Policy on Fraud
File code: ADM.FRAUD.POL
Approval Date: 8/4/2008
Approved By: President
The Fraud Policy is established to facilitate the development of controls that will aid in the detection and prevention of fraud against Western Illinois University. It is the intent of Western Illinois University to promote consistent organizational behavior by providing guidelines and assigning responsibility for the development of controls and conduct of investigations.
This policy applies to any irregularity, or suspected irregularity, involving employees as well as consultants, students, vendors, contractors, outside agencies, and/or any other parties with a business relationship with Western Illinois University (WIU).
Any investigative activity required will be conducted without regard to the suspect’s length of service, position/title, or relationship to WIU.
Management, with the assistance of all employees, is responsible for the detection and prevention of fraud, misappropriations, and other irregularities. Fraud is defined as the intentional false representation or concealment of a material fact for the purpose of inducing another to act upon it to his or her injury (as defined by the American Institute of Certified Public Accountants). University administrators and all levels of management are responsible for establishing and maintaining proper internal controls that provide security and accountability for the resources entrusted to them. Each member of the management team will be familiar with the types of improprieties that might occur within his or her area of responsibility and be alert for any indication of irregularity.
Any irregularity that is detected or suspected must be reported immediately to the Internal Auditing Office, who coordinates all investigations with the Legal Counsel/Ethics Officer and other internal and external areas affected.
Actions constituting fraud can be defined as defalcation, misappropriation, and other fiscal irregularities which refer to, but are not limited to:
- Embezzlement (e.g. theft of cash, using WIU procurement card or accounts payable systems to purchase personal items).
- Collusion with others to circumvent internal controls.
- Forgery or alteration of documents (e.g. checks, time cards, receipts, contracts, purchase orders, expense reimbursement paperwork, student bills, electronic files, bids, or other financial documents).
- Fraudulent financial reporting.
- Misappropriation or misuse of University resources (e.g. cash, securities, inventory, facilities, equipment, services, supplies, or other assets).
- Impropriety in the handling or reporting of cash or financial transactions.
- Disclosing to other person’s securities activities engaged in or contemplated by WIU (e.g. preliminary official statements in connection with bond issuances).
- Accepting or seeking anything of material value from contractors, vendors, or persons providing services/materials to WIU. Exception: Gifts less than $75 in value.
- Authorization or receipt of payment for goods not received or services not performed (e.g. payments to fictitious employees or vendors).
- Submitting multiple vouchers for the same expense reimbursement.
- Using WIU tax exempt status for purchase of personal items (via any method).
- Authorization or receipt of unearned wages or benefits.
- Unauthorized distribution or theft of student, staff, or faculty excess food points.
- Personal use of University property in commercial business activities.
- Identity theft.
- Conflict of interest, ethics violations.
- Destruction, removal, or inappropriate use of records, buildings, furniture, fixtures, and equipment.
- Any similar or related irregularity.
Other irregularities concerning an employee’s moral, ethical, or behavioral conduct should be resolved by the campus department and Human Resources, Provost Office, and the Ethics Officer rather than the Internal Auditor.
If there is any question as to whether an action constitutes fraud, contact the Internal Auditing Office.
The Internal Auditing Office has the primary responsibility for the investigation of all suspected fraudulent acts as defined in the policy. If the investigation substantiates that fraudulent activities have occurred, the Internal Auditing Office will issue reports to appropriate designated personnel, the President of the University, the Board of Trustees Audit Committee, and the External Auditors.
Decisions to prosecute or refer the examination results to the appropriate law enforcement and/or regulatory agencies for independent investigation will be made in conjunction with legal counsel and senior management, as will final decisions on disposition of the case.
The Internal Auditing Office treats all information received confidentially. Any employee who suspects dishonest or fraudulent activity will notify the Internal Auditing Office immediately, and should not attempt to personally conduct investigations or interviews/interrogations related to any suspected fraudulent act.
Investigation results will not be disclosed or discussed with anyone other than those who have a legitimate need to know. This is important in order to avoid damaging the reputations of persons suspected but subsequently found innocent or wrongful conduct and to protect WIU from potential civil liability.
Members of the Auditing Department investigation team will have free and unrestricted access to all WIU records and premises, whether owned or rented; and the authority to examine, copy, and/or remove all or any portion of the contents of files, computers and electronic equipment, desks, cabinets, and other storage facilities on the premises without prior knowledge or consent of any individual who might use or have custody of any such items or facilities when it is within the scope of their investigation. This will also include all media types where records may be electronically stored.
Formal Fraud Risk Assessment Procedures
Why a Fraud Risk Assessment must be performed:
The Fiscal Control and Internal Auditing Act (30 ILCS 10/3001) requires all State agencies to “Establish and maintain a system, or systems, of internal fiscal and administrative controls which shall provide assurance that resources are utilized efficiently, effectively, and in compliance with applicable law; obligations and costs are in compliance with applicable law; and funds, property, and other assets and resources are safeguarded against waste, loss, unauthorized use, and misappropriation”. University management is responsible for the development of internal controls and monitoring of their operating effectiveness.
Who must conduct a Fraud Risk Assessment?
Senior Management has identified key business functions which are required to perform a fraud risk assessment. These departments will be notified via email.
When to conduct an assessment:
Initial assessments are to be completed prior to the fiscal year end of the year in which the business function has been identified, with annual evaluation of the risk assessment required thereafter.
How to conduct a Fraud Risk Assessment:
Identified departments must assess fraud risks as they relate to defalcation, misappropriation, and other fiscal irregularities as described in the University Fraud policy. The department should document at a minimum:
- Department specific fraud risks
- Any mitigating internal controls
- The likelihood and magnitude of such risks (a level of low risk, medium risk, and high risk is sufficient)
- Management’s response to any residual risk after considering all controls in place (examples include additional controls put in place in response to the identified risk, or accepting the risk that remains)
Any questions related to these assessments can be directed to Brittany Kruse, Assistant Comptroller, at email@example.com or 309-298-1811.
Great care must be taken in the investigation of suspected improprieties or irregularities so as to avoid mistaken accusations or alerting suspected individuals that an investigation is under way.
An employee who discovers or suspects fraudulent activity will contact the Internal Auditing Office immediately. If the suspect is a member of the Internal Auditing Office, the President and Ethics Officer/Legal Counsel will be notified. Independent auditors will investigate any allegations against Internal Auditing staff. The employee or other complainant may remain anonymous. All inquiries concerning the activity under investigation from the suspected individual his or her attorney or representative, or any other inquirer should be directed to the Investigations Team or Legal Counsel. No information concerning the status of an investigation will be given out. The proper response to any inquiries is, “I am not at liberty to discuss this matter.” Under no circumstances should any reference be made to “the allegation,” “the crime,” “the fraud,” “the forgery,” “the misappropriation,” or any other specific references.
The reporting individual should be informed of the following.
Do not contact the suspected individual in an effort to determine facts or demand restitution.
Do not discuss the case, facts, suspicions, or allegations with anyone unless specifically asked to do so by Legal Counsel or the Internal Auditing Office.
If warranted, disciplinary action as a result of an investigation may be recommended by the Internal Auditing Office. This could vary from written reprimand to time off without pay and, if warranted, a recommendation of termination and prosecution to the fullest extent of the law. The recommendation will be reviewed for approval by the designated representatives from Human Resources/the Provost Office, Legal Counsel and, if necessary, by outside counsel, before any such action is taken. The Internal Auditing Office does not have the authority to implement the recommendation unless it relates to a specific employee within their office. The implementation for disciplinary action is made by the employee’s management. Should the Internal Auditor believe the management decision inappropriate for the facts presented, the facts will be presented to executive level management or the Audit Committee for a decision.
The Vice President for Administrative Services is responsible for the administration, revision, interpretation, and application of this policy. The policy will be reviewed annually and revised as needed.