Deepak Pillai: Payroll is usually a very large part of an organisation's expenditure. It's also an area that we've seen a lot of fraud being perpetrated. Jack, I just wanted to talk today about a couple of examples of fraud that I've seen occur through the payroll process.
One example I've actually investigated in the past is where there was a payroll employee who had access to certain functionality as part of the payroll process. Within the organisation he was quite well known and they essentially had issues where people were sharing passwords for certain functions within the payroll system. This allowed the employee then to start generating employees, assigning them salaries and then releasing payments to those fraudulent employees that he created. This was identified quite late by the employer after that employee had left the organisation and they'd brought us in to help investigate and they wanted to know how did this occur. Through our analysis we actually did see that the employee was using other individuals' accounts and therefore could bypass a lot of the controls that they put in place.
The client then asked me how could they have potentially identified this issue. Firstly at the start I did mention that culture plays a large part of trying to mitigate fraud and obviously there was a culture of sharing passwords here. It was something that management had to set the tone from the top and make sure that employees were actually aware of the policies and procedures to make sure issues like that didn't occur. Jack, have you seen any other examples of payroll fraud in the work that you've done?
Jack Dong: One example I wanted to share is where a group of employees have manipulated the remuneration structure in order to get more than they're entitled to. In this example in a major bank there was an incentive where employees get paid depending on how many accounts they've opened for customers. To be entitled to more incentives the employees would then open up a lot of dummy accounts without customers' consent and also process one single transaction through those dummy accounts to be entitled to those sort of bonuses. And because of that they also de‑linked those accounts from the customers' net bank so that they can't see it being created. With this practice the bank's essentially paying a lot of money in terms of commissions and bonuses to those employees without them earning this type of money.
So with this I think the main control to be put into place to mitigate this risk is that you've got to check your top performers and make sure that their performance is in line with the sales practice itself.
Secondly it's important to put automated controls in place so that this type of behaviour gets picked up – for example building a system that captures where an account has been opened and when transactions are put through and then closed subsequently in a very short period of time, or look for accounts where it has been dormant apart from having very little activity in it.
Deepak Pillai: Jack you've raised a good point there. I think it's a combination of very strong controls – both system and process controls – as well as a strong culture within an organisation that I think can really help clients try to mitigate any payroll fraud that they might see in their business.