University home > University Secretary's … > Legal and Compliance iss… > Fraud Policy

1 Introduction

For the purposes of this policy, fraud is defined as dishonest, irregular or illegal acts, characterised by a deliberate intent at concealment or false representation, resulting in the diversion of resources, whether or not for personal gain, for the benefit of an individual or group of individuals at a consequent loss to the University.

The objective of this policy is to safeguard the proper use of the University’s finances and resources, including the finances and resources of its subsidiary companies. The University derives much of its income from public funds, benefactions and charitable organisations, and so has a particular responsibility to ensure that income and resources are used solely for the purposes intended.

Fraud is a serious matter and Council is committed to investigating all cases of suspected fraud. Any member of staff, regardless of their position or seniority, against whom prima facie evidence of fraud is found, will be subject to disciplinary procedures that may result in dismissal. The University will normally involve the police and may seek redress via civil proceedings.

2 Prevention

As the aftermath of fraud is costly, time-consuming, disruptive and unpleasant, and may lead to unwelcome adverse publicity, a major thrust of this fraud policy is prevention.

2.1 Leadership

Council and senior managers should ensure that their behaviour is demonstrably selfless and open, and should champion the University’s policies on conflicts of interest, hospitality and gifts.

2.2 Management procedures

Fraud can be minimised through carefully designed and consistently operated management procedures, which deny opportunities for fraud. Staff must comply with and should receive training in the University’s policies on segregation of duties, data security and conflict of interest, and the University’s financial regulations. A continuous review of systems by internal audit may deter attempted fraud and should result in continuous improvements. The risk of fraud should be a factor in internal audit plans.

2.3 Staff appointments

Potential new members of staff must be screened before appointment, particularly for posts with financial responsibility. For example:

• references should cover a reasonable, continuous period of at least three working years, and any gaps should be explained
• references should cover character, in addition to academic or other achievement
• an official employer's reference should be obtained
• doubts about the contents of the reference should be resolved before confirming the appointment; if this is done by telephone, a written record of the discussion should be kept
• essential qualifications should be checked before making an offer of employment, for example by requiring original certificates at the interview
• where a post carries significant financial responsibility, Criminal Records Bureau (CRB) checks should be considered; the University Secretary’s Office should be consulted

2.4 Cash

Management of cash should include the following:

• Segregation of duties - systems should prevent one person from receiving, recording and banking cash. Where there are many outlets, the system should incorporate additional supervisory management, and unannounced spot checks. Segregation of duties should continue during periods of leave or sickness absence.
• Reconciliation procedures - an independent record of cash received and banked may deter and detect fraud. Documents used in reconciliation processes, such as paying-in slips, should not be available to the officer responsible for banking.
• Receipts should be issued in return for cash received, to provide an audit trail.
• Physical security, such as key pad controlled cashiers' offices and safes; keys and access codes should be kept secure.
• Frequent banking.

2.5 Cheques

Cheques are often completed in ways which facilitate opportunist fraud. Cheques are sometimes intercepted by organised criminals who falsify payee and value details using sophisticated techniques. Debtors may also be told to make cheques payable to a private account, possibly using an account name which is similar to that of the University.

The following preventative measures should be taken:

• Physical security - unused, completed and cancelled cheques should never be left unsecured. If cheques are destroyed, more than one officer should be present, and a record of the serial numbers should be maintained.
• Frequent bank reconciliations - some frauds have gone undetected for long periods because accounts have not been reconciled promptly, or because discrepancies have not been fully investigated.
• Segregation of duties.
• Use of bank account names which it is difficult to represent as personal names, to prevent the simple theft of cheques in the post and their conversion into cash.
• Clear instructions to debtors about correct payee details and the address to which cheques should be sent. The address should normally be the accounts department, not the department which has provided the goods or services.
• Central opening of all post by more than one person, and recording of all cash and cheques received.
• Rotation of staff responsibilities, including the regular rotation of counter-signatories in accounts departments, to reduce the risk of collusion.
• Training in secure completion of cheques.
• Use of electronic funds transfer (EFT) as an alternative to cheques.
• Occasional checks with local banks of accounts including the University’s name.

2.6 Purchasing

Many of the largest frauds suffered by higher education institutions have targeted the purchase ledger. Preventative measures should be taken as follows:

• Minimising little used or unusual account codes.
• Ensuring that all account codes are effectively monitored and approved by line management.
• Segregation of duties.
• Secure management of the creditors' standing data file, including segregating the origination and approval of new or amended data.
• Requiring purchase orders for the procurement of all services, as well as goods.
• Matching the invoice amounts to the purchase order commitment in all cases. Where service order variations occur, these should be supported by an authorised variation order
• A certified delivery note should be matched to the invoice for payment.

All suppliers should be vetted to establish that they are genuine and reputable companies before being added to lists of authorised suppliers.

3 Detention

3.1 Checks and balances

Detective checks and balances will be designed into all relevant systems and applied consistently, including segregation of duties, reconciliation procedures, random checking of transactions, and review of management accounting information, including exception reports. Systems should identify transactions which have not followed normal procedures.

3.2 Behaviour patterns

Suspect patterns of behaviour among staff dealing with financial transactions should be investigated, for example living beyond apparent means, taking few holidays, regularly working alone out of normal hours and resistance to delegation. Any indication of addiction to drugs, alcohol or gambling should be addressed promptly, for the welfare of the individual and to minimise the risks to the University.

3.3 Public Interest Disclosure Policy

Anyone suspecting fraud may use the University’s Public Interest Disclosure Policy, which provides protection against reprisal for any such disclosure.

4 Fraud Response Procedure

4.1 Purpose

The purpose of this fraud response procedure is to define authority levels, responsibilities for action and reporting lines in the event of suspected fraud or irregularity. Those investigating a suspected fraud should:

• aim to prevent further loss
• liaise with the University’s Insurance Officer
• establish and secure evidence necessary for criminal and disciplinary action
• inform the police
• notify HEFCE, if necessary
• endeavour to recover losses
• take appropriate action against those responsible
• keep internal personnel and outside organisations with a need to know suitably informed, on a confidential basis, about the incident and the institution's response
• deal with requests for references for employees disciplined or prosecuted for fraud
• review the reasons for the incident, the measures taken to prevent a recurrence, and any action needed to strengthen future responses to fraud

4.2 Initiating action

Members of staff, students or members of Council may suspect fraud or irregularity in the University. If so, they should report it as soon as possible to the Finance Director Andy Nield, or University Secretary, or to one of the Assessors under the University’s Public Interest Disclosure Procedure - Len Hall, Stephen Lisney, Sue Paterson or Jane Bridgwater. The person to whom the suspected incident is reported should then ensure that it is made known without delay to the Finance Director, Internal Auditor, Richard.Bott@mazars.co.uk and the Chairman of the Audit Committee.

The Finance Director should, as soon as possible (and with the aim of acting within 24 hours), chair a meeting of the following project group to decide on the initial response, using properly appointed nominees where necessary:

• Finance Director
• University Secretary
• The dean of the faculty involved, or the Registrar
• Personnel Director, where a member of staff is suspected of misconduct
• Director of Academic Affairs, where a student is suspected of misconduct

If the actual or suspected incident concerns or implicates the Finance Director, it should be reported without delay to the Vice-Chancellor, Registrar, Chairman of Council and Chairman of the Audit Commitee. In such a circumstance, the University Secretary will lead the project group. Should the incident concern or implicate any other member of the project team, the Finance Director will appoint a substitute.

4.3 Responsibility for investigation

The project group, chaired by the Finance Director, will decide on the action to be taken. This will normally be an investigation led by the Internal Auditor. A decision by the project group to initiate an investigation will constitute authority to the Internal Auditor to use time provided in the internal audit plan for investigations, or contingency time, or to switch internal audit resources from planned audits.

4.4 Prevention of further loss

Where initial investigation provides reasonable grounds for suspecting a member or members of staff or others of fraud, the project group will decide how to prevent further loss. This may require the suspension of the suspect or suspects, under the appropriate disciplinary procedure. It may be necessary to plan the timing of suspension to prevent suspects from destroying or removing evidence that may be needed to support disciplinary or criminal action.

In these circumstances, the suspect or suspects should be approached unannounced. They should be supervised at all times before leaving the University’s premises. They should be allowed to collect personal property under supervision, but should not be able to remove any property belonging to the University. Any security passes and keys to premises, offices and furniture should be returned. The Head of Security should be required to advise on the best means of denying access to the University while suspects remain suspended, for example by changing locks and informing security staff not to admit the individuals to any part of the premises. Similarly, the Head of Information Services should be instructed to withdraw without delay access permissions to the University’s computer systems.

The project group will consider whether it is necessary to investigate systems other than that which has given rise to suspicion, through which the suspect may have had opportunities to misappropriate the University’s assets.

4.5 Establishing and securing evidence

The University will follow disciplinary procedures against any member of staff or student who has committed fraud and will normally pursue the prosecution of any such individual through the criminal courts. The University Secretary will:

• ensure that evidence requirements are met during any fraud investigation
• establish and maintain contact with the police
• ensure that staff involved in fraud investigations are familiar with and follow rules on the admissibility of documentary and other evidence in criminal proceedings

4.6 Reporting lines

The project group will provide regular, confidential reports to the Vice-Chancellor, Chairman of Council and Chairman of the Audit Committee, which will include:

• quantification of losses
• progress with recovery action
• progress with disciplinary action
• progress with criminal action
• estimate of resources required to conclude the investigation
• actions taken to prevent and detect similar incidents

4.7 Notifying HEFCE

The HEFCE Audit Code of Practice includes a requirement that universities must notify the HEFCE Chief Executive of any attempted, suspected or actual fraud or irregularity where:

• the sums involved are, or potentially are, in excess of £10,000
• the particulars of the fraud are novel, unusual or complex
• there is likely to be public interest because of the nature of the fraud or the people involved

4.8 Recovery of losses

The Internal Auditor will endeavour to ensure that the amount of any loss is quantified. Repayment of losses will be sought in all cases. Where the loss is substantial, legal advice should be obtained about the need to freeze the suspect's assets through the court, pending conclusion of the investigation. Legal advice may be obtained about prospects for recovering losses through the civil court, where the perpetrator refuses repayment. The University will normally expect to recover costs in addition to losses.

4.9 Final report

On completion of a special investigation, a written report, normally prepared by the Internal Auditor, shall be submitted to the Audit Committee containing:

• a description of the incident, including the value of any loss, the people involved, and the means of perpetrating the fraud
• the measures taken to prevent a recurrence
• any action needed to strengthen future responses to fraud, with a follow-up report on whether the actions have been taken.

The final outcome will be reported to the complainant.

4.10 References for employees or students disciplined or prosecuted for fraud

Any request for a reference for a member of staff or student who has been disciplined or prosecuted for fraud must be referred to the University Secretary for advice.

4.11 Review of fraud response plan

This plan will be annually reviewed for fitness of purpose. Any recommended change will be reported to the Audit Committee for consideration and to Council for approval.