Academy trust guide to reducing fraud

Information to help academy trusts manage the risk of fraud and report instances of fraud to the Education and Skills Funding Agency.


This guide will help academy trusts to:

  • reduce the risk of fraud or financial irregularity
  • deal with fraud within your academy trust, should it occur
  • report fraud, theft and/or irregularity to ESFA
  • be aware of and manage cyber crime risks

Fraud and types of fraud

Fraud is deception carried out in order to gain an unfair advantage or to disadvantage another. It may involve the misuse of funds or other resources, or the supply of false information.

Although there are low levels of fraud within the academies sector, trusts should be vigilant to the risks.

Common types of fraud in the UK include theft, fictitious and falsification of invoices, credit card fraud.

Cyber crime and cyber security

Trusts should be vigilant and proactive in relation to cyber crime and have cyber security arrangements in place. To support this we’ve published guidance on cyber crime and a security checklist for education providers.

Fraud risk management strategy

Annex 4.9 of the HM Treasury publication Managing Public Money highlights the responsibilities and expectations of public sector organisations in relation to fraud. An effective fraud risk management strategy involves:

  • assessing your overall vulnerability to fraud
  • testing your internal control system to ensure it is robust.
  • identifying the areas most vulnerable to fraud risk, the list of potential fraud indicators may support this review
  • evaluating the scale of fraud risk
  • responding to the fraud risk through improved control arrangements
  • measuring the effectiveness of the risk strategy to potential fraud
  • reporting fraud

The most effective way to manage the risk of fraud is to prevent it from happening by developing an effective anti-fraud culture. You can use the anti-fraud checklist for academy trusts to support this assessment.

Fraud response plan

An organisation’s response to fraud risk should be customised to the risks it faces. Typically, it will involve some or all of:

  • developing a fraud policy statement, a fraud risk strategy and a fraud response plan: every organisation should have these documents
  • developing and promoting an anti-fraud culture, maybe through a clear statement of commitment to ethical behaviour to promote awareness of fraud; recruitment screening, training and maintaining good staff morale can also be important
  • clarifying roles and responsibilities for the overall and specific management of fraud risk
  • establishing cost-effective internal systems of control to prevent and detect fraud
  • confirming contacts and routes for staff to report suspicions of fraud, including developing a whistleblowing policy
  • responding quickly and effectively to fraud when it arises
  • establishing systems and processes for investigations into allegations of fraud
  • where appropriate, using your internal audit function to advise on fraud risk and draw on their experience to strengthen control
  • continually evaluating the effectiveness of anti-fraud measures in reducing fraud

It is good practice to measure the effectiveness of actions taken to reduce the risk of fraud. You can obtain assurances measures from internal audit, stewardship reporting, control risk self-assessment and monitoring activity.

Reporting fraud

The Academies Financial Handbook confirms trusts must notify ESFA of any instances of fraud, theft and/or irregularity exceeding £5,000 individually, or £5,000 cumulatively in an academy’s financial year. Any unusual or systematic fraud (eg regular occurrences of low value theft), regardless of value, must also be reported. As set out in paragraph 4.8.2 of the Handbook you will need to notify ESFA using the online enquiry form providing:

  • full details of the event(s) with dates
  • the financial value of the loss
  • measures taken by the trust to prevent recurrence
  • whether the matter was referred to the police (and if not, why)
  • whether insurance cover or the risk protection arrangement has offset any loss

ESFA does not tolerate fraud and takes quick and decisive action where it is uncovered. This includes commissioning an investigation or, in certain instances, referring cases directly to the police.

Other resources

ESFA and the Institute of Schools Business Leadership (ISBL) have developed the ESFA academies library of policy documents, templates and other resources. This includes a factsheet on fraud with a number of case studies for useful reference.

We’ll provide fraud updates and alerts using the ESFA e-bulletin.

Other useful resources include:

ESFA enquiries

For all enquiries for the Education and Skills Funding Agency

Published 5 October 2016
Last updated 23 March 2018 + show all updates
  1. Updated content and added a new cyber security checklist for academy trusts

  2. First published.