Payroll fraud, and its evil cousin, debtor fraud, is a drain on the economy. Like a slow poison primarily affecting small and mid-sized businesses, payroll fraud is the overhead you didn't know you had. It costs the economy, I'm told, more than cash in transit heists annually. And it's our own fault.
I recently sat in on a roundtable discussing payroll fraud, hosted by Sage VIP Payroll, with its internal criminologist and fraud specialist Yolande Scho"ultz talking through the most common issues. And some of it is so face-smackingly stupid it's astonishing anyone gets away with it.
The basics of the frauds are simple enough. A payroll clerk quietly adjusts salaries for personal gain. Sometimes acting alone, perhaps keeping a terminated employee on the books with a new bank account number. Sometimes with an accomplice, adjusting overtime for a kickback, or selling inflated payslips to help a friend qualify for a loan. There are lots of variations, but they generally boil down to the same thing - a drain on the bottom line, through the payroll or debtors book.
It starts small. People have amazing capacities for self-justification, after all. The company didn't pay bonuses, so the clerk helps himself to a couple of days leave to make up for it. It's OK, he rationalises, because the work will still get done. But the big barrier is the first time. After that, the slippery slope takes over, and one crime leads to another until the employer is potentially millions of rands in the hole.
As an economy, we get two things wrong. There are a handful of basic steps we can take to prevent and identify fraud, but we don't. And when we do identify it, usually by mistake, we sweep it under the rug to avoid embarrassment.
Do the basics
In large companies, fraud is either the scope of serious criminals, or pocket-change stuff that auditors can't be bothered with, and that's largely because there are stricter processes in place. But small- and medium-sized companies tend to lack the processes and tools, and often the manpower.
In theory, you should separate the duties of data capturer from the payroll clerk, and keep them all away from the signoff process.
In practice, many companies have one chap doing everything, but even then, the business owner should be stepping in to check and reconcile the payslips. Sure, it's laborious and you have other priorities at month-end, but that's part of running your own company. Suck it up and check those books, especially if you're in the danger zone of about 50-100 staff - that's where business owners are generally starting to lose control of the processes and most at risk of fraud.
Watch for trouble
The kinds of fraud you'll see are usually pretty amateur, and the perpetrators will make mistakes which should be relatively easy to spot. Doing payroll from home? Big no-no. Working at odd hours? Refusing to let a colleague perform a function, even when you're on leave or sick? Red flags. If you spot them, take a look.
And because amateurs make amateurish mistakes, you can often just double check the transactions that are happening at those odd hours - that's often where the malfeasance is hiding.
There are a handful of basic steps we can take to prevent and identify fraud, but we don't. And when we do identify it, usually by mistake, we sweep it under the rug to avoid embarrassment.
It's a good thing these amateurs are so incompetent, because they apparently have a lot to learn about the many, many money laundering opportunities afforded by the Internet.
Trial and error
But that's the problem. When we do detect fraud, the common response is to quietly request the fraudster to resign. Unless the loss is in the millions, it's generally considered not worth the effort to endure years of expensive legal process and audit, only to convict someone you can more easily get rid of, and without going public about it.
So they aren't fired, much less prosecuted. It's embarrassing for a company to admit that it was so incompetent that someone could loots its coffers in plain sight for years (the average time to detect fraud is 18 months, I'm told), so we sweep it under the carpet and move on.
So, to spare corporate blushes, the fraudster is quietly ejected, whereupon they sign up at another firm and start from scratch. Only this time they're armed with the knowledge of how they got caught, and can improve their techniques.
And here's the rub: the replacement you hire? They may very well have the same background. You don't know, because their victim didn't prosecute either and they have no criminal record. Fortunately, most victims of fraud do improve their processes after the fact, but that's just engaging in an arms race. Welcome to Whack-a-Mole: Payroll Edition.
Fraud school is open
As a collective economy, we are effectively training these people. Helping them perfect their crimes without punishment. By law, companies are required to report frauds over R100 000 - you aren't just training criminals by not reporting it, you're participating in the crime.
Similar narratives play out in the broader security world, of course. A staffer who hacks a system may be fired, but is highly unlikely to be prosecuted. And because you presented them with the proof of their crime during disciplinary procedures, they have the opportunity to study their mistakes and improve.
I'm sure some do reform and turn away from the life of crime. But many had personal reasons to do it in the first place: tight finances, a sick family member, a run of bad luck. Those don't justify the crime, but they also won't go away, so recidivism is more common than we like to admit.
Here's your chance to break the cycle. Fix your processes, keep a closer eye on your finances, and prosecute offenders. We'll all benefit.
Share