Key Functional Areas Vulnerable to Fraudulent Activity
Payroll Processing
There should be adequate separation of duties to ensure the responsibilities of appointment, scheduling, approving hours worked, posting hours worked, and payroll distribution do not belong to the same person. Further, pay-affecting records should be complete, submitted timely, verified by supervisor, and never returned to employee after supervisor approval. All payroll transactions should be supported by required documentation. Inadequate controls may lead to fraudulent activity including:
- inadequate support for time paid, pre-signing, or returning approved records to employees may allow for employees to falsify hours worked without verification
- no overtime policies or oversight of activity enables overtime abuse, including deliberate unproductive activity to ensure extra hours at extra pay
- inadequate oversight and authorization of time reports may allow for undetected inflated leave balances resulting in overpayment or taking time not earned
Cash Receipting
There should be adequate separation of duties to ensure the responsibilities of initial receipt, deposit and reconciliation do not belong to the same person. Only University-approved cash receipt forms and systems should be utilized to receipt. Receipts should be preprinted, pre-numbered, and never used out of order; all receipts, even voids, should be accounted for. Deposits should be verified to source documents (reconciliation). Inadequate controls may lead to fraudulent activity including:
- not ensuring all receipts accounted for or used in order may lead to receipts stolen or destroyed; employees could use receipts to provide to customer when receiving cash but not post the receipt of funds and destroy the record
- inadequate policies and process oversight may not detect missing receipts, altered records, or occurrences of multiple voids, paid-outs, refunds or non-cash credits
Petty Cash
There should be adequate separation of duties to ensure the responsibilities of custodian of cash, disbursement of replenishments, approval of disbursements, and reconciliation do not belong to the same person. There should be periodic reconciliation of petty cash funds to balances and receipts by an independent party. Reconciliation of balances and activity to bank statements or fund activity should occur. Oversight should review that funds used only for authorized purposes – not for payroll, cashing out funds, or other prohibited purpose. Inadequate controls lead to fraudulent activity including:
- inadequate oversight and review of receipts may allow for lack of, or not timely, detection of invalid purchases, checks issued to cash or the employee, hidden disbursements (purchases for items of personal benefit)
- not destroying or altering receipts may allow for reuse, enabling use of same receipt more than once for one purchase allows for larger replenishment
Travel
There should be adequate separation of duties to ensure the responsibilities of travel approval, recording of transaction and expense reimbursement, and disbursement of reimbursement do not belong to the same person. WSU has strong travel policies to ensure proper controls; units should ensure compliance with policies. Approval of travel for an employee should be approved by a knowledgeable, authorized individual. Reimbursement from other sources (i.e., grants) should be considered. Requests for reimbursement should be supported by original receipts and reviewed for reasonableness. Inadequate controls lead to fraudulent activity including:
- review of requests for reimbursement by a person not knowledgeable of policy or activity may lead to duplicate receipts submitted for same transaction, unauthorized or unallowable reimbursement or overpayment
Purchasing Card
There should be adequate separation of duties to ensure the responsibilities of custodian, and authorizing official do not belong to the same person. WSU has strong purchasing card policies; units should ensure compliance with policies. Original receipts should support transactions and be reviewed to logged purchases and bank statement to ensure no duplication and authorized, allowable purpose. Inadequate controls lead to fraudulent activity including:
- inadequate review of receipts to logged transactions may not catch purchases for unallowable purposes (prohibited or personal purchases) or duplicate receipts
- inadequate review of reconciliation may not identify errors in budget posting, or recording of activity, leading to inaccurate recording, or hidden disbursements