You are in :
  HEFCE

Ref 99/65

November 1999

Fighting fraud in higher education

Contents

Prevention

  1. The aftermath of fraud is costly, time-consuming, disruptive and unpleasant. The major thrust of any anti-fraud strategy should therefore be prevention. Measures that HEIs can put in place include denial of opportunity, effective leadership, auditing, and employee screening.

    Denial of opportunity

  2. Fraud can be minimised through carefully designed and consistently operated management procedures, which deny opportunities for fraud. Staff should always receive training in the operation of these systems.
  3. The classic way to guard against fraud in financial systems is segregation of duties, so that no individual has undue management of payments, income or assets. The largest frauds in HEIs have involved regular misappropriations over a period of years. This risk can be reduced by regularly rotating staff who have access to financial systems.
  4. HEIs should prevent the possible misuse of information technology through managing the physical access to terminals, and protecting systems with electronic access restrictions.

    Leadership

  5. Key determinants of the standards of behaviour in an organisation will be the standards observed at the top, and the policies and approach to their enforcement promoted from the top.
  6. Governing bodies and senior managers should therefore ensure that their behaviour is always demonstrably selfless. They should produce and disseminate clear policies on:
  7. The police advise that prosecution is a particularly effective deterrent because of the risk of a custodial sentence and a criminal record. However, the threat of prosecution only deters if the threat is real. Therefore, each and every case arising should normally be referred to the police, irrespective of the status of the individual.

    The role of auditors

  8. When new systems are being designed or existing systems are to be modified, internal auditors can advise management on building in ways of preventing or detecting fraud.
  9. A continuous review of systems by internal audit may deter attempted fraud and should result in continuous improvements. The risk of fraud should be a factor in audit plans. External audit’s reviews of financial checks and balances and validation testing provide further deterrence, and advice about systems. Auditors may also wish to assess systems in place to deter corruption (a specimen checklist is provided).

    Employee screening

  10. Potential new members of staff should be screened before appointment, particularly for posts with financial responsibility. For example:
    • references should cover a reasonable, continuous period; and any gaps should be explained
    • an official employer’s reference should be obtained
    • doubts about the contents of the reference should be resolved before confirming the appointment. If this is done by telephone, a written record of the discussion should be kept to comply with employment law
    • essential qualifications should be checked before making an offer of employment (for example by requiring original certificates at the interview).
  11. HEIs need to consider a policy on the employment of job applicants who are related to existing staff or governors. Recruitment procedures should require applicants to declare any connections with existing governors and staff. Members of recruitment panels should similarly be required to declare such connections.

    Detection

  12. No system of preventative measures can guarantee that frauds will not occur. HEIs can, however, implement detection measures to highlight irregular transactions.

    Internal management systems

  13. This is the most important measure because the risk of processing an irregular transaction is minimised where every transaction is reviewed systematically. Detective checks and balances should be designed into all systems and applied consistently. This would include segregation of duties, reconciliation procedures, random checking of transactions, and review of management accounting information, including exception reports.
  14. Systems should identify transactions which have not followed normal procedures. However, deception may be used to make improper transactions appear legitimate. The detective elements in each system should therefore be complemented by a general detective approach, to capture suspicions identified through chance, exit interviews and tip-offs.

    Public interest disclosure (‘whistle-blowing’) procedure

  15. The Committee on Standards in Public Life and the Committee of University Chairmen (CUC) advocate the adoption of public interest disclosure procedures. These should guarantee that concerns expressed in good faith will be looked into, without adverse consequences for the complainant. Guidance on content is published in the CUC’s ‘Guide for Members of Governing Bodies of Universities and Colleges in England, Wales and Northern Ireland’. HEFCE ref 98/12.

    Role of audit in detection

  16. The first lines of defence against fraud are robust preventative measures by management, coupled with sound detective checks and balances. Audit should normally be regarded as a long stop.
  17. However, where a high risk of fraud is identified, auditors may use special techniques to identify fraudulent transactions. Given the sensitivity of fraud, there should be an effective two-way flow of information between internal and external audit.

    Warning signs

  18. Patterns of behaviour among staff which might indicate a desire for concealment (such as taking few holidays, regularly working alone late or at weekends, resistance to delegation, and resentment of questions about work) should be investigated. Any indication of addiction to drugs, alcohol or gambling should be addressed by the personnel function as early as possible, both for the welfare of the individual and to minimise the risks to the HEI, which might include fraud.

    Investigation

  19. Fraud or irregularity occurs unpredictably, in any part and at any level in an organisation. It frequently causes disruption which is out of proportion to the sums involved. Once a fraud is suspected, prompt action is needed to safeguard assets, recover losses and secure evidence for effective legal and disciplinary processes. Meeting these objectives, when the full facts of a case may be unknown, clearly requires contingency planning.

    Fraud response plan

  20. All HEIs should prepare a fraud response plan which should address:
    • prevention of further loss
    • establishing and securing evidence necessary for criminal and disciplinary action
    • notifying the HEFCE, if the circumstances are covered by the mandatory requirements of the Audit Code of Practice (see paragraph 24)
    • recovery of losses, through the civil court if necessary
    • sanctions against the culprits, including prosecution
    • policy on references for employees disciplined or prosecuted for fraud
    • reporting to the institution’s audit committee on the reasons for the incident, the measures taken to prevent a recurrence, and any action needed to strengthen future responses to fraud, with a follow-up report on whether the actions have been taken
    • reporting lines (normally the chair of governors, audit committee, head of institution, external audit, and the heads of internal audit, finance, personnel and external relations)
    • responsibility for and timing of informing the police
    • responsibility for investigation (normally internal audit)
    • arrangements for use of external specialists
    • establishing lines of communication with the police.

    A specimen fraud response plan is available.

    Process of investigation

  21. Fraud investigations should normally be independent of management, to ensure impartiality of reporting. Investigations are usually undertaken by internal audit, who combine independence, investigative techniques and local knowledge. Investigative work is usually time consuming. The fraud response plan should include authorisation arrangements for variations from agreed audit plans.
  22. If a culprit is aware that an investigation is in progress, he or she may try to frustrate disciplinary or legal action by destroying or removing evidence. The fraud response plan should cater for the summary dismissal or suspension, with or without pay, of personnel under suspicion. Suspects should be given as little notice as possible so that they have no opportunity to destroy or remove property. Security staff may need to supervise the departure of suspects from the HEI, to change locks to the suspect’s office and storage without delay, and to prevent future access to the HEI’s premises. Computer access rights should similarly be withdrawn without delay.
  23. To be admissible in court, interviews with suspects must be conducted under rules defined in the Police and Criminal Evidence Acts. Interviews should normally be conducted by police officers or with their advice.

    Role of the HEFCE Audit Service

  24. The HEFCE Audit Code of Practice (HEFCE 98/28 paragraphs 14-15) includes a requirement that HEIs must notify the HEFCE Chief Executive of any attempted, suspected or actual fraud or irregularity where:
    • the sums involved are, or potentially are, in excess of £10,000
    • the particulars of the fraud are novel, unusual or complex
    • there is likely to be public interest because of the nature of the fraud or the people involved.
  25. This mandatory requirement serves two purposes. First, as Accounting Officer for the HEFCE, the Chief Executive is responsible for ensuring that there are adequate and effective management systems in HEIs to safeguard the public money allocated to them. We therefore need to know about significant fraud, so that we can satisfy ourselves that appropriate action has been taken to recover any losses, to deter further incidents, and to rectify weaknesses in internal systems. We cannot undertake investigations on behalf of institutions, but the HEFCE Audit Service is available to discuss in confidence appropriate actions in response to a fraud. The second purpose is to enable us to share with institutions the lessons to be learned from frauds which have been detected. Punitive action will not be taken against institutions which have suffered fraud, nor will they be given publicity.

    Fidelity insurance

  26. All HEIs should consider the costs and benefits of fidelity insurance (which provides cover in the event of losses through misconduct by employees).

    Vulnerable areas

  27. We found that the three areas most vulnerable to fraud in HEIs were cash handling, cheque handling and the purchase ledger.

 

Commercial ethics

  1. We would strongly urge all HEIs to establish and disseminate a policy on commercial ethics. It should state that in all dealings with commercial partners, the interests of the HEI are paramount, and that personal or family gain, or the perception thereof, should be avoided.
  2. A commercial ethics policy offers a number of benefits. First, it helps to promote understanding of the significance of internal checks and balances among governors and staff at all levels (failure to operate such procedures is sometimes the result of lack of comprehension, rather than malicious intent). Second, a clear policy can facilitate effective disciplinary action if fraud or irregularity occurs, since there can be no defence of ignorance of well documented, universally available policies and rules. Third, such a policy can give a useful message to suppliers and contractors that the HEI will not do business with companies that seek to circumvent the HEI’s procurement policies, or that offer inducements to the HEI’s staff. HEIs with related companies should ensure that commercial ethics policies cater for the relationships between the HEI’s staff and the companies.
  3. The commercial ethics policy should be approved by the governing body. It should be disseminated using the best available means to reach all governors, people co-opted on to the governing body and its committees, staff, contractors and suppliers. These means might include:
    • a memorandum to all staff
    • publication in general handbooks issued to all staff
    • reference in contractual documents
    • electronic means (where all staff are users of a centrally provided computer network)
    • a combination of the above.

    Stating and restating the policy

  4. Some fraud prevention measures may be demanding on the staff who operate the systems, and may sometimes be neglected, unless staff are always clear about the need for the measures. The commercial ethics policy should be restated periodically to maintain awareness. It could be reissued at intervals and disseminated to all governors and staff; or built into other related policies when these are updated. Related policies include financial regulations; tendering procedures; rules on hospitality, personal consultancy, intellectual property rights, property disposal, and expense claims; disciplinary procedures and the public interest disclosure procedure. The policy should feature in all induction programmes for governors and staff. Obviously, a balance needs to be struck between ensuring that people are aware of anti-fraud issues, and restating the policy so often that they pay no attention to it.

    Standard tender and contract documentation

  5. All institutions should consider including anti-corruption clauses in standard tender and contract documentation. This will not strengthen their legal position in the event of attempted or actual corruption, because this is covered by legislation. However, it may act as an effective reminder to contractors, suppliers and the HEI’s own personnel that selflessness is required in commercial relationships. The following is a model clause.

    Model wording of anti-corruption clauses for inclusion in standard tender and contract documentation

    You shall not give, provide, or offer to our staff and agents any loan, fee, reward, gift (except items of negligible intrinsic value) or any emolument or advantage whatsoever. In the event of any breach of this condition, we shall, without prejudice to any other rights we may possess, be at liberty forthwith to terminate the contract and to recover from you any loss or damage resulting from such termination.

Registration and declaration of interests

  1. Open cultures are less conducive to fraud and irregularity than secretive ones. For this reason, the Second Report of the Committee on Standards in Public Life stressed the need for governors of HEIs to declare and register their interests. The Committee of University Chairmen’s Guide for Members of Governing Bodies of Universities and Colleges in England, Wales and Northern Ireland contains the following advice on the registration and declaration of the interests of members of a governing body:

    4.18 It is central to the proper conduct of public business that chairmen and members of governing bodies should act and be perceived to act impartially and not be influenced in their role as governors by social or business relationships. A member of a governing body who has a pecuniary, family or other personal interest in any matter under discussion at any meeting of the governing body or one of its committees at which he/she is present shall as soon as practicable disclose the fact of his/her interest to the meeting and shall withdraw from that part of the meeting. A member of the governing body is not, however, considered to have a pecuniary interest in matters under discussion merely because he/she is a member of staff or a student of the institution. Nor does the restriction of involvement in matters of direct personal or pecuniary interest prevent members of the governing body from considering and voting on proposals to insure the governing body against liabilities which it might incur.

    4.19 Institutions should have a Register of Interests of members of the governing body. The Register should be publicly available and should be kept up to date.

  2. There is a need for staff to declare and register their interests where appropriate. Staff at many levels will have an opportunity to influence the choice of suppliers and contractors. Management procedures should recognise this and should ensure that the selection of suppliers and contractors always reflects the best interests of the HEI, and not the personal or family interest of any member of the HEI.

Accepting gifts and hospitality: specimen policy

  1. Background

  2. All staff should conduct themselves with integrity, impartiality and honesty at all times.
  3. Staff should maintain high standards of propriety and professionalism. This includes avoiding laying themselves open to suspicion of dishonesty, and not putting themselves in a position of conflict between their official duty and private interest.
  4. Some staff necessarily spend time with other organisations where it is normal business practice or social convention to offer gifts, hospitality or awards. Offers of this kind can place staff in a difficult position: to refuse may cause misunderstanding or offence; however to accept may give rise to questions of impropriety or conflict of interest.
  5. It is a disciplinary offence for staff to accept any benefit as an inducement or reward:
    1. For taking any action (or specifically not taking action) in his or her official capacity.
    2. For showing favour (or disfavour) to anyone in his or her official capacity.
  6. The guiding principles are:
    1. The conduct of individuals should not create suspicion of any conflict between their official duty and their private interest.
    2. The action of individuals acting in an official capacity should not give the impression (to any member of the public, to any organisation with whom they deal or to their colleagues) that they have been (or may have been) influenced by a benefit to show favour or disfavour to any person or organisation.

    Gifts

  7. Staff should not accept any gift, reward or hospitality from any organisation or individual with whom they have contact in the course of their work as an inducement either for doing something or not doing something in their official capacity.
  8. Particular care should be taken about any gift from a person or organisation which has, or is hoping to have, a contract with the HEI. Although it is conventional in some parts of the private sector for businesses to exchange seasonal gifts, this is not an acceptable practice in the institution. Gifts of a trivial or inexpensive nature may be accepted, but more substantial or expensive offerings should be declined. If unsolicited gifts of a substantial nature arrive from contractors they should be returned with a polite explanation that the HEI’s rules do not allow their acceptance.
  9. If staff have any doubts about whether an offer of a gift should be refused (it is accepted that refusal of a gift may sometimes cause offence) they should consult their manager, who in turn should discuss the matter with the head of administration if it is considered that the gift should be accepted.
  10. The head of administration is the final arbiter on the advisability of accepting or refusing gifts. If the head of administration considers that a gift cannot be used to support the HEI’s business, he/she may authorise retention of the gift by the individual. Alternatively, if the individual does not wish to retain the gift, arrangements may be made for the gift to be stored until disposal, for example through a local charity.
  11. Staff must record any gifts accepted in the central register. Any queries about the contents of the register should be directed to the head of administration.

    Hospitality

  12. It is accepted that staff sometimes receive conventional hospitality. They may attend, as part of their official function, an event organised by another body for promotional or influential purpose.
  13. Offers of hospitality that exceed this norm should in general be refused. The following items should be avoided:
    • hospitality offered in substitution for fees for broadcasts, speeches, lectures or other work done
    • inducements which could lead to a contractual position between the HEI and a supplier, contractor or consultant
    • substantial offers of social functions, travel or accommodation
    • acceptance of meals, tickets and invitations to sporting, cultural or social events, particularly from the same source.
  14. Particular care should be taken when offered any form of hospitality or gift from a person or organisation which has, or is hoping to have, a contractual relationship with the HEI. If staff have any doubt about whether to accept hospitality offered they should refer the matter to their manager, who in turn may discuss it with the head of administration.
  15. If, exceptionally, the head of administration agrees that there are circumstances that justify the normal level of hospitality being exceeded, this will be recorded in the central register.

Procedures to deter corruption: specimen checklist

Tendering and award of contracts (including appointment and reward of management consultants)

-

Standing orders are laid down and are regularly updated

 

-

Standing orders provide for minimum number of tenders for all major contracts

 

-

Lists of approved suppliers are regularly reviewed and updated

 

-

Standing orders require report and subsequent special authorisation for contracts awarded other than to the lowest bidder

Settlement of contractors’ final accounts and claims

-

Financial regulations provide for independent check by director of finance of certifying officer’s computations

 

-

Continuous audit is carried out of payments of contractors’ interim claims

 

-

Authorisation procedures exist for the selection of nominated suppliers and subcontractors

Pecuniary interests of members and officers

-

Register of governors’ and senior officers’ interests is maintained

 

-

All governors are provided with relevant financial regulations

 

-

Employees are provided with a Code of Conduct including provisions on secondary employment, confidentiality, hospitality, canvassing for appointments, and conflicts of interest

 

-

Register of receipt of hospitality is maintained

Pressure selling

-

Financial regulations require reporting of suppliers engaged in pressure selling activities

Disposal of assets

-

Standing orders or financial regulations define procedures for identifying redundant assets and for their disposal

 

-

For major assets procedures include valuation and/or tender

 

-

Procedures provide for finance committee approval of terms for all major sales

Property developments

-

Standing orders provide no commitment without formal authority after full report of negotiations

 

-

Negotiations to take place in offices of the HEI or the developer within normal hours

Complaints about corruption

-

Arrangements are in place for receiving and investigating complaints about corruption

Specimen fraud response plan

Purpose

  1. The purpose of this plan is to define authority levels, responsibilities for action, and reporting lines in the event of a suspected fraud or irregularity. The use of the plan should enable the institution to:
    • prevent further loss
    • establish and secure evidence necessary for criminal and disciplinary action
    • notify the HEFCE, if the circumstances are covered by the mandatory requirements of the Audit Code of Practice
    • recover losses
    • punish the culprits
    • deal with requests for references for employees disciplined or prosecuted for fraud
    • review the reasons for the incident, the measures taken to prevent a recurrence, and any action needed to strengthen future responses to fraud
    • keep all personnel with a need to know suitably informed about the incident and the institution’s response
    • inform the police
    • assign responsibility for investigating the incident
    • establish circumstances in which external specialists should be involved
    • establish lines of communication with the police.
  2. These matters are dealt with below.

    Initiating action

  3. Suspicion of fraud or irregularity may be captured through a number of means, including the following:
    • requirement on all personnel under financial regulations to report fraud or irregularity to the internal auditor
    • public interest disclosure procedure (‘whistle-blower’s charter’)
    • planned audit work
    • operation of proper procedures.
  4. All actual or suspected incidents should be reported without delay to the internal auditor. The internal auditor should, within 24 hours, hold a meeting of the following project group to decide on the initial response:
    • head of administration (chair)
    • head of internal audit
    • personnel officer
    • finance officer.
  5. The project group will decide on the action to be taken. This will normally be an investigation, led by the internal auditor. The decision by the project group to initiate a special investigation shall constitute authority to the internal auditor to use time provided in the internal audit plan for special investigations, or contingency time, or to switch internal audit resources from planned audits.

    Prevention of further loss

  6. Where initial investigation provides reasonable grounds for suspecting a member or members of staff of fraud, the project group will decide how to prevent further loss. This may require the suspension, with or without pay, of the suspects. It may be necessary to plan the timing of suspension to prevent the suspects from destroying or removing evidence that may be needed to support disciplinary or criminal action.
  7. In these circumstances, the suspect(s) should be approached unannounced. They should be supervised at all times before leaving the HEI’s premises. They should be allowed to collect personal property under supervision, but should not be able to remove any property belonging to the HEI. Any security passes and keys to premises, offices and furniture should be returned.
  8. The head of security should be required to advise on the best means of denying access to the HEI, while suspects remain suspended (for example by changing locks and informing security staff not to admit the individuals to any part of the premises). Similarly, the head of information technology should be instructed to withdraw without delay access permissions to the HEI’s computer systems.
  9. The internal auditor shall consider whether it is necessary to investigate systems other than that which has given rise to suspicion, through which the suspect may have had opportunities to misappropriate the HEI’s assets.

    Establishing and securing evidence

  10. A major objective in any fraud investigation will be the punishment of the perpetrators, to act as a deterrent to other personnel. The HEI will follow disciplinary procedures against any member of staff who has committed fraud. The HEI will normally pursue the prosecution of any such individual.
  11. The internal auditor will:
    • maintain familiarity with the HEI’s disciplinary procedures, to ensure that evidence requirements will be met during any fraud investigation
    • establish and maintain contact with the police
    • establish whether there is a need for audit staff to be trained in the evidence rules for interviews under the Police and Criminal Evidence Act
    • ensure that staff involved in fraud investigations are familiar with and follow rules on the admissibility of documentary and other evidence in criminal proceedings.

    Notifying the HEFCE

  12. The circumstances in which the HEI must inform the HEFCE about actual or suspected frauds are detailed in the HEFCE Audit Code of Practice (HEFCE 98/28 paragraphs 14-15). The head of institution is responsible for informing the HEFCE of any such incidents.

    Recovery of losses

  13. Recovering losses is a major objective of any fraud investigation. The internal auditor shall ensure that in all fraud investigations, the amount of any loss will be quantified. Repayment of losses should be sought in all cases.
  14. Where the loss is substantial, legal advice should be obtained without delay about the need to freeze the suspect’s assets through the court, pending conclusion of the investigation. Legal advice should also be obtained about prospects for recovering losses through the civil court, where the perpetrator refuses repayment. The HEI would normally expect to recover costs in addition to losses.

    References for employees disciplined or prosecuted for fraud

  15. The staff handbook includes a requirement that any request for a reference for a member of staff who has been disciplined or prosecuted for fraud shall be referred to the personnel officer. The personnel officer shall prepare any answer to a request for a reference having regard to employment law.

    Reporting to governors

  16. Any incident matching the criteria in the HEFCE Audit Code of Practice (as in paragraph 12 above) shall be reported without delay by the head of institution to the chairs of both the governing body and the audit committee.
  17. Any variation from the approved fraud response plan, together with reasons for the variation, shall be reported promptly to the chairs of both the governing body and the audit committee.
  18. On completion of a special investigation, a written report shall be submitted to the audit committee containing:
    • a description of the incident, including the value of any loss, the people involved, and the means of perpetrating the fraud
    • the measures taken to prevent a recurrence
    • any action needed to strengthen future responses to fraud, with a follow-up report on whether the actions have been taken.

    This report will normally be prepared by the internal auditor.

    Reporting lines

  19. The project group shall provide a confidential report to the chair of governors, the chair of audit committee, the head of institution, the external audit partner and the head of external relations at least monthly, unless the report recipients request a lesser frequency. The scope of the report shall include:
    • quantification of losses
    • progress with recovery action
    • progress with disciplinary action
    • progress with criminal action
    • estimate of resources required to conclude the investigation
    • actions taken to prevent and detect similar incidents.

    Responsibility for investigation

  20. All special investigations shall normally be led by the internal auditor. Special investigations shall not be undertaken by management, although management should co-operate with requests for assistance from internal audit.
  21. Some special investigations may require the use of technical expertise which the internal auditor does not possess. In these circumstances, the project group may approve the appointment of external specialists to lead or contribute to the special investigation.

    Review of fraud response plan

  22. This plan will be reviewed for fitness of purpose at least annually or after each use. Any need for change will be reported to the audit committee for approval.

Cash

There have been many frauds involving thefts from cash boxes, cash registers and takings at bars, residences, catering outlets, vending machines, and from social funds. Management of cash should include the following:

a. Segregation of duties. Systems should prevent one person from receiving, recording and banking cash. In small HEIs, or where there are many outlets, the system should incorporate additional supervisory management, and unannounced spot checks. Segregation of duties should continue during periods of leave or sickness absence.

b. Reconciliation procedures. An independent record of cash received and banked may deter and detect fraud. Documents used in reconciliation processes, (such as paying-in slips) should not be available to the officer responsible for banking. A very large fraud at an HEI was sustained over a period of years, despite reconciliation procedures, because the officer responsible for receiving and banking cash fraudulently altered paying-in slips to conceal thefts, before reconciliation procedures were performed.

c. The issue of receipts in return for cash received, to provide an audit trail.

d. Physical security, such as key pad controlled cashiers’ offices and safes. Every year HEIs suffer losses because cash is left unsecured, often despite ready availability of safes. Keys and access codes should also be kept secure.

e. Frequent banking.

f. Use of alternatives to cash (vending cards, credit cards, cheques, direct debits, and standing orders).

Cheques

Cheques are often completed in ways which facilitate opportunist fraud; and cheques are sometimes intercepted by organised criminals who falsify payee and value details using sophisticated techniques. Debtors may also be told to make cheques payable to a private account, possibly using an account name which is similar to the HEI’s. Preventative measures include:

a. Physical security. Unused, completed and cancelled cheques should never be left unsecured. If cheques are destroyed, more than one officer should be present, and a record of the serial numbers should be maintained.

b. Frequent bank reconciliations. Some frauds have gone undetected for long periods because accounts have not been reconciled promptly, or because discrepancies have not been fully investigated.

c. Segregation of duties.

d. Use of bank account names which it is difficult to represent as personal names, to prevent the simple theft of cheques in the post and their conversion into cash.

e. Clear instructions to debtors about correct payee details and the address to which cheques should be sent. The address should normally be the accounts department, not the department which has provided the goods or services.

f. Central opening of all post by more than one person, and recording of all cash and cheques received.

g. Rotation of staff responsibilities, including the regular rotation of counter-signatories in accounts departments, to reduce the risk of collusion.

h. Training in secure completion of cheques.

i. Use of electronic funds transfer (EFT) as an alternative to cheques.

j. Occasional checks with local banks of accounts including the HEI’s name. Some HEIs have identified accounts operated contrary to financial regulations, sometimes for personal use.

Purchase ledger

Many of the largest frauds suffered by HEIs have targeted the purchase ledger. Preventative measures include:

a. Minimising little used or unusual account codes.

b. Ensuring that all account codes are effectively monitored by line management.

c. Segregation of duties.

d. Secure management of the creditors’ standing data file, including segregating the origination and approval of new or amended data.

e. Requiring purchase orders for the procurement of all services, as well as goods.

f. The deployment of difficult employees away from purchasing.

All suppliers should be vetted to establish that they are genuine and reputable companies before being added to lists of authorised suppliers.