FM 202
Date of issue: 24 October 2000

1.     This FM replaces FM 56 dated 23 September 1993 which is hereby cancelled.

PURPOSE

2.     No organisation or administrative process is free of risk. Fraud is an ever-present threat and therefore must be a concern to everyone.

3.     The purpose of this FM is to provide details of PPARC’s policy with regard to fraud and to indicate some areas of work where the fraudulent use of resources may occur. It also describes the procedures to be followed where a fraud is either suspected or detected within PPARC.

4.     It is important to note that this policy relates to all members of staff, irrespective of seniority or length of service.

DEFINITIONS

5.    Fraud: there is no precise definition of fraud. The Theft Acts of 1968 and 1978 cover the majority of offences associated with fraud. For practical purposes fraud may be defined as the use of deception with the intention of obtaining an advantage, avoiding an obligation or causing loss to another party. The term is generally used to describe such acts as deception, bribery, forgery, extortion, corruption, theft, conspiracy, embezzlement, misappropriation, false representation, concealment of material facts and collusion. It covers areas such as embezzlement by employees; falsification of books of account; illegal acts committed by any employee; illegal acts against the organisation committed by outsiders; unauthorised use of PPARC assets (including intellectual property); other wrongdoing leading to a loss of PPARC’s reputation.

Computer fraud: can be summarised as any financial dishonesty that takes place in a computer environment. This can take many forms including: manipulation of data; altering programs; altering output to obtain an illegal advantage; and, the most common form, inputting fraudulent data into a computer.

Fraudster: one who commits an act of fraud or one who chooses to take advantage of an uncontrolled risk.

6.     PPARC’s policy on fraud, issued under cover of GN 07/00, can be viewed on PPARC’s intranet. The policy may be summarised as follows:

• all PPARC employees are stewards of public funds and as such must have, and be seen to have, high standards of honesty, propriety and integrity in the exercise of their duties. All staff are required to safeguard the public resources for which they are responsible;

• staff must familiarise themselves with and act in compliance with all published guidance and procedures relating to the avoidance and detection of fraud within PPARC;

• PPARC will not tolerate fraud and all suspected cases will be vigorously investigated;

• cases of fraud will always be dealt with as serious breaches of discipline under PPARC’s disciplinary procedures (CEM 8B) with dismissal being the ultimate penalty. Cases will also be pursued through the courts if necessary.

7.     PPARC subscribes to the seven principles of public life set out in the Nolan Committee’s first report "Standards in Public Life" (see extract at Annex A to this FM), The Code of Conduct for Employees of the PPARC - GN 4/97 and the guidance issued in the Treasury Handbook "Propriety and Regularity" (copies of which are available from the Propriety and Regularity Officer, PPARC Finance Division or the Head of Administration at each Establishment). All PPARC employees are stewards of public funds and must endeavour to safeguard the public resources for which they are responsible (see paragraph 6 above). They should not receive gifts, hospitality or benefits of any kind from any third party which might compromise or be seen to compromise their position, personal judgement or integrity. Staff are required to register all such items in the register maintained by Establishment Directors and PPARC Finance Division, Swindon Office (see FM 203: Gifts and Hospitality, CEM 8A 2.5 and CEM 8 Appendix ). Staff are also required to notify the Director Administration of any related party transactions that may give rise to conflicts of interest.

8.     To prevent fraud it is necessary to be alert to the risks business systems are susceptible to, and to have strong internal controls, strong internal audit and an acceptance of external evaluation and validation of systems and processes. Everybody should be alert to fraud. It is diverse, usually concealed and a product of the individual operational situation. It usually occurs where critical controls are weak or not functioning as intended.

Internal Fraud: usually perpetrated by individuals inside the organisation, most often carried out by staff who have access to moveable or liquid assets eg cash or stocks. The risk and scale of fraud is increased if the member of staff is able to conceal the irregularities by also having access to the accounting records. This type of fraud is usually opportunistic but may also be planned and executed over a long period.

External Fraud: usually perpetrated by individuals outside the organisation and includes such activities as burglary, theft, deception and computer hacking. This is often systemic and continuous and can stem from an inherent problem of safeguarding some types of system against attack. The way that PPARC operates means that members of peer review bodies, consultants, and other external individuals may have access to confidential information and/or could influence decisions for personal gain or for the benefit of close relations. It is for this reason that they are required to make declarations of private, professional or commercial interests. Failure to comply could be seen, in some circumstances, as fraud.

Collusion: involves two or more parties, either internal and/or external working together, and can be difficult to detect as controls may appear to be working satisfactorily.

10.     Establishment Directors and PPARC Finance Division, Swindon Office, have overall responsibility for the operation of controls, financial security arrangements and internal checks related to payments, receipts, and balances (including cash, cash equivalents and stores) in order to prevent fraudulent transactions, physical losses or other misuse of PPARC resources. Assistance is provided by the work of the Research Councils Internal Audit Service (RCIAS) and the National Audit Office (NAO). However, it is a primary responsibility and duty laid on all staff that they must examine their working procedures with a view to ensuring that adequate controls and checks on the use of PPARC resources exist and are applied effectively.

11.     The objective in the design of all administrative systems must be to promote efficiency in the use of resources, including financial, staff and capital assets, and to prevent the fraudulent use of those resources by adequate, prior design considerations. Internal controls are designed to prevent fraudulent activities but their effectiveness may be compromised by factors such as business re-engineering, downsizing, office automation and increased exposure points. Any such evolution of business activities may help to make obsolete the internal controls that were sufficient before the change took place. Therefore it is essential that all staff, especially line managers, should be constantly aware of and vigilant in the application of internal controls to prevent fraud and misuse of assets. Any change in business practice should be accompanied by a risk assessment to identify areas that may be susceptible to fraudulent activity. Equally any change in practice should not be looked at in isolation. New exposure points eg introduction of a new intranet, supplier or partnership must be examined and the control framework re-evaluated in consideration of the change.

12. A well planned and executed risk assessment will:

• provide management with confidence in their system of internal controls and will pinpoint failures;

• identify particular risks and exposures that should be addressed; and

• create a foundation for continuous monitoring to proactively detect fraud.

13. The following principles should be applied to reduce risk:

• Clearly define the responsibilities of individuals for resources, activities, objectives and targets. This must include a definition of levels of financial authority and, to be effective, authorisation of individual transactions should be carefully checked.

• Establish clear reporting lines and the most effective spans of command to allow adequate supervision.

• Separate duties to avoid conflicts of interest and opportunities for abuse eg ordering goods must be kept separate from receipt of goods; authorisation and payment of invoices must be performed by separate individuals.

• Avoid excessive reliance on any one individual.

• Apply extra controls to high value, portable or attractive assets or resources.

• Ensure that only permanent members of staff have access to or custody of cash or payment systems.

• Rotate staff between posts in order to help prevent or detect collusion.

• Undertake regular management checks on working methods and outputs of staff, particularly in the areas of cash handling and accounting records. Random spot checks by managers in all areas of operation is an effective anti-fraud measure.

• Establish full audit trails to ensure that transactions can be traced through a system from start to finish.

14.     Where local conditions prevent full compliance with the above best practice guidelines, alternative arrangements must be agreed with the Head of Finance, PPARC.

15.     Fraud can occur whenever resources enter or leave PPARC custody, or are utilised eg receipt and issue of money and stores, issue of payments for goods and services, payment of claims and invoices, issue of pay, fees and allowances, disposal of surplus equipment and stores etc. Everyone should be aware of the potential for conflict of interests and collusion and the need for separation of duties especially in areas of contracting and cash handling.

16.     Typical mechanisms used for fraud include the use of false documents; fraudulent certification; and, in the case of computer frauds, improper input instructions and/or the manipulation of programs or records (see Annex B).

17.     Some indicators that fraud might be taking place include: staff displaying signs of unexplained wealth; indicators of stress in staff without a high workload; staff reluctant to take leave; staff arriving in the office first and leaving last; or suppliers/contractors who insist on dealing with one particular member of staff.

18.     Managers may become aware of professional and/or commercial interests of colleagues, peer review members, or consultants that may not have been declared as conflicts of interest or "related party transactions". All such cases should be investigated.

19.     Unusual events or transactions could also be a symptom of fraud or attempted fraud. Irregularities may be highlighted as a result of specific management checks or could be brought to the manager’s attention by a third party. Occasionally fraud may be detected during audit reviews.

RESPONSIBILITIES

20.     As PPARC Accounting Officer, the Chief Executive bears overall responsibility and is liable to be called to account where cases of fraud are detected. However, responsibility for the deterrence and detection of fraud falls directly on all staff. Failure by any any member of staff to discharge their responsibilities, whether deliberately or through negligence, will itself be considered to be a serious breach of discipline under PPARC’s Disciplinary Procedures (see CEMs Chapter 8). Specific responsibilities are described below.

21. Individuals are responsible for:

• complying with the regulations and guidance as set out in FMs, CEMs, IS Standards and Best Practice Guide, and General and Local Notices issued from time to time; 

• acting with propriety in the use of official resources and in the handling and use of public funds whether they are involved with cash, accounting or payment systems, handling receipts or dealing with contractors, suppliers or customers (including Students and HEIs);

• checking the accuracy and validity of any invoice, claim or time sheet presented for authorisation or approval;

• alerting their line mangers where they believe the opportunity for fraud exists either because of poor procedures or lack of effective oversight;

• reporting immediately to their line manager (or the next most senior manager) - or, in confidence, to the Establishment Director, the Director Administration or the Head of Finance PPARC - if they suspect a fraud has been committed or see suspicious acts or events. This may be in respect of internal matters involving PPARC staff, where members of peer review bodies or consultants abuse their positions or fail to declare a conflict of interest, or where any other suspicions are aroused. (NB: Employees who report their suspicion of fraud (commonly known as "whistleblowing") are protected by law under the Public Interest Disclosure Act 1998 – see GN 6/99);

• co-operating with investigators by making available all relevant information and participation in interviews.

22.     Line mangers are responsible for:

• identifying the risks to which systems, procedures and resources under their remit are exposed;

• developing and maintaining economic and effective controls to prevent and detect fraud, keeping them under review and periodically testing them;

• ensuring that policies, procedures and controls are being complied with;

• taking appropriate action when non compliance with control procedures occurs;

• being alert to the possibility of unusual events or transactions that could be symptoms of fraud or attempted fraud;

• ensuring staff are aware of their responsibilities in relation to the risk of fraud;

• reporting immediately to the Establishment Director, Director Administration or Head of Finance, PPARC if they suspect a fraud has been committed, see suspicious acts or events, or if a suspected fraud is reported to them;

• supporting investigators in their inquiries into cases of suspected fraud.

23.     Each Establishment Director and the Director Administration acts as the designated Enquiry Controller and is responsible for:

• the development of a local Fraud Response Plan;

• implementation of fraud policy and procedures;

• establishment of a local Fraud Crisis Committee;

• initial consideration of the situation; and, if necessary

• the activation of the Fraud Crisis Committee;

• maintaining a record of all allegations / suspicions raised and action taken to investigate these;

• immediately reporting all allegations / suspicions to the Director Administration or Head of Finance, PPARC, for decision whether Swindon Office involvement in the investigation of a fraud, or suspected fraud, is warranted, and for onward reporting to the OST and Head of RCIAS; and

• reporting the outcome of investigations to the Director Administration or Head of Finance, PPARC, for onward reporting within the PPARC and to the OST and Head of RCIAS.

24.     PPARC Finance Division, Swindon Office, is responsible for:

• providing advice and assistance on control issues;

• onward referral and reporting to the Head of RCIAS, the OST and/or the Treasury. Chapter 37 of Government Accounting requires that departments make an annual return to Treasury of all cases of suspected or proven frauds (including attempted fraud) affecting their departments and agencies within specific categories (see Annex C). The MS&FM, which describes the relationship between the PPARC and the OST, requires the PPARC to maintain a register of all cases of proven or suspected fraud and to notify the OST of all novel or unusual cases of fraud or cases of theft or attempted theft.

The Chief Executive and Head of Finance, PPARC

25.     The Chief Executive, assisted by the Head of Finance, PPARC is responsible for ensuring that:

• effective controls are developed and maintained to prevent, detect and reduce the risk of fraud;

• systems exist for carrying out vigorous and prompt investigations if fraud is suspected;

• appropriate legal and/or disciplinary action is taken against perpetrators and participants of fraud and/or attempted fraud;

• disciplinary action is taken against staff who have contributed to the commission of fraud or attempted fraud through either negligence or neglect of their duties; and

• system weaknesses are addressed and appropriate controls are introduced.

26.     The FCC is a small group of trained personnel at each Establishment who are fully aware of the Fraud Response Plan for the Establishment and can be called on to assist with the operation of the Response Plan. The FCC is responsible for:

• the efficient and effective implementation of the local Fraud Response Plan;

• consideration of how to proceed with the investigation and when to involve outside bodies such as RCIAS and/or the Police; and

• liaison with external authorities.

27.     The Code of Conduct for the Employees of the PPARC (GN 4/97) contains details of staff reporting responsibilities relating to both fraud and other misconduct. The Code:

• requires staff to report suspicions to line managers or, in confidence, to the Director Administration, Establishment Director or Head of Finance, PPARC;

• requires concerns raised to be treated in strict confidence by PPARC management;

• affords staff protection in line with the Public Interest Disclosure Act 1998; and

• requires a prompt and thorough investigation of the facts.

28.     The PPARC has developed a Fraud Response Plan which provides a framework against which any allegation of fraud will be investigated. All allegations of fraud will be vigorously investigated in line with PPARC’s Fraud Response Plan which enables a response team of senior managers to commission the investigation and to take appropriate disciplinary and/or corrective action based upon a proper and fair investigation. Copies of the Fraud Response Plan are held by Establishment Directors.

30.     Any queries concerning the content or interpretation of this FM should be referred to Jill Drinkwater, Propriety and Regularity Section, PPARC Finance Division, Swindon Office tel: 01793 442124 e-mail: jill.drinkwater@pparc.ac.uk .

Jeff Down
Head of Finance, PPARC

Annex B to FM 202

1.     There are several readily identified systems and areas where fraud most usually occurs. The most common risk areas and types of fraud committed are shown below. Further information and suggested controls which could act as preventative measures can be found in "Managing the Risk of Fraud – A Guide for Managers" copies of which are available from the Propriety and Regularity section of PPARC Finance Division, Swindon Office.

2.     The largest category of fraud reported in the public sector, in terms of both value and volume, is the misappropriation of cash, by staff. This reaffirms the need to separate duties involving transactions such as authorisation and payment, and for the independent verification of all transactions involving cash handling and the issuing of payable instruments, regardless of staff grade level.

3.     There are many risks associated with cash handling with theft or misappropriation often assisted by the suppression, falsification, non-creation or destruction of accounting records. In this area fraud could be committed in a variety of ways, the most common being:

• theft;

• cash received not brought to account;

• illegal transfer or diversion of money through BACS – achieved by making duplicate payments, paying the wrong person or by increasing the value of some payments at he expense of others;

• false creation of or unauthorised updates to accounting records to allow the unauthorised payment of funds;

• falsification and duplication of invoices in order to generate a false payment;

• unauthorised use of cheques and payable orders; and

• theft of proceeds on sale of assets or services.

• the introduction of non-existent (ghost) employees;

• unauthorised amendments made to input data which may lead to obtaining pay which is not consistent with the employee’s grade; and

• the payment of excessive overtime, bonus, allowances or travel claim.

5.     Types of risk associated with purchasing range from false input of invoices through to the diversion of payments and misappropriation of purchases. The following types of fraud may occur:

• unauthorised use of purchasing systems in order to misappropriate goods or use services for personal gain;

• short deliveries of goods or services may be accepted as a result of collusion; and

• unsolicited goods or expanded orders may be accepted as a result of fraudulent acceptance of gifts or hospitality.

6.     Many of the purchasing risks can be overcome by the enforcement of the use of separate demanding and authorising officers. The authorising officer should ensure that a document requesting payment is a valid, original invoice or prime paying document and that it has an invoice number and a VAT registration number if applicable.

7.     Contract specifications involving external contractors must be defined as tightly as possible. Demanding officers should ensure that contractors are adequately supervised by means of random and systematic checks in order both to detect irregularities and to deter potential offenders. All goods received must be confirmed as being of acceptable standard and contracts of service must be performed in a reasonable and proper manner.

8. The main types of fraud common to contracts are:

• illegal tendering procedures, especially those which favour a particular contractor, occurring as a result of collusion or cosy relationships between staff and contractors; and

• payments made for work not carried out as a result of collusion between the contractor and a member of staff.

The possibility of these types of fraud occurring may be minimised by the enforcement of separation of duties.

9.     Theft or unauthorised use of assets for personal gain are the main areas of risk which need to be controlled.

10.     Fraud involving computer usage can be a serious problem and can arise from lax password practice. Guidance on the use of passwords is available in the IS Standards and Best Practice Guide (paragraph 5)  available on PARC-life at Swindon Office or from BAG, Swindon Office. In order to prevent misuse by others, users must endeavour to preserve the integrity of their passwords and activate the password protected screensaver whenever their terminal is left unattended.

Chapter 37 of Government Accounting requires departments to make an annual return to the Treasury of all cases of suspected or proven frauds (including attempted fraud) affecting their departments and agencies, within the following categories:

• fraud perpetrated within the department by its own staff, including cases of collusion with parties outside the department;

• computer frauds (whether perpetrated by members of staff or members of the public). A computer fraud is defined as one where information technology (IT) equipment has been used to manipulate computer programs or data dishonestly (for example to alter or substitute records; to destroy or suppress records; or to duplicate or create spurious records); or where the existence of an IT system was a material factor in the perpetration of fraud (ie where the fraud was unlikely to have occurred if there had been no IT system). Departments are also asked to report any cases involving the theft or fraudulent use of computer time and resources;

• frauds by contractors arising in connection with contracts placed by the departments for the supply of goods and services;

• any other frauds which reveal potentially significant systems weaknesses or exposure to loss of a nature which other departments might face.