Annex A: University fraud response plan

  • Introduction

    1. The purpose of this plan is to define processes, responsibility and authority levels, responsibilities for action, and reporting lines in the event of a suspected fraud or irregularity. The use of the plan should enable the institution to:

      • prevent further loss
      • establish and secure evidence necessary for criminal and disciplinary action
      • notify HEFCE if the circumstances are covered by the mandatory requirements of the Memorandom of Assurance and Accountability
      • recover losses
      • punish the culprits
      • deal with requests for references for employees disciplined or prosecuted for fraud
      • review the reasons for the incident, the measures taken to prevent a recurrence, and any action needed to strengthen future responses to fraud
      • keep all personnel with a need to know suitably informed about the incident and the institution's response
      • inform the police
      • assign responsibility for investigating the incident
      • establish circumstances in which external specialists should be involved
      • establish lines of communication with the police.

    These matters are dealt with below.

    Initiating action

    1. There are a number of ways fraud may be detected or suspicion of fraud reported. Within the University all such instances are required to be reported to the Director of Finance and Legal Services (DFLS), unless DFLS is suspected of involvement, when the Registrar and Chief Operation Officer (R&COO) should be informed. The DFLS/R&COO as appropriate will then form a project group which should comprise:

      • Deputy Director of Finance
      • Director of HR (if staff member suspected);
      • Director of Academic and Student Affairs (if student suspected);
      • Deputy Director (Legal Services)
      • Pro-Vice Chancellor and Dean or Director of affected area;
      • The internal audit manager

    2. The group will decide on the actions to be taken. The group might not actually meet but may be consulted individually to ensure speed of response and the DFLS / R&COO summing up of the groups consensus will be taken to represent the decision of the group.

    3. The action taken may be:

      • To require the internal auditor to carry out an investigation (usually where financial loss to the University has occurred or may have occurred if the fraud had been successful) and where criminal prosecution may be a possibility;
      • To require the Director of HR to carry out an investigation where a member of staff may have breached the University's policies and procedures but where this does not lead to direct loss to the University;
      • Immediate action required to prevent further loss.

    Prevention of further loss

    1. Where initial investigation, or even the initial detection, provides reasonable grounds for suspecting a member or members of staff of fraud, the project group will decide how to prevent further loss. This may require the suspension of the suspects. It may be necessary to plan the timing of suspension to prevent the suspects from destroying or removing evidence that may be needed to support disciplinary or criminal action.

    2. In these circumstances, the suspect(s) should be:

      • approached unannounced;
      • supervised at all times before leaving the premises;
      • only allowed to collect personal property under supervision, but should not be able to remove any property or records belonging to the University;
      • required to hand over security passes and keys to premises, laptop, university mobile, computer or other equipment in their possession.

    3. The Director of EFM or EFM Facilities Director should be informed and advice on any action needed to deny the suspect access to the University, while they remain suspended.

    4. The Chief Information Officer should be instructed to withdraw without notice all access to all IT systems.

    5. The internal auditor shall consider whether it is necessary to investigate systems other than that which has given rise to suspicion, through which the suspect may have had opportunities to misappropriate the University’s assets.

    Establishing and securing evidence

    1. A major objective in any fraud investigation will be the punishment of the perpetrators, to act as a deterrent to other personnel. The University will follow disciplinary procedures against any member of staff who has committed fraud. The University will normally report any cases of fraud to the police and provide full co-operation in the prosecution of the individuals.

    2. The internal auditor will:

      • maintain familiarity with the University's disciplinary procedures, to ensure that evidence requirements will be met during any fraud investigation;
      • establish and maintain contact with the police (subject to agreement of the project group);
      • ensure that staff involved in fraud investigations are familiar with and follow rules on the admissibility of documentary and other evidence in criminal proceedings.

    Significant fraud

    1. HEFCE's Memorandum of Assurance and Accountability (HEFCE 2016/12) and audit code of practice sets out certain mandatory actions if a serious fraud occurs or is attempted. Significant fraud or irregularity is usually where one or more of the following apply:

      • the sums of money involved are, or potentially are, in excess of £25,000;
      • the particulars of the fraud or irregularity are novel, unusual or complex;
      • there is likely to be public interest because of the nature of the fraud or irregularity, or the people involved.

    2. In these circumstances the DFLS/R&COO will:

      • provide the Vice Chancellor with a draft letter to HEFCE setting out the details of the fraud;
      • Inform the Chair of Governors and Chair of Audit Committee;
      • Inform the Audit Committee if the police are not informed, and the reasons for the decision.

    Recovery of losses

    1. Recovering losses is a major objective of any fraud investigation. The DFLS/R&COO should ensure that in all fraud investigation the amount of any loss will be quantified. Repayment of losses should be sought in all cases.

    2. Where the loss is substantial, legal advice should be obtained without delay concerning the steps needed to secure the suspect's assets through court proceedings.

    References for employees disciplined or prosecuted for fraud

    1. Any request for a reference for a member of staff who has been disciplined or prosecuted for fraud shall be referred to the Director of Human Resources. The Director of Human Resources shall prepare any answer to a request for a reference having regard to employment law.

    Reports to governors

    1. Any variation from the approved fraud response plan, together with reasons for the variation, shall be reported promptly to the chairs of both the Board of Governors and the Audit Committee.

    2. On completion of an investigation, a written report shall be submitted to the Audit Committee containing:

      • a description of the incident, including the value of any loss, the people involved, and the means of perpetrating the fraud;
      • the measures taken to prevent a recurrence;
      • any action needed to strengthen future responses to fraud, with a follow-up report on whether the actions have been taken.

    This report will normally be prepared by the internal auditor.

    Reporting lines

    1. The DFLS/R&COO shall provide on behalf of the project group a confidential report to the Chair of the Board of Governors, the Chair of Audit Committee, the Vice-Chancellor, and the external audit partner at least monthly, unless the report recipients request a lesser frequency. The scope of the report shall include:

      • quantification of losses;
      • progress with recovery action;
      • progress with disciplinary action;
      • progress with criminal action;
      • estimate of resources required to conclude the investigation;
      • actions taken to prevent and detect similar incidents.

    Review and approval of fraud response plan

    1. This plan will be reviewed for fitness of purpose at least annually or after each use.

    Any proposed amendments must first be approved by the Director of Finance and Legal Services.