Annex 2: counter fraud policy
Introduction
1. All SG staff are required at all times to act honestly and with integrity and to safeguard the public resources for which they are responsible, in line with the Civil Service Code. The SG will not accept any level of fraud or corruption; consequently, any case will be thoroughly investigated and dealt with appropriately.
Definition of fraud
2. Fraud is the use of deception with the intention of obtaining personal gain, avoiding an obligation or causing loss to another party. Fraud can be used to describe a wide variety of dishonest behaviour such as forgery, false representation and the concealment of material facts. The fraudulent use of IT resources is included in this definition, where its use is a material factor in carrying out a fraud
Bribery
3. A bribe is an offer or promise of a financial or other advantage, designed to induce another person to perform improperly in their position of trust and responsibility. The Bribery Act 2010 is UK-wide legislation that:
- Makes it a criminal offence to give, promise or offer a bribe and to request, agree to receive or accept a bribe either at home or abroad.
- Increases the maximum penalty for bribery from seven to 10 years imprisonment, with an unlimited fine.
- Introduces a corporate offence of failure to prevent bribery by persons working on behalf of a business.
Examples of fraud and bribery are provided at appendix 1.
Reducing the opportunity for fraud - separation of duties
4. The opportunity for fraud must be reduced wherever possible. Allocating responsibility for too many functions to one person can constitute a high risk of fraud and should be avoided. The risk of fraud can be reduced by ensuring proper separation of duties so that, for example, more than one person has to be involved in ordering, receiving and authorising payments for goods or services.
5. The separation of key functions forms an integral part of systems control and is essential to minimise the potential scope for irregularity by staff acting on their own. The need for proper separation of duties applies as much to grant systems as it does to procurement procedures.
6. Without adequate separation of duties, the effectiveness of other control measures is undermined. Where resources are limited and separation of duties is not possible, alternative management controls – such as supervisory checking - must be employed.
Robust systems of control
7. Appropriate preventive and detective controls should be put in place to counter the risk of fraud. Procedures set up to prevent and detect fraud must be proportional to the risk involved and be carefully followed and monitored. Additional information is provided in the SPFM sections on Checking Financial Transactions and on Risk Management. Guidance on the coverage of fraud response plans can be found in the Managing the Risk of Fraud guidance.
8. Preventive controls are designed to limit the possibility of a fraud occurring e.g. separation of duties. Detective controls are designed to spot errors, omissions and fraud after the event e.g. supervisory checks and reconciliations. Support for managers in establishing appropriate controls is provided by the appropriate finance business partners and internal audit.
9. Managers with responsibility for awarding contracts, making payments, authorising grants and other financial transactions must ensure they have clear control procedures. It is important that:
- There is adequate separation of duties and proper authorisation processes for payments
- Staff dealing with these procedures are familiar with them
- Accounting and other records, such as cash balances, bank balances, physical stock counts, are reconciled with the actual position
- Staff who are bankrupt or insolvent are not employed on duties which might permit the misappropriation of public funds.
The importance of monitoring
10. Managers have the prime responsibility for ensuring their systems are sound and that they are operating as intended. Both internal and external auditors have a role in carrying out independent reviews of systems and the adequacy of controls in place.
11. Many frauds are due to failure to comply with existing controls. It is vital that good control systems are supported by supervisory checking and alertness to the risks of fraud.
12. There is additional information available on conduct, discipline and management responsibilities in the Civil Service Management Code that sets out the regulations and instructions regarding the terms and conditions of service of civil servants.
Identification of fraud
13. External and internal fraud is not always easy to identify. Often suspicion may be raised but it is not acted on and reported. Fraud is often committed where there is:
- Opportunity to commit fraud. This is where internal controls are weak and access to assets and information allows fraud to occur.
- Rationalisation that justifies fraudulent behaviour. This can be for a variety of reasons. The SG has a zero tolerance approach to fraud.
- Motivation or a need for committing fraud. This can be for financial reasons or other motivating factors.
Danger signs
14. Managers and staff must always be alert to the risk of fraud, theft and corruption. Danger signs of external fraud include:
- Photocopies of documents when originals would be expected
- Discrepancies in information e.g. signatures and dates
- Unexpected queries from stakeholders or suppliers e.g. bank account detail changes
- Requests for non-standard types of payment
- Unexpected trends or results e.g. from reconciliations.
15. Danger signs of internal fraud include:
- Evidence of excessive spending by staff in cash/contract work
- Inappropriate relationships with suppliers
- Reluctance of staff to take leave
- Undue possessiveness of or anomalies between work records
- Pressure from colleagues to avoid normal control procedures
- Abnormal Travel and Subsistence claims, overtime or Flexible Working Hours patterns.
Reporting fraud
16. The danger signs highlighted in this policy are not exhaustive and any indication of fraudulent activity should be reported. Managers and staff must always be alert to the risk of fraud, theft, bribery and corruption.
17. Staff should report any suspicions either to their line managers, to the Head of Human Resources, to Internal Audit, to their finance business partner or - either in writing or using the CrimeStoppers fraud hot-line (08000 15 16 28) - direct to the SG's Fraud Response Team.
18. Cases of fraud in bodies sponsored by the Scottish Government should also be notified to the relevant sponsor unit.
19. Under the SG Whistle-blowing procedures, all matters will be dealt with in confidence and in strict accordance with the terms of the Public Interest Disclosure Act 1998. This statute protects the legitimate personal interests of staff.
20. Suspicions of fraud reported to line managers, Human Resources, Internal Audit, finance business partners or sponsor units must be passed on to the Fraud Response Team for coordination purposes (see SG Fraud Response Plan).
21. All discovered cases of actual or attempted fraud should be notified to the appropriate Audit and Risk Committees. Comprehensive annual assurance on counter fraud activity and instances of fraud is provided to the Scottish Government Audit and Assurance Committee. Consideration should be given on a case by case basis to immediately notifying external auditors when a case comes to light.
The steps for reporting and responding to fraud are illustrated at appendix 2.
Responding to fraud
22. Thorough investigations should be undertaken where there is suspected fraud and the appropriate legal and/or disciplinary action should be taken in all cases. Appropriate disciplinary action should also be taken where supervisory or management failures have occurred.
23. Investigating fraud is a specialised area of expertise, and those tasked with any investigation work should have received appropriate training, including the gathering of evidence. Investigations should not be undertaken by untrained staff. Specialist advice, such as Internal Audit, HR and Legal advice should be taken where necessary and as early as possible.
Acceptance of gifts or hospitality
24. Under the civil service code it is made clear that you must not accept gifts or hospitality or receive other benefits from anyone which might reasonably be seen to compromise your personal judgement or integrity. These ethical are laid down in the Procurement Policy Manual (for staff involved in purchasing and contracting).
Recording and accounting
25. Losses due to fraud are subject to the guidance on Losses and Special Payments. Details must therefore be submitted to and recorded by relevant finance business partners and, as appropriate, brought to the attention of the Parliament through notes to the resource accounts.
Responsibilities
26. The Scottish Ministers are responsible for issuing relevant guidance in the Scottish Public Finance Manual (SPFM) on the prevention, detection, reporting and handling of fraud.
27. The Permanent Secretary and relevant Accountable Officers are responsible for the systems of internal control that support the achievement of the Scottish Ministers' policies, aims and objectives. Accountable Officers are responsible for ensuring that relevant sponsored bodies are aware of fraud risks and have appropriate procedures in place to prevent and detect fraud that are consistent with guidance in the SPFM.
28. NHS Boards (including all Special Boards and Agencies) are subject to the specific arrangements set out in the Scottish Government Strategy to Combat NHS Fraud in Scotland and the Partnership Agreement between NHS Boards and NHSScotland Counter Fraud Services.
29. Overall responsibility for ensuring that necessary controls are in place for managing the risk of fraud in the SG is delegated by the Principal Accountable Officer to the SG Chief Financial Officer. The responsibilities of the Chief Financial Officer include:
- Preparing, reviewing, updating and communicating relevant guidance on counter fraud
- Ensuring that core financial systems are designed and operated so as to minimise the risk of fraud
- Coordinating assurances about the effectiveness of anti-fraud policies to support the governance statement provided as part of the accounts.
30. Specialist corporate support is responsible for:
- Delivering an opinion to the relevant audit and risk committee / Accountable Officer on the adequacy of counter fraud arrangements
- Helping management review its risk exposure and identify the possibility of fraud as a business risk
- Coordinating and conducting effective fraud investigations.
31. Operational managers are responsible for:
- Ensuring that effective internal controls are operating within their areas of responsibility
- Assessing the types of risk involved in the operations for which they are responsible and responding to minimise the opportunity for fraud
- Reporting relevant cases to the SG Fraud Response Team - subject to the reporting procedures included in any local arrangements.
32. Each member of staff is responsible for:
- Acting with propriety in the use of official resources and the handling and use of public funds
- Conducting themselves in accordance with the principles of the Civil Service Code
- Being alert to the possibility that unusual events or transactions could be indicators of fraud
- Reporting details immediately through the appropriate channel if they suspect that a fraud has been committed or see any suspicious acts or events
- Cooperating fully with whoever is conducting internal checks or reviews or fraud investigations.
An outline of roles and responsibilities is at appendix 3.
Enforcement
33. All cases of actual or suspected fraud will be vigorously and promptly investigated and appropriate action will be taken. The police will be informed where considered appropriate. In addition disciplinary action will be considered not only against those members of staff found to have perpetrated frauds but also against managers whose negligence is held to have facilitated frauds. Both categories of offence can be held to constitute gross misconduct, the penalty for which may include summary dismissal.
Page Updated: Septemebr 2019