You may have heard of something called a “Ghost Employee” and wondered what that referred to. If you are the Plan Sponsor of a 401(k) Plan, it is a potential problem that you should worry about for your company and the Plan.
A ghost employee is a type of fraud involving your payroll system. It may be:
- Someone with payroll access adds an “employee” to the payroll system that should not be there.
- It may be a fictitious employee (someone that never existed and never worked for your company) or a real person that does exist but does not currently work for your company/someone that is not entitled to compensation from your company.
- It could be someone that did work for your company but is no longer entitled to compensation, but they were never removed from the system.
- It could be someone that works as a contractor and should not be in the payroll system but should be paid as a contractor.
- It could be a totally fictitious person that never existed, they were made up by a fraudster.
Of course, the first situations could be the result of an accident or simple mistake as an entry that should either have been removed from the payroll system or never input into it were left there/added. The later situation is clear fraud.
You may ask why someone would add a fictitious entry.
It is simple. The payroll system will process regular entries based upon the data entered into it. Most payroll processes are very automated and there are few checks on the number of employees. Especially if the employee entry does not require regular time entries (required for hourly employees), the entry may be difficult to detect. Once entered, the fraudster can have the pay for the individual directed to their bank account. With direct deposit, again, this can be difficult to identify. If the entry or entries remain undetected for a period of time, they can result in significant fraud due to the frequency of payroll runs.
Who is most susceptible to this type of fraud?
Usually, it can be large organizations with many employees. It may be difficult to detect new entries – those reviewing payroll may not be aware of employees in all locations or may not be included in the new hire documentation process. In a remote working environment, identification of suspicious employees may be even more difficult. If you combine these scenarios with poor internal control related to the payroll process and limited individuals involved/no review of the payroll output, there is an environment ripe for fraud to go undetected.
The individuals that would commit this type of fraud, have to have access to the payroll system or work with someone who has access. So, you ask, how do I prevent this type of fraud?
Review the steps involved in payroll administration.
- Make sure there is a segregation of duties between entering new employees, and running the payroll system.
- Rotate these duties among different payroll personnel so fictitious employees have a better chance of being detected.
- One of the best controls is to have a different person (usually a supervisor or manager) review the payroll register periodically.
- Have the system print a report of newly added employees and those removed to ensure the entries are legitimate.
- Review reports of changes to direct deposit details or the addresses used to mail hardcopy checks. Ensure these entries were requested by the actual employee.
Ensuring the above controls are added to your payroll process can help avoid a long-running fraud that can add up to large dollar amounts for your organization.
At Summit CPA we specialize in retirement plan audits. If you would like to discuss our audit process in more detail or need an audit contact our office at (866) 497-9761 to schedule an appointment. We can help you navigate the world of the 401(k) audit as proficiently as possible. We also offer off-site assistance and flat-fee pricing so there are no surprises when the job is complete.