Fraud Response Plan

1.1 - The purpose of the Fraud Response Plan is to support the Chief Financial Officer by defining authority levels, responsibilities and reporting lines in the event of a suspected fraud or corruption in line with the Fraud Response Plan.

1.2 - As detailed in the Fraud Policy Statement all actual or suspected incidents must be reported without delay to the Chief Financial Officer or in his absence to the Deputy Director of Finance.

1.3 - The Chief Financial Officer must immediately advise the Registrar and Secretary and Director of People Services of the incident(s.) A meeting of the three officers (the Fraud Group) will be held within 24 hours to decide on the action to be taken.

1.4 - In the event of one of the three officers being accused of fraud, the provost or Deputy Vice-Chancellor will be appointed to replace that officer on the Fraud Group.

1.5 - The Chief Financial Officer will advice the Vice-Chancellor & Chief Executive of the incident(s) and the action to be taken by the group. The action taken could result in an independent investigation being commissioned through the special engagement of the University's Internal Auditors (currently BDO).

1.6 - the audit investigation must ensure that the current and future interests of both the University and the suspected individuals are protected (suspicion should not be implied to mean guilt until proven)

1.7 - The University undertakes to protect the identity of notifying employees and not to release the source of information at any time during the investigation unless required to do so.

2.1 - Where the initial investigation provides reasonable grounds for suspecting a member or members of staff of fraud, the Fraud Group will decide how to prevent further loss. This may require suspension of an employee therefore the timing of suspension would need to be carefully timed to prevent evidence being destroyed.

2.2 - In these circumstances the suspect must be:

• approached unannounced
• allowed to collect personal belongings under supervision but should not be able to remove any property belonging to the University of access a computer
• asked to handover security passes and keys to premises, offices and furniture
• laptops, computers and associated items must also be returned
• supervised at all times before leaving the premises

2.3 - The University's security officer should be advised on the best means of denying access to the University whilst suspects remain suspended.

2.4 - Similarly the Head of IT Operations should be instructed to immediately withdraw access permissions to the University's computer systems.

2.5 - The University's Internal Auditors should consider the necessity of systems investigation.

3.1 - A major objective in any fraud investigation will be the punishment of the perpetrators to act as a deterrent to other personnel.

3.2 - Where significant fraud is suspected the Fraud Group must advise the Vice-Chancellor and Chief Executive of the proposed action.

3.3 - The Chief Financial Officer should seek advice from the Insurance and Business Continuity Manager regarding insurance notification to ensure that the insurance policy conditions are observed. In particular it is a condition that the insurer is notified as soon as is practicable after the discovery of fraudulent activity.

3.4 - The University's Internal Auditors will consider whether it is necessary to investigate systems (other than that which has given rise to the suspicion) through which the suspect may have had opportunities to misappropriate the University's assets.

3.4 - Where disciplinary action is required Director of People Services must advise on how to proceed.

3.5 - The Fraud Group must arrange for the police to be informed and where necessary solicitors to be instructed. The University will provide full cooperation in the prosecution of the individuals.

3.6 - The University's Internal Auditors must:

• maintain familiarity with the University's disciplinary procedures to ensure that evidence requirements will be met during any fraud investigation
• establish and maintain contact with the police(with agreement of the Group)
• ensure that audit staff involved in any fraud investigation are trained in the evidence rules for interviews under the Police and Criminal Evidence Act
• ensure that those involved in any fraud investigation are made aware of and follow rules on the admissibility of the documentary and other evidence in criminal proceedings
• where it is decided not to involve the police then the Chief Financial Officer will prepare a report for Audit Committee detailing the reasons for the decision

4.1 - Where a significant fraud is suspected the Vice-Chancellor and Chief Executive must write to HEFCE setting out the details of the fraud.

4.2 - Significant fraud or irregularity is defined be HEFCE Memorandum of Assurance and Accountability (July 2017/18) as where the value of the loss is in excess of £25,000.

5.1 - Recovering losses is a major objective of any fraud investigation. The Chief Financial Officer will ensure that in all fraud investigations the amount of any loss will be quantified. Repayment of any such losses and associate costs will be sought in all cases.

5.2 - Where it appears the loss may be substantial (i.e. %3,000 or more) the Legal Services should be contacted to consider whether external legal advice is required.

5.3 - The Chief Financial Officer will liaise with the Insurance and Business Continuity Manager regarding documentary evidence required by the University's insurers in order to formulate a claim. This must be actioned within three months of first notifying the insurer of the fraud or suspected fraud.

6.1  The University requires that any request for a reference for a member of staff who has been disciplined or prosecuted for fraud must be referred to the Director of People Services.

7.1 - Any incident involving significant fraud must be reported by the Group without delay to the:

• Vice-Chancellor & Chief Executive
• Internal Audit Partner
• Chair of Council
• Chair of Audit Committee

7.2 - Similarly any variation from the approved Fraud Response Plan together with reasons for the variation must be reported promptly to the Chair of Audit Committee.

7.3 - Further updates (frequency to be defined depending upon the nature of the fraud) will be produced. The scope of the report must include:

• quantification of losses identified
• progress with action for recovery of losses
• progress with disciplinary action
• progress with criminal action
• estimate of resources required to conclude the investigation
• actions taken to prevent and detect similar items.

7.4 - A final report must be produced once the independent investigation is completed. This will represent the definitive document on which management (in a disciplinary situation) and possibly the Police (in a criminal situation) will base their decision. The Report must include:

• how the investigation arose
• who the suspects are
• the position of the suspects in the University and their responsibilities
• how the investigation was undertaken
• the facts and evidence which were identified
• summary of findings and recommendations both regarding the fraud itself and any additional work required on the system weaknesses identified during the investigation.

8.1 - All special investigations will normally be led by the University's Internal Auditors. The work will be commissioned by the Fraud Group and the Auditors must report to the Chief Financial Officer on a day to day basis.

8.2 - Special investigations must not be undertaken by management although management must cooperate with requests for assistance from the Internal Auditors.

8.3 - Should a special investigation require the use of technical expertise which the Internal Auditors do not posses the Fraud Group may approve the appointment of external specialists to lead or contribute to the special investigation.

8.4 - On completion of a special investigation a written report must be submitted to the Audit Committee containing:

• description of the incident(s) including the value of any loss, the people involved and the means of perpetrating the fraud
• the measure taken to prevent a recurrence
• action needed to strengthen future responses to fraud with a follow up report on whether any actions have been taken.

8.5 - This report will normally be prepared by the University's Internal Auditors in conjunction with the Chief Financial Officer.

9.1 - This plan and the Fraud Policy Statement will be reviewed annually by the Chief Financial Officer or after each use to ensure hey remain fit for purpose.

9.2 - Before being implemented any proposed amendments must be first approved by Audit Committee.