Annex A: University fraud response plan

  • Introduction

    1. The purpose of this plan is to define processes, responsibility and authority levels, responsibilities for action, and reporting lines in the event of a suspected fraud or irregularity. The use of the plan should enable the institution to:

    These matters are dealt with below.

    Initiating action

    1. There are a number of ways fraud may be detected or suspicion of fraud reported. Within the University all such instances are required to be reported to the Director of Finance and Legal Services (DFLS), unless DFLS is suspected of involvement, when the Registrar and Chief Operation Officer (R&COO) should be informed. The DFLS/R&COO as appropriate will then form a project group which should comprise:

    2. The group will decide on the actions to be taken. The group might not actually meet but may be consulted individually to ensure speed of response and the DFLS / R&COO summing up of the groups consensus will be taken to represent the decision of the group.

    3. The action taken may be:

    Prevention of further loss

    1. Where initial investigation, or even the initial detection, provides reasonable grounds for suspecting a member or members of staff of fraud, the project group will decide how to prevent further loss. This may require the suspension of the suspects. It may be necessary to plan the timing of suspension to prevent the suspects from destroying or removing evidence that may be needed to support disciplinary or criminal action.

    2. In these circumstances, the suspect(s) should be:

    3. The Director of EFM or EFM Facilities Director should be informed and advice on any action needed to deny the suspect access to the University, while they remain suspended.

    4. The Chief Information Officer should be instructed to withdraw without notice all access to all IT systems.

    5. The internal auditor shall consider whether it is necessary to investigate systems other than that which has given rise to suspicion, through which the suspect may have had opportunities to misappropriate the University’s assets.

    Establishing and securing evidence

    1. A major objective in any fraud investigation will be the punishment of the perpetrators, to act as a deterrent to other personnel. The University will follow disciplinary procedures against any member of staff who has committed fraud. The University will normally report any cases of fraud to the police and provide full co-operation in the prosecution of the individuals.

    2. The internal auditor will:

    Significant fraud

    1. HEFCE's Memorandum of Assurance and Accountability (HEFCE 2016/12) and audit code of practice sets out certain mandatory actions if a serious fraud occurs or is attempted. Significant fraud or irregularity is usually where one or more of the following apply:

    2. In these circumstances the DFLS/R&COO will:

    Recovery of losses

    1. Recovering losses is a major objective of any fraud investigation. The DFLS/R&COO should ensure that in all fraud investigation the amount of any loss will be quantified. Repayment of losses should be sought in all cases.

    2. Where the loss is substantial, legal advice should be obtained without delay concerning the steps needed to secure the suspect's assets through court proceedings.

    References for employees disciplined or prosecuted for fraud

    1. Any request for a reference for a member of staff who has been disciplined or prosecuted for fraud shall be referred to the Director of Human Resources. The Director of Human Resources shall prepare any answer to a request for a reference having regard to employment law.

    Reports to governors

    1. Any variation from the approved fraud response plan, together with reasons for the variation, shall be reported promptly to the chairs of both the Board of Governors and the Audit Committee.

    2. On completion of an investigation, a written report shall be submitted to the Audit Committee containing:

    This report will normally be prepared by the internal auditor.

    Reporting lines

    1. The DFLS/R&COO shall provide on behalf of the project group a confidential report to the Chair of the Board of Governors, the Chair of Audit Committee, the Vice-Chancellor, and the external audit partner at least monthly, unless the report recipients request a lesser frequency. The scope of the report shall include:

    Review and approval of fraud response plan

    1. This plan will be reviewed for fitness of purpose at least annually or after each use.

    Any proposed amendments must first be approved by the Director of Finance and Legal Services.