The malicious threat of ghost employees in organisations

South Africa

Organisations face a multitude of commercial crime risks. These include fraud, theft, cybercrime, and corruption. Fraud is a significant risk that organisations face, and organisations need to be cognisant of and fully understand what this risk entails. There are numerous methods that individuals and criminal syndicates use to defraud an organisation. One of these is the misappropriation scheme known as “ghost employees”.

At a basic level “ghost employees” are names that appear on an organisation’s payroll database but who don’t, in most instances, actually work for the organisation. The names of “ghost employees” emanate in various ways. These include (1) those that are only traceable on paper, otherwise known as fictitious employees, (2) the names of deceased individuals that appear on the organisation’s payroll, and (3) the names of “real” people that are not part of, and do not work for, the organisation and no one has seen or heard of them. Sometimes an organisation’s employee(s) may create a false identification, resulting in two salaries being paid to one individual within the organisation.

The materialisation of ghost employees in an organisation centres around the motivation by the individual seeking to commit the crime. This motivation is often driven by some or other financial pressure and/or in some cases greed and/or a desire to make more money. Weak internal control systems, inadequate checks and balances and/or segregation of duties create the opportunities through which these individuals are able to perpetrate these schemes. Both private and public organisations who lack the proper fraud risk management strategy and controls are vulnerable to this fraudulent scheme.

The names of ghost employees firstly need to be registered or recorded in an organisations employee database. Secondly, these names need to be included in the organisations payroll system. This means that there needs to be an active banking account into which the ‘salary’ payment will be deposited. Lastly, the payment to the ghost employee will need to be processed and authorised for each periodic payment. Payments made to ghost employees ultimately threaten an organisations profitability and sustainability.

It is important for an organisation to have meaningful internal controls as well as fraud risk management policies and procedures that can assist with the prevention and detection of any type of payroll fraud.

Organisations should perform frequent audits on its payroll database to ensure that the names listed therein are reflective of employees who do actually work for the organisation. Salary increases should be well‑documented and approved in accordance with the organisations policies as well as relevant delegations of authority.

Ultimately, the most effective weapon an organisation will have to combat payroll fraud as well as other fraudulent activity is to take proactive measures to mitigate the fraud risks faced by the organisation. The time spent in considering, developing and implementing a meaningful fraud risk management strategy, along with meaningful internal controls coupled with the relevant policies and procedures will save any organisation from the financial and other consequences that may emanate as a result of being victim to any type of fraudulent conduct.