Protection Against Payroll Fraud
What is payroll fraud?
Payroll fraud is when someone embezzles funds from a business utilizing the organization’s payroll system. There are several methods wherein people can steal funds they are not entitled to, including falsified timesheets, issuing unauthorized bonuses and paying fictitious or terminated employees. Common indicators of payroll fraud include:
- Receiving a “preview” email for a payroll that you did not submit
- Indication that a payroll has unexpectedly been transmitted or delivered to you
- Employees reporting unexpected or excessive funds in their bank accounts and/or payroll transactions labeled “extra deposit”
- Changes on your payroll that you did not perform, such as a change in status of an employee.
Tips to help avoid payroll fraud:
- Reconcile the number of pays per cycle to the number of active employees you have. (If the number of pays is greater than the number of employees, then investigate)
- Regularly inspect your personnel report for every payroll and payroll preview activity. Look for the following:
- New hires
- Bank account changes
- Pay rate changes
- Address changes, especially to an area where you do not have many other employees
- Regularly run a report to identify employees who split direct deposit pays into multiple accounts and investigate changes to this list to ensure they are valid
- Generate a regular access control report for all client administrator and practitioner roles. Review it for accuracy and appropriateness, and make sure their contact information is valid and up-to-date
- Carefully manage ADP self-service registration:
- Restrict your company registration code to those that need to know it, and establish a process for its secure distribution
- Use back-end validation for self-service registration
- Contact ADP about a higher-level security method of using personal registration codes, and other secure registration options that may be available
Payroll Management Best Practices
- Confirm that your computers have regularly updated anti-virus and anti-malware software installed behind a reputable firewall
- Physically secure the computer used for processing and approving payroll activities and dispose of confidential hard copy and electronic media appropriately
- Always change passwords to payroll-related systems whenever there is a change in payroll administration personnel
- Split your payroll management tasks so that one individual is responsible for preparing the payroll and another is responsible for submitting it and verifying the output
- Consider performing payroll and banking tasks on a separate, dedicated system used only for those purposes
- If for any reason you suspect a security breach, do not use the system and immediately seek help from your IT security or technology group
- Provide ADP with up-to-date contact information for your payroll administrator to ensure that we can make immediate contact if we detect suspicious activity