1 Fighting fraud: embedding ownership
1
Fighting fraud:
embedding
ownership
2
PARTICIPATE IN Q&A• Download the IIA Conferences App to
participate in Q&A during select
sessions
• Select the session through the
schedule icon
• Submit your questions for the session
or to specific presenters by selecting
the ASK icon
• Ask a member of the Conference Staff
if you need assistance
• You can also go to https://ic.cnf.io/ from
your mobile device web browser
3
Steve Stanbury
I am the Director of Internal Audit at City, University of London since March 2008,
having previously worked as a Senior Audit Manager within Deloitte, PSIA with a focus
on the public sector.
Over 18 years of experience in internal audit, risk management and corporate
governance. In my previous role, I was involved in managing outsourced internal audit
functions within the higher education sector, housing sector and within central
government.
An audit committee member for Goldsmiths, University of London and the Chartered
Institute of Internal Auditors (UK and Ireland).
BA in Politics and Management from Hull University and an MA in Criminology and
Criminal Justice from City, University of London and is a Certified Internal Auditor (CIA),
Certified Fraud Examiner (CFE) and a Certificate in Risk Management Assurance
(CRMA).
4
Overview
– Brief background to HE frauds
– Assessment of current position
– Ownership
– Fraud Risk Working Group
– Board reporting
– Lessons learnt?
5
Background to HE Fraud
Typical HEI Frauds– Bank mandate fraud – false email/letters stating that suppliers bank details have changed.
– Misappropriation or theft of cash, stock, or other assets - this might include the theft of stationery
for private use, or the unauthorised use of University vehicles, computers or other equipment
– Purchasing fraud – this can include approving or paying for goods not received, paying inflated
prices for goods and services, or accepting any bribe
– Misstating claims or eligibility for other benefits – such as overstating or making false travel and
subsistence claims
– Accepting pay for time not worked – this can include failing to work full contracted hours, making
false overtime claims, or falsifying sickness
– Record fraud, often via computers - such as altering or substituting records, duplicating or creating
spurious records, or destroying or suppressing them
– Intellectual Property (IP) theft - such as claiming university intellectual property as your own, or
otherwise using or selling university IP for your own personal gain
6
Assessment of Current Position
Activity within HE– Sector position – frauds occurring with HE
– Office for Student (regulator) updates
– Peer Group
– Links to anti-fraud community to assess HE vulnerability
– BUFDG self assessment
– Incidents within City?
7
Assessment of Current Position
Self Assessment – Anti fraud arrangements
8
Assessment of Current Position
Self assessment – internal controls and audit
9
Assessment of Current Position
Self Assessment – Experience of Financial Fraud
3.1 Is your current assessment that fraud is a low, medium or high risk? Is this an overall assessment? There could be variability of risk rating across different areas.
3.2 Do you believe that there is an effective anti-fraud culture in your organisation, with high levels of fraud risk awareness amongst all staff?
3.3 In the last two financial years how many frauds or suspected frauds have you experienced that were above the HEFCE reporting threshold? How many were below
the threshold?
3.4 If you have trained fraud-response staff (Q1.5), are there any recent instances of these staff being deployed in an investigative capacity?
3.5 Have you disciplined, dismissed or, with the relevant authorities, prosecuted any members of staff for fraud in the period?
3.6 Have you involved the police in any action to deal with suspected or actual fraud in the period?
3.7 Have you reported any frauds, successful or attempted, to NAFN via the [email protected] email address? Have you used the email address to request counter-fraud
advice or advice on running an investigation?
3.8 Do you have grounds to suspect that there have been any other attempts to defraud the University either by staff or by outside organisations such as suppliers in the
period?
3.9 Have you reviewed your fraud policy in the light of any actual frauds you have experienced? Have any gaps in your policy, or failures in its implementation, been
identified and addressed as a result?
10
Ownership
Where to start?
– Audit Committee support obtained
– Buy in from the CFO
– Cross City membership
– Created a group to drive the agenda
11
Fraud Risk Working Group
What does the group do?
– The Fraud Risk Working Group promotes
greater awareness of fraud risks within City
and encourages a counter fraud culture to
identify and promote good practice
initiatives, both existing and new.
12
Fraud Risk Working Group
Membership
– The Fraud Risk Working Group consists of
relevant senior staff from each business
area (Finance, Research, HR, Procurement,
Estates, Registry, IT, Development &
Alumni, and Internal Audit) and is chaired by
the Chief Financial Officer.
13
Fraud Risk Working Group
Clear AimsThe Group will aim to ensure that City and its agents have in place end-to-end processes which
prevent losses due to fraud and, in doing so, reduce substantially the occurrence of fraud and loss.
The Working Group will achieve this by:
– ensuring the development and implementation of appropriate counter-fraud strategies
across all business areas;
– ensuring effective co-ordination and liaison in counter-fraud activity; and
– monitoring the effectiveness of counter-fraud strategies through the development of
appropriate performance indicators and reporting mechanisms.
14
Fraud Risk Working Group
First Tasks
– Fraud risk assessment
– Fraud risk map
– Functional area fraud risk registers
15
Fraud Risk Working Group
First Task
A Fraud Risk Assessment helps Management understand risks that are unique to its business
activities, identify gaps, weaknesses in controls and priorities of controls to manage those risks
and develop a realistic plan for targeting the right resources and controls to reduce fraud risks.
16
Fraud Risk Working Group
Fraud
Risk Map
17
Fraud Risk Working Group
Fraud Risk Register
18
Fraud Risk Working Group
Meeting Agendas:
Situation reports from all business areas
– Review of Fraud Risk Map
– Updates on further actions identified in
business area fraud risk assessments
– Issues/fraud arising within functional areas
19
Board Reporting
The Chair of the Working Group will provide a synopsis of
key counter fraud issues to the Audit and Risk Committee in
September each year.
A summary of the key activities and developments of the
Working Group will be provided annually to UET and ExCo,
for information. Additional reports will be made if
circumstances require it.
20
Lessons Learnt
Ensure you have:– Audit Committee buy-in
– A firm set of actions driven by an assessment
– Establish a group to implement actions
– A group which has cross organisational input
– Formal responsibility to report to management team
– Board level reporting allocated to management
21
Contact
+44 7920 055 140
www.spsriskassurance.co.uk
22
TELL US WHAT YOU THINK!
Evaluate this session right in the
IIA Conference App!
Not using the conference app?
Visit: ic.cnf.io to complete
your session evaluations.