Payroll Fraud

Business Situation

The Association of Fraud Examiners defines payroll fraud as “any scheme in which an employee causes an employer to issue a payment by making false claims for compensation.” This means that every organization that pays employees can be a victim of fraud. Payroll fraud is a phenomenon that appears under many different forms. While this case concerns itself mainly with fraudulent overtime claims, there are many other ways that employees find to claim more pay than they deserve. This usually occurs in systems without true identity management, where it is possible for the dishonesty to be hidden behind a password access. Since passwords can be easily shared, guessed, or stolen, it is difficult to assign blame for fraud perpetrated via passwords. Several other key areas to be aware of in payroll fraud include “buddy-punching”, ghost workers, double transactions and more.

  • Growing student body
  • Budgetary restraints due to declining funding allocations
  • Declining capital spending putting more pressure on infrastructure
  • Salaries fixed by Collective Bargaining
  • Agreement – non-exempt overtime pay contributing to budget shortfall

Key Challenges

  • Non-exempt administrative workers overtime approval process flawed
  • This user has experienced instances of extensive fraud in the approval of overtime pay
  • SAP process for approval of overtime pay typically delegated to administrative assistants, creating a fraud opportunity
  • SAP passwords were the only security mechanism prior to bioLock

Implementation Highlights

  • Associate individual biometric user profiles with specific SAP tasks in HR/Payroll, defining any delegated tasks
  • Enforce biometric re-authentication for every sensitive task
  • Tamper-proof logging and audit trail for each protected transaction

Major Objectives

Overcome the limitations of password sharing in SAP payroll that were allowing junior administrators to impersonate supervisors and benefit from unearned overtime pay:

  • Provide indisputable identity management with biometrics
  • Control extended authorizations where a user executed transactions under a supervisor’s profile
  • Identify transactions executed under delegated authority
  • Create an indelible audit trail of activity
  • Ensure true segregation of duties (SoD) in the approval of overtime pay

Key Business Outcomes

  • Payroll overtime fraud has been eliminated
  • Payroll budget control has been regained using biometrics
  • Employees responsible for fraud were held accountable

Related Case Studies