Do you have ghost employees?
Joan M. Renner, CPA, CGMA, Director 501(c)(fit!)
As Halloween approaches, we love haunted houses, ghost walks and tales that make us look over our shoulder from time to time. You know those stories. Someone hears eerie noises, but when they investigate, no one’s there. It must have been a ghost. Ghost stories are fun at Halloween but they’re serious business when it comes to fraud prevention.
Here’s a fraud ghost story: A few years ago, a project manager at a Native Hawaiian nonprofit came across a pay stub for an unknown employee. He didn’t recognize the name. The mystery continued when he received a letter from the unknown worker asking for direct deposit. When he investigated, he found that the unknown employee didn’t work there at all. He was a ghost.
It seems that for about three years, the former payroll clerk had been paying a number of ghost employees including two friends who didn’t work there and two terminated employees. In February 2012, the former payroll clerk, Corinne H. Cabral, pleaded guilty to stealing more than $220,000 by directing 124 paychecks to these phantom employees whose bank accounts she controlled. Cabral, who had a prior criminal record, was sentenced to 21 months in prison and ordered to make full restitution.
Think this won’t happen to you? Think again. Payroll fraud is one of the top three asset misappropriation schemes facing nonprofits today, with victim nonprofits losing more than $90,000 on average according to the Association of Certified Fraud Examiners.* With access to your payroll system, a perpetrator can:
- set up fake employees and send the payments to his or her own bank account,
- reactivate terminated employees and change the bank account to the perpetrator’s, or
- give himself a raise.
Employees are more mobile than ever, working with flex hours or even working remotely, making it harder to identify who’s really working.
What Can We Learn?
Restrict payroll access. An individual who can initiate and complete online payroll without further permission is effectively a check signer.
Set up online payroll with two levels of permission at your bank or payroll service. One individual can prepare the payroll but another must release it.
Restrict permissions. Limit ability to make payroll changes such as setting up new employees, bank accounts and rates of pay.
Implement management review. Review payroll activity online accessing reports directly. Don’t wait for payroll reports to be provided to you. You might not be seeing all there is to see.
Review all payroll changes, verifying new employees, new accounts and new rates of pay. Verify that payroll stops whenever an employee is terminated.
Conduct spot checks periodically. Compare employee addresses and bank account numbers for similarities. Follow up on any with P.O. Box addresses or duplicate addresses or duplicate bank account numbers. Review personnel files for completeness of ID. Contact supervisors to meet and verify unfamiliar employees. Compare recorded expenses to budget and follow up on budget overruns.
Small organizations may need to enlist Board members to help with anti-fraud controls. If a second employee is not available to review and approve the payroll, a Board member may need to step in to review and approve. Online processes make it easier to log in and oversee transactions.
Learn more about fraud prevention controls in our in our 501(c)(fit!) PLUS on-demand webinar, You Just Lost $1 Million—fraud prevention for CEOs.
Learn about fraud warning signs in our FIT! TIP from May 8, 2017, Fraud Flags?
Learn more about fraud perpetrators in our FIT! TIP from October 10, 2017, Behind the Mask.
Learn about the most common types of nonprofit frauds in our 501(c)(fit!) PLUS on-demand webinar, You Just Lost $1 Million—fraud prevention for CEOs.
Get more FIT! TIPS. Join our 501(c)(fit!) community.
*yes, it’s true, per the Association of Certified Fraud Examiners Report to the Nations on Occupational Fraud and Abuse 2106 Global Fraud Study.
© 2017 501(c)(fit!) All Rights Reserved.