The AICPA Employee Benefit Plan Audit Quality Center published a document on actual fraud cases in employee benefit plans. This document showed the different fraud cases and how it was caught. We would like to go through a few of the cases and explain how to prevent fraud from happening:
Distributions
A payroll supervisor requested distribution checks for former employees who had been laid off and requested the checks be sent to her to distribute with final payroll checks to the employees. The payroll supervisor then deposited these funds in her own savings account. A total of $250,000 was fraudulently disbursed.
How to prevent this:
i. Review monthly or quarterly plan statements and ask about any significant and unusual distributions.
ii. Ensure distribution approvals and recording functions are performed by different persons who do not maintain participant records.
iii. Ensure distribution applications are reviewed and approved by a responsible official or committee not involved in processing.
Plan Expenses
A plan employee submitted requests to the custodian to pay fictitious vendors. Authorized direction letters were forged and undetectable by the custodian. The employee directed the custodian to opt out of the option for a recorded call back before releasing payments.
How to prevent this:
i. Plan management reviews the plan’s financial statements on a periodic basis and investigates significant variances from expected results, specifically reviewing expense accounts to ensure there are no significant increases in expenses.
ii. Review the expense accounts and compare all recorded expenses to contracts and agreements.
iii. Ensure that operating expenses are approved by a responsible official who is not involved in processing expenses.
Participant Loans
A controller wrote bogus loan checks on behalf of employees; completed bogus promissory notes and cashed them and used the dollars for his own personal account. The controller was in charge of the benefit plan, which included the approval and check writing process. The company also did all of the recordkeeping duties and the loans were not reported on participant statements
How to prevent this:
i. Do not have the custodian send the company the checks and the company cut a check to the employee. Rather, have the custodian send the participant the check directly after the proper approval process.
ii. Ensure that participant loans are approved by a responsible official who is not involved in processing of participant loans.
iii. Utilize a qualified TPA that has the experience and knowledge of retirement plans.
Eligibility
A person was offered a job but never actually started the job. The plan sponsor entered the person as an employee into the HR system and enrolled the person in the plan and then started issuing paychecks with deductions for contributions to the plan. This went on for three years until the employee running the scam requested a distribution at which time the fraud was discovered.
How to prevent this:
i. Bank reconciliations are prepared and reviewed in a timely fashion.
ii. The payroll system master file change log, showing all changes made to payroll information, is reviewed by management to ensure it reflects accurate and complete information.
iii. Ensure there is adequate segregation of duties among those who: prepare payroll checks, sign payroll checks, distribute payroll check stubs, and review and authorize electronic payroll disbursements.
Contributions
An HR department employee, who also assisted with payroll, diverted plan contributions into their personal account for six months and then left the country. This employee also had responsibility to reconcile payroll bank accounts.
How to prevent this:
i. Compare Employer payroll records with contribution calculations.
ii. Periodically reconcile recorded contributions to: trustee’s or third-party administrator’s reports of contributions received, employer payroll records and individual participant accounts.
iii. Ensure there is adequate segregation of duties among those who: are involved in the payroll process and authorize electronic payroll disbursements.
The best way to deal with fraud is to prevent the fraud from happening.
To do this, the company should have proper internal controls in place. Above are some ideas on different internal controls, but is not a full list of internal controls.
If you are concerned on any area of your company or are in need of a second look at your controls please contact Adam Odom. Adam’s years of experience has helped him truly understand how to implement best practices and procedures that support proper internal controls for your business or organization.
