Policy statement on fraud - prevention and investigation

The University requires staff at all times to act honestly and with integrity and to safeguard the institutional resources for which they are responsible.

The University is committed to ensuring that opportunities for fraud and corruption are reduced to the lowest possible level of risk and has robust mechanisms for prevention and detection. Consequently all cases of fraud, or attempted fraud, will be thoroughly and promptly investigated. Where appropriate, legal and/or disciplinary action will be taken.

Definition

No precise legal definition of fraud exists; many of the offences referred to as fraud are covered by the Theft Acts 1968 and 1978. The term is used to describe such acts as deception, bribery, forgery, extortion, corruption, theft, conspiracy, embezzlement, misappropriation, false representation, concealment of material facts and collusion. Legally fraud may also be categorised as the invasion of a right not to be deceived, or of a right to property.

For practical purposes fraud may be defined as the use of deception with the intention of obtaining advantage, avoiding an obligation, or causing loss to another party. Fraud can be perpetrated by persons outside as well as inside an organisation. The criminal act is the attempt to deceive; attempted fraud will therefore be treated as seriously as accomplished fraud.

Computer fraud is where information technology equipment has been used to manipulate programmes or data dishonestly (e.g. by altering, substituting or destroying records or creating spurious records), or where the use of an IT system was a material factor in the perpetration of fraud. Theft or fraudulent use of computer time and resources is included in this definition.

Institutional controls

Specific responsibilities for the management of systems of fraud control are as follows:

The Director of Finance and the staff of the Finance Office are responsible for:

• the design and efficient operation of the University's internal financial procedures and controls, including their review in the light of reported frauds
• policy on fraud prevention
• inventory control and physical security of the University's assets
• providing material assistance in the investigation of fraud and suspected fraud
• liaison with the external auditors about issues relating to fraud and fraud prevention

The internal auditors are responsible for:

• advice and assistance on control issues as necessary;
• reviewing systems for the control, prevention and detection of fraud;
• investigation of fraud within the University at the request of the Court or senior management.

Responsibilities of individual members of staff

As stewards of University resources, employees are expected to have high standards of personal integrity and honesty. Employees must not only be honest in fact, but must also not lay themselves open to suspicion of dishonesty or perception of conflict of interest and/or of impropriety.

Every member of staff is responsible for:

• acting with regularity and propriety in use of University resources and in the handling and use of University funds, whether the involvement is with cash or other forms of payment, receipts, or dealing with contractors and suppliers;
• being alert to the possibility that unusual events or transactions could be indicators of fraud;
• reporting details immediately to their line manager if they suspect that a fraud or irregularity has been committed or see any suspicious acts or events;
• co-operating fully with University employees or agents conducting internal checks or reviews or fraud investigations.

All staff should feel free to bring to management's attention areas of weakness they have identified in the procedures they use, which could allow opportunities for fraud, and to suggest improvements to these procedures to reduce the possibility of fraud.

It is in the interests of the whole University community that individuals should feel able to come forward if they suspect that a fraud has been, or is being, committed. For this reason such approaches can be made in confidence within the framework of the University's Code on Public Interest Disclosure (Whistleblowing), where there is more detailed guidance on how staff can raise concerns about fraud or other malpractice. All reported suspicions will be investigated.

Employees with managerial responsibility are also responsible for:

• identifying the risks to which systems and procedures are exposed;
• ensuring that an adequate system of internal control exists within their area of responsibility to minimise the identified risks and that controls operate effectively and are complied with.

Managers have a prime role in the prevention of fraud because the effective enforcement of the University's controls falls largely on them. Fraud prevention is a component of risk management: managers should pay greatest attention to those areas where they perceive the greatest risk of fraud lies and ensure that controls in these areas are robust.

In practice fraud occurs because of weaknesses in control - either control processes are absent, or inappropriate, or they are not complied with. The greatest single cause of fraud is failure to observe existing control procedures. The simplest and best way of preventing fraud losses is by ensuring that all the prescribed University controls are understood and enforced by all relevant staff.

Managers should seek to reduce the risk of fraud by ensuring that:

• undue reliance on specific individuals is avoided - this can be mitigated by job rotation so that more than one member of staff becomes proficient in a particular role;
• the necessary supervisory procedures and checks are carried out;
• internal control instructions and reference documents are up to date;
• staff are adequately trained for the role they perform;
• the segregation of duties is not compromised during staff vacancies or absences.

The Director of Finance can provide assistance to those line managers who require guidance in this area.

Investigation of suspected fraud and disciplinary action

Suspected cases of fraud should normally be reported to the Secretary of the University, particularly if disclosure is being made under the protection of the Whistleblowing Code. Indications of fraudulent activity may include failure to adhere to, or improper use of, systems or control procedures. In some circumstances staff who suspect fraud may wish to report this in the first instance to their line manager for verification or a second opinion. Ultimately, however, all instances of fraud, real or suspected, must be reported to an appropriate authority (normally the Secretary).

The Secretary is responsible for ensuring that, unless there is prima facie evidence of fraud, a full and prompt investigation is carried out, either by another officer of the University or, more usually, by the internal auditors. The Secretary will report the fact of the investigation immediately to the Convener of the Audit Committee and to the Principal, as Accounting Officer. The outcome of the investigation will be reported to the Audit Committee (including the internal and external auditors), the Principal and the Chairperson of Court. Significant fraud, if substantiated, will also have to be reported to the Scottish Funding Council.

Under the terms of the University's disciplinary procedures, theft or fraud and deliberate falsification of records (including travel and subsistence claims and time sheets) are normally regarded as gross misconduct and may lead to summary dismissal if the University is satisfied that such an offence has occurred.

The University's policy generally in relation to fraud or suspected fraud, whether perpetrated by staff or others outside the University, is to report the matter to the police at the earliest opportunity. The University will co-operate fully with police enquiries, which may result in prosecution of the offender(s). Attempts will be made to recover any losses resulting from the fraud.

The University will also consider whether there has been any failure of supervision and, if this is the case, whether appropriate disciplinary action should be taken against those staff responsible.