Purpose and Scope
The University is committed to the proper use of funds, both public and private through the prevention of fraud and the promotion of an anti-fraud culture.
As a consequence, it is essential that everyone associated with the University - including Council members, staff, students, and third parties - are aware of the risk of fraud, corruption, theft and other activities involving dishonesty, in all its forms.
The University requires Council members, staff, students and its partners to act honestly and with integrity at all times by ensuring that their activities, interests and behaviours do not conflict with these obligations, regardless of their position and to report all suspicions of fraud. This policy gives guidance on how concerns should be raised, investigated and resolved.
Where justified, disciplinary and/or legal action will be taken against any individual or group who perpetrates any act constituting fraud against the University and all steps will be taken to recover any losses incurred.
This policy applies to all members of University staff and any individuals working with or for the University. This includes all external members of the University Council and its committees, other external members of University committees, external examiners and assessors, consultants and contractors, volunteers, Honorary staff and Emeritus Professors/Fellows.
Definitions
Fraud essentially involves using deception to dishonestly make a personal gain for oneself and/or create a loss for another.
There are three main offences under the Fraud Act 2006: fraud by false representation, fraud by failing to disclose information, and fraud by abuse of position and additional (less well known offences) such as: participation in a fraudulent business; obtaining services dishonestly; cheating the public revenue; false accounting; false statements by company directors; and fraudulent trading.
Additionally, under the Economic Crime and Corporate Transparency Act 2023, an organisation can commit an offence where an employee, agent, subsidiary or other “associated person” providing services for or on behalf of the University where the fraud was committed with the intention of benefiting the organisation or their clients. However, there is a defence where the University has reasonable procedures in place to prevent the fraud.
Roles and Responsibilities
University Council has responsibility for: Ensuring that the University has a robust and comprehensive system of risk management, control and corporate governance. This should include the prevention and detection of corruption, fraud, bribery and irregularities. They are responsible for setting, maintaining and communicating the University’s robust stance against fraud. They are also responsible for the University’s compliance with the Office for Students’ conditions of registration.
Audit and Risk Assurance Committee has Responsibility for: Overseeing and approving the institution’s policy on fraud, including being notified of any action taken under that policy (within the Annual Report on Financial Crime Prevention). Reviewing the assurance arrangements with respect to counter-fraud including through review of the Internal Audit Strategy & Plan.
The Standing Group for Financial Probity has responsibility for: Preparing an annual report to the University Executive Board on the implementation and monitoring of the Counter-Fraud Policies & Procedures and its proportionate risk-based procedures and its regular review of the associated risk assessment.
The Vice Chancellor & University Executive Board has responsibility for: Developing, implementing and maintaining adequate systems of financial management and internal control to prevent and detect fraud.
The Director of Finance has responsibility for: Ownership of Counter-Fraud Policy, Assessment of Allegation or Suspicion and Determination of Initial response (subject to the provisions outlined within the University’s Fraud Response Plan).
The Head of Internal Audit has responsibility for: developing fraud risk assessments and developing proportionate risk based prevention procedures.
Students, Staff and other related third parties are responsible for: being alert to fraud-related risks and reporting them as appropriate; maintaining and monitoring compliance with internal controls and agreed policies and procedures; immediately reporting details of any suspected fraud, whether by an employee or an external organisation, and assisting in the investigation of suspected fraud as well as attending relevant training and demonstrating a no tolerance approach to fraud.
Culture
The University is determined that the culture and tone of the organisation is one of honesty and an intolerance of fraud and corruption and that individuals act openly, honestly and responsibly.
The University's expectation on propriety and accountability is that students and members of staff at all levels act with integrity and lead by example in ensuring adherence to rules and that all procedures and practices are above reproach. The University also demands high standards from the individuals and organisations that it comes into contact with and that they act with integrity.
The staff and students of the University are a critical element in its stance on fraud and corruption and they are positively encouraged to raise any concerns that they may have on these; including, where appropriate under the University’s Public Interest Disclosure (Whistleblowing) Policy. Such concerns can be raised in the knowledge that they will be treated in confidence and properly investigated.
Where any fraud is committed against the University, consideration will always be given to prosecuting the person/organisation responsible through all criminal and/or civil means available. The University will follow disciplinary procedures against any member of staff or student who has committed fraud.
Risk assessments
The University will aim to have a fraud risk assessment covering all activities which is documented and kept under review as a fraud risk register. All employees should be alive to potential fraud risk and notify relevant matters to the Head of Internal Audit for inclusion in the fraud risk assessment. Individuals should consider the “fraud triangle”, namely, opportunity, motive and rationalisation. They should also be aware that fraud risk increases during emergency periods. The risk register must be kept under review (at least every two years) and will be used to inform proportionate risk-based prevention procedures and develop action plans to mitigate risks where appropriate. Any decision made not to introduce measures in relation to identified risks should be reviewed and authorised appropriately. This will be periodically reviewed by the Standing Group for Financial Probity and the Audit & Risk Assurance Committee.
Prevention & Detection
The University is committed to reducing the opportunity for fraud associated with any of its activities, operations and locations to the practical minimum and to the robust investigation of any fraud issues that should arise.
All staff are responsible for proactively considering ways in which fraud can be prevented; in which the motive for committing fraud can be reduced; and for assisting in investigations so that there are consequences when fraud is committed. The University recognises the importance of prevention and considers carefully when to carry out additional due diligence or vetting; carrying out appropriate training; and using appropriate technological tools to aid detection of fraud.
Fraud should be minimised through usefully designed and consistently operated management procedures which deny or restrict opportunities for fraud. In particular financial systems and procedures take into account the need for internal check and internal control and staff are required to receive training in the operation of all systems. Additionally, the possible misuse of information technology is managed through the management of physical access to terminals and protecting systems with electronic access restrictions.
Council, its Committees and senior managers are expected to act and lead with integrity and comply with relevant policies and procedures Employees are expected to follow the University’s ethical framework and relevant policies and procedures.
The University's Audit and Risk Assurance Committee provides an independent and objective view of internal controls by overseeing Internal and External Audit Services, reviewing reports and systems and procedures and ensuring compliance with the University's Financial Regulations and the requirements of the Office for Students (OfS).
The review of the University's systems by Internal Auditors is designed to deter attempted fraud and should result in continuous improvements in control. The risk of fraud is a factor in all audit plans and in particular the frequency of audits. The External Auditor's reviews of financial checks and balances and validation testing provides a further deterrent to fraud and advice about system development/good practice.
All internal management systems are designed with detective checks and balances in mind and this approach is applied consistently utilising wherever possible the expertise and advice of the University's Auditors. The approach includes the need for segregation of duties, reconciliation procedures, the random checking of transactions and the review of management information including exception reports.
The University views its preventative measures by management, coupled with sound detective checks and balances, as its first line of defence against fraud. Audit activity is however an important defence mechanism also and Auditors may be required to use special techniques on occasions to identify fraudulent transactions.
Training
The University has a commitment to ensuring that the appropriate staff have a good understanding of the University’s policy and procedures with respect to fraud, particularly those in senior or high risk roles. In response, a training approach will be adopted with respect to University’s counter-fraud approach.
Reporting fraud
Where there is suspicion that fraud or corruption has occurred, or is about to occur, then it is essential that the appropriate person within the University is contacted immediately. As documented within our University’s Fraud Response Plan, any person that has reason to believe that a fraud or suspected fraud has taken place, is required to inform their Head of Department and the Internal Auditor immediately. The Head of Department will in turn notify the Director of Finance. If it is suspected that the Head of Department is involved in the fraud, the matter should be notified to the Director of Finance and Internal Auditor directly. Alternatively, if deemed appropriate, frauds and suspected frauds can be reported through the University’s Public Interest Disclosure Policy which handles whistleblowing allegations.
In the event of a fraud, all staff are advised as follows
- Do report your concerns, as above; reports will be treated as confidential
- Do persist if your concerns remain
- Do retain or copy any relevant document(s). This holds documents for use in any subsequent investigation and avoids any documents being accidentally - or deliberately – destroyed
- Do be cautious about communications, ensuring that all communications is confined tightly and kept with appropriate individuals
- Don’t be afraid to seek advice from an appropriate person
- Don’t confront an individual or individuals with your suspicions
- Don’t discuss your concerns with colleagues or anyone else other than an appropriate person
- Don’t contact the police directly - that decision is the responsibility of the appropriate person and other senior University officers (with due acknowledgement of the notifications under the Public Interest Disclosure Policy)
- Don’t under any circumstances suspend anyone if you are a line manager without direct advice from Human Resources and other appropriate person(s)
Common types of Fraud
These can include but are not limited to:
Student and student recruitment related fraud
- Fraudulent admissions documentation
- Identity fraud related to assessment
- Recruitment agents fraudulently misleading applicants
Academic, Teaching & Research
- Unauthorised academic consultancy or equivalent
- Unauthorized use of university equipment or space
- Plagiarism or Fraud associated with research
Fraud involving cash, physical assets or confidential information
- Theft or unauthorised removal of University property
- Unauthorised disclosure of confidential information
Finance and Procurement fraud
- Submission of personal or non-business related expenses
- Identity theft where staff are persuaded to reveal login and passwords details
- Attempting to change bank account details of suppliers and payees
- False Accounting and intentional bypassing of university Financial regulations
- Collusion with suppliers and manipulation of percentage complete schedules
- Diverting goods or services for personal use
Information Technology Fraud
- Ransomware and phishing attacks
- Fraudulent access or abuse of access to university systems
- Impersonation of University or key university contacts
Senior Staff fraud
- Fraudsters impersonating senior staff to bypass university controls.
- False reporting of University performance to third parties
Payroll fraud
- Unauthorised changes to HR or payroll system
- Inputting incorrect details in e.g. hours worked
- Dummy or ghost employees
- Faking self-certified / doctors’ sick notes
Fraudulent claims
- Mileage
- Personal use
- Falsifying or manipulating receipts
- False / duplicate expense claims
- Falsifying applications for research grant funding
Related Policies & Procedures
The following policies are associated with our counter-fraud, bribery and corruption University response: