Governance

Explore this Section

• Act, Charter, Statutes, Ordinances and Regulations
• Audit
  • Fraud Response Plan
  • External Reporting
  • Whistleblowing
• Calendar
• Charity Registration
• Committees
• Discipline, Complaints, Grievances & Appeals
• Officers of the University
• Policies
• Publication Scheme
• Subsidiary Companies
• Risk Management

• Planning and Academic Administration > 
• Governance > 
• Audit > 
• Fraud Response Plan

Fraud

Purpose

1 The purpose of this plan is to define authority levels, responsibilities for action, and reporting lines in the event of a suspected fraud or irregularity. The use of the plan should enable the University to:

• prevent further loss

• establish and secure evidence necessary for criminal and disciplinary action

• notify the HEFCE, if the circumstances are covered by the mandatory requirements of the Audit Code of Practice

• recover losses

• punish the culprits

• deal with requests for references for employees disciplined or prosecuted for fraud

• review the reasons for the incident, the measures taken to prevent a recurrence, and any action needed to strengthen future responses to fraud

• keep all personnel with a need to know suitably informed about the incident and the University's response

• inform the police

• assign responsibility for investigating the incident

• establish circumstances in which external specialists should be involved

• establish lines of communication with the police.

2. These matters are dealt with below.

Initiating action

3 Suspicion of fraud or irregularity may be captured through a number of means, including the following:

• requirement on all personnel under financial regulations to report fraud or irregularity to the internal auditor

• The procedure for Disclosure of Alleged Malpractice under the Public Interest Disclosure Act (the "Whistle-blowing" Procedure)

• planned audit work

• operation of proper procedures.

4 All actual or suspected incidents should be reported without delay to the Secretary of the Audit Committee, or in his/her absence the Head of the Planning Support Unit. The Secretary should, as soon as practicable and preferably within 2 working days, hold a meeting of the following project group or their nominees to decide on the initial response:

• University Secretary (chair)

• Head of Human Resources

• Director of Finance

• and possibly, if the group requires, lead officer of the Internal Auditors

5 The project group will decide on the action to be taken. This will normally be an investigation, led by the internal auditors. The decision by the project group to initiate a special investigation shall constitute authority to the internal auditors to use time provided in the internal audit plan for special investigations, or contingency time, or to switch internal audit resources from planned audits.

Prevention of further loss

6 Where initial investigation provides reasonable grounds for suspecting a member or members of staff of fraud, the project group will decide how to prevent further loss. This may require the suspension, with or without pay, of the suspects. It may be necessary to plan the timing of suspension to prevent the suspects from destroying or removing evidence that may be needed to support disciplinary or criminal action.

7 In these circumstances, the suspect(s) should be approached unannounced. They should be supervised at all times before leaving the University's premises. They should be allowed to collect personal property under supervision, but should not be able to remove any property belonging to the University. Any security passes and keys to premises, offices and furniture should be returned.

8 The Security Manager should be required to advise on the best means of denying access to the University, while suspects remain suspended (for example by changing locks and notifying security staff not to admit the individuals to any part of the premises). Similarly, the Director of Information Services should be instructed to withdraw without delay access permissions to the University's computer systems.

9 The internal auditors shall consider whether it is necessary to investigate systems other than that which has given rise to suspicion, through which the suspect may have had opportunities to misappropriate the University's assets.

Establishing and securing evidence

10 A major objective in any fraud investigation will be the punishment of the perpetrators, to act as a deterrent to other personnel. The University will follow disciplinary procedures against any member of staff who has committed fraud. The University will normally pursue the prosecution of any such individual.

11 The internal auditors will:

• maintain familiarity with the University's disciplinary procedures, to ensure that evidence requirements will be met during any fraud investigation

• establish and maintain contact with the police

• establish whether there is a need for audit staff to be trained in the evidence rules for interviews under the Police and Criminal Evidence Act

• ensure that staff involved in fraud investigations are familiar with and follow rules on the admissibility of documentary and other evidence in criminal proceedings.

Notifying the HEFCE

12 The circumstances in which the University must inform the HEFCE about actual or suspected frauds are detailed in the HEFCE Audit Code of Practice (HEFCE 98/28 paragraphs 14-15). The Vice-Chancellor as Accounting Officer is responsible for informing the HEFCE of any such incidents. Recovery of losses

13 Recovering losses is a major objective of any fraud investigation. The internal auditors shall ensure that in all fraud investigations, the amount of any loss will be quantified. Repayment of losses should be sought in all cases.

14 Where the loss is substantial, legal advice should be obtained without delay about the need to freeze the suspect's assets through the court, pending conclusion of the investigation. Legal advice should also be obtained about prospects for recovering losses through the civil court, where the perpetrator refuses repayment. The University would normally expect to recover costs in addition to losses.

References for employees disciplined or prosecuted for fraud

15 The staff handbook includes a requirement that any request for a reference for a member of staff who has been disciplined or prosecuted for fraud shall be referred to the Head of Human Resources. The Head of Human Resources shall prepare any answer to a request for a reference having regard to employment law.

Reporting to Council

16 Any incident matching the criteria in the HEFCE Audit Code of Practice (as in paragraph 12 above) shall be reported without delay by the Vice-Chancellor to the chairs of both the Council and the Audit Committee.

17 Any variation from the approved fraud response plan, together with reasons for the variation, shall be reported promptly to the chairs of both the Council and the Audit Committee.

18 On completion of a special investigation, a written report shall be submitted to the Audit Committee containing:

• a description of the incident, including the value of any loss, the people involved, and the means of perpetrating the fraud

• the measures taken to prevent a recurrence

• any action needed to strengthen future responses to fraud, with a follow-up report on whether the actions have been taken.

This report will normally be prepared by the internal auditors.

Reporting lines

19 The project group shall provide a confidential report to the chair of Council, the chair of Audit Committee, the Vice-Chancellor, the external audit partner and the Head of External Relations at least monthly, unless the report recipients request a lesser frequency. The scope of the report shall include:

• quantification of losses

• progress with recovery action

• progress with disciplinary action

• progress with criminal action

• estimate of resources required to conclude the investigation

• actions taken to prevent and detect similar incidents.

Responsibility for investigation

20 All special investigations shall normally be led by the internal auditors. Special investigations shall not be undertaken by management, although management should co-operate with requests for assistance from internal auditors.

21 Some special investigations may require the use of technical expertise which the internal auditors do not possess. In these circumstances, the project group may approve the appointment of external specialists to lead or contribute to the special investigation.

Review of fraud response plan

22 This plan will be reviewed for fitness of purpose at least annually or after each use. Any need for change will be reported to the Audit Committee for approval.

APPENDIX: HEFCE Guidance

Cash

There are many opportunities for frauds in universities involving thefts from cash boxes, cash registers and takings at bars, residences, catering outlets, vending machines, and from social funds. Management of cash should include the following:

(a) Segregation of duties. Systems should prevent one person from receiving, recording and banking cash. As there are many outlets at Keele, the system should incorporate additional supervisory management, and spot checks. Segregation of duties should continue during periods of leave or sickness absence.

(b) Reconciliation procedures. An independent record of cash received and banked may deter and detect fraud. Documents used in reconciliation processes, (such as paying-in slips) should not be available to the officer responsible for banking. A very large fraud at another University was sustained over a period of years, despite reconciliation procedures, because the officer responsible for receiving and banking cash fraudulently altered paying-in slips to conceal thefts, before reconciliation procedures were performed.

(c) The issue of receipts in return for cash received, to provide an audit trail.

(d) Physical security, such as key pad controlled cashiers' offices and safes. Every year Universities suffer losses because cash is left unsecured, often despite ready availability of safes. Keys and access codes should also be kept secure.

(e) Frequent banking.

(f) Use of alternatives to cash (vending cards, credit cards, cheques, direct debits, and standing orders).

Cheques

Cheques are often completed in ways which facilitate opportunist fraud; and cheques are sometimes intercepted by organised criminals who falsify payee and value details using sophisticated techniques. Debtors may also be told to make cheques payable to a private account, possibly using an account name which is similar to the University's. Preventative measures include:

(a) Physical security. Unused, completed and cancelled cheques should never be left unsecured. If cheques are destroyed, more than one officer should be present, and a record of the serial numbers should be maintained.

(b) Frequent bank reconciliations. Some frauds have gone undetected for long periods because accounts have not been reconciled promptly, or because discrepancies have not been fully investigated.

(c) Segregation of duties.

(d) Use of bank account names which it is difficult to represent as personal names, to prevent the simple theft of cheques in the post and their conversion into cash.

(e) Clear instructions to debtors about correct payee details and the address to which cheques should be sent. The address should normally be the Finance Department, not the department which has provided the goods or services.

(f) Central opening of all post by more than one person, and recording of all cash and cheques received.

(g) Rotation of staff responsibilities, including the regular rotation of counter-signatories in accounts departments, to reduce the risk of collusion.

(h) Training in secure completion of cheques. (i) Use of electronic funds transfer (EFT) as an alternative to cheques.

(j) Occasional checks with local banks of accounts including the University's name. Some Universities have identified accounts operated contrary to financial regulations, sometimes for personal use.

Purchase ledger

Many of the largest frauds suffered by Universities have targeted the purchase ledger. Preventative measures include:

(a) Minimising little used or unusual account codes.

(b) Ensuring that all account codes are effectively monitored by line management.

(c) Segregation of duties.

(d) Secure management of the creditors' standing data file, including segregating the origination and approval of new or amended data.

(e) Requiring purchase orders for the procurement of all services, as well as goods.

(f) The deployment of difficult employees away from purchasing.

All suppliers should be vetted to establish that they are genuine and reputable companies before being added to lists of authorised suppliers.

Approved by Council 31 October 2002

Top of Page

• top of page

Data Protection

FOI

Charity Registration

Feedback | Terms and Conditions