Yesterday almost everyone in our office received one of the IRS tax refund scam emails that have been going around.   No one fell for it, but I can see how someone could.  Computer related fraud is becoming more and more common. 

During the sales cycle we are often asked how employees might defraud our application and cheat the company.  There isn’t a cornucopia full of opportunities for fraud in HRIS, but there are few and one spot in particular is time and attendance.  Stealing time from an employer is probably as old of a trick as employment itself.  Fudge 15 minutes here, a half hour there and pretty soon the company is paying you for 40 hours of work when you’ve only worked 30.

We allow for two basic types of (regular) time entry in our application: by the honor system and by time punch.  Which a client uses is usually a nod to the corporate culture of that client.  We’ve had client adamant about never using the honor system and we’ve had clients just as adamant about always using the honor system.

Here is how we work to prevent fraudulent time and attendance entries the application:

1.       Time punches: if used by a client our time punch system requires the employee to authenticate via username and password and then punch a virtual time clock.  The time for the punch is controlled by our servers.   By requiring authentication we’re making it more likely that the employee is punching their own "time card”.  By controlling the timestamp on our servers, we prevent anyone from cheating the system by fudging the time on the client PC.

2.       Rounding:  We round the punch or honor system entry by whatever rule the client has.  We all know people who work this angle.  If someone knows that until seven minutes past the hour the punch will always round back to the hour they wait until 6:59 past the hour to punch in, stealing almost seven minutes.  We track the rounding and measure whose favor the rounding is in and can report on these on an employee by employee basis.  Over time if an employee is being honest with their punches that give and take should average out to about zero: sometimes it will be in the company’s favor and sometimes it will be in the employees favor.

3.       Work Flow: For all of our time and attendance functions there is an associated work flow.  The workflow is defined by the client and can be (and should be) used as a check and balance.  If a manager is required to review and sign-off on an employee’s time and attendance then it is much more likely someone will be honest in their timekeeping and that any fraudulent behavior will be caught upon review.

Our controls for off-time work pretty much the same way. You have to go through very similar process esin order to take time off.  We track your requests for off time, put them through workflows, get them approved and report on them.

Not many employees cheat at the time and attendance game, but it’s important to be able to know if someone is stealing time.  Labor is a huge cost for any company.  If you were being shorted half your widgets on every shipment you’d want to know and would want to take preventative measures to prevent it.  The same is true for hours worked.  Every hour falsely worked is money taken from the bottom line, lost productivity and a theft from the company.