2.1 Scope and Introduction

The Organisation is committed to ensuring that high legal, ethical and moral standards are in place across the organisation, including where third parties act on the Organisation’s behalf, at both home and abroad and is committed to countering any form of fraud or corruption.

It is therefore vital that measures are in place to ensure that there is an anti-fraud culture in the Organisation in which fraud is deterred, prevented and detected and that all suspected frauds are appropriately investigated and the necessary sanctions are imposed where a fraud is proven.

Organisation to have a robust and comprehensive system of risk management, control and corporate governance and that this should include the prevention and detection of corruption, fraud, bribery, money laundering and other irregularities.

This Policy sets out the roles and responsibilities of staff, Committees and other parties towards achieving this. Specifically, the sections which follow outline responsibilities for preventing and detecting fraud and set out how staff should respond if they suspect that a fraud is or has been taking place.

This Policy applies to all members of the Organisation including subsidiary companies and associated persons. Organisation includes employees and independent members of Council and its Committees.

The policy applies to any fraud, or suspected fraud, involving employees as well as consultants and contractors.

2.2 Definitions

Fraud – Fraud is legally defined within the Fraud Act 2007. For practical purposes, fraud may be defined as:

‘The use of deception with the intention of obtaining an advantage, avoiding an obligation or causing loss to another party.’

Examples of Organisation fraud include:

• Misappropriation or theft of cash, stock or other assets – this might include the theft of stationery for private use, or the unauthorised use of Organisation vehicles, computers or other equipment.
• Purchasing fraud – this can include approving or paying for goods not received, paying inflated prices for goods and services or accepting any bribe.
• Misstating claims or eligibility for other benefits – such as overstating or making false travel and subsistence claims.
• Accepting pay for time not worked – this can include failing to work full contracted hours, making false overtime claims, completing private work during Organisation time or falsifying sickness.
• Record fraud, often via computers – such as altering or substituting records, duplicating or creating spurious records or destroying or supressing them.
• Intellectual Property (IP) theft – such as claiming Organisation intellectual property as your own, or otherwise using or selling Organisation IP for your own personal gain.
• Academic fraud including immigration, admissions, internships, examinations and awards.

This list is illustrative and not exhaustive; other examples of fraud also exist. Corruption – dishonest or fraudulent conduct, typically involving bribery.

Bribery – the offering, giving, receiving or soliciting of any item of value to influence the actions of an official or other person in charge of a public or legal duty.

2.3 Policy Statements

2.4 Counter-Fraud Policy Objectives

The eight key objectives of the Organisation’s counter fraud policy are:

1. Establishment of a counter-fraud culture.
2. Maximum deterrence of fraud.
3. Active and successful prevention of any fraud that cannot be deterred.
4. Rapid detection of a fraud that cannot be prevented.
5. Professional investigation of any detected fraud Effective internal and external actions and sanctions against people found to be committing fraud, including legal action for criminal offences.
6. Effective communication and learning in relations to fraud.
7. Effective methods of seeking redress when/where fraud has been perpetrated.

2.4.1 Fraud Prevention

8. The Organisation recognises the importance of prevention in its approach to fraud and has in place various measures including denial of opportunity, effective leadership, auditing and employee screening.
9. Fraud is minimised through usefully designed and consistently operated management procedures which deny opportunities for fraud. In particular, financial systems and procedures take into account the need for internal checks and internal control. Additionally, the possible misuse of information technology is prevented through the management of physical access to terminals and protecting systems with electronic access restrictions where appropriate.
10. The Organisation’s Audit and Risk Committee provides an independent and objective view of internal controls by overseeing Internal and External Audit Services, reviewing reports and systems and procedures and ensuring compliance with the Organisation’s Financial Regulations and the requirements of the OFS. These external reviews of financial checks and balances and validation testing provide a further deterrent to fraud and advice about system development/good practice.
11. The Organisation has in place a number of policies and related guidance that assist in preventing fraud. Please see Related Documentation.

2.5 Fraud Detection

Whilst it is accepted that no systems of preventative measures can guarantee that frauds will not occur, the Organisation has in place detection measures to highlight irregular transactions.

1. All internal management systems are designed with detective checks and balances in mind and this approach is applied consistently utilising wherever possible the expertise and advice of the Organisation’s Auditors.
2. The approach includes the need for segregation of duties, reconciliation procedures, the random checking of transactions and the review of management accounting information including exception reports.
3. As set out in the whistle-blowing policy, concerns expressed by staff, or others associated with the Organisation are investigated by the Organisation without adverse consequences for the complainant, maintaining confidentiality wherever possible.
4. The Organisation views its preventative measures by management, coupled with sound detection checks and balances as its first line of defence against fraud.

2.5.1 Roles and Responsibilities for Preventing and Detecting Fraud

All Organisation senior managers and employees have a clear responsibility for the prevention and detection of fraud. The key responsibilities of individuals and groups are set out below.

A) Organisation Council and Audit and Risk Committee

1. The Council is ultimately responsible for ensuring that systems are in place for the prevention, detection and investigation of fraud, whilst day-to-day operation of relevant policies, procedures and controls is delegated to management.
2. The Council, together with the Audit and Risk Committee, is responsible for:

• Adopting and approving a formal fraud policy and response plan.
• Setting the framework with regard to ethos, ethics and integrity.
• Ensuring that an adequate and effective control environment is in place.
• Ensuring that adequate audit arrangements are in place to investigate suspected fraud.

B) Line Managers

1) Line managers are responsible for implementing this Policy in respect of fraud prevention and detection and in responding to incidents of fraud. In particular, this involves ensuring that the high legal, ethical and moral standards are adhered to in their School or Professional Service area. The practical requirements of line managers are to:

• Have an understanding of the fraud risks in their areas and to consider whether processes under their control might be at risk.
• Have adequate processes and controls in place to prevent, deter and detect fraud.
• Be diligent in their responsibilities as managers, particularly in exercising their authority in authorising transactions [electronically or otherwise] such as timesheets, expense claims, purchase orders, returns and contracts.
• Deal effectively with issues raised by staff including taking appropriate action to deal with reported or suspected fraudulent activity.
• Report suspected frauds according to the process outlined in Section 2.6.
• Provide support/resource as required to fraud investigations.

C) All Employees

1. The Organisation expects all employees to be responsible for:

• Upholding the high legal, ethical and moral standards that are expected of all individuals connected to the Organisation.
• Adhering to the policies and procedures of the Organisation.
• Safeguarding the Organisation’s assets.
• Alerting management and/or other contacts should they suspect that the possibility of a fraud exists.
• Being aware of the Organisation policies and procedures to the extent they are applicable to their role.

D) Internal Audit

1. The Organisation’s Internal Auditors are not responsible for detecting fraud. As with all aspects of governance, control and risk management is the responsibility of management.
2. However, Internal Audit’s role in respect of fraud is to:

• Regularly review fraud policies, procedures, prevention controls and detection processes making recommendations to improve these processes as required.
• Discuss with management any areas which it suspects may be exposed to fraud risk.
• Help determine the appropriate response to a suspected fraud and to support any investigation that takes place.
• Facilitate corporate learning on fraud, fraud prevention and the indicators of fraud.

E) External Audit

External Audit is not responsible for detecting fraud. However, should the impact of fraud, as with all material misstatements, be of such magnitude as to materially distort the truth and fairness of the financial statements, the external auditors should detect the fraud and report it to the Audit and Risk Committee.

2.6 Response to Suspected Frauds

1. Members of staff are key to ensuring that the Organisation’s stance on fraud is effective. All staff are positively encouraged to raise any concerns that they may have. All such concerns will be treated in confidence, wherever possible, and will be impartially investigated.
2. The information below sets out the detailed approach to reporting suspected frauds and how they will be investigated through to action and formal reporting. Please see Appendix 3 for a summary flowchart of this detail which covers all cases except those involving allegations against the Executive Director of Finance and/or Vice-Chancellor which is covered in Appendices 4 and 5.

2.7 Initial Report

1. If a member of staff believes that they have reason to suspect a colleague, contractor or other person of fraud or they are being encouraged to take part in fraudulent activity, they must immediately report this to their Line Manager.
2. If it is believed that this post holder is involved or an alternative reporting route is preferred, the Director of Finance should be informed. If the report comes via this latter route then the best approach to the investigation, considering the principles outlined below, will need to be considered and the Executive Director of Finance will liaise with other Senior Managers as appropriate.
3. Employees or managers should not initiate their own investigations or enquiries but should seek the advice of either the Executive Director of Finance or the Organisation Secretary as soon as possible. Appendices 1 and 2 provide some at-a-glance guide for employees and managers as to their role in responding to fraud.
4. If a member of staff believes that they have reason to suspect the Executive Director of Finance, they must immediately report this to the Chief Executive.
5. If a member of staff believes that they have reason to suspect both the Executive Director of Finance and Chief Executive they must report this to either the Chair of the Audit and Risk Committee.

2.8 Initial Investigation

1. The Executive Director of Finance and the Organisation Secretary will meet to consider the most appropriate response. This meeting should usually take place within 24 hours of the incident being reported.
2. Usually, an initial confidential investigation will take place with an appropriate investigating officer being appointed. Depending on the nature of the suspected fraud and the facts that have already been established, the Executive Director of Finance and the Organisation Secretary will consider reporting the suspected fraud to the police, internal audit, the Audit and Risk Committee Chair or others ahead of the initial investigation.
3. The purpose of the initial investigation is to gather all relevant information and documentation in order to determine if there is a prima facie case for further formal internal/external investigation. This investigation will be undertaken urgently and confidentially with a report being made to the Director of Finance and the Organisation Secretary.
4. The Executive Director of Finance and the Organisation Secretary will then consider whether:
   1. There is a case for further investigation/action. If there is no case for further investigation/action, there should be an appropriate communication to the staff member who reported the suspected fraud.
   2. There are immediate measures that would prevent any further losses including the suspension of staff.
   3. Where appropriate, to approach external parties such as the internal or external auditors or specialist legal advisors, for advice on how an investigation of this type will proceed and to take advice on searching for, securing and preserving information, including documentary and electronic evidence and systems of all types.
   4. To determine whether or not specialist expert advice will need to be engaged.
   5. The matters reported constitute minor misconduct or other matters, which may be delegated for further investigation or management to other suitable managers using the appropriate Organisation policies and procedures. If this course of action is taken, the Director of Finance and the Organisation Secretary will retain overall oversight and may choose to take further formal action as evidence emerges.
   6. In the case of allegations against the Executive Director of Finance the Chief Executive and Organisation Secretary will meet to consider the most appropriate response. This meeting should usually take place within 24 hours of the incident being reported. The initial investigation will then cover the same points as detailed in paragraphs 2.5.2 (b) to (d).
   7. In the case of allegations against both the Executive Director of Finance and Chief Executive the Chair of Audit and Risk Committee, Chair of Council will meet to consider the appropriate response. This meeting should usually take place within 24 hours of the allegation being reported.

2.9 Further Formal Investigation

1. Where there is a case for further formal action or investigation, the Executive Director of Finance and/or Organisation Secretary will, as soon as reasonably practical, take steps to initiate a Formal Investigation. The Chief Executive and, if involving a member of staff, the Director of Human Resources, should be informed that this investigation is being carried out and should be kept appraised of its progress.
2. Under these circumstances, an individual, or group of individuals, should normally be advised of the concerns relating to them. Where those under suspicion are members of staff, the Disciplinary Policy should be adhered to.
3. At such time as an individual or group of individuals are advised of suspicions or allegations they will immediately be suspended and all access to internal files and papers (electronic and otherwise) will be disabled. Any prearranged meetings or tasks including planned visits to external locations should be reassigned to other staff. The Investigating Officer should seek advice on any such actions from the Director of Human Resources.
4. The Investigating Officer involved in the initial review shall, under normal circumstances, be requested to lead the formal investigation. The Executive Director of Finance/Organisation Secretary may consider appointing an external person to lead this work if it is more appropriate.
5. The Investigating Officer shall be provided with all assistance that he or she reasonably requires or requests including assistance with fulfilling their day-to-day duties which will be subordinated to the investigation.
6. The Investigating Officer may delegate tasks to other members of staff subject to ensuring that such members of staff maintain the confidentiality of the tasks assigned to them and, with the prior agreement of the Executive Director of Finance/Organisation Secretary wherever this prior agreement is practical to obtain.
7. The Investigating Officer will also consider whether external specialists are required to assist with the investigation such as forensic accountants or internal audit.
8. The Investigating Officer, as advised by the Organisation’s Director of Human Resources or where appropriate based on legal advice, may communicate with appropriate members of staff for the purposes of gathering information and evidence and will, unless it will compromise the investigation, consult relevant senior staff of the School/Professional Service whose area the issue under investigation has arisen, always ensuring the maintenance of confidentiality.
9. The Investigating Officer shall liaise with and take advice from the Director of Human Resources over all matters related to the rights of staff potentially affected by the investigation including the alleged perpetrator. They will also aim to minimise disruption to operational activities and routines.

2.10 Formal Investigation Report

1. A formal report of the investigation and key outcomes will be presented to the Executive Director of Finance/Organisation Secretary as a basis for their decision upon any subsequent actions including any formal Disciplinary Hearing.
2. Liaison with the Police and potential legal action.
3. The nature and timeline of any system review.
4. Liaison with the Chair of the Audit and Risk Committee and the requirement to formally notify OFS.
5. Any suspension of an individual suspected of fraud will be carried out in accordance with the Disciplinary Policy. If a case of fraud is proven, the Organisation will act accordingly, and disciplinary proceedings may lead to dismissal.
6. The Organisation will seek prosecution of any individual where a criminal offence has been committed and the evidence obtained is sufficient to achieve a criminal conviction. In addition, the Organisation will follow civil proceedings to recover money where appropriate.

2.11 Formal Reporting of Frauds

1. Any fraudulent activity will be reported on the fraud register irrespective of whether the Organisation suffered a financial loss.
2. The Organisation must report, without delay, any significant fraud (defined as those where the financial loss is over £25,000) or impropriety, to all of the following:
   • The chair of the Audit and Risk Committee
   • The chair of the Organisation Council
   • The Internal Auditors
   • The External Auditors
   • OFS as a ‘Reportable event’
3. The timing of such a report will depend upon the nature of the fraud and investigation. In all relevant cases, the Formal Investigation report should be summarised and provided to these individuals and bodies.

1) Audit and Risk Committee

It may be appropriate, subject to agreement with the Chair of the Audit and Risk Committee, to keep the Audit and Risk Committee itself appraised of an ongoing fraud investigation.

If this is the case, on completion of any Formal Investigation, a written report will be submitted to the Audit and Risk Committee containing:

a description of the incident, including the value of any loss, the people involved and the means of perpetrating the fraud the action that has been taken against the perpetrator(s) and the measures taken to prevent a recurrence; and, any action needed to strengthen future responses to fraud, with a follow-up report on whether or not the actions have been taken.

This report will normally be prepared by the Investigating Officer with external assistance where appropriate.

2) The Police

Consideration of whether and when to report an incident to the police will be taken by the Executive Director of Finance/Organisation Secretary and a report may be made at any stage during the investigation process.

Whilst reporting to the police of fraud or serious financial irregularity is likely to be the norm, depending on the nature of the incident, immediate reporting may not be appropriate until a body of material can be put before the police. It should be noted that under some types of insurance, a report to the police may be obligatory and this should be confirmed with finance.

The Investigating Officer shall liaise and co-operate with the police in any case where there has been a report to the police which the police decide to investigate.

All police contact, including the arrangement of visits by the police, shall be arranged through one of the Investigating Officer/Executive Director of Finance/Organisation Secretary unless otherwise delegated by them. Where the police ask to see members of staff or their work or records, the Director of Human Resources must first be involved before any visit is voluntarily agreed or arranged.

Where an information provider has approached the police directly, rather than the Organisation, with the report of a suspicion and the police contact the Organisation for further information, the enquiries should be referred to the Executive Director of Finance/Organisation Secretary before any further action is taken.

2.12 Managing Public Relations

Any requests for information from the press or anyone outside the Organisation concerning any investigation of irregularity must be referred directly to the Organisation Secretary. The advice of the External Communications team will be taken into consideration by the Organisation Secretary prior to issuing any statements. Under no circumstances should the Investigating Officer or other manager/employee provide statements to press or external persons.

2.13 Related Documentation

Finance Section:

Financial Regulations [Financial Regulations and Accounts section]

Anti-Bribery Policy (and guidance) [Financial Regulations and accounts section] ▪ Money Laundering Policy

Criminal Finance Act Policy

The following staff policies can be found on the HR Policies and Forms Pages:

Whistle-Blowing Policy

Disciplinary policy

Register of Interests, Gifts and Hospitality Policy (Declaration and Management of Conflicts of interest)

Appendices

Appendix 1: Guidance for Staff

Appendix 2: Guidance for Line Managers

Appendix 3–5: Flowcharts of Fraud Reporting and Investigation

Appendix 1: Guidance for Staff

Q. What should you do if you suspect a fraud?

• Do make an immediate note of your concerns. Make a note of all relevant details, such as what was said in telephone or other conversations, the date, time and the names of any parties involved.
• Do convey your suspicions to someone with the appropriate authority and experience, commencing with your line manager. If this does not lead to a satisfactory response, then consider escalating the concern. Tell the Executive Director of Finance. If it is believed that this post holder is involved or an alternative reporting route is preferred, the Organisation Secretary should be alerted.
• Do deal with the matter promptly. Any delay could cost the Organisation money or reputational damage. If in doubt, report your suspicions anyway.
• Do not be afraid of raising your concerns. Your concerns will be dealt with in confidence. You will not be ridiculed and will not suffer any recriminations as a result of voicing a reasonably held suspicion. The Organisation will treat any matter you raise sensitively and confidentially. We will ensure you receive appropriate support.
• Do not confront an individual or individuals with your suspicions and don’t accuse any individuals directly.
• Do not try to investigate the matter yourself. There are special rules surrounding the gathering of evidence for use in criminal cases. Any attempt to gather evidence by people who are unfamiliar with these rules may compromise the case.
• Do not tell anyone about your suspicions other than those with the proper authority. All reported frauds will be investigated and if appropriate the police may be involved.

Appendix 2: Guidance for Line Managers

Do be responsive to staff concerns.

The Organisation needs to encourage staff to voice any reasonably held suspicions as part of developing

an anti-fraud culture. As a manager you should treat all staff concerns seriously and sensitively.

Do note details.

Note all relevant details. Get as much information as possible from the reporting member of staff. If the staff member has made any notes, obtain these also. In addition, note any documentary evidence that may exist to support the allegations made. But DO NOT interfere with this evidence in any way.

• Do advise the appropriate person according to the Whistle-blowing policy available on the staff channel.
• Do deal with the matter promptly.

Any delay may cause the Organisation to suffer further financial loss or reputational damage.

Do not ridicule suspicions raised by staff.

The Organisation cannot operate effective anti-fraud and whistle-blowing policies if staff are reluctant to pass on their concerns to management.

• Do not approach or accuse any individuals directly.
• Do not convey your suspicions to anyone other than those with the proper authority.
• Do not try to investigate the matter yourself.

Remember that poorly managed investigations by staff who are unfamiliar with evidential requirements are highly likely to jeopardise a successful criminal prosecution.