How Reducing Key Payroll Controls Can Result in a

Transcript How Reducing Key Payroll Controls Can Result in a

Payroll Fraud & Continuous Monitoring Activities VLGAA – May 21, 2009

Darlene FitzPatrick, CIA, CFE, CCSA, Audit Director, Bon Secours Health System, Inc.

Bon Secours Health System, Inc.

Background of Local System

• • • • • • • Acute Care Hospital Approximately 1,700 people Combination of union and non-union Hospital was losing money Discussions for selling and/or closing Consultants brought in to manage hospital Minimal internal management oversight BSHSI © 2009 3

Background – Payroll Department

• Security person transferred to Payroll Clerk • Conflict between Payroll Manager and Clerk • One full time, two part-time • Part-time only responsible for time entry • Processing access locked down to Manager BSHSI © 2009 4

Finance Structure

CFO - Consultant Oversight Controller - Consultant Oversight BSHSI © 2009 Accounting Manager Consultant Payroll Manager Bank Reconciliations Reconciling P/R to GL • • • • Payroll Processing Demand Checks Quarterly Reporting Prep and Submission W2 and W4 updates 5

Discovery

• • • • Whistleblower brought example to Controller Controller shared with CFO CFO shared with Internal Audit Internal Audit put together a team and was on-site within the week • Work was conducted under privilege with our internal Legal Department BSHSI © 2009 6

How Was It Perpetrated?

Manipulation Process

 Demand checks with gross pay of $0.01

 Federal and State taxes were entered as a negative amount, resulting in net pay higher than gross  Other deductions were used in the same manner as the bullet above  Shift differential substantially greater than the hours worked BSHSI © 2009 8

Manipulation Process Cont.

 Payments to terminated and leave of absence employees  Paid regular hours in lieu of PTO hours  Individuals had no taxes withheld in 2005, but W-2 was modified to appear as though taxes were paid  Individual’s 2006 master file information was adjusted to appear that taxes were withheld BSHSI © 2009 9

Manipulation Process Cont.

 Checks were voided on the payroll system but not on the positive pay file held by the bank  Standard practice included reimbursement for taxes when overtime was combined on a regular bi-weekly payroll check  Transactions hidden by using word pad to change reports given to Finance BSHSI © 2009 10

Effect of Negative Tax Transactions

Employee A Employee B Employee C Employee D (Fraudulent Pymt) Total Example – Effect of Fraud on Withholding Submissions Gross Pay Net Pay Fed W/H State W/H $ 2,500.00 $ 1,550.00 $ 750.00 $ 200.00 $ 4,000.00 $ 2,250.00 $ 1,250.00 $ 500.00 $ 1,750.00 $ 1,425.00 $ 250.00 $ 75.00 $ 0.01 $ 1,000.01 $ (1,000.00) $ - $ 8,250.01 $ 6,225.01 $ 1,250.00 $ 775.00

Recap of Losses

Misappropriated dollars – BSHSI’s losses due to irregularities were $461,172.91. The table summarizes by year and category the irregularity involved:

Losses due to: Negative Federal Taxes Negative State Taxes Corrections to Direct Deposits Other* TOTAL 2005 $953.35

$165.78

$36,795.04

$18,758.56

$56,672.73

2006 $326,729.22

$29,685.43

$15,799.36

$32,286.17

$404,500.18

Total $327,682.57

$29,851.21

$52,594.40

$51,044.73

$461,172.91

Tax Implications

Due to the methodology used to misappropriate funds, BSHSI incurred a sizable tax impact. The table summarizes by year and agency the tax impact: Tax Impact Federal Taxes State Taxes Total 2005 $2,455 $368 $2,823 2006 $273,459 $39,393 $312,852 Total $275,914 $39,761 $315,675

Results of Investigation

BSHSI © 2009 • • 9 Individuals terminated Prosecution performed by State Attorney General • Results thus far: – 4 have plea bargained and ordered to pay restitution – Primary Instigator is pending grand jury indictment – Remainder are in negotiations 14

CAATS

CAATs Used

• • • • • • • Count of Checks issued $.01 Checks Negative deductions Exemptions greater than 9 Termination date less than check date Excessive overtime hours Shift differential greater than hours worked BSHSI © 2009 16

Internal Control Breakdowns

Minimal Oversight

Lack of Segregation of Duties

• Manual calculation and entry of overtime • Access to initiate payroll transactions within the payroll system and the bank • Recording payroll transactions in the payroll system • Custodial access to employer and employee bank accounts, funds, and related employee pay rate and tax records BSHSI © 2009 19

Reconciliations

• • • Federal and/or state quarterly reporting Actual summation of the appropriate pay periods Payroll bank accounts, payroll system, and the general ledger were being performed at a very high level • The lack of adequate reconciliations was previously noted BSHSI © 2009 20

Lack of Policies and Procedures

 Relevant documentation not consistently maintained  Payroll performing HR tasks  HR developed a practice that allowed overtime to be paid in a separate payment (Demand check)  Ad hoc practice allowed employees to request payroll refunds of the tax withholding variances BSHSI © 2009 21

Future Audit Considerations

Documentation:

• Where is it located?

• How current are such items as W4s, benefit elections, and pay increases?

Policies and procedures:

• Are they in place?

• Are they being circumvented?

• Are there ad-hoc procedures?

Future Audit Considerations

Overtime:

• How is it approved?

• Is it paid separately?

• Are responsibility reports being reviewed as a verification?

Future Audit Considerations

Demand checks:

• • • • Are there a large number of them?

Are “Penny” checks being issued?

Who approves demand checks?

Under what circumstances are they being issued?

Future Audit Considerations

Security:

• • Who has the ability to do what?

How are checks numbered?

Reconciliations:

• Is the bank account being reconciled to the payroll information?

• Are the payrolls/deductions being reconciled to the GL?

• Are responsibility reports verified to payroll?

Future Audit Considerations

Tax Reporting:

• Are the proper forms being filed on a quarterly basis? Electronically?

• Are the forms being reconciled to payroll system details?

• Who approves the forms before filing and how are the forms verified as to accuracy?

Future Audit Considerations

System Integrity:

• Do the W4s, benefit elections, and pay increases match what is in the hard-copy file?

• • Is a separate check writing system used?

Who has access to the check, positive pay and direct deposit files?

• Are accruals (vacation, sick time, etc) being adjusted accurately?

• How are voids handled?

Future Audit Considerations

CAATS:

• List of negative deductions (federal, state taxes; corrections to direct deposits; etc.) • Shift differential or other types of incentives being paid for more hours than worked • Hours worked not matching hours paid • Net pay greater than gross pay • Individuals with no benefits BSHSI © 2009 28

Future Audit Considerations

CAATS (continued):

• • • • • • Voids (checks and direct deposits) on system Multiple checks in a pay period People terminated in benefits but not in payroll People on leave getting checks Checks to same address Duplicate SSNs BSHSI © 2009 29

Total Cost of Fraud

• Amount Misappropriated - $461,173 • Investigation Costs (includes salaries, travel, external attorneys, administration) - $310,868 •

TOTAL COST – $772,041

Questions

CONTACT INFORMATION

Darlene FitzPatrick , CFE, CIA, CCSA Bon Secours Health System, Inc.

8555 Magellan Parkway Richmond, VA 23227 [email protected]