The New Mexico State Auditor just issued a warning about payroll phishing,the recent victims included government and government employees.
A government employee tasked with payroll responsibilities receives an email from an employee asking that they change their direct deposit to another account. In the name of good service and efficiency, the payroll technician complied and the employee’s pay vanished into the dark cloud.
I am sure the government’s policies prohibited this excellent service and efficiency for one simple truth: excellent financial management is not often about efficiency but about accountability and accuracy.
In my book, Accounting Policies and Procedures for Small Government Contractors Working with the DCAA and Other Government Agencies, I discuss the need to make no changes to an employee’s pay without the employee’s knowledge and proper authorization, to include the relevant supervisor(s):
“One important concept is to make no changes to employee pay without their knowledge. The sample Personnel Action Form is provided as a tool for this.”
I also include the following sample policy:
“The manager completes a Personnel Action Form (PAF) for changes to employee status, including hiring, promotions, change to departments or job position, pay status, termination, or other change in employment. Employees complete the Personnel Action Form for changes regarding changes to withholding taxes. A change in status must be approved by an HR employee relationship manager.”
I developed the form years ago, back when we use to print them with carbons, and it continues to provide comprehensive coverage to payroll actions to include changes in pay, benefits, and other areas. a copy of the form is replicated in my book.
Maybe I should send a copy to the State Auditor?