The importance of restricting system controls

This case study was originally published 9 September 2020.

Controlling access to your accounting systems and software is a crucial step in mitigating the risk of fraud occurring. The importance of restricting system controls was highlighted during a recent fraud matter BDO investigated.

Our client had identified irregularities in their payroll system and subsequently engaged us to undertake a forensic investigation. The investigation focused on a six year period and identified multiple unauthorised payroll transactions in excess of $500,000.

How the fraud was perpetrated

The perpetrator, who in this case was the Payroll Officer, a role primarily responsible for the preparation and processing of the fortnightly payroll. The perpetrator did not have authority to create new employees in the payroll system, increase pay rates or approve the fortnightly payroll. These functions were the responsibly of other team members and had been implemented in order to ensure segregation of duties existed within the payroll function.

However, the perpetrator did have authority to change bank account details and took advantage of this ‘control gap’ over a number of years. Upon an employee leaving the organisation the perpetrator would simply change the bank account details of the former employee and continue paying them.

As the fortnightly payroll was very large - there were over 1,500 employees with a mixture of permanent and casual employees - the fraudulent transactions remained undiscovered for six years.

How BDO’s Forensic team helped

BDO prepared a detailed report and brief of evidence which was used for criminal and civil purposes. BDO also worked collectively with the client in designing and implementing controls to help reduce the risk of fraud reoccurring. Specifically, system access controls were reviewed and automated audit logs created in order to identify and report on any changes to employee details.

Additional cross checks and reconciliations were also implemented in order to ensure the ongoing monitoring of the payroll.

Lessons Learned

A key reminder from this investigation is that organisations need to regularly review their systems and controls to ensure they remain effective. While on the surface organisations may believe they have adequate segregation of duties, if ‘control gaps’ exist, there will always be an increased risk of fraud occurring.

For more information on how to prevent fraud in your business, contact a Forensic Services adviser today.