Electronic Payroll Theft Spurs County Controls and Procedures Update

When $416,000 was stolen from a Bullitt County Fiscal Court payroll account in June, Kentucky State Auditor Crit Luallen sent IT experts to investigate. The theft was carried out via "fraudulent electronic payment transactions using malicious software installed by an unauthorized intruder," said Luallen in a statement. Luallen's investigators reviewed the county's controls and procedures around automated payroll transactions and came up with some recommendations.

Findings included:

• The county did not have procedures in place to respond to questionable transactions related to the online account.
• The county did not consistently use centralized e-mail accounts or enforce spam filtering for incoming e-mail transmissions.
• A centralized e-mail address was established for county employees; however, employees were using other accounts for county business purposes through e-mail providers such as Windstream, Yahoo, AOL and Hotmail.

The examination's findings and recommendations can be viewed online.

Photo by d70focus. Creative Commons License Attribution 2.0 Generic.