top of page
  • _


Updated: Jul 15, 2023


By Darrell Smith CFE, ARM, CIM, FCSI


Recently we completed a fraud investigation involving an employee who did the payroll for a small business. Their new accountant discovered that there were twelve expense claims made by the employee without any justification for them or supporting documentation. It turns out the employee managed to defraud their employer of $170,000.00 in fraudulent expense claims, additional salary and overtime they were not entitled to, using the outsourced payroll system.

Many companies choose to use an outsourced payroll system to process their payroll and for good reason. Outsourcing payroll is very cost effective and efficient. You go to your account and enter your employee’s payroll information; the payroll is processed, and the funds are deposited into the employee’s bank account. They provide pay stubs and year end tax T4’s, do records of employment, there is only one withdrawal made from the company bank account and they provide all the journal entries for the accountant to process. I have used an outsourced payroll company for years and highly recommend them.

However just like any payroll system whether it’s inhouse or outsourced there is a risk of fraud when a motivated employee decides to use the payroll system as their own personal ATM.

The Association of Certified Fraud Examiners in their 2022 “A Report To The Nations,” states that Expense reimbursement fraud accounts for 11% of fraud with a median loss of $40,000 US and Payroll fraud accounts for 9% of fraud with a median loss of $45,000 US.

Let’s look at the investigation, the findings and how to prevent this from happening to your company.

We began the investigation by reviewing two filing cabinets full of financial records and nine banker’s boxes of financial data, going back for five years. The object was to determine if there was expense forms, receipts, invoices or other supporting documentation for the twelve expense reimbursements. We did not find any supporting documentation; however, all the other employees expense reimbursements were found according to company policy with the expense forms completed, the reason for the expense and receipts attached.

As I began my investigation of the payroll records, very quickly I noticed several red flags, 1. There were numerous additional pay runs made, beyond the normal bi-weekly payroll runs. 2. Even though the employee was claiming expenses the year-to-date balances was declining. With every expense reimbursement the totals should have been increasing.

I then began a review of all payroll information for the past five years. It was discovered that most months there was from two to seventy-six extra pay runs. When the manager would inquire about the extra pay run, they would be told it was because employees were late getting their hours or their expense reimbursements in. On the extra pay runs the employee would use the run to pay themselves. On every extra pay run the employee would claim from two hundred to twelve hundred dollars in false expense claims, with some as high as two thousand dollars.



I was also able to determine that the employee was going into the payroll system and deleting the Year-to-Date expense reimbursement totals. With every expense claim the total balance should have increased yet they were decreasing, with the balance always being reset to zero. This helped conceal the fraud from management.

With any payroll system whether it’s outsourced or in house, the payroll administrator needs to have the ability to correct or change the payroll information. This makes perfect sense because totals can be calculated wrong, additional hours or expenses may need to be added and changes may need to be made because of human error. In most payroll systems just about any information entered in the system can be changed or deleted.

Like any type of employee fraud when an employee has the Motive to commit fraud, they will find the opportunity and justify it. Usually, the opportunity comes from weak internal controls or a break down in those controls.In this case there were several red flags that went undetected and when any questions were asked management were given a reasonable explanation. As I always say get evidence not explanations.

Let us look at the red flags. The first one was all the extra pay runs made, some months it was two or three and the most active month there was seventy-six. Every time there is a payroll processed, there would be a withdrawal from the company’s bank account by the payroll company. With the explanation given, there still should have been a closer look.

The other red flag was the changes made in the system, mainly deletions of totals. By deleting the Year-to-Date expense balance, it prevented management from detecting the fraud. Also, the manager who set up the payroll system and was on the account as the Administrator was taken off the account, so the payroll officer was the only one in the company to have access to the payroll system. To delete some payroll records, such as expenses, tax and employee records there is usually a two to three step procedure that leaves an audit trail that can be reviewed.

So, what allowed this to occur.

The first thing is that the employee had access and control over every aspect of the payroll system. Just like any type of internal control there should be segregation of duties. Such as the payroll officer can enter the payroll information however any corrections, additions, changes, or deletions would have to be made by the administrator. In a perfect world this would work just fine, however this can become cumbersome at times because of the tight deadlines that payroll has and the availability of the Administrator to make changes. Companies with high employee turnover or a larger company with a lot of employees, having the administrator making the changes just requires more planning, it can be easily done.

You cannot just rely on segregation of duties as your internal controls, you must also audit each payroll for accuracy and fraudulent activity. Then you must go into the system and review each change, such as new employees added, expense reimbursement deleted, or tax records deleted.



The next item is the high number of extra pay runs, one month there was seventy-six of them. This should have been a huge red flag for management. But again, they had an explanation, and it was never verified. As mentioned earlier every payroll run there is a withdrawal from the company bank account, along with the withdrawal there would have been fees charged to the company.

So, when doing the bank reconciliation report this should have triggered an investigation which would have resulted in the fraud being discovered years sooner. I believe part of the problem here was the payroll officer protected their domain like a mother bear protecting her cubs. When anyone asked about something they would use bullying and intimidation to get them to back down. Even when the employee was on vacation, they still insisted on doing the payroll, which is a huge red flag.

Finally, there is the deletion of expense totals, tax records and extra pay and overtime payments. There would have been a record for all deletions and changes in the system, they were just never properly checked.

So how can you prevent this from happening in your company?

1. Segregation of Duties in the Payroll Department: As I mentioned having the administrator the only person authorized to make changes or deletions, while the payroll officer can only add the hours and expenses.

2. Extra Pay Runs: Extra pay runs were used because it allowed the employee to give the manager a copy of the regular payroll, but they did not give the manager a copy of the extra pay runs. In my opinion companies should not allow extra pay runs. In this day in age with scanners, email, texting and cell phones that can take pictures of payroll records and send them. There should be a clear policy that if employees don’t get their time sheets and expense claims in by the cut off date, then they will get paid on the next pay period. Everybody wants to get paid so they will learn very quickly if they don’t meet the deadline and must wait. Of course, you must follow Labor Laws.

3. Deletion of Balances and Records: Most outsourced payroll companies have a System Warnings page and a Deletion section that will show any deletions or changes made in the system. This needs to be reviewed every pay period, but don’t rely on your Outsourced Payroll Company to detect fraud for you. You still must do your due diligence with every payroll.

4. Audit Your Payroll: Whether you receive your payroll package by courier or have to go online and print it off, you must audit the totals. The Executive Summary makes it easy to do this. The Master File Changes will show new employees added or terminated from the system. This should be checked against time sheets and department records. It will also show any changes to hourly pay rates or salary, that should also be verified. Also, the report will show a breakdown of the total hours paid, regular time and over time. I recommend verifying each employees’ regular hours and overtime against the Payroll Registry, that show each employees hours, expense reimbursements Gross and Net Pay and Year-to-Date Totals for each pay period. The total regular hours paid should match the time sheet totals. The same with expense reimbursements, overtime hours and salaries. Finally, compare all your totals for increases in weekly hour totals and increases in expenses. If they don’t match time sheet totals, ask why. In this case when I interviewed the employee’s manger, they told me that it is highly unlikely the payroll officer would ever have had to pay personally for a company expense.


For most organizations the payroll represents their largest expense, that can be hundreds of thousands or millions of dollars a year. We are aware of employees submitting false time sheets and expense reports, but rarely think about the actual payroll officer committing fraud against the company. We believe in people and want to believe everyone is good and trust them. Don’t just rely on your payroll company to detect fraud for you, they provide the reports but it’s still up to you to have internal controls and checks and balances. Make sure the supervisors and department heads who submit timesheets and expense claims to the payroll department, check and verify them before submitting them to payroll. Give them additional training so they know what to look for. Better yet have a Certified Fraud Examiner come in and do a seminar on fraud prevention.



3 views0 comments

Recent Posts

See All


THE ART OF CONDUCTING EMPLOYEE REFERENCE CHECKS In risk management one of the four main categories of loss is Personnel Losses. Personnel losses include losing employees through death, disability, ret


ENTERPRISE RISK MANAGEMENT–EXPECT THE UNEXPECTED Whenever I hear the word “ENTERPRISE” It always reminds me of the U.S.S. Enterprise the space ship on the Startrek series we use to watch as kids on Sa


bottom of page