Finding Text
INTERNAL CONTROL OVER MAJOR PROGRMAS-UNAUTHORIZED PAYROLL CHANGES CRITERIA: AN EFFECTIVE INTERNAL CONTROL SYSTEM SHOULD INCLUDE BOTH DETECTIVE AND PREVENTATIVE CONTROLS IN ORDER TO PREVENT MISAPPROPRIATION OF CASH AND FRAUDULENT PAYMENTS. CONDITION: STILWELL SCHOOL DID NOT HAVE A PROCEDURE IN PLACE FOR CHANGING PAYROLL INFORMATION THAT INCLUDED REQUESTING THE CHANGE TO PAYROLL ON A STANDARD FORM THAT INCLUDES AN EMPLOYEE'S SIGNATURE AUTHORIZING THE CHANGE SIGNED IN FRONT OF AN ADMINISTRATIVE OFFICE EMPLOYEE AND APPROVED BY THE TREASURER. AS A RESULT, APPROXIMATELY $10,000 TO $14,000 OF PAYROLL PAYMENTS WERE MADE TO UNAUTHORIZED BANK ACCOUNTS. CAUSE AND EFFECT: THE TREASURER RECEIVED TWO EMAILS REQUESTING CHANGES TO DIRECT DEPOSIT ACCOUNT INFORMATION FROM ADMINISTRATIVE STAFF, WHICH RESULTED IN THE TREASURER CHANGING THE DIRECT DEPOSIT ACCOUNT NUMBERS TO FRAUDULENT ACCOUNTS. RECOMMENDATION: WE RECOMMEND STILWELL SCHOOLS IMPLEMENT A PROCEDURE WHERE CHANGES TO PAYROLL INFORMATION MUST BE MADE IN PERSON BY COMPLETING A CHANGE FORM THAT THE EMPLOYEE SIGNS AND DATES IN ORDER TO AUTHORIZE CHANGES TO THEIR ACCOUNTS. RESPONSIBLE OFFICIAL'S RESPONSE: THE SCHOOL IMPLEMENTED SUCH A PROCEDURE, AND NO LONGER ALLOWS PAYROLL CHANGES BY EMAIL.