraud may be detected if the payroll bank account was overdrawn (which it would be assuming all employees cashed their paychecks in a timely manner). This fraud could also be detected by the individual who prepares the independent bank reconciliation as the fictitious check would not be listed on the payroll register but would be shown as a cleared item on the payroll bank statement. Additionally, the general ledger department could detect this fraud when the payment notice sent by the cashier did not equal the amount of the journal voucher transmitted from the accounts payable department.

3.     If the departmental supervisor also performed human resource functions, then the departmental supervisor or human resource employee could create a fictitious employee, set up information in the employee's personnel file (such as pay rate, and so on), and approve the “time worked” by this fictitious employee. A payroll check or direct deposit notice would be generated. If the payroll distribution clerk asked for employee identification before providing either a payroll check or a direct deposit notice, then the fraud becomes a bit more complicated for the departmental supervisor. The departmental supervisor or human resource employee will then need an accomplice to present an identification card provided by the departmental supervisor or human resource employee to receive the payroll check or direct deposit notice. (Note: The human resource function issues employee identification cards.)

      One way the departmental supervisor or human resource employee could perpetrate a fraud would be to dismiss an employee but not remove the employee from the file of active employees. The payroll clerk would distribute a check to his accomplice, the departmental supervisor or human resource individual, who has the dismissed employee's identification card (with the accomplice's picture but the dismissed employee's name, employee number, and so on).

      These frauds may be detected if the company has established budgets and appropriate management, in addition to operational management, investigates labor efficiency variances.⁶

      In the case of the dismissed employee who is still receiving weekly wages, the fraud could be discovered when the dismissed employee receives his or her annual W-2 information from the company. However, because the departmental supervisor or human resource employee has access to the employee's personnel file, he or she could change the dismissed employee's address to an address where the real W-2 could be intercepted. If all internal controls failed, this scheme could still be detected after the dismissed employee files his or her income tax return and the government received reports from the entity indicating that the victim received higher wages and withholdings than the he or she reported.

4.     The departmental supervisor could be in collusion with an employee and allow the employee to be absent but approve the absent time as time worked. The departmental supervisor and the employee would then split the amount of “compensation” for time not worked. This scheme might be detected when management, other than operational management, reviews labor variance analysis or other types of production reports.

5.     The human resource employee could be in collusion with one or more employees. The human resource employee could increase the conspirator's pay rate and split the amount of wages received above the legitimate amount. This scheme could be detected when management reviews labor variance analysis or other types of production or budget reports.

6.     Many smaller entities, due to limited resources, might have one trusted employee performing bookkeeping, access to assets, independent reconciliation, and authorization of transactions functions. In the case of overlapping duties, many business owners believe that it would be difficult for the employee to create fictitious employees or retain dismissed employees on the payroll. This is due to the active owner or management involvement in smaller entities. It is oftentimes believed that these owner or managers would notice if there were fictitious employees on the payroll or if certain employees were overpaid, or if employees who had separated service were still being paid.

FRAUD AND ERRORS NOT DUE TO INADEQUATE SEGREGATION OF DUTIES

Other types of fraud and errors that could occur which are not due to inadequate separation of duties are addressed in the following list. (The list is not exhaustive.)

•     If procedures are not performed to provide assurance that job applicants are qualified for their position, then the entity might hire applicants who are not able or do not possess the skills required to perform the position's duties. Additionally, references should be checked to provide somewhat limited assurance as to the applicant's honesty and integrity. Consider performing a background check on potential employees.

•     Requiring employees to report their time each day helps prevent memory problems and provides limited assurance that employees are charging time to the correct activity.

•     Requiring a password for employees to access their time records provides accountability. If there are errors or issues about a particular employee's reported time (such as charging the wrong activity or job, and more.) then the problem can be traced to a particular employee because no employee should know another employee's password.

•     If operational management did not review regular and overtime pay, then the entity might receive higher overall labor costs due to the payment of an excessive amount of overtime wages. The entity might have lower overall labor costs by hiring more personnel and paying the regular pay rate rather than the higher overtime pay rate to existing employees. A consistent higher amount of overtime to a certain employee might be indicative of collusion between the employee and the employee's supervisor.

•     If payroll registers and separate earnings records for each employee were not maintained, then a historical record of all payroll activity could not be referenced in the case of payroll questions, disputes, and more. Also, the payroll register provides the support for all payroll entries that are posted to the general ledger. If payroll registers are not maintained then there is no assurance that the payroll journal entries were made correctly. The payroll register and earnings records cannot be modified, thus increasing the likelihood of detecting payroll schemes involving fictitious payroll checks or ghost employees.

•     If edit tests are not performed within the payroll system then erroneous or fraudulent data could be processed and not detected. For example, a human resources employee might have accidently made a transposition error and entered a pay rate of $91.00 instead of $19.00. If the payroll system had an edit test for pay rates greater than a user-provided limit of $40.00 then the error would be detected right away.

•     If pay stubs are not provided to employees, then employees cannot review year-to-date and current-pay-period data to assess if the information is correct. The employee would only be able to review the amount of net pay.

      An unscrupulous bookkeeper in a small business who has inadequate separation of duties might increase the gross pay of an employee and add an extra withholding amount that is ultimately taken by the bookkeeper. Because the employee would not have year-to-date gross pay and withholding information, this most likely would not be detected by the employee until the employee filed his or her income tax return.

      A pay stub provided to an employee is a negative confirmation of the current and year-to-date payroll information.

•     If the payroll check stock is not physically safeguarded, then a check could be stolen, made out to a valid or fictitious person, and cashed. This scheme could be detected if the payroll bank account became overdrawn due to the stolen check. This fraud could also be detected during the performance of an independent bank reconciliation, where each cancelled check is compared to the checks recorded in the payroll register.

•     If supervisory personnel do not compare the amount of each department's payroll expense to budget and investigate differences, then errors could occur and not be corrected. For example, a government contractor accidently charged time worked to the wrong government account. The government was overbilled, and according to the terms of the contract, the government contractor had to pay a penalty for this posting error.

•     In a cost accounting system, if time charged to jobs is not reconciled to the time reported for payroll purposes, then jobs may be under-or overcharged for labor costs.

•     If a reconciliation of government payroll reports, such as 941s and W-2s, is not performed, then incorrect payroll information might be sent to the government. For example, a payroll clerk could accidently enter the wrong year in an inquiry program and accidently send the previous year's payroll information to the government. This error would have been detected had the payroll clerk compared the information on the government payroll reports to the payroll register.

•     If the entity does not have a checklist as a reminder of when payroll tax payments are due, then the entity might neglect to pay payroll taxes and be subject to government fines and penalties.

•     If standard journal entries are not used as a reminder to record period-end liabilities for payroll, then the financial statements might be misstated due to the failure to record these entries.

•     If the accounts payable and general ledger departments under the controller's division (bookkeeping) were combined with the cashier and payroll distribution function under the treasurer's department (access to assets) then frauds such as those discussed under the preceding separation of duties section could occur and not be detected in a timely manner.

•     If a separate payroll bank account is not used for the total net amount of payroll, then sensitive compensation information about employees might be inadvertently disclosed.

COMMISSIONS

Employees who receive a sales commission as their basis for compensation, or as a supplement to a base salary, typically receive a commission calculated at a certain rate times their sales amount. For example, if a sales person is to receive a 5 percent commission on sales of $500 then the amount of commission is $25.00 (.05 × $500). It is important that the amount of commissions paid be reconciled with sales records.

What can go wrong with this seemingly simple process of compensating the sales force? The employee has multiple ways to fraudulently increase his or her commission. First, the employee might try to change the commission rate. However, this method most likely would require the sales clerk to be in collusion with a human resources employee who can modify the commission rate field in the employee file.

The sales clerk could record fictitious sales and increase the overall amount of commissions. The entry to record the fictitious sale would be to debit accounts receivable and credit sales. If there is separation of duties such that the sales clerk could not establish a customer account, then this scheme would be discovered as a valid customer would receive a statement showing the unauthorized charge.

The sales clerk could also record a sale in one month and, if the sales clerk can accept returned items, show a sales return in the next month. The customer would still receive a statement and might assume that the charges and credits to his or her account were due to a bookkeeping error. Alternatively, the sales clerk could record sales to a third-party conspirator who returns the goods to the sales clerk. These schemes would be enticing to the sales clerk if his or her commissions were not reduced for returned items. The sales clerks should not accept returned goods, as they perform bookkeeping functions. The entity should have a separate department that accepts returned goods (access to assets function).

In order to increase commissions, the sales clerk might switch tags from a higher priced item to a lower-priced item. The sales clerk could feign ignorance if the customer confronts him or her about the price on the lower-priced item.

Many retail stores provide coupons that allow an additional discount on certain merchandise. These coupons typically list those items that are excluded from the additional discount. In order to increase sales, the sales clerk might state that the coupon is not valid for certain items when the coupon is valid for those items. If the customer disputes the sales clerk, then the sales clerk can apologize profusely for his or her “mistake.”

What controls should be in place to prevent or detect sales commission fraud? One control to help prevent commission fraud is establishing a clear company policy that contains provisions on how the sales clerk's commission will be adjusted for returned items. Management can also perform analytical procedures such as comparing each sales clerk's commissions to the others' commissions. Any sales clerk that has higher commissions when compared to other sales clerks' commissions should be highlighted as a possible fraud.

PAYROLL OUTSOURCING

Many entities have outsourced their payroll processing to third-party service providers. There are numerous payroll service providers, such as ADP and Paychex. Many of the controls addressed in the example payroll system concerning separation of duties are also appropriate when payroll is outsourced. The authorization, access to assets, bookkeeping, and independent reconciliation functions still exist within the entity.

There are various methods an entity can use to set up employee information at the service provider. The example discussed as follows assumes that all relatively permanent payroll data (name, address, job classification) is transmitted in a secure manner to the service bureau by the human resource department.⁷ The human resource department, through the use of passwords, is the only department that is allowed to modify this relatively permanent information.

Employees in this system, similar to the previously discussed system, enter their time worked by activity into their time report file daily. At the end of the payroll period, the departmental supervisor reviews and approves the time. After the approval of the employees' time, the payroll department calculates batch totals by running the time report file through a service-provider edit program which is maintained at the entity. Batch control totals are calculated for the number of employees to be processed, the total number of hours worked, and a hash total of employee numbers.⁸ The edit program also provides an exception report for hours worked over a certain limit, employees who have not reported their time, employees who have not reported their time for all available work days during the pay period, and more. After the file has been “cleaned,” it is submitted to the payroll provider.

The service provider processes payroll and makes available payroll registers and employee earning records which can be accessed by appropriate entity personnel. The entity's payroll department then reconciles the input batch control totals with totals per the service provider's reports and reviews the overall payroll disbursement for reasonableness (comparison to prior payroll period and comparison to budget). After this review, the service provider is authorized to process direct deposit notices to the appropriate banks. The cashier, after receiving an approved journal voucher from accounts payable (who accessed the payroll register online to obtain the amounts for the journal voucher), then transfers the total net payroll amount from the general bank account to the payroll bank account and forwards a payment notice to the general ledger department. The accounts payable clerk then forwards a copy of the payroll journal voucher to the general ledger department for posting. Finally, the payroll bank account is reconciled by an independent employee.

The entity should have a contract with the service provider that has clauses concerning privacy and security issues, and disaster recovery.

EXPENSE REIMBURSEMENT FRAUDS

There are numerous occupations that require employee travel. Most employers reimburse employees for the following travel expenses:

•     Meals

•     Hotel

•     Car rental, taxi, or mileage for use of personal automobile

•     Airfare

•     Parking and tolls

•     Miscellaneous charges not exceeding a certain limit (for example, a daily incidentals allowance of $5.00)

Many entities reimburse employees for the actual amount of incurred expenses. Documentation for support of the preceding expenses, except for miscellaneous charges, is required by a significant number of organizations for employees to be reimbursed. How can an employee cheat on his or her expense report? There are numerous options available to obtain additional “compensation” by creating fictitious receipts. Listed in the following are some methods that perpetrators use to inflate their expenses:

•     Meals — The perpetrator obtains blank meal receipts and writes in an amount greater than the amount of the meal.

      The perpetrator obtains filled out receipts and uses whiteout to erase the correct charge and then writes or types in a higher charge.

•     Hotel— Many hotels use the same standard template to print out a hotel receipt. The hotel bill can be scanned, imported into an object file, cut and cropped, and the amount charged changed to a higher amount and then printed out.

      Alternatively, the perpetrator can use shareware available at websites to create his or her own hotel (or other) receipts.⁹

      Another method to create a fictitious receipt is to scan the hotel receipt and create a PDF file. Software such as that provided by Bluebeam software will permit text and other information on the PDF document to be edited.¹⁰ The perpetrator can change the amount charged and then print out a higher amount “paid” on the forged receipt. It is virtually impossible to discern if a forged receipt created in this manner is valid or a forgery.¹¹

      Some auditors would state that the hotel rate could be confirmed at the hotel's website. However, the same hotel may have multiple rates for the same type of room due to excess capacity and seasonal and other issues. Additionally, Internet companies that provide discount hotel and airfares might provide a lower rate than a valid higher rate obtained by an honest employee.

      It is important to note that although technology is wonderful and in many ways makes our lives easier, it is also making it much easier for thieves to “trick” many diligent people.

•     Car rental, taxi, or mileage for use of personal automobile — The perpetrator could forge documents (rental document and gas receipts) for a car rental bill, using methods described previously for hotel receipts.

      Taxis typically provide the passenger with a blank receipt. The passenger can easily increase the normal fare and indicate that traffic delays and the need to take alternate routes caused the fare to be higher than normal.

•     Airfare — Similar to hotel rates, airfares change constantly based upon passenger-load, seasonal, and other issues. The perpetrator could forge receipts using methods discussed previously. Another technique is for the thief to buy two airline tickets — one at the full fare price and one at the discounted price. Then the individual could fly on the discount priced ticket, submit the receipt for the full fare price, and obtain a refund from the airline for the full fare.

•     Parking and tolls — Again, these receipts could be forged. A blank receipt could be obtained from a parking lot attendant and completed by the perpetrator. The amounts stolen usually will be a small amount. However, over time the amounts might accumulate to an amount that could be noticed by management.

•     Miscellaneous charges — This type of charge is not really a major concern for most companies as the amount is limited to a small amount that can be charged each day. This is why many companies just allow for a maximum “incidental” allowance, and do not allow for tolls and other smaller (valid or invalid) reimbursements.

What controls can an entity implement to prevent or detect these types of frauds?

•     Meals — A preventive control is to establish a per diem meal allowance for both travel and work days. If the employee's actual meal expense is less than the per diem amount, then the employee pockets the difference. If the employee's actual meal expense is greater than the per diem amount then the employee does not receive reimbursement for the difference, but has to incur the costs over the per diem amount himself or herself. Or, additional approvals may need to be obtained before the additional expense is reimbursed.

•     Hotel — Have all hotel room and tax charges billed directly to the entity. Any incidental charges incurred by the employee (including personal charges for dry cleaning, in-room movies, and more) cannot be charged to the entity.

•     Airfare — The company should use a travel agency that is instructed to obtain the most economical flights (not lowest), given travel time and other constraints.¹² The company could instill a policy whereby only flights obtained through the travel agency are reimbursed.

•     Parking and tolls — Parking fees and tolls can be reviewed for reasonableness. For example, an airport parking fee receipt contains the date and time when the vehicle entered the parking area and the same information when the vehicle left. This information can be compared to the dates on the airline ticket to see if the dates are the same. The parking rate can generally be obtained from the parking facility's website and the rate and days parked are used to provide the amount that should be charged by the parking facility. This amount can be compared to the amount provided by the employee.

      The valid amount of tolls that should be charged can be obtained by accessing the website for the governmental entity that maintains the toll booth.

      Why be concerned with these seemingly immaterial parking and toll amounts? If the employee is cheating on his or her expense report then this might be an indication of the employee's integrity and ethical values. The employee might be perpetrating a material fraud in other areas that are his or her responsibility. This small amount of fraud might also be the result of the perpetrator testing the system—if he or she can get away with fraud in the expense reimbursement system then he or she might rationalize that fraud can be perpetrated in other systems and not be detected.

      How does one control the costs of taxis? When possible, use a car service whose charges are direct-billed to the entity. The fare these services charge is often comparable to the taxi fare. If a taxi is used and there are suspicions about the charge being reasonable, use a mapping program to estimate mileage and cost. If the employee is consistently overcharging taxi fare when compared with a mapping program then inquiry should be made as to the reasons for the consistently higher than expected charges.

Still yet, in order to control travel expenses, many entities have a preventive control whereby employees are provided with procurement cards which will only allow charges for certain activities and will have spending limits by type of activity (taxi, hotel, airfare, and so on).

Regardless of the measures taken by an entity to prevent expense report fraud, many entities have a “one strike and you're out” policy. Employees are immediately terminated if they have defrauded the entity, regardless of the amount stolen. This is because this type of fraud, if committed by an employee, speaks to the employee's ethical values, and might be indicative of a propensity for the employee to commit other types of fraud (if he or she are not already committing other types of fraud).

KNOWLEDGE CHECK

3.     A preventive control that only allows charges for certain travel-related activities and has limits is

a.     Having employees use procurement cards.

b.     Matching receipts with charge card statements.

c.     Investigating travel expense budget variances.

d.     Reviewing travel expense charges to certain jobs for accuracy.