Roscommon County Council. Fraud Prevention and Contingency Plan

Transcription

1 Roscommon County Council Fraud Prevention and Contingency Plan

2 Table of Contents Table of Contents Introduction Policy Statement Definitions Definition of Fraud Definition of Corruption Fraud & Corruption Prevention Plan Risk Assessment and Management Internal Controls Roles and Responsibility Management s Responsibility Responsibility of the Human Resources Function Responsibility of the Finance Section Line Manager s Responsibility Staff Responsibility Councillors Responsibility Internal Auditor s Responsibility Fraud & Corruption Contingency Plan Discovering and Reporting Fraud and Corruption Investigating Fraud and Corruption Approval Appendix 1: Fraud and Corruption Investigation Checklist

3 1. Introduction This document clearly sets out the policy of Roscommon County Council in relation to Fraud and Corruption. The policy gives guidance to all staff and members in the carrying out of their duties with regard to the issues of fraud and corruption if they arise. This policy document comprises of: Policy Statement Definitions Fraud & Corruption Prevention Plan Fraud & Corruption Contingency Plan It is imperative that all members and staff are aware of the threat of fraud and corruption in their daily duties and aware of their personal obligations as laid down in this policy document. 2. Policy Statement Roscommon County Council endeavours to achieve openness, transparency and accountability by establishing best practice by carrying out reviews and regular monitoring of activities and functions thus creating an environment that deters fraud. Suspected fraud and/or corruption will be investigated and appropriate action taken. Recovery of losses arising from fraud and/or corruption will be pursued. Disciplinary action will be taken against employees involved in fraud and action may also be taken against employees whose negligence through lack of supervision and control may have facilitated the event. Prosecutions will be pursued, as appropriate. 3

4 3. Definitions 3.1. Definition of Fraud Fraud is defined as the intentional distortion of financial statements or other records by persons internal or external to the organisation which is carried out to conceal the misappropriation of assets or otherwise for gain. Internal fraud could include the following: False accounting Falsification of expenses Theft of cash and alteration of records to conceal deficiency Payment of false invoices Failure to account for monies collected Dealing inappropriately with claims Examples of external fraud include: Fraudulent compensation claims False statements in grant applications 3.2. Definition of Corruption Corruption may be defined as a payment, favour or gift given to an employee or member of the Council as reward, or incentive for actions, or inactions, contrary to the proper conduct of one s duties. Corruption happens when public office is used for private gain. Examples of corrupt practices include: Acceptance of a bribe e.g. cash payment, inducement, job offer, holiday, political favour etc. to circumvent the policies of the Council Collusion to steal local authority resources Performing duties in a partial manner Some of the more common activities prone to corruption are: Disposal of assets Grant of planning permission Administration of contracts and consultancies Procurement of goods and services Staff appointments and staff promotions The Ethics Framework Part 15 of the Local Government Act 2001 requires all relevant staff and Elected Members to complete a declaration of interest by the last day of February each year. A public register is compiled from the completed declarations. Also if during the normal course of their duties such an employee or member comes across a matter that they or a connected person has a pecuniary or beneficial interest in they must disclose it in writing and such disclosures are appended to the Public Register. Section 168, Part 15 of The Local Government Act, 2001 states In carrying out their functions under this or any other enactment, it is the duty of every member and every employee 4

5 of a local authority and of every member of every committee to maintain proper standards of integrity, conduct and concern for the public interest. Section 169 of Part 15 of The Local Government Act, 2001 refers to National Codes of Conduct for Local Authority members and employees, which outlines the standards expected of members and employees in the performance of their duties and with matters which will help to uphold public confidence in the integrity of the discharge of Local Authority functions. Section 170 of the Local Government Act 2001 states: An employee or a member of a local authority or of a committee of a local authority shall not seek, exact or accept from any person, other than from the local authority concerned, any remuneration, fee, reward or other favour for anything done or not done by virtue of his or her employment or office. 5

6 4. Fraud & Corruption Prevention Plan The most efficient method of preventing the threat of fraud and corruption is to have a culture of awareness and responsibility within the organisation. This begins with the council members and continues with every staff member individually and collectively Risk Assessment and Management Risk is the threat that an event, action or failure to act will adversely affect an organisation s ability to achieve its objectives or successfully execute its strategies. Risk Management is the process by which risks are identified, evaluated and controlled. Systematic risk assessment and management is becoming an increasingly important part of internal control as its identification and management is seen as necessary to maximise the likelihood of achieving desired outcomes. The risks to be addressed as part of a risk management programme are wide ranging and include strategic, operational, financial and reputational risk. A risk strategy does not mean that sensible risks should not be taken but that they should be properly assessed and managed. There are three broad categories of risk which need to be examined in developing a fraud and corruption prevention strategy: Personnel In common with all local authorities, staff are selected based on merit and candidates are assessed by interview boards. However, once staff are part of the organisation the traits and behaviour of personnel that lead to or indicate the possibility of fraud and/or corruption are the same: Employees who do not take holidays Employees who have extravagant lifestyles Employees who have a grievance against their employer Employees who keep responsibility for functions they could easily delegate Employees who obtain full control of an area of work. It is important to remember that a staff member to whom all or any of the above applies should not be considered a suspect on that account. Nevertheless these are all aspects of staff behaviour that should be regularly reviewed by line and senior managers. Structural/Physical Roscommon County Council s headquarters are located at the Courthouse, Roscommon, however the operations of the Council are carried out at various locations across the County. It is the responsibility of staff, no matter what part of the County they work in to be aware of the possibilities of fraud and corruption and to implement the controls designed to prevent it. As part of fraud and corruption prevention and awareness, physical access controls must be reviewed regularly. Restricting access to cash, goods, stores, computers, documents including official certificates and stamps and premises are a critical element in reducing the risk of fraud and corruption. Operational/Financial The scale of risk to any of Roscommon County Council s operations is likely to be related to: The amount of money involved The complexity of the operation The frequency and effectiveness of the Council s controls 6

7 Risks can be reduced by: Assessing the quality of certification issued by other bodies e.g. invoices, delivery dockets etc. Good file maintenance and clear audit trails Ensuring segregation of duties between authorisation, payment and reporting functions and within these functions Rotation of staff Supervisory checks 4.2. Internal Controls Internal Controls are embedded within the management systems in Roscommon County Council. Their purpose is to provide a secure framework and reduce the risk of fraud occurring. The methods of control, common to all areas that should be reviewed regularly by management are: Organisation The Council has a clear plan of the organisation that defines and allocates roles, responsibilities, reporting lines and delegation of authority. Segregation of Duties No one person should have responsibility for the recording and processing of a complete transaction; several people involved reduces the risk and increases the element of checking. Key areas of segregation include authorisation, execution, custody and recording. Where segregation is not feasible it will be managed by close supervision. Physical Controls Procedures and security measures concerning access to facilities and physical and intellectual assets of the authorities must be adhered to and reviewed regularly. Breaches must be reported to the Director of Services for Corporate Affairs or the County Manager immediately. Authorisation and Approval All transactions require authorisation and approval by a specified person within approved limits. Authorisations can be physical or electronic. Arithmetic and Accounting All transactions must be checked for accuracy and authorisation, completeness of documentation and must be correctly processed and recorded. Personnel Controls Controls are in place relating to the selection of staff, training and evaluation of competencies for roles. Supervision All areas are subject to checking by supervisory personnel. The level of supervision is determined by the level of residual risk in the activity. Management All line managers are required to ensure that all internal controls for their area of responsibility are documented, communicated and adhered to. Management are also required to adhere to controls in relation to management accounts, budgets, internal audit and any other documented special review procedures. 7

8 4.3. Roles and Responsibility Management s Responsibility Management is committed to the highest standards of openness and accountability in all processes. The role of management in developing and monitoring a risk managed framework in the organisation which would reduce the likelihood of fraud is crucial to the effectiveness of the framework that will be put in place. The potential for fraud and corruption can be reduced and curtailed where the County Manager cultivates within the authority a climate where: Senior officers and members provide leadership and good example A strong operational control environment has been developed and is maintained A high level of transparency and accountability exists Probity and propriety are manifest in procedures Physical security and visitor control are constantly reviewed Systems security to prevent improper usage of computer systems and monitoring of their use. In addition, the County Manager should: Ensure there is a pervasive awareness within the authority of the procedures in relation to the control and prevention of fraud and corruption Make it clear that there is a clear commitment to the prevention of fraud and corruption and that it will be dealt with thoroughly, if uncovered Guarantee that reporting employees or members will be supported and that reprisals will be treated seriously and could be subject to disciplinary measures Responsibility of the Human Resources Function A key preventative measure to deter fraud and corruption is to take effective steps at the recruitment stage to establish, as far as possible, the previous record of potential employees in terms of their propriety and integrity. The responsibilities of the Human Resources Function in relation to fraud and corruption prevention are as follows: Security vetting of staff Ensuring detailed appraisal of staff during probationary periods are submitted by line managers Issuing of rules of conduct on appointment and following up with induction training Maintaining documented disciplinary procedures. Ensuring fraud and corruption awareness training is included in training programmes for staff at all levels Monitoring areas of high turnover of staff and areas of high levels of sick leave and monitoring annual leave patterns 8

9 Responsibility of the Finance Section The Finance Section has a responsibility to ensure the financial resources of the organisation are used correctly and to ensure systems and processes are in place to minimise the possibility of fraud. To help with this aim the Finance Section should: Working with Internal and External Audit to demonstrate the County Council used resources appropriately Ensure the Financial Management System has security measures in place Work with the rest of the organisation so that there are clear separation of duties in regard to cash collection and the purchasing of goods Issue guidelines and ensure compliance to Accounting Standards and national guidelines Work with Budget Managers, so that budgets are adhered to and value for money is obtained at all times Line Manager s Responsibility Line managers are expected to set example by complying fully with procedures and controls. Line managers should: Ensure that financial controls and procedures are understood by their staff Check on the application of these controls regularly Regularly review control procedures and update them where necessary Ensure the rotation of staff, within departments, where possible Staff Responsibility Every member of staff has a responsibility to: Ensure that public funds/assets that are entrusted to them are safeguarded Comply fully with the Code of Conduct Inform line manager/supervisor of any gifts/hospitality offered Inform line manager of any outside interests that may conflict with their official duties Alert line manager to any weaknesses in the control system Alert line manager and/or the Internal Auditor to any case of fraud or corruption or suspected fraud or corruption Assist in any investigation which may arise in respect of fraud or corruption or suspected fraud or corruption. Be aware of Roscommon County Council s policy on fraud and corruption Councillors Responsibility The general conduct and behaviour of County Councillors in carrying out their role is an important yardstick by which the honesty, integrity, impartiality and performance of local government is judged and public trust maintained. It is therefore important that the Code of Conduct for Councillors, issued in June 2004, is referred to in maintaining the highest possible ethical standards. To help ensure that risks are minimised, Members should: Avoid conflicts of interest and never seek to use improper influence Make decisions based solely on the consideration of the public interest and common good Serve their local authority and its people conscientiously Promote equality and avoid bias Perform their functions in a responsible and diligent manner 9

10 Have regard for Council resources Internal Auditor s Responsibility Internal Audit is governed by a Charter, which set out the terms of reference under which it operates. It is a function designed to provide reasonable assurance to management that the organisation s significant risks are being appropriately managed with an emphasis on internal controls and governance processes by: Promoting procedure manuals which identify risks and controls in place Evaluating risk identification and risk managed processes Providing clear recommendations where control weaknesses have been identified Providing a consultancy and quality assurance role in relation to internal controls and procedures Ensuring risk management and systems of controls are being monitored in response to the changing environment Undertaking a planned programme of work, prioritised in accordance with the relative risk level. Ensuring audit work takes account of the possibility of fraud and corruption 10

11 5. Fraud & Corruption Contingency Plan 5.1. Discovering and Reporting Fraud and Corruption Management and staff are likely to have little experience in dealing with fraud and corruption and when suspected cases arise, may be unsure of appropriate action to take. The objectives of this response plan are to provide a documented framework, to which staff and elected members in the Roscommon County Council can refer in the event that fraud and corruption is suspected or reported. It aims to ensure that in the event of fraud and corruption, timely and effective action is promptly and competently taken to: Prevent further losses Identify fraudsters and those acting corruptly Safeguard evidence for possible prosecution Recover any losses possible Minimise adverse publicity Reduce any negative effect on the organisation Learn lessons The plan is intended to be proactive and preventive - to identify, report, investigate and eliminate. Employees or members will often be the first to see or suspect a fraud or the possibility of corruption. However, unless they have confidence that the problem will be tackled, and that there will be no reprisals either personally, or for their career, they may not be inclined to disclose their suspicions Staff and elected members have a responsibility to report suspicions of fraud. Roscommon County Council is committed to supporting and protecting staff that raise legitimate concerns and all cases will be dealt in the strictest confidence. Staff must report suspected fraud/corruption to a senior officer, line manager (if appropriate) or the Internal Auditor. The report should preferably be in writing but will be acceptable by phone, message, or post. The details of any suspected fraud/corruption should be recorded in a timely and accurate manner. The recorded details, if not in writing, should be repeated to the reporting employee or member to confirm understanding and all the details stored in a manner to guarantee their confidentiality. Where there are genuine grounds to suspect fraud the Internal Auditor will notify the Management Team and submit his / her recommendations that may include reporting the matter to the Gardaí Investigating Fraud and Corruption On being detected or reported, fraud and corruption should be investigated by someone other than the direct supervisor in the area to ascertain the scale of the problem and how best to proceed. It may be necessary in certain situations to retain external persons and special investigative techniques. Management should also take whatever steps are necessary to prevent further losses e.g. by changing the roles of staff, amending access to the Financial Management Systems, password controls and other systems controls without compromising the quality of evidence or alerting the perpetrators. In the event of a major fraud or corrupt situation, the matter should be dealt with in accordance with Roscommon County Council s Disciplinary Procedures. It should also be determined if and when the civil authorities are brought in. Measures should also be put in place to prevent the destruction of evidence. 11

12 It is important to proceed with an assumption of innocence of all concerned until the evidence clearly shows otherwise. In every case where fraud is proven disciplinary action will be instigated. Of primary importance, regardless of the method of reporting, is the need to put staff at ease since the decision to report is traumatic for the individual concerned. Employees (or others) reporting fraud must be assured that all information will be dealt with in the strictest confidence and that their anonymity will be preserved as a matter of policy, unless that is incompatible with a full and fair investigation. Where a member of staff alerts a line manager and or Internal Auditor to possible fraud the following steps should be taken: All reports of fraud or suspected fraud must be taken seriously Act quickly to minimise any losses Bear in mind that it is only an allegation until the outcome of an investigation is known Preserve any evidence Report immediately to the Director of Services / Head of Finance and the Internal Auditor if not already notified Remove any evidence e.g. records, documents, computer equipment etc. to a safe location Inform person who made initial report of what is happening Where particular expertise may be required to assist in an investigation, Management may direct staff with the necessary expertise to assist with any investigation. Staff involved in investigating will ensure that quick and effective action is taken. The scope of the investigation may initially be limited until there is sufficient evidence to support the suspicions. Details of the report of the suspicion of fraud should be recorded immediately along with the reasons that gave rise to the suspicions in order to clarify if a genuine mistake was made or an irregularity occurred. Employees should be aware that any irregularities will be investigated. As part of any fraud investigation, Internal Audit may need to interview staff. In such cases staff will be informed of their right to trade union or other representative at the interview. In the case of a major fraud the suspected perpetrator may be suspended while the investigation is in progress. Suspension will not imply guilt but is a safeguard to protect the Organisation and the employee from the loss or damage of evidence. Any disciplinary action which may be required as a result of an investigation will be carried out in accordance with Roscommon County Council s Disciplinary Procedures. There will be consistent handling of all cases for all staff irrespective of grade or length of service. 12

13 6. Approval This Fraud and Corruption Plan was approved on the 1 st June County Manager 13

14 Appendix 1: Fraud and Corruption Investigation Checklist Report suspicions to appropriate officer or Internal Auditor. Appropriate officer should make an immediate note of everything reported. Repeat these notes to whoever is reporting the details to establish understanding. Don t rush in consider and plan. Establish facts without alerting any one. Confirm details with another person in the authority or examine documents if appropriate. Maintain confidentiality. Take steps to minimise any immediate further losses if this is possible without alerting suspect. Consider legal implications. Carry out initial investigation to establish substance of allegation(s). Agree if further investigation is required and who will undertake it. Agree a remit; establish scope of investigation and reporting deadlines. Ensure investigating team have adequate resources, including secure storage. Implement disciplinary proceedings in accordance with Roscommon County Council s Disciplinary Procedures. Secure any evidence. Assume the worst case scenario in terms of losses and staff involved. Hold regular progress meeting at which progress and agreed action is documented. Identify all internal and external sources of information and evidence. Prepare for interviews thoroughly. Do not interview one to one offer all interviewees the opportunity to have a witness/representative, and have two interviewers. Document and reference all sources of evidence, including interview notes. Hand investigation over to the Gardaí as soon as sufficient evidence suggests criminal activity has taken place. If enquiry is inconclusive, consider what internal measures need to be taken commission further investigation, changes in procedures, disciplinary action, transfer of staff, external reporting requirements etc. On completion of investigation hold a review of the process to consider what lessons need to be learned for the future. Findings of all investigations conducted and regardless of outcome must be reported to the County Manager and all proven cases of fraud and corruption referred to the Gardaí. 14