Fraud/anti-fraud and corruption policy
This Policy should be read in conjunction with the Code of Conduct applying to employees and lay members of Council (see below). The Code relates to Conduct with regard to both financial and non-financial matters. Breaches of the Code by employees may result in disciplinary action being taken in accordance with the various Conditions of Service.
The University expects all employees to conduct themselves at all times having regard to the very highest standards of conduct, probity and confidentiality.
The University Council has taken reasonable steps to ensure that there are appropriate financial and management controls in place to safeguard University funds and assets and to prevent and detect fraud and corruption.
The University will fully investigate any allegations of fraud and corruption as soon as the allegation is notified in accordance with the procedures detailed below in 5.
If an employee suspects that improper, fraudulent or corrupt behaviour has occurred within the University, the following procedures should be undertaken (it is to be emphasised that the identity of the individual will be kept confidential so long as it does not hinder any subsequent investigation).
An immediate note should be made by the employee of the concerns; all relevant details of conversations, dates, times and names should be noted.
Other than in the circumstances noted in d) below, in order to ensure that the University does not suffer any loss of any nature, full details of the matter, including notes, should be reported without delay to the Registrar. He/she will decide on the appropriate investigation or action that should be taken.
Any allegations of wrongdoing made against an employee or employees of the University will be investigated and dealt with under the established disciplinary procedures approved by Council.
Any allegations of wrongdoing made against a student or students of the University will also be dealt with under the established disciplinary procedures.
Any allegations relating to an individual’s financial conduct will be reported without delay to the Director of Finance. He/she will then decide on the most appropriate action to be taken in order to reduce the possibility of any financial loss to the University. He/she will also instruct the University’s Internal Auditors to carry out an investigation and to report subsequently to the Audit Committee. See appendix A for detailed response plan.
Where for whatever reason the employee making an allegation considers it inappropriate to follow the procedure above, the matter should be reported directly to the Vice-Chancellor or Chair of Council as appropriate. Such allegations might be in respect of the behaviour of a senior officer of the University, a lay member of the governing body or about the propriety of a committee or other collective decision. An employee may use this route if they are concerned that use of the above procedures may jeopardise their position within the institution.
In any case where an allegation has been made, the person to whom the allegation is reported should make a record of its receipt and of what subsequent action is taken. Any allegation made under this procedure will be the subject of a preliminary investigation either by the person to whom the allegation is made, or more usually by a person or persons appointed by him/her. The allegation shall be reported in confidence to the Audit Committee at the commencement of the investigation and the results reported to them at its conclusion.
Where no investigation is carried out, and the allegation is effectively dismissed, the person making the allegations shall be informed and given the opportunity to remake the allegation to some other person or authority within the University, if he or she is unsatisfied with the decision.
Where an allegation is dismissed after an investigation, the person or persons against whom the allegation is made will be told of the allegation, the evidence supporting it and be allowed to comment before the investigation is concluded and a report made to the Audit Committee. The Audit Committee should satisfy itself that there is no case to answer and report their findings and reasons to the complainant.
Any person making any allegation shall be guaranteed that the allegation shall be regarded as confidential to the receiver and, in the case of c) above, the Director of Finance, until an investigation is launched. Thereafter the identity of the person making the allegation may be kept confidential, if requested, unless this is incompatible with a fair investigation, or if there is an overriding reason for disclosure (for example, if police involvement is required).
Provided the allegation has been made lawfully, without malice and in the public interest, the employment position of the person will not be disadvantaged for reasons of making the allegation.
Approved - 31/01/2007
Revised 31/12/2020
Next revision - Dec 2025
Appendix A - Fraud Response Plan
Initiating action
Suspicion of fraud or irregularity may be captured through a number of means, including the following:
- requirement on all personnel under financial regulations to report fraud or irregularity to the Director of Finance
- public interest disclosure procedure (‘whistle-blower’s charter’)
- planned audit work
- operation of proper procedures.
All actual or suspected incidents should be reported without delay to the Director of Finance. Director of Finance should, within 24 hours, hold a meeting of the following project group to decide on the initial response:
- Registrar and Secretary (chair)
- Director of Human Resources
- Director of Finance.
The project group will decide on the action to be taken. This will normally be an investigation, led by internal audit. The decision by the project group to initiate a special investigation shall constitute authority to internal audit to use time provided in the internal audit plan or contingency time, or to switch internal audit resources from planned audits.
Should the Director of Finance be suspected of fraud or irregularity the matter should be reported without delay to the Registrar and Secretary, who would then be responsible for convening the above meeting without the Director of Finance.
Prevention of further loss
Where initial investigation provides reasonable grounds for suspecting a member or members of staff of fraud, the project group will decide how to prevent further loss. This may require the suspension, with or without pay, of the suspects. It may be necessary to plan the timing of suspension to prevent the suspects from destroying or removing evidence that may be needed to support disciplinary or criminal action.
In these circumstances, the suspect(s) should be approached unannounced. They should be supervised at all times before leaving the University’s premises. They should be allowed to collect personal property under supervision, but should not be able to remove any property belonging to the University. Any security passes and keys to premises, offices and furniture should be returned.
The head of security should be required to advise on the best means of denying access to the University, while suspects remain suspended (for example by changing locks and informing security staff not to admit the individuals to any part of the premises). Similarly, the head of computing services should be instructed to withdraw without delay access permissions to the University’s computer systems.
Internal audit shall consider whether it is necessary to investigate systems other than that which has given rise to suspicion, through which the suspect may have had opportunities to misappropriate the University’s assets.
Establishing and securing evidence
The University will follow disciplinary procedures against any member of staff who has committed fraud. The University will normally pursue the prosecution of any such individual.
Internal audit will:
- maintain familiarity with the University’s disciplinary procedures, to ensure that evidence requirements will be met during any fraud investigation
- establish and maintain contact with the police, following approval from the Vice-Chancellor
- establish whether there is a need for audit staff to be trained in the evidence rules for interviews under the Police and Criminal Evidence Act
- ensure that staff involved in fraud investigations are familiar with and follow rules on the admissibility of documentary and other evidence in criminal proceedings.
Notifying the HEFCE
The circumstances in which the University must inform the HEFCE about actual or suspected frauds are detailed in the HEFCE Code of Practice: Accountability and Audit as below. The Vice-Chancellor is responsible for informing the HEFCE of any such incidents.
Each HEI’s management is responsible for the prevention, detection and investigation of irregularities, including fraud and corruption. To discharge this responsibility, management should ensure that an adequate system of internal control is operated. It is not a primary function of internal audit to detect fraud. However, the work of the internal audit service, in reviewing the adequacy and effectiveness of the internal control system, should help management to prevent and detect fraud. The internal audit service should ensure that it has the right to review, appraise and report on the extent to which assets and interests are safeguarded from fraud. When internal auditors suspect fraud, or are carrying out a fraud investigation, it is important to safeguard evidence. They should assess the extent of complicity to minimise the risk of information being provided to those involved, and the risk of misleading information being obtained from them.
Internal auditors should report serious weaknesses, significant fraud or irregularity, or major accounting breakdowns to the designated officer without delay. (Paragraph 34 gives guidance on what is significant.) The designated officer must then inform the chair of the audit committee, the chair of the governing body and the HEFCE accounting officer of such matters without delay. If he or she refuses to do so, then the internal auditor must report to them directly.
The HEI should ensure that the internal auditor is informed, as soon as possible, of all attempted, suspected or actual fraud or irregularity. The internal auditor should consider any implications in relation to the internal control system, and make recommendations to management, as appropriate, to strengthen the systems and controls.
Recovery of losses
Recovering losses is a major objective of any fraud investigation. The internal auditor shall ensure that in all fraud investigations, the amount of any loss will be quantified. Repayment of losses should be sought in all cases.
Where the loss is substantial, legal advice should be obtained without delay about the need to freeze the suspect’s assets through the court, pending conclusion of the investigation. Legal advice should also be obtained about prospects for recovering losses through the civil court, where the perpetrator refuses repayment. The University would normally expect to recover costs in addition to losses.
References for employees disciplined or prosecuted for fraud
Any request for a reference for a member of staff who has been disciplined or prosecuted for fraud shall be referred to the Director of Human Resources who shall prepare any answer to a request for a reference having regard to employment law.
Reporting to governors
Any incident matching the criteria in the HEFCE Audit Code of Practice (as in paragraph 12 above) shall be reported without delay by the Vice-Chancellor to the chairs of both the council and the audit committee.
Any variation from the approved fraud response plan, together with reasons for the variation, shall be reported promptly to the chairs of both the governing body and the audit committee.
On completion of a special investigation, a written report shall be submitted to the audit committee containing:
- a description of the incident, including the value of any loss, the people involved, and the means of perpetrating the fraud
- the measures taken to prevent a recurrence
- any action needed to strengthen future responses to fraud, with a follow-up report on whether the actions have been taken.
This report will normally be prepared by internal audit.
Reporting lines
The project group shall provide a confidential report to the chair of council, the chair of audit committee, the Vice-Chancellor and the external audit partner at least monthly, unless the report recipients request a lesser frequency. The scope of the report shall include:
- quantification of losses
- progress with recovery action
- progress with disciplinary action
- progress with criminal action
- estimate of resources required to conclude the investigation
- actions taken to prevent and detect similar incidents.
Responsibility for investigation
All special investigations shall normally be led by internal audit. Special investigations shall not be undertaken by management, although management should co-operate with requests for assistance from internal audit.
Some special investigations may require the use of technical expertise which internal audit does not possess. In these circumstances, the project group may approve the appointment of external specialists to lead or contribute to the special investigation.
Code of Conduct for Employees, Lay members of Council and Committees
1. Introduction
黑料网 (the University) is committed to high standards of openness, professional conduct, behaviour, integrity, inclusion and accountability. It is essential that stakeholders and the public have confidence that the University maintains the highest standards of conduct in its operation. It is therefore the responsibility of every individual acting in an official capacity for the University to monitor, regulate and reflect on their behaviour, ensuring it is acceptable in accordance with this code and other University policies and procedures (see below).
2. Summary
The Code of Conduct (the Code) provides anyone acting in an official capacity on behalf of the university with guidelines as to what is expected of them whilst doing so. Anyone in scope of the code should read and apply it in conjunction with any other policies and procedures listed below and/or rules/regulations specific to their School or Professional Service. It is the responsibility of anyone acting in an official capacity for the University to read the Code and conduct themselves appropriately in accordance with it. It is designed to encourage us all to consider our own actions in the context of the University community.
3. Scope
The Code applies to all members of staff of the University, as well as external committee members, consultants, honorary appointments, volunteers, wardens/sub-wardens and any other person appointed or engaged to perform duties or functions on behalf of the University. Failure to adhere to the code may result in an investigation under the disciplinary procedure, or other appropriate action.
4. Other policy considerations
It is important to note that this Code should be read and adhered to in conjunction with the following University policies, as these also make reference to standards of conduct:
Anti-bribery policy | Anti-fraud and corruption policy |
Anti-money laundering policy | Business travel and expenses policy |
Conditions of service | Conflict of interest policy and procedure |
Copyright policy | CCTV Code of Practice |
Data protection policy | Disciplinary policy and procedure |
Drug and alcohol misuse policy (when agreed) | Equality and diversity – legal requirements |
Financial regulations | Freedom of information policy |
Grievance procedure | Harassment and bullying policy |
Information governance policy | Information security policy |
IT acceptable use policy | Management of mental well-being policy |
Management of information security incidents | Mobile working policy |
People strategy | Personal relationships policy (when agreed) |
Policy on the management of user access to information | Research staff employment code of practice |
Safeguarding policy | Sickness absence policy and procedure |
Smoking policy | Social media policy (when agreed) |
Software policy | University Ordinances |
Whistleblowing policy and procedure |
All policies are available on the University’s policy gateway.
Please note that this list is subject to change in line with regular policy reviews.
5. Responsibilities
Anyone acting in an official capacity for the University has a responsibility to promote a culture where everyone is treated with respect and dignity. The University promotes the following workplace values through its People Strategy:
- Respect each other and celebrate our diversity
- Recognise and reward excellence in our staff for their contribution and commitment
- Be inclusive and value the views of our staff, students, alumni and partners
- Respect the communities and environments in which we operate
- Work together as a team with professionalism and integrity
- Take pride in being the very best we can be
Managers should ensure that all new employees are provided with a copy of the Code as part of their induction programme. In addition, managers must take appropriate action at the earliest opportunity to address any non-compliance with the standards of the Code using the most appropriate University policy in the circumstances of each case.
It is important to note that the responsibilities contained within the Code are not exhaustive and cannot cover all circumstances. Users of the Code should always seek to observe it and associated policies, but if there is any doubt, they should seek the advice of their manager.
5.1 Respect for others
The University is committed to creating an environment where everyone is treated with dignity and respect, having regard to people’s different needs, attitudes and lifestyles. You should therefore be mindful of any behaviour that may inadvertently intimidate or offend others . Discriminatory behaviour will not be tolerated and will be dealt with accordingly.
5.2 Complying with Legislation and professional practice
At all times, you must protect the legality of the University by complying with relevant legislation. Further information can be found on the University’s website and within Schools/Professional Services.
If you are a member of a professional institute or association then you are also obliged to comply with, and will be held to, any professional code and/or standards of practice pertaining to that organisation. This will only apply in circumstances where it impacts on the work undertaken for the University, for example, a member of the Association for Coaching.
5.3 Standards of dress
You should ensure that you are suitably dressed for your duties and responsibilities, including wearing appropriate safety clothing and equipment where required. Should you be unsure what constitutes appropriate dress, you should contact your manager for guidance. Religious and cultural dress may be worn within the workplace. However, health and safety considerations must take precedence in cases where the wearing of such dress would heighten a health and safety risk to yourself or others.
Where there is a requirement for you to wear a uniform, it will be provided for you. It will form a condition of your employment and you must wear the uniform provided. If your role requires you to wear a branded uniform, you should be aware of your behaviour when not on official University duty. For example, wearing it off campus or travelling to/from work, due to the potential for certain behaviours to bring the University into disrepute by being able to directly associate you with it via your uniform. This also extends to the display of an identification card and/or name badge when you are not on official University duty. However, the University will seek to understand such circumstances and will react reasonably. For example, if an employee has a dispute with a neighbour who subsequently reports them to the University, all of the facts will be reviewed and each case will be dealt with on an individual basis.
5.4 Security and identification
To prevent security breaches, the University issues an identification card to all employees, whether they are University employees or employees of other partners based on campus. Please ensure that you always have your ID card with you and, if asked, show it to confirm your identity. It is important that you do not allow anyone else to use your ID.
5.5 Contractors and volunteers
Due to the nature of our organisation and the work that we do, we sometimes depend on the services of contractors and volunteer staff. If you are responsible for contractors or volunteers, you should ensure that they are aware of this code and that they abide by the standards contained herein.
6. Potential conflicts of interest
Your life away from work is normally your personal concern. You should not, however, put yourself in a position where your job, or the University’s interests and your own personal interests conflict. This includes behaviour which would undermine the University’s confidence or trust in you. For example, inappropriate posts on social media could damage the University’s reputation.
6.1 Social Events
It is important that you are mindful of your conduct at any social event where you could be linked to the University. For example, a Christmas party where the University’s name has been included at the time of booking or a social gathering as part of a conference where you are representing the University. In such instances, any unprofessional behaviour (sometimes only through perception) could bring the University into disrepute and action may be taken as if the situation had occurred on University premises within work hours. Examples of such behaviour may include, but not limited to:
- Physical violence or bullying.
- Theft.
- Unlawful discrimination.
- Causing loss or damage through negligence.
- Serious health and safety violations.
6.2 Membership of organisations
If you are a member of any organisation which has the potential to impact on your work or professionalism, or bring the University into disrepute, you should declare this to your manager who will consider any implications. Examples of such organisations would be those exempted by Article 11 (the right to freedom of assembly and association) of the Human Rights Act 1998 and pose a threat to:
- National security.
- Public safety.
- The prevention of disorder or crime.
- The protection of health or morals.
- The protection of the reputation or rights of others.
- The prevention of the disclosure of information received in confidence.
You should not become a member of any organisation that has been banned by the U.K. Government. For example, proscribed terrorist organisations as detailed by the Government.
7. Disclosure of criminal convictions
Employees must disclose to their manager, at the earliest possible stage, any involvement with the police which results in their arrest, charge, summons, fixed penalty notices (excluding minor driving offences), reprimands or cautions being issued or if they are convicted or if any court orders or injunctions are issued against them. You will also be required to declare driving offences (including speeding and failing to stop at a traffic signal) if your post includes driving as an essential requirement of the role. All convictions will be considered in line with the provisions set out in the Rehabilitation of Offenders Act 1974. The bearing of the offence on your employment will be fully and objectively considered and, if necessary, an investigation may be carried out. Appropriate action will then be taken based on the outcome of this investigation. Should you be arrested, there is an expectation that you provide the Police with full details of your role at the University. Additionally, should you have any involvement with the Police, there is an expectation that you will inform your line manager so the requisite risk assessment can be undertaken.