Bloomberg Law for HR Professionals is a complete, one-stop resource, continuously updated, providing HR professionals with fast answers to a wide range of domestic and international human resources...
By Michael Baer
Recent data breaches at federal agencies notwithstanding, employers need to be concerned with internal access to key data that can lead to fraud as well as outside threats, speakers said Feb. 27 at a Washington Metropolitan Area Chapter of the American Payroll Association meeting in Springfield, Va.
Technological advancements have changed how people steal, said Stephanie Salavejus, vice president and chief operating officer of Peninsula Software of Virginia Inc., a payroll software developer in Newport News, Va.
In part because of the technology available and techniques used, the average payroll fraud exists 36 months before discovery, said Frank Gorrell, a Virginia consultant on internal financial controls and fraud.
A 2013 Forbes magazine article said that payroll fraud occurs in 27 percent of all businesses, he said.
Inside an organization, a written data security policy should be communicated to all employees. Salavejus' group implemented a strict policy about the usage of personal flash drives or external hard drives and set up workplace monitoring tools to help deter intruders and malicious software applications.
However, an employee angry with the organization who has access to key information still can be very dangerous, said Salavejus, whose company also is known as PenSoft. Employers need to understand the fraud triangle of motive, opportunity and rationalization and be aware of behavioral signs of workers that may undermine such protections, Salavejus and Gorrell said.
Behavioral red flags should be pursued, and there is a correlation to some personal behaviors, such as gambling and other addictions, and the likelihood of workplace fraud or theft, Gorrell said. A Defense Department Inspector General handbook on fraud indicators for contract auditors makes note of such correlations, he said.
According to a 2012 report by the Association of Certified Fraud Examiners, a Texas-based group that is the world's largest anti-fraud organization, the most likely people to commit workplace fraud are nonmanagement employees, followed by those in management and executives and business owners, Gorrell said.
The average amount defrauded, however, is exponentially higher for executives and owners than for the rank-and-file group, Gorrell said.
Employers should set up a tip line or other methods to allow those who find potentially fraudulent activity to report the problem, Gorrell said. The fraud examiner's study reported that 43 percent of fraud was uncovered through tips from employees, he said.
Although 14 percent of reported fraud incidents were identified through management reviews, 11.7 percent were discovered by internal audit procedures and only 3.5 percent were picked up by external audit--less than the 7.8 percent discovered by accident, Gorrell said.
With hundreds of attempts a day to hack into her company's systems, Salavejus said clients need to ask vendors about their security protocols. Corporate identity theft is on the rise and less information is needed to steal a corporate identity than a personal one, she said.
In addition to examining service-provider policies and protections, organizations should:
• be thorough in applying data security protocols to in-house systems;
• limit the type and amount of documents with officers' names and signatures that are posted publicly;
• apply appropriate checks and balances to payroll processes and review frequently;
• date and time-stamp files that need to be reviewed and cleared for payroll processes;
• apply Automated Clearing House filters to clear direct-deposit transactions;
• be aware when labeling files as banking, payroll or ACH, which could attract hackers;
• review the security of accounts with banks;
• use positive pay procedures with the banks when releasing payments by check; and
• know that competitors may be maliciously trying to harm the organization through internal systems.
Implementing such security protocols and checklists can cause lags in payroll processing, Salavejus said. In a corporate environment where streamlining and efficiencies are top priorities, such procedures could generate complaints.
The alternative is the exposure of corporate assets to theft and other manipulation, Salavejus said.
More payroll data is being stored by service providers in cloud computer servers, allowing clients to access and modify files without clogging up systems with the terabytes of data. Despite its advantages, Salavejus said she is concerned about cloud-computing data breaches.
Applying the U.S. Marines' motto of deter, detect and defend can be effective, but there are no assurances that payroll fraud and data breaches can be prevented, Salavejus said.
“Fraud is such that we are forced to be more reactive than proactive,” she said.
To contact the reporter on this story: Michael Baer in Washington at email@example.com.
To contact the editor on this story: Michael Trimarchi at firstname.lastname@example.org.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)