Internal Audit Report Template
Total Page:16
File Type:pdf, Size:1020Kb
Middlesbrough Council Anti-Fraud Policy and Fraud Response Plan
Policy Prepared by David Jennings Interim Audit Manager
Report Approved by Bryan Baldam / Paul Slocombe Deputy Director / Director of Strategic Resources
Date of Issue 25th Nov 2011 Document Control Applies To All Staff Intranet
Approval/D Issue Date ate
Author/Lead David Jennings / Bryan Baldam Page Content Officer
Council Print Run Website
Distribution Reference Number List
Division Review Date
Document Status Draft Replaces
Document Anti-Fraud Policy & Fraud Version Draft Version 1.0 Title Response Plan
UNCONTROLLED IF PRINTED © Middlesbrough Council (2011) Contents 1 Anti Fraud Policy Statement 4 2 Anti Fraud Arrangements 5 Background 5 Council arrangements 6 Housing Benefits 6 3 Measures to Combat Fraud 7 Accounting systems 7 Internal control 7 Organisational structure 7 Employment checks 8 8 Supervision 8 Separation of Duties 9 Information Systems 9 Codes of Conduct 9 Whistleblowing 10 Legal Developments 10 Powers of External Auditor Appendices A Fraud Response Plan 12 Introduction 12 Definitions 12 Reporting a fraud 13 Investigating a fraud 13 15 Further Action 15 Contacts B Investigatory Process 16
ANTI FRAUD POLICY
1 Middlesbrough Council will not tolerate fraud, bribery and corruption in the administration of its responsibilities, whether from inside or outside the authority. The Council will deal firmly with those who seek to defraud the authority, or who are found to be corrupt, in accordance with this policy.
2 The Council’s expectation of propriety and accountability is that councillors and staff at all levels will lead by example in ensuring adherence to legal requirements, rules, procedures and practices. The Council must maintain a culture which does not tolerate fraud and corruption, and which is based on openness, fairness, trust and value.
3 The Council also expects that individuals and organisations (e.g. suppliers, contractors, service providers and partners) with whom it comes into contact will act towards the authority with integrity and without thought or actions involving fraud and corruption.
4 This policy document demonstrates Middlesbrough Council’s firm, clear and unambiguous commitment to preventing fraud and corruption, in conjunction with others such as the Code of Conduct for Employees. However, if fraud, bribery or corruption is discovered, the Council will deal swiftly with the perpetrators in accordance with this Policy.
5 The Council has in place a series of measures to prevent, deter and detect fraudulent or corrupt acts, which are supported by policies designed to reinforce a culture of integrity and accountability of elected members, staff and Council stakeholders. The Fraud Response Plan (at Appendix A) documents the steps to be taken if a fraudulent or corrupt act occurs, which are illustrated by means of a flowchart (at Appendix B). ANTI FRAUD ARRANGEMENTS
6 This section of the Policy sets out how Middlesbrough Council deters fraud, bribery and corruption, and what they will do when they suspect a fraud is occurring. The aim is to:
‘To minimise the risk of any fraud occurring within the Council, whilst maximising the likelihood of any frauds which do occur being detected as soon as possible and being fully investigated’
Source: CIPFA - The Investigation of Fraud in the Public Sector
BACKGROUND
7 The damage to the Council of any fraudulent or corrupt acts can be far greater than the actual loss incurred. Risks from fraud, bribery and corruption are increasing as the Council undergoes organisational change and in the context of the current economic climate. There is a greater susceptibility to fraud if there is:
a lack of effective internal controls failure of management information systems undocumented or outdated procedures a lack of awareness or failure to communicate policy and procedures poor internal audit poor external audit poor culture of compliance with policies and procedures
8 Responsibility for the prevention and detection of fraud rests with management. The Auditing Practices Board’s Auditing Guideline ‘Guidance for Internal Auditors’ states that:
‘It is a management responsibility to maintain the internal control system and to ensure that the Council’s resources are properly applied in the manner and on the activities intended. This includes responsibility for the prevention and detection of fraud and other illegal acts’.
9 Good management can discharge its responsibilities for the prevention of fraud, other irregularities and error by employing the following measures:
an effective accounting system; an appropriate systems of internal control; employees and Members understand relevant codes of conduct; monitoring relevant legal requirements; establishing an independent internal audit function; and policies for the investigation of fraud and corruption, money laundering, and bribery. identification of key fraud risks to the Council. raising awareness of the risk of fraud throughout the Council.
COUNCIL ARRANGEMENTS FOR DEALING WITH FRAUD
10 Middlesbrough Council has an anti-money laundering policy in place. This is closely aligned with anti-fraud procedures, and makes the point that in certain circumstances a fraudulent act may also be classified as money laundering given the wide definitions within the Proceeds of Crime Act 2002.
- See MBC Intranet site Anti Money Laundering Policy
11 The responsibility for prevention and detection of fraud rests with management. It is assisted in this role by Internal Audit who undertake reviews of the adequacy and effectiveness of internal control systems. Internal Audit is not expected to seek out fraud; however, it does pay special attention to those areas that are particularly exposed to risk. The 2011/12 Internal Audit plan includes specific anti-fraud and governance work around:
Corporate System key controls Establishment Audits of schools, and other Council-owned facilities the effective operation of computer systems, data protection policies and controls, fraud & corruption policies National Fraud Initiative (NFI) looking at blue badges, car parking, housing benefits, council tax discounts, pension and payroll.
12 Internal Audit will periodically review the counter fraud work it provides to the Council with the aim of adopting a proactive role in the prevention and detection of fraud and corruption. Internal Audit will complete an annual fraud and loss risk self assessment which will help identify the main fraud risks facing the Council. The results of this assessment will be one of the key influences upon the content and focus of the annual Internal Audit Plan.
Housing Benefits
12 Housing benefit fraud continues to be, in quantitative and financial terms, the largest series of frauds perpetrated against the Council. The Government estimates that benefit fraud costs the taxpayer at least £800 million per year (source DWP 2009). Mouchel have dedicated HB verification framework, overpayment, and fraud detection arrangements and teams.
2010/11 HB Fraud Statistics Fraud Type No. Referrals Prosecuted / Received Sanctioned Working and Claiming 163 54 Living Together 194 12 Tenancy Related Fraud 20 1 Undecl. Capital or 27 4 Property Undecl. Other Income 63 21 Household Comp. Fraud 88 5 Non-Residency Fraud 125 11 Identity Fraud 0 0 Other 17 7 TOTAL 697 115
Source (Mouchel Fraud & Investigation manager)
HB Fraud Policy – Middlesbrough Council and Mouchel
13 Middlesbrough Council in partnership with Mouchel seek to deliver a customer focussed, modern and effective service with secure processes for the administration of benefits. Benefit claims are handled in a speedy and accurate manner to ensure that claimants in Middlesbrough obtain the necessary assistance toward their housing costs. The drive for an efficient and speedy service will not however, be achieved at the expense of processes that look toward securing the system and preventing and detecting benefit fraud and error.
14 The partnership is committed to the prevention, detection, investigation and deterrence of benefit fraud with appropriate systems put in place to minimise error.
15 Benefit fraud is defined as the deliberate misrepresentation of circumstances, or the deliberate failure to notify a change of circumstances with the intent of obtaining benefit or gaining an advantage under Social Security legislation to which they are not entitled.
16 In achieving a secure and correct service the partnership seeks to ensure:
An anti fraud culture amongst staff and the public is developed to create an environment in which fraud can not flourish. Policies, systems and procedures, are designed and operated, which minimise fraud and error and ensures consistency in investigations, recovery action, prosecutions and the alternatives to prosecution.
MEASURES TO COMBAT FRAUD
17 The Council’s defences against fraudulent acts and corruption are outlined below.
An Effective Accounting System
18 The maintenance of an effective accounting system, including budgetary control, the monitoring of financial trends and results and the interpretation of financial statistics assists in preventing errors and fraudulent claims from entering the system. Should they do so, the likelihood of them being detected is greater if sound systems are in place. The Corporate Management Team is part of the budgetary control and performance monitoring system. 19 Reviews undertaken by internal and external audit provide management with an independent assessment of the adequacy of their financial and non- financial systems.
Operation of Appropriate Systems of Internal Control
20 Service managers are responsible for establishing internal control arrangements that, amongst other things, will protect the Council’s assets from losses of all kinds. Internal Audit provides a service to managers by independently reviewing systems of internal control. Internal Audit is itself part of the Council’s system of internal control.
Organisational Structures
21 The Council is in the midst of a 4-year medium term financial strategy which will require considerable ongoing savings. The Council is faced with a £15.2m savings requirement from a net revenue budget of £136.5m. The Council has to deliver £50m savings over the next four years. By June 2011, 300 posts had been lost. This loss may require further changes to Council structures and staffing, bringing with it an increased risk of fraud.
22 Anti-fraud work is organised across the ongoing operation of management controls within departments, internal audit, and Mouchel’s anti-fraud and verification processes for housing benefit. The verification framework is a recommended set of measures that should be used by all local authorities to prevent and, to some extent, detect fraud. It lays down procedures that should be used to verify claimants’ details at the start of their claim and a visiting regime that should be in place to check on claims during benefit periods.
Personnel Arrangements
23 Recruitment procedures exist to ensure that personnel employed are of the requisite standard to meet the needs of work and its control as defined in job description essential requirements, and the Services’ objectives and plans. The council operates CRB checks on new employees where they are permitted to do so. Job applicants are required to disclose any criminal convictions where they are required to do so by the Rehabilitation of Offenders legislation.
Supervision
24 Systems of internal check are in place to ensure that all errors are detected and corrected. Within the Benefits environment, this is achieved by regular quality control checks on assessment work.
Management Review and Monitoring
25 Service level agreements exist between Mouchel and MBC on Housing Benefits to ensure that policies, timetables and objectives are monitored and met. Housing Benefit staff are provided with training in fraud awareness to assist in detecting and deterring fraud and abuse. The Council takes part in the Audit Commission’s datamatching exercise the National Fraud Initiative.
Segregation of Duties
26 Roles and responsibilities of individual officers are clearly defined to reduce the risk of intentional errors or abuse and the opportunity for collusion. Within the administration of Housing Benefit, and Council Tax benefit there is a clear differential in the work undertaken by assessment, appeals and investigating officers. Over 90% of payments are now made by BACS reducing the opportunity for fraud by the re-direction of cheques sent to claimants addresses.
Authorisation and Approval
27 Within Payroll, creditor, and debtor systems, controls exist to ensure transactions are properly initiated and reviewed (goods ordering / paying / new payroll starters / suppression of recovery action and pursual of arrears). Internal Audit testing regularly reviews the operation of these controls. Similar controls exist over the initiation of direct debit mandates on the Councils bank accounts.
Information Systems
28 The Council has established clear procedures to control access to data held on computers and enable records to be reconstituted in the event of system failure [although Internal Audit have made recommendations about the Council needing to regularly evidence that these procedures do actually work].
Ensuring that Employees and Members Understand Relevant Codes of Conduct
29 The Council has in place Contract Standing Orders, Financial Regulations and Accounting Instructions that cover:
responsibility for approving financial systems tendering arrangements cash handling investigation of potential fraud and irregularity.
30 The Council has a general code of conduct covering all staff, supplemented by additional guidance relevant to specialist groups of staff, e.g. Housing Benefit and Council Tax staff. Specialist guidance is updated regularly and reissued to staff, who are required to indicate receipt thereof by signing an acknowledgement form.
31 Newly-elected Members to the Council are issued with a copy of the National Code of Local Government Conduct. They are asked to register any interests they have upon being elected. 32 Internal Audit undertake annual audits of gifts and hospitality and register of interests procedures.
Whistleblowing
33 Middlesbrough Council is committed to the highest possible standards of openness, probity and accountability. The Council supports the legislation afforded by the Public Interest Disclosure Act 1998 and therefore encourages members, employees, contractors and others that it deals with to come forward and voice any serious concerns they may have about any aspect of the Council’s work. The Council recognises the need for cases to be treated confidentially. The vast majority of employees abide by the standards expected of them, and conduct themselves in an appropriate manner. Similarly, the Council expects its contractors and suppliers to behave responsibly and appropriately. The Council has adopted this Whistleblowing Policy to enable concerned employees to raise issues without fear of reprisals from the Council. If an employee is victimised because they have raised an issue, the Council will treat that victimisation as a disciplinary matter, which may lead to dismissal.
34 The Whistleblowing Policy sets out that employees can voice a concern without fear of victimisation, subsequent discrimination or disadvantage. It is intended to encourage and enable Members, employees and others to raise serious concerns within the Council rather than overlooking a problem or ‘blowing the whistle’ outside.
Monitoring Relevant Legal Requirements
35 The Council has in place an anti-money laundering policy and procedure, arising from the Proceeds of Crime Act 2002, and the updated Statutory Instrument on Money Laundering Regulations 2007. The Council is also mindful of the requirements of the Bribery Act 2010.
Policies for the Investigation of Fraud, Bribery and Corruption
36 All instances of potential fraud are investigated by Internal Audit, or by benefits investigators where relevant. A separate benefits Fraud Investigation Policy exists, which was updated in 2011.
37 Officers involved in the investigation of fraud are aware of the need to exercise due care. Benefits investigators are specifically trained and accredited, and have a service level agreement with Cleveland Police Force.
38 Benefit investigators have received specialist training in a range of practical and legislative matters including: the Police and Criminal Evidence Act, the Disclosure Act, interview techniques, surveillance and criminal procedures.
39 The Council has established a clear policy of zero tolerance of attempted fraud, bribery and corruption.
POWERS OF THE EXTERNAL AUDITOR TO INVESTIGATE FRAUD 39 In certain cases, it may be more effective for internal audit to work with the external auditor to carry out a fraud investigation, due to the latter’s greater right of access to documentation and individuals. The external auditors’ powers enable them to fully investigate frauds involving parties outside the Council who may be summoned to appear before the auditor and provide any necessary explanation, including any documentation in their possession which is relevant to the investigations.
40 This access to documents and persons outside the Council is not available to the internal auditor, whose investigatory powers and rights of access are confined to documents and officers of the Council. Such wider access is invaluable in any investigation of alleged corruption where at least part of the fraudulent activity would only be documented in the books of the third party
FRAUD RESPONSE PLAN Appendix A INTRODUCTION
1.1 This Fraud Response Plan forms part of the Council’s Anti Fraud and Corruption Policy and details how suspected instances of fraud, bribery and corruption can be reported, and how investigations into suspicions will be conducted and concluded.
1.2 Where fraud, bribery or corruption does occur, it is the Council’s objective to ensure that it is detected promptly and investigated properly. The purpose of this plan is to help ensure that effective and consistent action is taken in the event of suspected irregularities and defines responsibilities for action and reporting lines.
1.3 It is vital that all members of staff and line managers are aware of procedures to be followed in the event of suspected irregularities. Swift and consistent action must be taken and the Council can become aware of potential fraud and corruption in a variety of ways, including:
management procedures and arrangements; systems of internal control; review arrangements, such as Internal Audit; reports by employees; and reports by members of the public or other third parties.
1.4 The Fraud Response Plan is one of a series of policies and procedures which the Council has introduced to prevent, deter and detect fraudulent or corrupt acts, and reinforce a culture of integrity and accountability. Other documents that should be referred to in conjunction with the Plan include:
Financial Regulations Codes of Conduct Disciplinary Policy and Procedure Whistleblowing Policy Computer Security Policy Anti-Money Laundering Policy.
DEFINITION OF FRAUD AND CORRUPTION
2.1 Fraud is defined by the Chartered Institute of Public Finance and Accountancy (CIPFA) as:
“the intentional distortion of financial statements or other records by persons internal or external to the authority, which is carried out to conceal the misappropriation of assets or otherwise for gain, or to mislead or misrepresent”.
2.2 Corruption is defined by CIPFA as:
“the offering, giving, soliciting or acceptance of an inducement or reward which may influence the action of any person; or the failure to disclose an interest in order to enjoy financial or other pecuniary gain”. 2.3 Bribery is “the receiving or offering of undue reward to persons in order to influence their behaviour contrary to ordinary standards of integrity and honesty”.
REPORTING SUSPECTED INCIDENTS OF FRAUD, BRIBERY OR CORRUPTION
3.1 The Council’s Anti Fraud and Corruption Policy requires that:
“elected members and employees are required to report to a manager, supervisor, other responsible senior officer, a Human Resources Adviser, the Monitoring Officer or Internal Audit, any suspicion of illegality, financial impropriety or breach of procedure”.
3.2 Managers must ensure that reports of suspected irregularity are recorded and investigated, and the Council’s Financial Regulations require that chief officers must notify the Director of Strategic Resources and the Audit Manager as soon as possible, where any irregularity is suspected. The Director of Strategic Resources is then responsible for investigating suspected financial irregularities, with this function normally undertaken by Internal Audit.
3.3 The link to the Council’s Anti-Money Laundering Policy and Procedure should be noted, in that many forms of fraud may well also constitute offences under the Proceeds of Crime Act 2002 and associated Money Laundering Regulations.
3.3 It is imperative that confidentiality is maintained at all times and where potential fraud or corruption is discovered, no action should be taken which may alert persons suspected of irregularity.
3.4 In addition to the procedures above, the Council’s Whistleblowing Policy provides guidance on how suspected incidents of fraud or corruption should be reported and how alleged irregularities will be investigated and responded to. Any suspected irregularities may also be reported directly to Internal Audit, the Director of Strategic Resources , the Monitoring Officer or a Director.
3.5 If concerns relate to elected members, the Council’s Monitoring Officer should be informed.
INVESTIGATING ALLEGATIONS OF IRREGULARITIES
4.1 Managers must ensure that reports of suspected irregularity are recorded and investigated, in accordance with the Whistleblowing Policy. Where it appears that fraud or financial impropriety has occurred, the manager must notify their Head of Service / Director, Director of Strategic Resources, Audit Manager and Organisational Development Manager. If bribery or corruption is suggested, the manager must in addition notify the Monitoring Officer.
4.2 Investigations into alleged or suspected Benefits fraud are undertaken by the (Mouchel) Fraud and Overpayments Recovery Teams within Benefits Services of Mouchel.
4.3 All other internal investigations are normally undertaken by the Council’s Internal Audit Section in conjunction with the Human Resources Unit where applicable, with the objective of establishing the facts in an objective and equitable manner.
4.4 Internal Audit will ensure that:
potential fraud and irregularity is responded to quickly and discreetly all evidence is recorded; evidence is sound and adequately reported; all evidence is held securely; the Council’s insurance section is notified where appropriate; findings are reported promptly to management with remedial action identified where applicable; and the rules of natural justice are applied.
4.5 Investigations must comply with the requirements of the Human Rights Act 1998 and the Regulation of Investigatory Powers Act 2000 (RIPA). Any investigation into actions which constitute a criminal offence must also be undertaken in accordance with the Police and Criminal Evidence Act 1984 (PACE). For this reason, all investigations undertaken will be controlled and managed by the Audit Manager, who will in almost every case rely on Police help for interviews under PACE.
4.6 In the case of fraud or financial irregularity, where sufficient evidence exists to suggest that a criminal offence may have been committed, the Audit Manager will refer this to the Police. The Police, in consultation with the Crown Prosecution Service, will determine whether any prosecution takes place.
4.7 The Director of Strategic Resources and the Audit Manager will ensure that fraud or financial irregularity necessitating police involvement is reported to the relevant Director / Head of Service, Chief Executive and Mayor.
4.8 If during the course of an investigation it transpires that any corrupt action has occurred, the Audit Manager will notify the Monitoring Officer.
4.9 At the conclusion of an investigation, Internal Audit will provide a report for the Director and Head of the service area(s) concerned, as soon as is possible, in order that a decision may be made as to action to be taken.
FURTHER ACTION
5.1 Where the outcome of an audit investigation indicates improper behaviour by an employee then the Council’s disciplinary processes will be instigated. Corrective and disciplinary action may be taken in addition to, or instead of, criminal proceedings, subject to the advice of the Human Resources Unit.
5.2 Following all investigations into suspected irregularities, work will be undertaken with the relevant service area(s) in order to address any weaknesses in procedures identified during the investigation. 5.3 Where appropriate, the Council will liaise with the police if sufficient evidence exists for prosecution. This approach may be adopted in conjunction with the Council’s own disciplinary procedures.
5.4 Wherever an investigation indicates that fraud or corruption has occurred, the Council will always seek to recover losses incurred. This may be achieved using a number of methods including making deductions from benefit payments or superannuation contributions, and taking civil proceedings or seeking compensation orders as appropriate.
5.5 The Council’s Communications Unit will liaise with the press to publicise any anti fraud and corruption initiatives undertaken by the Council. Any cases of identified fraud or corruption will also be publicised where appropriate.
5.6 Any employee who is approached by the press should advise them that all media enquiries are handled through the Communications Unit. The employee should immediately report the press interest to their head of service or their nominated representative.
CONTACTS
Audit Manager (01642) 726374 Director of Strategic Resources s (01642) 729032 Monitoring Officer (01642) 729781
Benefits Enquiry section 01642 726355 or by post to:
Benefits Enquiry Section 3rd Floor Middlesbrough House 50 Corporation Road Middlesbrough TS1 2YQ
Copies of key documents such as the Council’s Whistleblowing Policy, Employees’ Code of Conduct and Financial Regulations can be found on the Council’s website: http://www.middlesbrough.gov.uk/ Investigation of Fraud, Corruption, Irregularity Appendix B
Employee / Councillor has reasonable suspicion Suspected benefit fraud is investigated Employee reports to manager, supervisor or other by Mouchel responsible senior officer, in accordance with and Whistleblowing Policy outcomes reported to the Director of Strategic Resources Manager records the report and examines this in for accordance with the Whistleblowing Policy. If it consideration appears that fraud or impropriety has occurred, the manager notifies: Their Head of Service or Director Manager The Director of Strategic Resources keeps The Audit Manager employee The Head of Human Resources informed of progress / outcomes as appropriate Internal Audit investigates outcomes and report to management
Bribery/Cor Fraud & Financial ruption Irregularity
Any Criminal Activity Disciplinary Action evidence of bribery/corru If there is suspected If fraud / irregularity ption Internal criminal activity Internal concerns an employee, and Audit will Audit inform Police, and there has been improper refer this to advise relevant senior behaviour, management the Management must invoke the Council’s Monitoring disciplinary process (whether or not criminal activity is alleged). Management seek HR advice.
Management consider outcomes from investigation, and need to strengthen controls to prevent repeat occurrences