Fraud Policy supplement


Summary of actions to be taken in the event of suspected fraud

Supplementary statement to the Fraud Policy: approved on behalf of Council, May 2007

1 The Director of Finance (or other officer as appropriate, see 4 (i) of the Fraud Policy) is informed of suspected fraud.

2 The Director of Finance then informs the Warden, the Registrar and Secretary and the Head of Internal Audit.

3 The Head of Internal Audit mounts an initial investigation to determine the evidence available and to quantify (or estimate) the loss to the College.

4 If further investigation is deemed necessary, the Director of Finance will instruct the Head of Internal Audit to lead a further evidence gathering exercise, the purpose of which will be to prevent further loss to the College and to establish and secure evidence as part of the disciplinary procedure. This stage may also involve seeking specialist advice, and application of the third party disclosure provisions of the Data Protection Policy.

5 In exceptional circumstances, the Director of Finance may convene a Project Group to oversee the investigation, with a composition as set out in the Fraud Policy.

6 The Head of Internal Audit then prepares a confidential report for the Audit Committee covering the following areas :

  • quantification of losses (or best estimate)
  • strategy for recovery of these losses
  • a summary of resources taken to complete the work
  • actions taken to prevent and detect similar incidents; and
  • recommendations on system design to reduce the risk of recurrence

and a copy will also be sent to the Data Protection Officer (with names excised if necessary) if there has been a third party disclosure.

7 If the fraud is deemed serious in line with the HEFCE Audit Code of Practice, the Warden must inform HEFCE. If the Warden refuses, the internal auditors must do so.

8 In the case of serious fraud, the Chair of Council, the Police and the College Insurers are also to be informed. (In respect of the second and third of these the third party disclosure provisions of the Data Protection Policy apply.)

9 The Head of Internal Audit will submit a further report to Audit Committee assessing whether the recommendations contained in the original report have been actioned.