Academies: guide to reducing any risk of financial irregularities
Guide for academy trusts on reducing the risk of fraud and reporting it to the Education Funding Agency.
This guide is for all academy trusts and will help you to:
- reduce the risk of fraud or financial irregularities
- deal with fraud within your academy trust, should it occur
- report fraud, theft and/or irregularity to the Education Funding Agency (EFA)
What is fraud?
Fraud is deception carried out in order to gain an unfair advantage or to disadvantage another. It may involve the misuse of funds or other resources, or the supply of false information.
Types of fraud
Although there are low levels of fraud within the academies sector (currently allegations with an outcome of fraud represent less than 1% of the total number of academies), trusts should be vigilant to the risks.
Common types of fraud in the UK include theft, fictitious invoices, falsification of invoices and credit card fraud. Trusts should also be vigilant to the increasing risk of cybercrime involving malicious attacks on computer software and email hacking. People can illegally gain access to an email account in various ways, many of which rely on user behaviour, including:
- opening and responding to spam emails
- opening emails that contain viruses
- opening phishing email messages that appear to be from a legitimate business
Phishing messages look authentic and often have corporate logos and a similar format to official emails, but they ask for verification of personal information such as account numbers, passwords, and dates of birth. Unsuspecting victims who respond may suffer stolen accounts, financial loss and identity theft.
Malvertising is about compromising your computer, by downloading a short malicious code on to it, when you hover on or click on an advertisement. Some adverts will even download malicious code to your computer, while the website is still loading in the background. Cybercriminals are using advertisements as a means to hack into computers.
What should trusts do?
To comply with the requirements of paragraph 4.8.1 of the Academies Financial Handbook and address the risk of fraud, theft and/or irregularity trusts should consider the following:
Fraud risk management strategy
Annex 4.9 of the HM Treasury publication ‘Managing Public Money’ highlights the responsibilities and expectations of public sector organisations in relation to fraud. An effective fraud risk management strategy will involve:
- assessing the organisation’s overall vulnerability to fraud organisation and test your internal control system to ensure it is robust - the anti-fraud checklist can be used to support this assessment
- identifying the area’s most vulnerable to fraud risk - the list of fraud indicators (MS Word Document, 354KB) may support this review
- evaluating the scale of fraud risk
- responding to the fraud risk through improved control arrangements
- measuring the effectiveness of the risk strategy to potential fraud
- reporting fraud
The most effective way to manage the risk of fraud is to prevent it from happening by developing an effective anti-fraud culture.
Fraud response plan
An organisation’s response to fraud risk should be customised to the risks it faces. Typically it will involve some or all of the following:
- developing a fraud policy statement, a fraud risk strategy and a fraud response plan: every organisation should have these documents
- developing and promoting an anti-fraud culture, for example, through a clear statement of commitment to ethical behaviour to promote awareness of fraud: recruitment screening, training and maintaining good staff morale can also be important
- clarifying roles and responsibilities for the overall and specific management of fraud risk
- establishing cost-effective internal systems of control to prevent and detect fraud
- confirming contacts and routes for staff to report suspicions of fraud, including developing a whistleblowing policy
- responding quickly and effectively to fraud when it arises
- establishing systems and processes for investigations into allegations of fraud
- continuously evaluating the effectiveness of anti-fraud measures in reducing fraud
- where appropriate, use your internal audit function to advise on fraud risk and draw on their experience to strengthen control
It is good practice to measure the effectiveness of actions taken to reduce the risk of fraud. Assurances about these measures can be obtained from internal audit, stewardship reporting, control risk self-assessment and monitoring activity.
The Academies Financial Handbook confirms trusts must notify EFA of any instances of fraud, theft and/or irregularity exceeding £5,000 individually, or £5,000 cumulatively in an academy’s financial year.
Any unusual or systematic fraud (such as regular occurrences of low value theft), regardless of value, must also be reported. As set out in paragraph 4.8.2 of the Handbook, you will need to notify EFA using the contact form and provide:
- full details of the event(s) with dates
- the financial value of the loss
- measures taken by the trust to prevent recurrence
- whether the matter was referred to the police (and why if not)
- whether insurance cover or the risk protection arrangements have offset any loss
EFA does not tolerate fraud and takes quick and decisive action where it is found, including commissioning an investigation to be undertaken or in certain instances referring cases directly to the police.
The National Association of Schools Business Management (NASBM) has developed a good practice library of policy documents and templates in conjunction with EFA, including a factsheet on fraud, which includes case studies.
Working with a group of academy business managers, EFA will provide other important fraud updates through this guidance, and alert you to these through the EFA e-bulletin.
Useful links for information and latest scam alerts:
- Whistleblowing for employees
- City of London police: fraud and economic crime
- Action Fraud
- Chartered Institute of Public Finance and Accountancy (CIPFA) counter-fraud centre
- How to raise a concern about an academy
The ten questions below are intended to help academy trust governors, accounting officers and heads of finance to review their arrangements for preventing, detecting and dealing with fraud should it occur. The arrangements each trust will have in place will vary according to size, complexity and structure.
- Are the trust’s governors and accounting officer aware of the risk of fraud and their responsibilities regarding fraud?
- Is fraud included within the remit of the trust’s audit committee or equivalent?
- Has the role of the trust’s external auditor and responsible officer or equivalent regarding fraud been established and is it understood?
- Is fraud risk considered within the trust’s risk management process?
- Does the trust have a fraud strategy or policy and is there a ‘zero tolerance’ culture to fraud in the trust?
- Is the fraud strategy or policy and ‘zero tolerance’ culture promoted within the trust, for example through financial regulations, disciplinary procedures, checks on new staff, induction process, staff training, vetting of contractors?
- Does the trust have policies on whistleblowing, declaration of interests and receipt of gifts and hospitality?
- Does the trust have appropriate segregation of duties?
- Is it clear to whom suspicions of fraud in the trust should be reported?
- If there has been any fraud in the trust has a ‘lessons learned’ exercise been undertaken?
Contact form https://form.education...
For all enquiries for the Education Funding Agency