In this section
Approved by Council 14 December 2006, subject to amendments to be approved subsequently by the Chair of Audit Committee. The amended policy was published in May 2007. Minor revisions were approved by the Chair of Council on behalf of Council in the Summer term 2011.
The purpose of this plan is to formalise the responsibilities and action plan in the event of a suspected fraud or irregularity. The purpose is to achieve the following:
- quantification of loss to the College
- prevention of further loss
- notification to HEFCE in accordance with the Audit Code of Practice
- reporting to the Police
- notification to the College Insurers; and
- reviewing the circumstances of the incident to ensure that the College systems are adequately designed to prevent re-occurrence.
2 Definition of Fraud
In its widest sense and for the purpose of this Policy fraud is defined as:
- the intentional distortions of financial statements or other records which are carried out to conceal the misappropriation of assets or otherwise for gain;
- theft, being the act of dishonestly appropriating property, including money or other assets, belonging to another with the intention of permanently depriving the other of it (which might not include any distortion or falsification of records but be the simple act of stealing property) and
- corrupt practice, including the offering, giving, soliciting or acceptance of inducement or reward which might influence the actions taken by the College.
The key factor is that the actions are intentional and dishonest and fraud has to be distinguished from innocent, albeit inappropriate actions, which could give rise to losses to the College.
However, there are also intentional actions that may not be regarded criminally as fraud but which involve a grossly inappropriate use of College funds. Examples of these include higher than necessary expenditure being incurred on overseas trips, College transport or hospitality facilities. Whilst these would not usually lead to criminal charges, the College may take action under its own disciplinary procedures and they are therefore included within the general application of this Fraud Policy.
Fraudulent activity as it affects the College could potentially involve any employee at any level, independent members of Council or its committees, or agents or contractors of the College. It might also arise totally external to the College by, for instance, cheques to and from the College being misappropriated in the post.
3 Current Requirements
The College management is responsible for the prevention, detection and investigation of irregularities in the event of fraud and corruption. The suspicion of fraud and irregularity is currently captured through a number of means as follows:
- The Financial Regulations and underlying procedures are designed to ensure financial probity whilst maintaining operational efficiency.
- The College’s Audit arrangements, being compliant with the HEFCE Audit Code, ensure that the adequacy of arrangements to detect fraud and corruption are assessed routinely as part of the audit process. The associated risks are incorporated into the internal audit needs assessment and resultant strategic and operational planning. Where there are serious weaknesses in system design, or there is a significant degree of non compliance, the Head of Internal Audit immediately informs the Director of Finance
- The College has a Whistleblowing policy, which includes a procedure for the disclosure of information on the grounds of public interest. The purpose of the procedure is to clarify the way in which staff may express concerns regarding malpractice within the College via a “qualifying disclosure”. This process can act as a reporting mechanism where a member of staff is suspected of carrying out a fraudulent act. The full policy can be found on the Financial Regulations pages of the College website or obtained from the Secretariat.
In addition, the following procedures are in place to deter fraud / corruption:
- The College operates a tendering procedure which is subject to rigorous annual review by Internal audit.
- A Register of Interests of Members of Council is published on the College website (including as part of the Publication Scheme).
- Lists of approved suppliers are reviewed and updated
- Financial Regulations require written quotations to be obtained for purchases over specified financial limits. These regulations are issued to all departments and subject to annual compliance check by internal audit
- The Financial Regulations have a section on Receiving Gifts and Hospitality, and the internal audit needs assessment covers areas susceptible to the risk of fraud and corruption over the following general headings :
- segregation of duties
- dependency on specific members of staff
- security of cash and cheques
- purchasing / tendering procedure
- expenses and overseas travel
- financial reconciliations
- IT security
- Physical security of assets
Finally, as part of its policy for preventing and detecting fraud, all members of staff, particularly those dealing with significant cash or other resources, must normally take at least two weeks' continuous leave during the course of the year. During that time they should relinquish any day-to-day control which they normally exercise over assets or property (e.g. they should not be permitted to manage affairs during that period from home).
4 Action to be taken if Fraud is suspected
(i) Initial Action To Be Taken
All actual or suspected incidents should be reported without delay to the Director of Finance. If the Director of Finance is suspected of involvement, then the notification should be made to the Registrar and Secretary. If the Registrar and Secretary is suspected, then the notification should be to the Warden.
Should the Warden also be suspected of involvement, the Chair of Council and the College’s internal auditors (see details below) should be informed. They will immediately report the matter to the Chair of Audit Committee.
Internal Auditors’ details :
Kingston City Group
21 Eden Street
Tel: 0208 547 8777
The usual circumstance will be for the Director of Finance to inform the Warden, the Registrar and Secretary, and Head of Internal Audit.
The Head of Internal Audit will normally lead the initial fact finding investigation to determine the evidence available and whether any specialist advice is required. In all circumstances of this nature, the Head if Internal Audit will have the authority to use time allocated in the audit plan for investigations, or switch resources from planned internal audit work.
One of the main factors to be determined from this initial work is to quantify (or estimate) the loss to the College as a result of the incident. The Director of Finance will then decide the appropriate course of action and whether a further investigation is necessary. However, any fraud - even where the sum involved is small - is to be regarded as a serious matter.
In exceptional cases, the Director of Finance may instead convene a Project Group to oversee the investigation, comprising :
- Director of Finance (Head of Investigation)
- Head of Internal Audit
- Director of Human Resources
- Senior Management Team member responsible for the department under investigation
(ii) Further Investigation
The purpose of pursuing further investigative work will be done for two reasons; firstly to prevent further loss to the College, and secondly to establish and secure evidence as part of the disciplinary procedure. In these circumstances, the Director of Finance will need to decide the course of action over the following, in line with the College’s disciplinary procedure :
- whether to suspend the suspect, with or without pay
- how to approach the suspect and supervise them from the premises;
- how best to secure the College’s property while the suspect is suspended;
- ways to ensure that the suspect has no access to College systems (particularly via the network from home).
At this point, the Director of Finance will normally nominate the Head of Internal Audit to lead a further evidence gathering exercise, the process of which will be governed by :
(a) the Police and Criminal Evidence Act (PACE)
The only evidence admissible in court is that obtained according to PACE. This relates to how written evidence is documented, and how any interviews (oral evidence) is recorded;
(b) the College’s own Disciplinary Procedure
For a prosecution of an employee to be successful, it has to be demonstrated that the College’s Disciplinary Procedure has been followed at all times; this can be found in the Conditions of Service.
(c) the College's Management Framework for Information Compliance, and its Data Protection Policy and Guidelines
The College's Data Protection Policy and Guidelines together outline the circumstances in which disclosures may be made to Third Parties (eg the Police) without the consent of the Data Subject (in this instance probably the person suspected of fraud), and define which specific officers of the College are authorised to make Disclosures in these circumstances. A fraud investigation may involve other kinds of exceptional personal data collection and processing which should not be undertaken without a detailed knowledge of the provisions of the Data Protection Act: the advice of the Data Protection Officer should be sought on such matters.
In the course of further investigative work, the Head of Internal Audit will need to make a judgment as to whether specialist advice is required. This will cover areas such as legal advice in terms of evidence gathering, and forensic experts. The use of such advice, and the resultant costs, need to be weighed against the benefits in terms of the value of the loss being recovered. The use of any such advice will of course require the approval of the Director of Finance. The Head of Internal Audit will then prepare a confidential report covering the following areas:
- quantification of losses (or best estimate)
- strategy for recovery of these losses
- a summary of resources taken to complete the work
- actions taken to prevent and detect similar incidents; and
- recommendations on system design to reduce the risk of recurrence
5 Reporting the Incident
Once the Head of Internal Audit has prepared the confidential report as outlined in 4 above, it will be submitted to Audit Committee who will then consider the nature of the incident and how the fraud was perpetrated, the measures taken to prevent a recurrence, and any actions required to strengthen system s and responses to fraud. A copy of this report will be sent to the Data Protection Officer if there has been a third party disclosure (although if thought necessary the names of the individuals concerned may be excised).The Head of Internal Audit will need to submit a follow-up report to ensure that recommendations have been actioned.
In the case of a serious fraud, defined as:
- involving sums of money above the threshold for reporting to HEFCE (according to HEFCE's own requirements in force at the time);
- where the particulars of the incident are novel, unusual or complex; or
- where there is likely to be a public interest because of the nature of the fraud or the people involved
- any other circumstances in which HEFCE requirements prescribe a report from the institution in respect of fraud
the following should also be informed:
- HEFCE - The Warden, as designated accountable officer, is responsible for reporting serious weakness, significant fraud or major accounting breakdown to the HEFCE Accounting Officer. If he/she refuses to do so, then the internal auditors must report to HEFCE directly.
- Council – the Chair of Council must also be informed
- Police – instances of serious fraud or corruption must be reported to Lewisham CID on 020 8297 1212 following the procedure for the third party disclosure of personal data
- College Insurers – the Director of Finance will check the requirement to inform the College Insurers.
Link to approved list of steps to be taken in the event of suspected fraud