Fraud Auditing, Detection, and Prevention Blog

The Fraud Plan: Misappropriation in Payroll

Jul 2, 2018 10:48:00 AM / by Leonard W. Vona

How you determine which concepts to evaluate to “consider fraud” and how to integrate fraud into your audit program is a challenge that is easily solved if you approach it with the scope and objectives of your audit clearly defined.

The audit plan is the critical starting point for every audit and the fraud audit plan is the critical document for integrating fraud into the audit program. Using the audit standards as a starting point, we should gather information to identify the risk of fraud consistent with the scope and objectives of our audit. The fraud audit process indicates we should make inquiries of management, consider analytics, consider the risk factors (fraud triangle) and consider other information.

The Fraud Plan Starting Point

For every audit the starting point is the use of the fraud risk universe to define the scope of the audit. Is the auditor searching for fraud in the financial statements, asset misappropriation schemes or corruption in core business systems? The second element is to understand the inherent fraud schemes that can occur in core business systems. For purposes of this blog, we will scope the audit for asset misappropriation and will assume our audit is focusing on fraud schemes that can occur in payroll cycle.

View a Comprehensive List of Fraud Risk Statements

Inherent Fraud Schemes in Payroll

In Payroll, the key inherent fraud schemes in are:

  • ghost employees
  • false adjustment schemes
  • overtime fraud
  • disguised compensation
  • theft of payroll payments
  • inflated payroll schemes


For purposes of this blog we will focus on ghost employees. The risk statement methodology will define the different ghost employee schemes.  

A brainstorming session is the starting point for creating your fraud risk statement. Discussions should focus on the logical permutations of a ghost employee, then explore how the those schemes could occur within your company, what are the natural internal control vulnerabilities that might allow the scheme to occur and what are the audit sampling and test procedures to respond to the fraud risk statement.

To illustrate these concepts, we will assume we are auditing a retail location and we will illustrate the concepts using the following fraud risk statement that can occur in the payroll cycle.

An Example: A Fraud Risk Statement in the Payroll Cycle

As per the structure of a fraud risk statement, for our retail location example our fraud risk statement will be as follows:

A department manager causes a real non-complicit employee that quits employment not to be removed from the payroll for a temporary period of time and that department manager submits time and attendance records for the terminated employee and either changes the bank account for direct deposit or diverts the paper check causing the diversion of funds.

Internal Control Factors & Natural Control Vulnerabilities

Any brainstorming session should focus on what internal control factors would be conducive for this fraud scheme to occur or what are the natural control vulnerabilities that exist in your business process. A few considerations or questions are:

  • Does the manager effectively hire the employee?
  • Does the manager submit hire and termination notices directly to payroll or human resources?
  • Does the employee ever report to human resources for the hire or termination process?
  • Do employees receive paper checks?
  • Are time records electronic or a paper record?
  • Have any employees reported discrepancies in their annual wage statement?
  • Remember to inquire and understand the principles of direct access and indirect access.


The data analytics should link to the fraud risk statement and the vital statistics that allow you to determine the likelihood of the fraud scheme and the potential loss impact due to asset misappropriation scheme.

  • What are the hourly employee turnover statistics?
  • How many employees receive a paper check versus direct deposit?
  • What are the gross wages for terminated employees by paper check or direct deposit
  • How many employees had a change to direct deposit information?


Assessing the Fraud Triangle for Asset Misappropriation

The fraud risk factors are those conditions identified in assessing the fraud triangle for asset misappropriation: the opportunity; rationalization and pressures.


The opportunity focuses on the fraud prevention and detection controls and the natural vulnerabilities that exist in every business system. 

  • Does a manager have the ability based on the business system to commit the scheme?
  • What fraud prevention or fraud detection controls exist to mitigate the fraud risk statement?
  • How is payroll notified of terminations?
  • Is the notification dependent on the manager?


There may be some type of personal pressure that motivates fraud. 

  • Is the manager compensation impacted by profitability of the location?


Mentally justifying the act of fraud is an important part of the fraud triangle.

  • Has the managers compensation been impacted by changes in how bonuses are calculated;
  • Changes in corporate policy, or
  • Issues beyond the control of the manager?

Inquiries of Management

Inquires of management should focus on senior management, human resources, payroll and department managers. The questions for senior management and department managers should be focused based the risk factors and then the schemes, whereas the questions for human resources and payroll should focus on the feasibility of the scheme occurring based on their knowledge of the fraud prevention and detection controls and then the fraud risk factors.

As a result of the management inquires, fraud risk factors and data analytics associated with the fraud scheme, the conclusion of the planning stage is to determine whether there is an inherent likelihood that the scheme could occur in your company. It is that simple. There are no absolutes regarding your conclusion; that is the purpose of the audit steps. This first step is all about your fraud audit judgment.

Fraud Audit Sampling

Once you've identified your audit plan, you can move into analytics and data sampling. The audit sampling procedures are simple. In this payroll fraud example, you would select all employees that have terminated in the audit period. From that create two samples, one for direct deposit and one for paper check or debit card. For direct deposit, was there a change in the bank account? If not, then the scheme did not occur as described in the fraud risk statement. For paper checks, there are no further data analytic procedures.

For the audit program, what red flags exist to suggest the fraud scheme may have occurred? For direct deposits, we match the new bank account to the department manager’s bank account or the same bank. For paper checks, we would compare the first check to the last check searching for changes. Is there a change in handwriting; check was negotiated at a check cashing company or check was cashed versus deposited in a bank account. If the red flags are observed, then we would contact the employee and make inquiries as to their departure date.

Creating the fraud audit program is a process driven by the fraud schemes associated with the business cycle. It is a process of gathering information, assessing the information, formulating audit judgement and building your audit program for those schemes that have a high inherent risk of occurring in your business system.

Creating a Fraud Risk Statement

The next stage is creating the fraud risk statement, where the audit team identifies the internal controls; links the controls to the fraud risk and assesses the likelihood and impact in a formalized manner. Creating a fraud risk assessment is an important step in the process.  Leonard W. Vona is the authority on fraud risk. Contact him for consulting on your projects. Thereafter, Leonard W. Vona is also available for training on preparing fraud risk statements.

Topics: Fraud Risk Statements, Fraud Auditing, Fraud Detection, Fraud Plan, Payroll Fraud

Leonard W. Vona

Written by Leonard W. Vona

Leonard W. Vona has more than 40 years of diversified fraud auditing and forensic accounting experience. His firm, Fraud Auditing, Inc., advises clients in areas of fraud risk assessment, fraud data analytics, fraud auditing, fraud prevention and litigation support.