Payroll is the payment of wages, salaries, benefits, allowances and any other monies entitled to staff working in a public agency. Some agencies have contracted out the payroll function, while others run their own payroll.

The sizable sums of money involved in the payroll function have traditionally been a target for theft and fraud.

Corruption risks in the payroll function mainly relate to the integrity of the information on which the payroll is based, particularly if the payroll function is performed by a third party under contract. The security of the manual and electronic processes for transferring money and the security of the information contained on the payroll system are also vulnerable aspects of the payroll process.

The improper conduct of an agency's payroll function can constitute corrupt conduct as defined by the Independent Commission Against Corruption Act 1988.

Corruption risks

A risk assessment of payroll in a public sector agency may identify some or all of the following corruption risks:

  • An employee obtaining payments to which they are not entitled, for example by:
    • fraudulently claiming on their timesheet for hours not worked or allowances to which they are not entitled
    • failing to provide a leave form for leave taken
    • colluding with other staff to cover unauthorised absences 
    • providing false information for the reimbursement of expenses not incurred or above approved entitlements
    • fraudulently claiming worker's compensation.
  • An employee directing payments to themselves by creating and paying a non-existent public official ("ghosts" on the payroll).
  • A manager drawing up a biased roster, for example, allocating the most profitable shifts to favoured employees.
  • A manager rostering unnecessary staff on shifts in order to increase payments to them.
  • An employee stealing money directly from the payroll.
  • An employee improperly disclosing personal or banking details (this behaviour may be the result of bribery).


Managing corruption risks

As a minimum your agency should:

  • Introduce policy and procedures for payroll that contain elements listed in the Policy Development Guide and Checklist (see Tips and tools below).
  • Include in the policy sanctions for any breach of the policy and procedures. 
  • Review the policy every two years.
  • Refer to payroll in all relevant corporate documents such as codes of conduct.
  • Train all relevant employees in the policy and procedures to ensure they are aware of their responsibilities.
  • Include payroll as a risk to be assessed in the agency's internal audit and corruption risk management processes.

Following your risk assessment of payroll systems consider these risk management strategies:

  • Following appropriate delegations and procedures for any changes to pay and timesheet transactions. 
  • Establishing access controls for the payroll system such as passwords, routine verification procedures and authorisation levels.
  • Segregating functions to ensure that no one person has complete control over any aspect of the payroll process.
  • Ensuring mandatory advance approval by the supervisor for variations to payroll such as overtime and leave.
  • Verifying and reconciling employee entitlements such as sick leave.  
  • Imposing financial limits on overtime, allowances and payroll processing.
  • Conducting unannounced spot checks by managers to verify attendance and timesheets.
  • Ensuring the payroll system has the capacity to:
    • automatically integrate employee exits to cease payroll payments to departing employees
    • run fortnightly expenditure reports
    • recognise and notify line management of anomalies and overpayments
    • recover overpayments.
  • Ensuring high-risk positions (such as payroll administrators) are adequately supervised.
  • Routinely reviewing and testing data processing controls.
  • Reviewing the recordkeeping and reporting procedures to ensure that:
    • there are controls or systems to record and monitor all payroll transactions.
    • all access to the payroll systems and actions taken are recorded.
    • records are kept of overtime approvals, staff rosters, travel and expenses including approvals, receipts and supporting information.

Case studies

Case study 1: Phantom employees

The Australian Institute of Criminology (AIC) cites1 an example of a 1970's case in the United States in which an employee of a welfare department stole US $2.75 million over a nine-month period by entering data about non-existent employees into the department's computerised payroll system. He then intercepted the salary cheques sent to the "phantom" employees and fraudulently endorsed them to himself.

The AIC proposed prevention strategies that included increasing security controls on the computerised systems, improved monitoring of employees and introducing sanctions and detection mechanisms to act as a deterrent to such behaviour.

Case study 2: Timesheet fraud

In 2008, an ICAC investigation revealed evidence of extensive payroll fraud in a large public sector agency in the form of false timesheet entries and travel claims.

In one instance, a work gang claimed payment for the period 8 pm to 6 am, despite all having left the site at 12.30 am.

One employee dishonestly obtained at least $33,430 in a 15 month period by overstating the hours he worked. 

Another employee submitted fabricated accommodation receipts for himself and his work team to the value of approximately $50,000 over three years. He believed that these receipts were never checked by anyone and would not be detected. 

Payroll officers did sometimes detect timesheet irregularities but when they refused to process questionable claims, they were berated by employees and managers.

The ICAC's report identified the need for supervisors and management to implement agency policy and support payroll employees when they detect non-compliant paperwork including challenging the individual concerned and if necessary reporting the conduct.

Frequently asked questions

Why are payroll systems important for preventing corruption?

Payrolls can be an attractive target for corruption in an organisation but they can also be a useful detection tool. As they generate an auditable record of all transactions, automated payroll systems can be used to identify unusual or irregular payments that could indicate corrupt activity. The knowledge that these records are reviewed regularly will deter some potential perpetrators. 

Automated systems can also act as barriers to corrupt conduct if they incorporate controls that reflect the agency's delegation levels such as permitting only those with authority to approve leave, overtime and other payroll exceptions.

Are automated payroll systems more or less vulnerable to corruption?

The answer is probably 'both'. Automated payrolls can help manage corruption risks for the reasons mentioned in the previous answer. However, because electronic information can be easily disseminated and manipulated payroll systems will need the same kinds of security and controls to address the risks inherent in any electronic information system.

Is outsourcing the payroll function a corruption risk?

As with any other outsourcing decision the risks to the agency of having an outsourced payroll function should be assessed beforehand. The risks lie mainly in the need to maintain the security of information transferred to the outsourced provider.   

Outsourcing can be a useful prevention mechanism in situations where it is important to reinforce the separation of payroll functions from the rest of the agency. This might be necessary in situations when pressure is put on payroll staff by operational or line staff to act improperly.


Other publications

  •  AS 8001- Fraud and corruption control, Standards Australia, 1993
  • Fraud and Corruption Control, Crime and Misconduct Commission (Qld), March 2005
  • Fraud control: Current progress and Future Directions, NSW Audit Office, February 2005
  • Fraud Control: Volume 2 - Strategy, NSW Audit Office, March 1994.


Relevant ICAC investigations


Relevant websites


Related topics on the ICAC website



1. Russell G Smith, Defrauding governments in the twenty-first century, Australian Institute of Criminology paper no.111, 1999.