Payroll is the payment of wages, salaries and allowances and any other monies to which public officials are entitled. The large sums of money involved in the payroll function make it a significant target for theft and fraud.

Corruption risks in the payroll function mainly relate to the integrity of the information on which the payroll is based, particularly if the payroll function is performed by a third-party under contract (a common occurrence in smaller agencies). The security of the manual and electronic processes for transferring money, and the security of the information contained on the payroll system, are also vulnerable aspects of the payroll process.

False timesheets and salary-related anomalies

The ICAC regularly receives allegations concerning inaccurate recordings of time, preferential treatment associated with rostering and overtime, and other salary-related issues. Some recent examples are provided below.

  • A local health district investigated an allegation that a visiting medical officer (VMO) had submitted timesheets for periods of work in which they were not scheduled to work at the public hospital. The VMO was formally counselled and placed under a monitoring program.
  • A council audit identified a group of employees with inconsistencies in the hours recorded for the same job. All adjusted their timesheets when confronted with these inconsistencies. Following an investigation, and taking into account previous conduct, the employment of one was terminated and another disciplined.
  • An emergency service identified anomalies in the allocation of overtime shifts. While no findings of misconduct were made, a number of systemic issues were identified. These included a lack of clarity in relation to accountability, reduced governance around the allocation of overtime during the relevant period, a new electronic system operating in isolation of a manual system, and inadequate transitional arrangements. A number of process and system changes were implemented.
  • During a review, a university identified a number of financial and related transactions within a particular faculty that were potentially inappropriate. An investigation identified a breach of policy resulting in a formal censure and counselling of a senior academic. Another individual was required to repay salary-related payments made in error. A number of governance and administrative changes were implemented, together with the delivery of a comprehensive training program.
Source: Complaints to the ICAC.

Common corruption risks around payroll include:
  • a public official claiming payments to which they are not entitled (for example, claiming hours not worked on their timesheet, claiming allowances to which they are not entitled and claiming expenses they did not incur)
  • a staff member creating “phantom” public officials in the payroll system for the purpose of obtaining their salaries or allowances
  • a payroll employee stealing money directly from the payroll
  • a payroll employee improperly disclosing personal or banking details to a third-party.
Timesheet fraud leads to criminal conviction

In 2014, the Queensland Crime and Corruption Commission finalised a two-year investigation into a fraud involving the dishonest claim of overtime by a former Queensland Health employee. The officer had been temporarily appointed to help manage the increased workload following the introduction of the new payroll system. Over a two-year period, she dishonestly claimed nearly $40,000 in overtime.

The investigation also identified significant systemic risks with respect to the adequacy of internal control mechanisms. Additional allegations concerned the failure of line managers and directors to adequately supervise staff and appropriately manage payroll approval processes. The former employee was sentenced to two years’ imprisonment, to be suspended after three months.

Source: Case study on Queensland Crime and Corruption Commission website.

Despite automated payrolls being a target for corruption, they can also be a useful detection tool and therefore have both strengths and weaknesses from a corruption prevention perspective. Automated payroll systems generate an auditable record of transactions, so they can be used to identify unusual or irregular payments – anomalies – that could indicate corrupt activity is occurring. If staff know these records are reviewed regularly, this may be a deterrent to potential perpetrators. Automated systems are also barriers to corrupt conduct if they incorporate controls that reflect the agency's delegation levels, such as permitting only managers with authority to approve leave, overtime and other payroll exceptions. On the other hand, electronic information can be easily disseminated, and sometimes easily manipulated, so automatic systems also need security measures to manage the risks inherent in other electronic information systems.

Developing a strategy

The payment of employee wages, salaries and allowances is a high-risk activity given it is a significant way public money is transferred into private hands. For this reason, payroll should be included in internal audit and corruption risk management programs. Having competent managers and staff in payroll is particularly important, as is ensuring supervision, checking arrangements and segregation of duties are in place.

Payroll systems should have the capacity to:

  • automatically integrate employee exits so that payments to departing employees will cease on their departure
  • run fortnightly expenditure reports
  • recognise and notify line management of anomalies and overpayments
  • recover over-payments by deducting the excess amount from a subsequent payment.

Electronic records of all payroll transactions are particularly important to detect anomalies, suspicious transactions and systemic problems. All access to payroll systems and any adjustment actions taken should be recorded and authorised. It is also important to record all overtime approvals, staff rosters, travel, and expenses (and maintain supporting information).

Following a risk assessment of a payroll system, consider the following measures:

  • establish access controls for the payroll system such as passwords, routine verification procedures and authorisation levels
  • make staff aware that they can only authorise changes to pay transactions if official procedures are followed
  • segregate payroll functions so that no one person has complete control over any aspect of the process (that is, avoid end-to-end control)
  • permit overtime and leave payments only if they have been approved in advance by the relevant manager
  • verify and reconcile employee entitlements, such as sick leave
  • impose financial limits on overtime, allowances and payroll processing so that additional authority is required before these limits can be exceeded
  • routinely review and test data processing controls (this could be done as part of an audit program).

As with any other outsourcing decision the risks to an agency of having an outsourced payroll function should be assessed before the function is outsourced. Outsourcing can be a useful prevention mechanism in situations where it is important to reinforce the separation of payroll functions from the rest of the agency. This option may provide benefits, for example, if it is difficult to shield payroll staff from pressure by operational or line staff. However, outsourcing a function such as payroll can create additional challenges, such as the need to maintain the security of information transferred to the outsourced provider. The ICAC has produced a tip sheet dealing with outsourcing.

Additional advice on managing corruption risks around payroll functions is available from the NSW Audit Office’s Fraud Control Improvement Kit: Managing your fraud control obligations (2015) and Standards Australia’s AS 8001-2008 Fraud and corruption control.

Risks around payroll are also related to risks around ICT systems. Visit the ICT systems corruption prevention advice page for more information.

Reviewed December 2018