One of the common fraud we have encountered / read on the news relates to payroll fraud, where fictitious employees were been created by individual to earn additional salaries on the fictitious employees been recorded.
One of the famous cases occurred in Singapore Airlines, whereby fictitious employees' hours were clocked in by payroll officer. Payroll officer pocketed the money successfully by entering the bank account details into the system to earn the extra hours clocked.
To minimize the risk of fraud arising from fictitious employees been created. There should be proper segregation of duties between:
a) personnel who have the access right to payroll system to create and employee
b) personnel who have the access right to enter bank acccount details of individual employee into the system
c) a reviewer ( who should not been entitled the right to edit, but been entitled the right to view) to ensure that the bank account details is input correctly
d) a reviewer who review the monthly payroll costs ( by department, by employee name); this reviewr should do a random testing to tally the summary of payroll cost details to timesheet submitted / revised letter of incremenet
The segregation of duties mitigate the risk that a fictitious employee can be created by individual.