Author Archives: Garrett_Watts

2025 Anti-Fraud Policy Training

Joint Committee on Government and Finance

Why Anti-Fraud Training?

The Joint Committee receives funding from a federal grant to administer its Crime Victim’s Compensation Fund. As a requirement of that fund, formal fraud awareness and reporting training is mandated.

In addition, the Joint Committee has an obligation to protect its assets and financial interests and believes that fraud awareness training is beneficial for all Joint Committee employees.

Why does the Joint Committee have an Anti-Fraud policy?

1. To provide a coordinated approach to the identification, investigation, and resolution of fraudulent activities, and
2. To increase the overall awareness of the responsibility to report fraud and reasonably suspected fraudulent activity to the appropriate persons.

What does the policy apply to?

The Anti-Fraud policy applies to any situation of fraud or suspected fraud involving Joint Committee employees, claimants for Crime Victim’s benefits, vendors, contractors, consultants, outside agencies, and/or any other parties with a business relationship with the Joint Committee.

What is Fraud?

• Fraud includes any willful or deliberate act committed with the intention of obtaining an unauthorized benefit, such as money or property, by misrepresentation, deception, or other unethical means.
• Acts do not need to be elaborate, or solely criminal in nature, for deceit to constitute fraud.

Common Examples of Fraud and Financial Impropriety

• Forgery, alteration, or falsification of documents (including checks, time sheets, electronic time records, travel expense reports, contractor agreements, purchase orders, financial documents, or electronic files).
• Misappropriation, misuse, theft, removal, or destruction of Legislative resources (including funds, securities, supplies, inventory, furniture, fixtures, equipment, intellectual property or any other asset).
• Improprieties in the handling or reporting of money or financial transactions.
• Misuse of facilities (including telephones, computers and e-mail system).
• Receiving or offering bribes, rebates, or kickbacks.
• Personal use of Legislative property in commercial business activities.
• Accepting or seeking anything of material value from contractors, vendors, or persons providing or seeking to provide services/materials to the Legislature.

How do I recognize Fraud?

To recognize fraud, one must be aware of where it can originate:

1. 1. Internal Fraud is committed by employees. Examples: “Skimming” from cash distributions, awarding funds with a real or perceived conflict of interest, or falsifying time sheets.
   2. External Fraud is committed by claimants.

Examples:  Submitting false claims, false or misleading statements related to reimbursement funds, or other false documents.

Indications of Fraud

The following are indicators fraudulent activity may have occurred:

• Excessive number of missing or voided documents
• Alterations of documents
• Questionable handwriting or approval
• Documents not numerically controlled
• Duplicate payments
• Unusual billing addresses or arrangements
• Vendor’s billing address is the same as employee’s
• Duplicate or photocopied invoices

What are the consequences of fraud to the Crime Victim’s Compensation Fund?

From the DOJ Office of Inspector General, grant fraud can result in:

• Inability to receive future funds
• Civil law suits
• Criminal prosecution
• Expensive administrative recovery of the funds, and
• The inability to receive future funds affects the state’s ability to assist legitimate victims of crime.

What is the Joint Committee’s  Responsibility for Fraud?

The Joint Committee’s management is accountable for setting the appropriate tone of intolerance for fraudulent acts by complying with laws, rules, regulations, and policies.

Division Directors are responsible for identifying and assessing the level of the risks and exposures to fraudulent activity inherent in his or her area of responsibility. Additionally, Directors shall establish and maintain proper internal controls which will provide for the security and accountability of the resources within his or her division.

All Joint Committee employees are responsible for safeguarding public resources and ensuring that they are used only for authorized purposes, in accordance with state rules, policies, and applicable law.

Reporting Requirements

Joint Committee employees who suspect fraud has occurred should promptly report such activity to the Fiscal Officer, Legislative Administrator, Legislative Auditor, or Director of Legislative Services. Fraud may also be reported to the Commission on Special Investigations if the employee suspects Joint Committee management of fraudulent activity.

Thank you for completing the Joint Committee’s Anti-Fraud Training.

2025 Information Technology Policy Training

Joint Committee on Government and Finance – Policies for IT Privacy, Security, & Acceptable Use

Employee Responsibilities

Employees are expected to guard against unauthorized access to printed and electronic data and take precautions to protect data and electronic devices from unauthorized access and use.

Workstation Security

Before leaving your workstation, you must take the following steps:

1. Log off of your computer;
2. Lock your computer; and
3. Lock file cabinets containing sensitive information.

Passwords

Passwords are confidential and must not be shared under any circumstances!

Employee Password Requirements

1. Employees must change passwords every 3 months;
2. Passwords must be at least 8 characters long; and
3. Passwords must contain at least one upper case letter, one lower case letter, one number, and one special character.

Responsible Use of System Capacity

Employees are prohibited from monopolizing systems, by:

• Overloading networks with excessive data.
• Wasting computer time, connect time, bandwidth, disk space, printer paper, or other IT resources.

Personal Data

• Personal data (i.e. pictures, music, documents not work-related) of more than a de minimus amount (meaning very minor or trivial) may not be stored on network devices.
• The Joint Committee is not responsible for the destruction, corruption or disclosure of personal material on or by its IT resources.

Termination/Transfer of Employee

• Division Directors must immediately notify the IT Division (LASD) and the Fiscal Office upon termination or transfer of an employee.
• When an employee is terminated, all access to IT resources will be disabled immediately, unless otherwise approved in writing by management.
• When an employee transfers divisions, IT access will be modified to accommodate new roles and responsibilities.

Personally Identifiable Information

• Personally Identifiable Information (PII) is information that identifies, or can be used to uniquely identify, locate, contact or impersonate a particular individual.
• Examples include: social security numbers, health information, credit card numbers, or log-on credentials.
• Personally Identifiable Information must be encrypted or disassociated from any individual prior to transmission through any public data communications infrastructure, such as a network or the Internet.
• Before establishing a new practice of collecting personally identifiable information, a Division Director should notify the Legislative Administrator and the Legislative Auditor.

Incident Response

Procedure for Breaches of Security/Confidentiality

Employees are expected to report to their supervisor or director, if they:

1. Become aware of possible breaches of security or confidentiality policies; or
2. Know of any inappropriate use of Joint Committee provided IT resources; and
3. Employees should contact an immediate supervisor if there is doubt concerning authorization to access any Joint Committee IT resource, or if questions arise regarding acceptable or unacceptable uses.

Criminal Activity

If criminal activity is suspected or detected, reporting should occur up the supervisory or management chain without delay.

Public Use of IT Resources

• Use of Joint Committee resources (employee computers, telephones, copiers, etc.) by members of the public is prohibited.
• Individuals not employed by the West Virginia Legislature may not use employee computers, or download information from the internet or from mobile media, of any kind, to employee computers.

ACCEPTABLE USE

Joint Committee Policy for Acceptable Use of I/T Resources

Personal Use Policy

• IT resources are designated for authorized purposes.
• Minimal personal use of State-provided IT resources is allowed if it does not interfere with the legitimate business of the State.
• Employees may use Internet facilities for non-business research or browsing during meal-time or other breaks, or outside of normal work hours yet within their usual building access times, provided that they adhere to all other usage policies.

Authority to Monitor

• The Joint Committee reserves the right to filter Internet site availability, and monitor and review employee use as required for legal, audit, or legitimate authorized State operational or management purposes.
• The Joint Committee reserves the right to inspect any and all files stored in private areas of the network, or on employee assigned devices (computer, tablet, external storage devices, etc.) to assure compliance with this policy.

Authority Over IT Resources

• The Joint Committee reserves the right to remove, replace or reconfigure IT resources without formal notice to employees (despite the fact that formal notice will normally be given).

Unacceptable Use of IT Resources

Joint Committee provided IT resources may NOT be used to (1/3):

• Engage in or support illegal activities.
• Engage in commercial activities, product advertisement, or for-profit personal activities.
• View, transmit, receive, save, or print sexually explicit materials.
• Store, print or view any graphic file that is not directly related to one’s job or the activities of Joint Committee.
• Misrepresent oneself or the State of West Virginia.
• Promote political or religious positions or causes.
• Distribute incendiary statements which might incite violence or describe or promote the use of weapons or devices associated with terrorist activities.
• Harass or discriminate on the basis of age, race, color, creed, religion, sex, sexual orientation, national origin, disability, veteran status, or other protected class
• Propagate any virus, worm, Phishing, Trojan horse, or trap-door program code.

Joint Committee provided IT resources may NOT be used to (2/3):

• Access or attempt to access records within or outside Joint Committee’s local area network for which the employee is not authorized.
• Bypass Joint Committee security and access control systems.
• Conduct any form of network monitoring, such as port scanning or packet filtering unless expressly authorized by the Joint Committee.
• Violate the privacy of individual users by reading e-mail or private communications without authority.
• Send or share unencrypted confidential information.
• Engage in unauthorized peer-to-peer networking or peer-to-peer file sharing.
• Commit security violations related to electronic communications, including participation in chain letters or unauthorized chat programs, or forwarding or responding to SPAM.
• Send unsolicited commercial e-mail messages, including the distribution of “junk mail” or other advertising material to individuals who did not specifically request such material.

Joint Committee provided IT resources may NOT be used to (3/3):

• Forge e-mail header information.
• Solicit e-mail for any other e-mail address, other than that of the poster’s account, with the intent to harass or to collect replies.
• Post messages to large numbers of users (over 50) without authorization.
• Post from an agency e-mail address to newsgroups, blogs, or other locations without a disclaimer stating that the opinions expressed are strictly the employee’s own and not those of the State or the Joint Committee or the Legislature, unless posting is in the fulfillment of business duties.
• Engage in pyramid selling schemes, multi-marketing schemes, or fundraising for any purpose, unless sanctioned by Joint Committee.
• Store any unauthorized data, information, or software on IT resources that are provided by the Joint Committee.
• Download software not having a direct, authorized business use.
• Download entertainment software, games, music, or streaming content.
• Watch television programs and movies, play games, or participate in gaming or gambling over the Internet.

EMPLOYEE HANDBOOK

• The Joint Committee’s “Employee Policies and Procedures Handbook” contains the full and official policies related to IT acceptable use and security.
• Every employee is required to read and regularly review the Employee Policies and Procedures Handbook and adhere to the most up-to-date IT policies contained in the Handbook.
• The handbook is available on the Joint Committee’s Staff Page.

Questions or Concerns

• If you have any questions or concerns about the information in this training, please contact Legislative Services (ext. 4800).

You have now completed the Joint Committee IT Privacy and Security Training.