Fraud Detection and Prevention

This policy is submitted for consideration by the Board to address the fiscal year 2007 audit finding referenced as “Fraud Prevention and Detection Program.” While the university has policies and procedures in place that protect it from fraud, cash misappropriations and unethical behavior by its employees, this finding from the Office of the Auditor General held that the university did not have a formal fraud risk assessment program in place.

The OAG’s recommendation was to have management establish a continuous fraud prevention, deterrence and detection program. The program should include evaluating whether appropriate internal controls have been implemented in any areas identified as posing a higher risk of fraudulent activity, as well as controls over the financial reporting process.

In addition, the Board of Trustees should evaluate management’s identification of fraud risks and implementation of anti-fraud measures. The university accepted the recommendation of the OAG and responded stating that it will create a policy at the Board level that establishes a continuous fraud prevention, deterrence and detection program.

The policy is based on the exposure draft of a paper entitled “Managing the Business Risk of Fraud: A Practical Guide” issued by the Institute of Internal Auditors in November 2007. The policy statement is a concise statement, but it does not stand alone; it must be backed by the actions of university management. The OAG’s recommendation and the university’s response both include “continuous” prevention. To achieve the requirement of continuous, it is recommended that a new committee be formed to be administratively responsible for ensuring that the comprehensive review and risk evaluation process is completed.

Policy Statement

Management is responsible for the detection and prevention of fraud, misappropriations, and other irregularities. Fraud is defined as the intentional, false representation or concealment of a material fact for the purpose of inducing another to act upon it to his or her injury. Each member of the management team will be familiar with the types of improprieties that might occur within his or her area of responsibility and be alert for any indication of irregularity.

Any fraud that is detected or suspected must be reported immediately to the President, the Director of Internal Audit, the Chair of the Board of Trustees, and the Chair of the Legislation, Audit and External Affairs (LAEA) Committee.