Falsified Hours and Salary Schemes

Hours worked by construction employees are usually tracked by the employee using a time clock or submitting a timesheet. Both methods can be used to report fraudulent work hours. The employee can use either method on his own or in collusion with another employee or supervisor.

On worksites with a time clock, the perpetrator may arrive early and punch in, leave the worksite and then return later to punch out. The employee has not worked any hours, but will be paid a full day's wages. In another scenario, the employee may collude with a fellow employee-the perpetrator does not show up at the worksite, but his timecard is punched by the other employee. The other employee may demand reciprocation or some type of kickback as compensation. Not only does the perpetrator receive fraudulent wages but could receive additional compensation, which is sometimes based on the number of hours worked (i.e., vacation and sick time, benefits, etc.).

Worksites using timesheets are also vulnerable to fraudulent time reporting. Workers are required to complete a timesheet with the hours worked during a specified time period. If the hours worked by each employee on each job are not tracked by the supervisor, the perpetrator may overstate hours worked on the timesheet. The supervisor may sign the timesheet in collusion with the perpetrator or in ignorance due to poor memory or recordkeeping.

Workers may also increase pay rates to receive fraudulent pay. Obviously, falsifying hours worked does not benefit salaried workers; however, entering a higher rate of pay into the payroll system will generate higher pay for both hourly and salaried workers. This could be accomplished by accessing the computer system and changing the pay rate or by falsifying documents that cause the pay rate to be increased by the payroll department. The perpetrator could obtain the computer passwords of payroll employees either through theft or collusion or forging a supervisor's signature on payroll change documents.

One of the cases mentioned earlier also employed a strategy where employees who had reached the maximum accrual level for vacation "donated" their hours to other employees. This scheme not only allowed some workers to earn fraudulent vacation pay, but it also benefited employees who needed additional hours to receive health benefits at an earlier date. In another news story, a perpetrator was literally caught in his pajamas. He had punched in for the afternoon shift, spent the evening at home and was returning to work-in his pajamas-to punch out.

As with ghost employees, internal controls that would help mitigate falsified hours and salaries also range from simple to complex. The same controls for ghost employees, such as frequently changing passwords for payroll access, as well as requiring payroll employees to take an annual vacation, can help prevent fraudulent entries or schemes. Simply requiring a supervisor to stand near the time clock at the beginning and end of a shift could make employees think twice about falsifying their hours. Some companies have fought fraud with technology by incorporating a finger-print scanner into the company's time clock, hoping to eliminate what is referred to as "buddy-punching" payroll fraud. Having supervisors maintain logs of employees and hours worked-to compare to the timesheets before authorizing-may be time consuming, but it is an effective way of verifying the proper amount of hours are paid.

Commission Schemes

In addition to hourly or salaried employees, some companies also have employees whose main component of pay is based on a percentage of sales. This type of compensation, known as commission, is also vulnerable to fraud. A commission has two components: the commission rate and amount of sales. As the commission rate is set up in the payroll system similar to an hourly rate, fraudulent pay can be obtained by accessing the computer system and changing the pay rate or by falsifying documents that cause the pay rate to be increased by the payroll department. Again, the perpetrator could obtain the computer passwords of payroll employees either through theft or collusion or forging a supervisor's signature on payroll change documents.

The amount of sales can also be fraudulently inflated. By falsifying sales documents, such as sales orders, purchase orders and invoices, the perpetrator can increase sales, which increases his commission. Although commission sales are not as prevalent in the construction industry, internal controls should be implemented in the sales area when this compensation method is used.

Payroll Service Providers

Don't be lulled into thinking that your company is immune to payroll fraud because it employs an outside payroll service provider. The service provider doesn't know whether the new employees are real or fictitious, if the wage rate is too high or if the hours submitted were actually worked. However, most payroll service providers can generate a "payroll audit" report that details employees added to the system each pay period and wage rates or overtime hours that significantly exceed a specified average rate or amount, among other data. Pay attention to employees listed as "inactive." Before going on vacation, one perpetrator would mark the ghost employees as inactive so the employee's fraudulent activity would not be discovered during her absence. Employers should also be suspicious if additional payroll packages are delivered by the service provider. To avoid detection, ghost employees or additional wages for current employees could be submitted as a separate payroll run.

In addition to your own controls, make sure your external payroll service provider is subject to its own internal controls. The larger service providers usually have an SAS 70, an independent report on controls in place at the service provider, which can detail the controls, the tests performed on the controls and the results of the testing of controls. Also, the report typically details Client Control Considerations, which are controls that you, as the client, are responsible for implementing and evaluating. For example, the SAS 70 for ADP states that the client is responsible for "establishing proper controls over the use of IDs and passwords that are used to access and transmit payroll information..."

Unfortunately, the most trusted employees using the most sophisticated payroll systems are often the perpetrators of the most costly frauds. Heed the warning of the proverbial saying: "An ounce of prevention is worth a pound of cure." When appropriately applied to your payroll function, this practice could result in substantial savings.

Tags: 2007 March Issue, financial, legal,

Click to add your tags...,

or Close

Comments (1)

Name

Email

Title

Comment

Write the displayed characters

Add Comment