Contact Us

Join Thousands of Auditors, CPAs, Executives, Managers and Their Teams Who Have Achieved Greater Professional Success

The Challenges of Fraud Auditing in Payroll, P-Card, and Procurement Transactions

It’s not uncommon for issues to pop up when performing fraud auditing in payroll, P-card, and procurement transactions.

I’ve been a CPA, auditor, trainer, and consultant in fraud risk management and related internal controls for exactly 48 years this week. I’ve been privileged to handle, investigate, and fix dozens of payment fraud allegations, tips, and cases for both my employer and then later for clients. And I noticed a definite pattern that permitted fraudsters (or “thieves”—my preferred term) to do it and get away with it for weeks, months, and often years.

Simply, managers were not paying attention. They gave their approvals away without thought. They made it easy for those with bad intent to commit wrongdoing and get away with it.

When your goal is to mitigate the risk of fraud in your organization, you need to understand how such fraud cases occur—and get everyone on the same page. 

Examples of Payroll, P-Card, and Procurement Fraud

All it takes is one bad actor—either an employee or a third party—to cause financial damage to an organization. We’ve shared some cases of business fraud before, but it’s worth looking at specific examples of payroll, P-card, and procurement fraud. After all, exploring what thieves can get away with (and how) can go a long way when you’re auditing for fraud. 

Here are a few cases I’ve encountered…

Payroll Fraud Example

Jerry was an hourly accounting staff employee who worked remotely from his home three out of five days each week. Overtime was not unusual, especially during the busy month-end and quarterly close process. But Jerry’s time sheet showed 58 hours one week when it was normally between 40 and 45 hours for him. His supervisor had a passing thought that this number seemed high, but he quickly moved past that concern and approved the payment. After all, Jerry had been part of the team for over three years, was a hard worker, and had never given the supervisor cause for concern.

As a result, Jerry was able to steal over a dozen hours of overtime at time and a half!

P-Card Fraud Example

Claudia was the administrative assistant in the manufacturing plant in Los Angeles. Among her responsibilities were keeping an accurate log of maintenance activities on each piece of equipment; doing timesheet preparation for all maintenance employees; and buying approved tools, supplies, and whatever else is needed to maintain the equipment. She was able to source many of the requisitioned items online, but there was a well-known big-box home improvement store a half mile away from the plant. So, once each week Claudia would take an extra 30 minutes during her lunch break, stop by that store, and pick up tools and other items needed by the maintenance team.

On such an outing day, she got an idea. Not a good idea.

She bought an extra power drill using her company P-card and gave the drill to her brother who had a small home improvement business. On returning to the plant, she placed the receipt detailing the approved items and the extra drill on her supervisor’s desk. He initialed his approval and sent it along to the accounting team for month-end payment. No one noticed.

Next up was a suggestion from her brother that he really could use a $600 multi-item, battery-powered tool set. So, Claudia bought one of those, gave it to him, submitted the receipt to her boss who initialed his approval without even a glance at the details, and sent it along to accounting. Once again, no one noticed.

Claudia bought ten more $600 power tool sets—one each week for the next ten weeks—plus three dozen drills, a dozen other power tools, and even a 30-foot extension ladder. She never brought any of those items back to the plant. Her boss initialed each receipt and sent them all along to accounting to be paid. Over and over again.

Well, you already guessed—no one noticed. She purchased $36,000 worth of tools in three months.

And before you ask, the answer is no. Her brother did not ask for or need these other items. Claudia simply left the store each week, drove to the far corner of the store’s parking lot next to a very busy intersection, and held up a sign to passing traffic offering “New tools, 50% off, cash only.” And sold them all before returning to the plant. 

And no one noticed. 

Credit Card Reimbursement Fraud Example

Then there’s Sally. A 20-year marketing manager at the corporate office, Sally traveled frequently as part of her normal responsibilities, and her resulting credit card reimbursements were significant but very much in line with her work. One day, Sally decided to buy a few items to decorate her new townhome and charge them to the company. Then it was small side trips. She had a weekend away tacked on the end of a business trip. A year later, she was planning longer and more expensive trips to a second home on the beach. Then she purchased airfare and a Mediterranean cruise. 

All were charged to her company’s credit card. 

And, yes, one more time, no one noticed. At least not until some pesky internal auditor began asking for support for the larger transactions. Sally had been picked completely at random by the auditor for fraud auditing. A judgmental sampling decision that was due more to luck than sound audit approach stumbled onto the fraud. The three-year loss amounted to $325,000.  

Procurement Fraud Example

Then there was a landscaping company that shipped one three-foot-high office plant to a large hotel. The accompanying invoice stated, “One lot of fruit trees: $19,900.” Of course, the invoice was paid (or it certainly would not have made a good example for this article).

So, the landscaping company tried again with other large resort properties in the same hotel brand. All were paid, equaling a total loss of over $700,000. And no one noticed. In fact, 52 different people at two dozen locations initialed or signed the supporting documents. Fifty-two people did not notice. All were asleep at the switch.

Bonus: Manager Oversight Example

Just this morning at 5 AM, I was sitting at gate 27 in the Austin, Texas, airport before boarding my first flight of the day. It was a full flight and a full departure gate with only a few empty seats. As I sat and sipped my coffee, a man sat next to me, opened his travel backpack, and took out a stack of travel expense reports. I watched somewhat amused as he worked his way through the stack by signing the bottom right corner of each document without even glancing at the details or attached supporting receipts.

He saw me watching and said, “Boy, even in my high-tech business, the paperwork never ends.” He said that the only way he could even try to keep up was to trust that his people would never cheat. He said it saved him literally a dozen hours every month. “I know what you mean”, I replied. I told him I had an accounting background (not my audit background, you may have noticed).

I had two conflicting thoughts in my mind. 

The Lesson of Fraud Auditing in These Areas

So, what’s the common lesson for managers and their auditors from these and literally hundreds of other examples from my half-century career? Every transaction bore an approval signature or initials. They all had the appearance of control. But none had the required thought behind those approvals.

These were signatures without thought. They had the appearance of control without the reality of it—or, in short, mock controls. 

What a waste of valuable management time, paper, and ink! 

My observation is that many auditors spend a disproportionate amount of limited and very valuable hours running down red flags of fraud in payroll, P-card, and procurement transactions. It’s expected by leaders, and rather easy to actually do. Violations of policy are found, documented, and reported. 

But the real root cause of recurring problems in these day-to-day normal payments isn’t lack of policy or insufficient support in fraud auditing. It’s blind or misplaced trust and lack of attention by approving managers. 

Why are so many senior leaders avoiding fixing this problem by holding approving supervisors accountable for their signatures? Until that happens, what’s the point of burning up auditing resources on a recurring problem that leaders already know exists? 

My experience is that finding and proving payroll, P-card, and procurement fraud is pretty easy. It involves the following:

These all provide audit findings. But getting the behavioral weaknesses fixed is a whole other story indeed.

Takeaway

This has been my experience, and it has been very consistent for 48 years. Through many generations of technology and process changes, human failures remain disturbingly constant. It’s something you need to be aware of to improve fraud auditing in these areas—and reduce wrongdoing altogether. 

But what is your organization like? Have you built a red flag culture? Are your managers paying attention “on their watch”? Are your client’s managers? Or are they also blessed with having only trustworthy employees and suppliers, so there is no need to double-check details before placing their good names in the approval spot on payroll, P-card, and procurement transactions? If they honestly believe they do not need to check, all I can say is, “Good luck, pal. You are going to need it.”

Are you interested in learning more about auditing for fraud in payroll, P-card, and procurement transactions? Join us for our upcoming webinar: Auditing for Fraud: Procurement to Payment on Wednesday, June 26, 2024, at 11 AM (ET). The session lets you earn 2 CPE credits in auditing (fraud & forensic accounting). Click here for webinar details and registration.