anti-fraud and theft policy - home - translink | 1 anti-fraud and theft policy (including fraud...
TRANSCRIPT
Page | 1
Anti-Fraud and Theft Policy (including Fraud Response Plan)
Senior Responsible Officer General Counsel & Company Secretary
Division Compliance
Approved by CEO
Version 3.0
Date Issued June 2015
Reference June 2018
Page | 2
1. Scope
The Company requires all staff at all times to act with honesty and integrity and to safeguard the Company resources for which they are responsible. Fraud and theft is an ever-present threat to these resources and hence must be guarded against by all members of staff. The Company views fraud and theft as an extremely serious matter and is committed to the promotion of an anti-fraud and theft culture throughout the organisation. This section explains Company and staff responsibilities in relation to both prevention and detection of fraud and theft.
2. What is fraud?
Overarching Definition: Fraud is when someone obtains financial advantage or causes loss by implicit or explicit deception. Fraud is not a victimless crime and covers acts such as deception, bribery, forgery, extortion, corruption, theft, conspiracy, embezzlement, misappropriation, false representation, money laundering, concealment of material facts and collusion.
Types of Fraud (in the widest sense)
Money laundering - including possessing, dealing with or concealing the proceeds of any crime.
Fraud by false representation
Fraud by failing to disclose information
Fraud by abuse of position
Theft
Computer Misuse or Abuse
Activities which can amount to fraud include the following: (i) Manipulation, falsification or alteration of records or documents (such as untruthful
expenses claims or exaggerated annual leave records); (ii) Suppression or omission of the effects of transactions from records or documents; (iii) Recording transactions without substance; (iv) Misappropriation (theft) or wilful destruction or loss of assets including cash; (v) Deliberate misapplication of accounting or other regulations or policies. (vi) Bribing another person or being bribed by another. (vii) IT and Computer fraud - Manipulating equipment and programs to dishonestly alter,
substitute, destroy, create or suppress data and records. Theft or fraudulent use of IT/computers including the internet is included.
3. Corporate Responsibilities for fraud and theft matters
Managing Public Money Northern Ireland (MPMNI) states that all NI public sector organisations have responsibility for “undertaking thorough investigations where there is suspected fraud and theft taking the appropriate legal and/or disciplinary action in all cases where that would be justified.” “Investigations should consider any control failures and make recommendations on systems and procedures to minimise the risk of a recurrence and departments should also take appropriate disciplinary action where supervisory or management failures have occurred (MPMNI).”
Page | 3
Within Translink’s governance structures the following applies The Board is responsible for: complying with the law and with Translink’s governing authorities such as the Management Statement and Financial Memorandum (MSFM) and MPMNI. Board members are keenly aware that Translink is a public sector body sponsored by the Department for Regional Development (DRD) and that as individual directors each of them has distinct directors’ responsibilities with regard to the fiduciary care and stewardship of public money and company assets. The Board Audit & Risk Committee is responsible for: a range of scrutiny and assurance activities which ultimately provide assurance to the Board and the Accounting Officer on the veracity of financial statements, the efficacy of risk management and the strength and appropriateness of internal control processes which include those designed to prevent and detect instances of fraud and theft. To assist the Board Audit & Risk Committee and the Board discharge its obligations in connection with fraud and theft matters a new Fraud Oversight Board has been created.
A subset of senior leaders shall convene as often as necessary as a Fraud Oversight Board. It will report to and be accountable to the Board Audit & Risk Committee. This committee is appropriate because it retains responsibilities and tasks in connection with reviewing internal control systems, specifically those where the detection of fraud, theft, bribery and corruption are concerned as per its terms of reference.
Fraud Oversight Board is responsible for:
Being ambassadors and standard-bearers for fraud prevention, detection, and reporting;
Ensuring when necessary that this policy is applied or updated, and that the Fraud Response Plan is invoked without undue delay upon the presentation of at least a reasonable suspicion of fraud or theft; and,
Ensuring if necessary that a suitably qualified investigatory panel or an independent third party investigator is appointed as soon as possible (with appropriate terms of reference). The remit of the Fraud Oversight Board is to determine on a case by case basis when and how investigations into suspected or actual fraud shall be carried out. It will be the relevant decision making body which determines when and how the Fraud Response Plan is initiated. It will also determine next steps following on from an investigation. Its primary communication-channel is to the Chairman of the Board Audit & Risk Committee. Accordingly it shall submit updates and reports to Committee meetings if it has met during the period to inform the Committee of its recommendations and any resulting outcomes. In this way, those present at Board Audit & Risk Committee (including the DRD’s observer) will receive up to date information about suspected frauds and their progress.
The Head of Internal Audit shall take the lead in convening the Fraud Oversight Board and circulating correspondence relating to its business. It shall therefore have all necessary power to make recommendations to the Board Audit & Risk Committee but shall have the ability to make recommendations to the full Board and/or the Accounting
Page | 4
Officer depending on urgency and circumstances. The Fraud Oversight Board constituted by this Policy shall comprise the following five senior officials:
Chief Corporate Services & HR Director
Chief Finance Officer
General Counsel & Company Secretary
Group Chief Executive
Head of Internal Audit
All five members shall be invited to participate in every meeting or decision to be taken by the group. A minimum of any 3 from 5 of the named senior officers may meet together or correspond in writing in order to make decisions on matters reserved to the Fraud Oversight Board. In exceptional circumstances of confirmed unavailability of 3 members of the Fraud Oversight Board, 2 members may take decisions for the group. Guidance on when to involve the Police Service of Northern Ireland (PSNI) fraud unit is contained in MPMNI and procedures for doing so is contained in a Memorandum of Understanding between the Northern Ireland Public Sector and the PSNI.
Responsibility for exercising management-related disciplinary powers in the context of fraud rests with the Group Chief Executive.
The Company will ensure DRD is provided with details of all instances of fraud and theft, whether proven or suspected, in line with the Company’s audit & risk committee quarterly cycle through the appropriate registers. In addition, outside of audit and risk committee meetings, summary details of any actual fraud and theft will be reported immediately (within 48 hours of the Company receiving sufficient evidence). The Company will submit an annual fraud and theft return as required or appropriate.
4. Managing the risk of fraud and theft – Individual Responsibilities
The Group Chief Executive as Accounting Officer is responsible for establishing and maintaining a sound system of internal control that supports in large part the achievement of this anti-fraud policy. The system of internal control is designed to respond to and manage the whole range of risks that the Company faces. The system of internal control is based on an ongoing process designed to identify the principal risks, to evaluate the nature and extent of those risks and to manage them effectively.
Managing fraud and theft risk involves:
Developing a fraud risk register and undertaking a regular review of the fraud risks associated with the Company’s activities in order to keep the profile current;
Maintaining an effective anti-fraud and theft policy and fraud response plan;
Designing an effective control environment to prevent fraud and theft commensurate with the fraud and theft risk register;
Establishing appropriate mechanisms for: a) reporting risks of fraud and theft; b) reporting incidents of fraud and theft to the Fraud Oversight Board and the Head
of Internal Audit; c) provision of assurance about the effectiveness of anti-fraud/theft policies;
Page | 5
d) having appropriately recorded management meetings, with clear records and minutes for any discussions or decisions taken about frauds and thefts whether actual or suspected,
e) liaising with the Risk Management Committee and Audit Committee;
Making sure that all staff are aware of the organisation’s anti-fraud and theft policy, that it is reviewed every three years, and that people know what their responsibilities are;
Ensuring that appropriate anti-fraud and theft training and development opportunities are available to appropriate staff in order to meet the defined competency levels (including in respect of fraud investigative practice);
Ensuring that vigorous and prompt investigations are carried out if fraud or theft occurs or is suspected;
Taking appropriate legal and/or disciplinary action against perpetrators;
Taking appropriate disciplinary action against supervisors where supervisory failures have contributed to the occurrence of fraud and theft;
Taking appropriate action against staff who fail to report clear frauds or thefts or who fail to report suspected fraud or theft, providing the suspicion would have been reasonable to assess based on initial evidence;
Taking appropriate action to recover assets where practical and legally possible ; and,
Ensuring that action is taken to minimise the risk recurrence in future.
Senior leaders, executives and managers are responsible for:
Ensuring that an adequate system of internal control exists within their areas of responsibility and that controls operate effectively;
Preventing and detecting fraud and theft;
Educating and informing colleagues about this policy, the fraud response plan, and policies related to financial propriety (such as whistleblowing, or gifts and hospitality);
Assessing the types of risk involved in the operations and functions for which they are responsible;
Regularly reviewing and testing the control systems for which they are responsible;
Ensuring that controls and systems are being complied with and operate effectively;
Implementing new controls to reduce the risk of recurrence in future. Head of Internal Audit is responsible for:
Sitting on the Fraud Oversight Board and taking a guiding and facilitating role to it;
Delivering an opinion to the Group Chief Executive and Audit & Risk Committee on the adequacy of arrangements for managing the risk of thefts and fraud and ensuring that the Company promotes an anti-fraud and theft culture;
Assisting in the deterrence and prevention of thefts and fraud by examining and evaluating the effectiveness of controls commensurate with the extent of the potential exposure/risk in the various segments of the company’s operations;
Ensuring that management has reviewed its risk exposure and identified the possibility of fraud or theft as a material business risk;
Conducting fraud and theft investigations, where appropriate, recognising any advice provided by the Fraud Oversight Board.
Every member of staff is responsible for:
Page | 6
Appreciating that Translink employees are all stewards of public money and public assets;
Acting honestly and with integrity, at all times to safeguard the public resources for which they are responsible and to be alert to the risk of fraud;
Acting with propriety in the use of Company assets and resources (no matter how trivial or low value something is assumed to be such as pens, paper, envelopes, internet resources, and redundant stock such as scrap metal – which although seen as junk by many, is the Company’s property and commands a price in the market);
Handling Company funds whether they are involved with cash or payments systems, receipts or dealing with suppliers;
Using benefits and entitlements wisely and with propriety – such as annual leave allowances, the right to use free parking or travel passes, access to buildings, office facilities and Company equipment;
Being alert to unusual events or transactions which could indicate fraud and theft;
Reporting details immediately through the appropriate channel once a reasonable suspicion of fraud or theft is apparent. Not every minor discrepancy or every mistake on an invoice or shortcut in a process should be reported as a suspected fraud. But such irregularities should always trigger extra vigilance and at least a conversation with a trusted colleague, ideally with a person’s line manager;
Co-operating fully with investigations and internal checks for fraud and theft.
The responsibility for the prevention and detection of fraud and theft, therefore, rests to a large degree with everyone.
5. Fraud Response Plan –Step by Step Guide for Staff at Schedule 1.
The importance of acting quickly and decisively cannot be understated. The Fraud Response Plan contains a clear 3-Step guide for all staff which sets out what must happen in the First 24 Hours, the First 48 Hours and the First 72 Hours from discovery of the potential fraud.
6. Disciplinary/ Legal Action
The Company has legal duties towards public money, towards the propriety of the Company’s conduct, and has a duty of care towards its staff. The Company does not have the option of doing nothing if a fraud is detected.
If a fraud or theft is committed by an employee, then standards required by the contract of employment will have been breached. These are matters of disciplinary procedure and employment law.
Quite apart from this, fraud and theft are crimes. Depending on the quality and sufficiency of evidence collected, the PSNI and the Public Prosecution Service will potentially have a role in enforcement.
The Company will co-operate fully with police enquiries and these may result in the offender(s) being prosecuted. Steps need to be taken to attempt to recover all losses resulting from the fraud or theft. A civil action against the offender may be appropriate. The investigations described above will also consider whether there has been any
Page | 7
failure of supervision. Where this has occurred without good reason appropriate disciplinary action will be taken against those responsible.
7. National Fraud Initiative
The National Fraud Initiative (NFI) is an effective data matching exercise. It compares information held by different organisations and statutory bodies to identify potentially fraudulent claims and overpayments. Translink is committed to the NFI through the sharing of data on the following:
Payroll;
Pensions and;
Concessionary Fares.
Data matches detected in the NFI exercise will be investigated thoroughly and appropriate action taken where fraud is identified. The reporting requirements for NFI related cases are set out in the Fraud Response Plan.
8. Additional guidance & Enquiries
Additional guidance is contained in the following list of key documents readily available from the internet or from any member of the Fraud Oversight Board: a) Managing Public Money Northern Ireland b) DAO (DFP) 11/03, Fraud Management and Fraud Reporting c) HM Treasury Booklet, “Managing the Risk of Fraud” d) DRD Personnel Division Booklet, “Dealing with Suspected Fraud” e) DAO 2/15 Guide to Whistleblowing by NIAO (Amended April 2014) f) The Seven Principles of Public Life (Nolan Principles) g) FD 10/08 Good Practice Guide – Tackling External Fraud
Enquiries about this document should be addressed to either Head of Internal Audit on 02890 415403 or 07739 874281 or to our General Counsel & Company Secretary on 02890258100
Page | 8
SCHEDULE 1 - Fraud and Theft Response Plan
1. Purpose The purpose of this plan is to procedurally support the principles and goals outlined in the Anti-fraud and theft policy. It ensures that timely and effective action is taken in the event of a suspected or actual fraud or theft. The plan aims to help minimise losses and increase the chances of a successful investigation.
The plan defines authority levels, responsibilities for action, and reporting lines in the event of a suspected fraud or theft. The plan acts as a checklist of actions and a guide to follow in the event of fraud or theft being suspected. The plan is designed to enable the Company to:
i. Prevent further loss; ii. Establish and secure evidence necessary for criminal and/or disciplinary action; iii. Determine when and how to contact the police and establish lines of communication; iv. Assign responsibility for investigating the incident; v. Minimise and recover losses; vi. Review the reasons for the incident, the measures taken to prevent a recurrence, and
determine any action needed to strengthen internal controls to prevent future Fraud and Theft;
vii. Keep all personnel with a need to know suitably informed about the incident as the investigation develops including the relevant Line Manager and the Fraud Oversight Board;
viii. Help promote an anti-fraud culture by making it clear to employees and others that the Company will pursue all cases of Fraud and Theft vigorously taking appropriate legal and/or disciplinary action in all cases where that is justified.
2. Action Following Detection: The Importance of the First 24, 48 and 72 Hours
The First 24 Hours: All actual fraud or theft should be reported to line management within 24 hours of detection or discovery. If someone is not sure if they have a reasonable basis for suspecting fraud or theft, or if they feel it inappropriate to inform their direct line manager, they must speak to a senior manager/executive, an internal auditor, or a member of the legal team. This initial reporting must take place within 24 hours of first having the suspicion or having discovered the fraud or theft.
The First 48 Hours: By no later 48 hours after detection, two things should happen:
1) The manager/executive (or auditor or lawyer) who has been informed of the matter
should check if there are any steps which need to be taken to preserve any evidence presented, or indeed whether further evidence can be quickly and carefully obtained.
2) Head of Internal Audit should be informed. This is so he can decide if an initial report can be produced quickly in order to convene or inform the Fraud Oversight Board.
This first report of actual or suspected fraud or theft will take the form of an “Initial Report Form” and should include:
I. Type of wrongdoing;
Page | 9
II. Money, assets, involved;
III. Time and place of incidents/observations;
IV. Frequency and duration of how long it has been going on;
V. How it was detected;
VI. Who is involved or responsible;
VII. Whether there is more than one person involved (collusion with others);
VIII. What the suspected culprit has been told – have they been informed that a
“discrepancy” and “irregularity” has been detected or whether what they are doing is
a fraud or form of theft?;
IX. Recovery - If the Company has lost money or assets through this, can anything be
recovered at this stage (suggestions) and
X. Evidence – how can we preserve existing evidence and how can more helpful
evidence be found
The First 72 Hours: By 72 hours after actual discovery or the creation of a reasonable suspicion (if confirmed as still valid by this stage) the Head of Internal Audit or his nominee should inform and if appropriate convene the Fraud Oversight Board.
3. The Central Role of the Fraud Oversight Board
The Fraud Oversight Board will examine the “Initial Report Form” before deciding collectively in person or by email if the Company’s Fraud Response Plan should be invoked, and if so, who should investigate, when they should do this and how. Matters of urgency dictate that not all members of the Fraud Oversight Board are required to be present in order for taking decisions regarding the Fraud Response Plan. Three members of the five will be sufficient in order to take action (save in exceptional circumstances). The Fraud Oversight Board will also decide who shall inform the Department for Regional Development.
Where confidentiality is sought then reference should be made to the Whistleblowing Policy and the initial report shall mark the need for anonymity if required by the reporting party.
4. Reporting to the Department for Regional Development
Fraud and Theft (suspected or actual) will be reported by the Fraud Oversight Board (or its representative) through to DRD as and when they occur. This will be in addition to the usual reports and registers submitted through the Board Audit & Risk Committee (issued to DRD separately, but also attended by a Departmental observer). This will take the form of an informal communication in cases of extreme urgency or sensitivity but for most occasions, it will take the form of a notification as set out at Appendix A. It will be for the Head of Internal Audit or another senior officer selected by the Group Chief Executive to promptly and comprehensively
Page | 10
report the matter to DRD. DRD should be made immediately aware if there are confidentiality requirements which must be observed.
5. Outside of the Fraud Oversight Board - Reporting to a Fraud Hotline
The Company prefers staff to report fraud and theft concerns through the internal mechanisms in these procedures. But staff can if they wish contact the confidential Fraud Hotline on 0808 100 2716 to raise their concern. While calls to the Fraud Hotline may be made anonymously, staff are encouraged to provide their contact details when raising a concern. The more information held, the more first-hand evidence is collected, the more effective the investigation will be.
6. Reporting to the PSNI
If after convening it is apparent to the Fraud Oversight Board that there is enough prima facie evidence and grounds to alert the PSNI, then this shall be documented and reported in line with the MOU between the PSNI and the Public Sector.
7. Different Types of Investigation
The Fraud Oversight Board will without undue delay make a proportionate assessment as to whether:
a) the suspected fraud/theft should be investigated by management for smaller
matters, or an internal investigatory panel for more complex or sensitive matters requiring greater independence
b) a detailed investigation by Internal Audit is required or a combination of both. (though note, some investigations should be carried out by fully trained and experienced investigators with a knowledge of interviewing suspects and collecting evidence in accordance with the provisions of the Police and Criminal Evidence (Northern Ireland) Order 1989).
c) it may be more appropriate to call in an independent specialist investigator; d) it may be particularly important to seek a PSNI forensic or investigation team
to attend and investigate as quickly as possible
Each of the above kinds of inquiry or investigation should have terms of reference endorsed by the Fraud Oversight Board to fit to the nature and scale of the investigations to be conducted. A Senior Responsible Officer (SRO) should be selected to take the investigation forward ensuring a line of
8. Essential Reminders for Managers a. It shall not be for the reporting party or his or her line manager of their own volition to
start any formal investigation themselves, or to determine what kind of evidence should be collected and how it is to be collected.
b. No disciplinary action should ever be commenced before the Fraud Oversight Board or the Head of Internal Audit have communicated the handling plan to the reporting party, his or her line manager or HR as required.
Page | 11
c. Line managers who are asked by the Fraud Oversight Board to undertake a line of inquiry or a fuller investigation should keep Internal Audit regularly updated (every 2-3 days) as to the status of any fraud investigations in which Internal Audit are not directly involved.
9. MANAGERS’ DUTY OF CARE
Managers conducting either very preliminary initial enquiries to check an allegation of a suspected fraud OR a fuller more formal investigation at the request of the Fraud Oversight Board, must be aware at all times that they are dealing with a sensitive process, with potentially very serious consequences for themselves as well as members of staff involved.
All managers should be aware that comments made by them or information provided to them could become the subject of internal disciplinary action under employment law and /or criminal prosecution where the PSNI may become involved. If such action is later taken then under proper procedure the member of staff concerned has a right to representation and may have the right to remain silent. Utmost care is therefore required from the outset in conducting enquiries and interviews.
In addition, in order to protect the Company from further loss and destruction of evidence, it may be necessary to suspend the member of staff concerned immediately. In such cases, the Head of Internal Audit and the Human Resources Department should be alerted before proceeding to suspend or take any corrective/protective action.
10. PROTECTION OF EVIDENCE
If the initial examination confirms the suspicion that a fraud or theft has been perpetrated, then to prevent the loss of evidence which may subsequently prove essential for disciplinary action or prosecution, management should:
a) Take steps to ensure that all original evidence is secured as soon as possible –
this may be receipts, photographs, cctv, memos, emails; b) Be able to account for the security of the evidence at all times after it has been
secured, including keeping a record of its movement and signatures of all persons to whom the evidence has been transferred. For this purpose all items of evidence should be individually numbered and descriptively labelled;
c) Not alter or amend the evidence in any way; d) Keep a note of when they came into possession of the evidence. This will be
useful later if proceedings take place; e) Remember that all memoranda relating to the investigation must be disclosed to
the defence in the event of formal proceedings and so it is important to carefully consider what important factual information needs to be recorded and what less important, personal commentary or irrelevant side issues do not.
Page | 12
11. Remedies and actions open to the Company
There are three main actions that the Company may pursue as part of its fraud investigation:
a) Conduct the investigation to a criminal standard to maximize the opportunities for a
criminal prosecution. This course of action may include the preparation and submission to the PSNI of an evidence pack. Alternatively, where in-house expertise is available, the investigation can be taken forward with a view to presenting a file to the Public Prosecution Service for direction;
b) Seek redress of any outstanding financial loss through the Civil Courts, if appropriate; and
c) Pursue the internal disciplinary process which may include other staff or management, if there is clear evidence of supervisory failures without good reason.
Independence in the conduct of all fraud investigations is paramount. There should be no unhelpful link between investigating personnel, including the Senior Responsible Officer (SRO) and the fraud or theft case. The independence and integrity of the investigation and investigating personnel must be kept under review by the Fraud Oversight Board which must be kept informed throughout.
12. POLICE INVOLVEMENT – the MOU with the Public Sector
If the Fraud Oversight Board is satisfied that there is prima facie evidence of fraud or theft, then they must report the matter to the police (see exception below).
Consultation with the police at an early stage is beneficial, allowing the police to examine the evidence available at that time and make decisions on whether there is sufficient evidence to support a criminal prosecution or if a police investigation is appropriate. Alternatively, the police may recommend that the Company conducts further investigations and, generally, they will provide useful advice and guidance on how the case should be taken forward.
When reporting a suspected fraud the individual contacting the PSNI should follow the protocols outlined at the following link to the MOU between the PSNI and Public sector on fraud matters @ http://www.dfpni.gov.uk/index/finance/afmd/afmd-corporate-governance/afmd-fraud/mou_-_public_sector_and_psni.pdf
The reporting person should get in touch with the PSNI Organised Crime Branch – Financial Crime Team and state that they wish to make a Statement of Complaint.
A “Command & Control” number should be requested as this will facilitate future updates. Taking direction from the PSNI, the Head of Internal Audit (working with General Counsel and other management) should produce an Evidence Pack. If the police decide to investigate then it may be necessary to postpone internal action and make suitable adjustments to the Company’s own handling plan. However, liaison with the police should be continued at regular intervals and reports prepared on progress made.
Page | 13
**The exception to this is the need to report payment card fraud – the Treasury Manager should inform the Chief Finance Officer (CFO) so that the CFO can inform Head of Internal Audit and Fraud Oversight Board before onward communication to the PSNI if required. Determining factors will typically include transaction value, date of transaction and service, chargeback reason code, type or card transaction or identified patterns. All these considerations form part of the chargeback monitoring program.
14. Learning From Experience
Following completion of any fraud investigation and resulting case, the Investigating Officer will prepare a summary report on the outcome and lessons learned circulating it to all other interested parties who must take the appropriate action to improve controls to mitigate the scope for future recurrence of the fraud or theft.
15. Fraud and Theft Register Templates
The Head of Internal Audit will take responsibility for ensuring that the Fraud and Theft Register is updated with all the appropriate details including the value of any loss to the Company as a result of the fraud or theft. The fraud and theft registers will be updated for each quarterly Audit & Risk Committee meeting. Each time the register is updated a copy will be immediately be sent to DRD.
Page | 14
Appendix A
Translink Fraud Register
Status ID
Code
Date of
Discovery
Value Location Description
of Event
Manager
Carrying out
Investigation
Outcome Action
Translink Theft Register
Status ID
Code
Date of
Discovery
Value Location Description
of Event
Manager
Carrying out
Investigation
Outcome Action
Anti-Fraud and Theft Policy including Fraud Response Plan t
Page | 15
Appendix B: Flow Chart for reporting of Fraud or Suspected Fraud
Fraud Suspected/
Detected
Inform Line
Manager / Superior
Whistleblower Hotline
Document Verbal Report
Line Manager
Details of issue discussed and initial report documented
Urgent Criminal Matter
Yes
No
Contact Group
Management
Contact DRD
Fraud Confirmed
Produce Report for
management review
No
Document findings Investigation
Secure evidence
Yes
Criminal Proceedings
Proceed with detailed
investigation
Key
Initial Action
Key Decision
Decision
Document
Contact Internal Audit Department
( Centrally Co - Ordinate )
Internal Audit liaise with
Management
Management should consider impact of investigation and
disciplinary procedures
Issue of Final Report including
suggestions
Police involvement actioned by
Internal Audit
Procedure
Key Procedure
Report concluded – Update Fraud
Register Periodic update
to Audit Committee
Initial Investigatory work on suspected fraud to determine
impact Update Fraud Register
and inform DRD directly if appropriate
Key
Anti-Fraud and Theft Policy including Fraud Response Plan t
Page | 16
Appendix C: Flow Chart for Line Management Decisions in relation to Fraud
Have you Detected / Suspect
an instance of fraud
Yes No
Are you the
relevant line
manager
No further action
required at this
point
Have you performed initial
investigatory work of the
suspected fraud
Have you contacted the
relevant line manager/
Superior
Yes No
No further action
required at this
point
NoYes
Have you considered the impact of
the suspected fraud during the
investigation carried out
Perform initial investigatory
work immediately on the
suspected fraud
NoYes
Assess the impact of the
suspected fraud following the
initial investigation
End action
Key Information
Contact the relevant
line manager/superior
Does the initial fraud investigation indicate the
presence of fraud as defined by policy and
therefore should an additional review be
carried out
Assess the impact of the
suspected fraud following
the initial investigation
Contact the Internal audit
department
Document the findings from
the initial investigatory review
conducted
Contact the internal audit
department to provide a report
of the incident and agree dates
for update meetings
Yes No
Document your understanding
of the fraud following the initial
investigation carried out
Provide the report to the
internal audit department and
agree action to be taken
Does the initial fraud investigation indicate the
presence of fraud as defined by policy and
therefore should an additional review be
carried outYes No
Contact the Internal
audit department
Document your
understanding of the
fraud following the
initial investigation
carried out
Provide the report to
the internal audit
department and agree
action to be taken
Document the findings from
the initial investigatory review
conducted
Contact the internal audit
department to provide a
report of the incident and
agree dates for update
meetings
Internal Audit contact
names & Numbers Internal Audit contact
names & Numbers
Internal Audit contact
names & Numbers
Internal Audit contact
names & Numbers
Yes No
KEY
Diagrammatic view of suggested line manager
decision tree in Translink/NITHco
Appendix D
Contact Fraud Oversight
Board