Auditor Yost Releases ‘Best Practices’ to Curb Government Payroll Fraud

Thursday, November 2, 2017

Columbus – Payroll fraud is a perennial problem for local governments, putting tens of thousands of taxpayer dollars at risk, which is why Auditor of State Dave Yost today issued a “Best Practices” newsletter to help local officials reduce this threat.

“The primary responsibility of local governments is to serve local taxpayers, who trust that the resources they provide will be used appropriately and effectively,” said Auditor Yost. “Those precious resources must be protected.”

When an employee games a local government’s payroll system to steal from taxpayers, he or she is the one who pays the price when caught. But negligent elected officials and administrators sometimes share the blame. They are responsible for creating the internal financial controls which are needed to deter payroll fraud and bring it to light quickly when it occurs.

By failing to set these controls in place – or worse, putting them in place then failing to enforce them – they leave the door open to fraud.

These kinds of errors took their toll in Grove City between 2004 and 2011, when payroll specialist Jacqueline Kincaid stole $67,799 by manipulating the city’s payroll system, thanks to a lack of internal financial controls and lax oversight from city officials.

Kincaid, who ultimately was sentenced to two years in prison for the theft, was able to write unauthorized checks to herself because city officials had left her in charge of the payroll system from beginning to end.

Grove City left itself open to harm by ignoring the most fundamental internal financial controls needed to deter and detect theft.

“People have stolen throughout history, and when someone is determined to steal, there’s little you can do to fully prevent it,” Auditor Yost said. “What’s critical for local governments is that there are systems in place to make the theft difficult to accomplish and easy to recognize.”

The Auditor of State’s office has found payroll tampering schemes throughout the state:

  • In 2013, auditors found that the chief financial officer in the Columbiana County Engineer’s office padded the pay for her husband, a part-time county employee, by more than $5,200.
  • This year, former Franklin County Board of Elections Director William A. Anthony Jr. pleaded guilty to a felony count for signing fraudulent timesheets for an employee who was paid $7,500 for hours she did not work.
  • In 2008, a former payroll clerk for the Village of Lockland in Hamilton County pleaded guilty to overpaying herself $128,000 over several years.
  • A former fiscal officer for the Village of Trimble in Athens County received a four-year prison sentence in 2011 after pleading guilty to writing unauthorized checks to herself totaling more than $61,000.

Without robust internal controls, payroll systems can be gamed in several ways by unscrupulous employees. A fraudster can inflate work hours or pay rates. He or she also can create a fictitious employee and steal the pay for that bogus worker. Or, as in Grove City and the Village of Lockland, the fraudster can simply write unauthorized checks.

Internal controls to prevent such schemes take several forms and reinforce each other.

At the most basic level, fraud prevention is about the integrity of payroll information, how accurate it is, who has access to it and what they can do with it. Fiscal integrity starts with basics such as knowing who is on the payroll, when they were hired, their pay rate, the hours that they work, authorized payroll deductions, vacation and sick leave entitlements, and their separation date.

The ability to access this information – and alter it – is key to perpetrating fraud. One form of payroll fraud is to create a fictitious employee and then collect the pay for that nonexistent worker.  Another is to alter the record of an employee’s hours or pay rate in order to overpay the employee.

A sound payroll system must restrict access to such information and include regular review and verification of the actions of those authorized to makes changes in this data.

For example, the payroll roster created by those authorized to add new employees should be checked periodically against personnel records to ensure that those on the roster actually are employed by the government entity. This is a way to detect ghost employees and to ensure that employees who have left have been removed from the payroll system.

But this check assumes that personnel records themselves are complete and accurate. This was a problem in Grove City, where auditors discovered that the city’s human resources department did not maintain independent records of employee dates of service and termination, but instead relied on records kept by the payroll system.

Because of this, the human resources department was unable to verify the employment of nearly a third of the 715 people listed in the city’s payroll system. Examiners also found 33 people no longer employed by the city but still on the city’s payroll roster, though fortunately, none were receiving pay.

Another key protection is to limit the number of people empowered to alter payroll information. Each action should be subject to review and sign-off by someone else.

Segregating duties also helps to curb fraud. Dividing a payroll process into several steps and assigning a different person to each of those steps makes it more difficult for any one person to steal and then cover it up. For example, the person responsible for adding new employees to the payroll or changing pay rates should be different from the person who processes payroll. For the same reason, someone else should be responsible for reconciling payroll accounts.

Segregating duties ensures that it would require the collusion of two or more persons to commit fraud, making such schemes harder to initiate. With multiple eyes on these transactions, anomalies are more likely to be recognized and questioned.

Allowing one person to acquire multiple related payroll duties because he or she is the “expert” and because it takes the burden off everyone else opens the door to fraud.

Even the best system of checks and balances will fail if elected leaders and administrators don’t require adherence to the policy. Failing to insist on authorization procedures, periodic reviews and cross-checking renders internal controls useless.

This responsibility is particularly important in smaller governments, such as townships and villages, where one person – a clerk or fiscal officer – has primary responsibility for the payroll and other financial functions.

In such circumstances, township trustees and village council members must regularly check the fiscal officer’s work or appoint someone to do so. This would include comparing personnel records with the employees on the payroll roster, double-checking pay rates and vacation entitlements, and making sure that internally generated payroll reports match statements from the government entity’s bank account.

There are no shortcuts in payroll security, because taking a shortcut with internal controls also creates a shortcut to fraud.

This “Best Practices” newsletter is available here.


The Auditor of State’s office, one of five independently elected statewide offices in Ohio, is responsible for auditing more than 5,900 state and local government agencies.  Under the direction of Auditor Dave Yost, the office also provides financial services to local governments, investigates and prevents fraud in public agencies and promotes transparency in government.

Beth Gianforcaro
Press Secretary