Although generally there are low levels of fraud reported within the academy sector, trusts should always remain vigilant of the risks and have an effective fraud risk management strategy in place.
To help trusts manage the risk, the GOV.uk website has a guidance on cyber security and a security checklist, which is a great tool for to access the risk to your Trust.
An effective fraud risk management strategy may involve:
- assessing your overall vulnerability to fraud
- testing your internal control system to ensure it is robust.
- identifying the areas most vulnerable to fraud risk
- evaluating the scale of fraud risk
- responding to the fraud risk through improved control arrangements
- measuring the effectiveness of the risk strategy to potential fraud
- reporting fraud.
Fraud response plan
An organisation’s response to fraud risk should be customised to the risks it faces. Typically, it will involve some or all of:
- developing a fraud policy statement, a fraud risk strategy and a fraud response plan: every organisation should have these documents
- developing and promoting an anti-fraud culture, maybe through a clear statement of commitment to ethical behaviour to promote awareness of fraud; recruitment screening, training and maintaining good staff morale can also be important
- clarifying roles and responsibilities for the overall and specific management of fraud risk
- establishing cost-effective internal systems of control to prevent and detect fraud
- confirming contacts and routes for staff to report suspicions of fraud, including developing a whistleblowing policy
- responding quickly and effectively to fraud when it arises
- establishing systems and processes for investigations into allegations of fraud
- where appropriate, using your internal audit function to advise on fraud risk and draw on their experience to strengthen control
- continually evaluating the effectiveness of anti-fraud measures in reducing fraud.
If you have become susceptible to fraud, this must be reported to the ESFA. Trusts must notify of any instances of fraud, theft and/or irregularity exceeding £5,000 individually, or £5,000 cumulatively in an academy’s financial year. Any unusual or systematic fraud (eg. regular occurrences of low value theft), regardless of value, must also be reported.
The next step
If you require any advice regarding the above, please contact Kimberly Burton on k.burton@uhy-manchester.com or your usual UHY academy adviser.