The Scottish Government

FRAUD: ANNEX 2

SCOTTISH GOVERNMENT FRAUD RESPONSE PLAN

Purpose

1. This Fraud Response Plan sets out arrangements to ensure that when suspected frauds against the Scottish Government (SG) are reported, prompt and effective action is taken to:

• investigate the circumstances;
• minimise the risk of subsequent loss;
• ensure that appropriate recovery action is taken or, failing recovery, to initiate action to write off any losses;
• remedy any weaknesses in internal control procedures;
• initiate disciplinary and legal procedures, where appropriate; and
• demonstrate that the SG is not a soft target for attempted fraud.

Application

2. The core SG and SG Executive Agencies are covered by these arrangements. However, an Agency may establish its own arrangements, consistent with the SG Fraud Response Plan, covering either external fraud or both internal and external fraud. Business areas within the core SG that have significant grant-giving or contract-letting responsibilities should also establish separate local arrangements for dealing with external fraud.

3. The procedures may also apply in respect of SG members of staff who are seconded or loaned to other bodies. In such cases, the body to which the member of staff is seconded will be consulted on the handling of the investigation. The procedures may also apply to individuals who are loaned or seconded to the SG. In these cases the parent body will be consulted on the handling of the investigation.

4. Sponsor Directorates should be satisfied that sponsored bodies have fraud response arrangements appropriate to their own circumstances in place.

Fraud Response Co-ordinator

5. The Fraud Response Co-ordinator for the SG is the Team Leader, Finance Accountability Policy and Guidance. The functions of the Fraud Response Co-ordinator (the Co-ordinator) are:

• to receive information (anonymously or otherwise) about suspected frauds, either by telephone (using the fraud hot-line: 0131 244 1460) or in writing, from individual members of staff or the public;
• to record all such approaches;
• to consult the Departmental Security Officer if the allegation is of straightforward theft - which does not qualify as fraud;
• to consult with relevant sources, if necessary, on the nature of the allegations and, where considered appropriate, to convene an immediate meeting of the Fraud Response Group (the Group);
• to consult with the Group members individually if, in exceptional circumstances, the whole Group cannot meet within a reasonable time;
• to agree with the Group members the action required in their individual areas;
• to agree with the Group members what assistance is required from other areas within the SG and external sources (e.g. Police or Procurator Fiscal Service);
• to monitor the progress of agreed action and report to the Group at agreed intervals;
• to ensure that, where it is considered appropriate, senior management and/or Audit Scotland is informed about relevant cases as soon as possible after they come to light; and
• to report annually to the Scottish Government Audit Committee.

Fraud Response Group

6. The primary purpose of the Group is to deal with relevant cases of suspected fraud involving SG members of staff (i.e. internal fraud) but it is also available to advise on cases of external fraud where separate local arrangements have not been put in place. The permanent members of the Group will comprise the Co-ordinator and representatives from Human Resources (HR), Departmental Security and Internal Audit Division. The Scottish Government Legal Directorate (SGLD) will provide the Group with legal advice as required. The Group will be chaired by the Deputy Director in the Finance Directorate responsible for Corporate Reporting, Accountancy and Governance. In his/her absence it will be chaired by another Deputy Director in the Finance Directorate. The Group may co-opt additional members with particular knowledge or expertise to assist in consideration of a specific case or require individual members of staff to attend its meetings.

Immediate Action by the Group

7. The Group should, as a matter of urgency, consider the allegations before them and decide if these warrant further action or investigation. Where it is not immediately clear from the evidence presented to the Group that a fraud may have been committed, the Group may decide to initiate limited initial action in order to determine whether there is substance to the allegations. For example, line management and/or colleagues may be asked to confirm the accuracy of particular allegations and report back to the Group. Alternatively, Internal Audit / HR may be asked to undertake a preliminary investigation. Such preliminary work must be undertaken with the utmost urgency. The aim at this stage should be to gather sufficient evidence to enable the Group to reach a view on whether the allegations of fraud are likely to be substantiated. If the Group considers this is likely to be the case, it should initiate the following action, insofar as it is appropriate to the particular case:

• decide the level at which line management should be involved and bring the allegations to the notice of line management if it is not already aware of them, at the same time confirming the investigative arrangements and reporting lines;
• secure records and assets, including restrictions on access to offices and computer terminals;
• decide whether the Police/Procurator Fiscal Service should be informed;
• consider the prima facie case for suspension of SG members of staff who are the subject of allegations;
• agree the scope and nature of any investigative work required to establish the facts, which may include the examination of the conduct of staff who are the subject of allegations in relation to travelling and subsistence claims, flexible working hours, overtime claims, etc;
• notify senior management, including the Permanent Secretary and relevant Accountable Officer(s), of the allegations; and
• agree a timetable for completion of the agreed action.

Investigations

8. Any investigations that the Group may decide to initiate can be undertaken by Internal Audit, HR or an independent Investigating Officer, depending on the circumstances. As a general rule, investigations by Internal Audit or HR should be undertaken prior to any investigation by an Investigating Officer. However, if the Group considers that the urgency of a case is such that separate reports are impractical, it may instruct the Investigating Officer and others to undertake a joint investigation. In such cases the Group should ensure that the respective roles are clearly defined.

9. The Investigating Officer is expected to take account of any Internal Audit / HR reports or other relevant work and where such work has been undertaken, he or she must consult Internal Audit / HR on his or her preliminary findings before reporting back to the Group. Where material differences are identified between the findings of Internal Audit / HR and the Investigating Officer's findings, these should be discussed, and wherever possible resolved, before the Investigating Officer reports formally to the Group. In the event of the Group receiving conflicting reports, it may decide to instruct further investigations.

10. The Group should consider carefully the terms of reference for any investigative work it decides is necessary to establish the facts. Investigations should not be restricted solely to allegations against an individual that may lead to a charge of gross misconduct. If there is a possibility that instances of serious misconduct (e.g. misconduct other than fraud) may also have occurred, these should be investigated at the same time as the fraud allegations. The terms of reference issued by HR for any Investigating Officer or remit agreed by the Group for any Internal Audit / HR investigation should not preclude the reporting of any evidence of fraud or serious misconduct which was not identified in the initial report to the Group.

Selection of Investigating Officer

11. It is a matter for HR to appoint, where necessary, the independent Investigating Officer although the Group will be informed of the proposed appointment. The Investigating Officer should be at least B3 level with the ability to gather and analyse evidence, have previous experience of investigative work as well as a good understanding of the Staff Handbook, and of regularity and propriety issues. Normally the Investigating Officer will be a person who has not had close personal or work related ties with the person under investigation. The Investigating Officer should not have any personal relationship, past or present, with the person being investigated or with that person's immediate family. Investigating Officers should be required to declare that they have no such interests in the case.

Immediate Action by Individual Group Members

12. Group members will be responsible for ensuring the necessary action in their functional areas. The immediate actions of the functional areas, insofar as they are appropriate to the particular case, will include:

• HR (in consultation with the Group) - arrange to suspend SG members of staff pending the outcome of any investigations (and review the notice of suspension at regular intervals throughout the period of investigation); appoint an Investigating Officer; liaise with SGLD on legal implications under employment legislation; consider, in consultation with line management, the sensitivity of the allegations in terms of public interest and whether the Communications Directorate and/or Ministers should be briefed.
• Security - protect accounting and other records; safeguard assets possibly at risk; restrict access to offices and records of individuals involved by altering or withdrawing cards/passwords; pursue cases of straightforward theft.
• Finance - safeguard funds possibly at risk; plug any immediately obvious gaps in financial controls; initiate action to recover funds, if there is a clear case for doing so in advance of a full investigation; establish possible financial implications for programme and administration costs; consider the case for recovery action.
• Internal Audit - notify the Police/Procurator Fiscal Service of the case; liaise with HR as above; undertake any investigation as agreed by the Group.
• SGLD - provide advice as required.

13. While these responsibilities are listed separately, they are clearly inter-linked and close liaison on developments in specific areas is essential, as is the involvement of line management at an appropriate level. It will invariably be necessary to act with extreme urgency at this stage.

Action by the Group on Findings

14. As soon as possible after investigations have been completed any Internal Audit / HR report, copies of any Investigating Officer's report and any other relevant documentation relating to the investigation (subject to any confidentiality requirements) should be sent to all members of the Group (i.e. all permanent and co-opted members involved in the specific case). The Group should then meet at the earliest opportunity to decide whether the evidence tends to substantiate allegations of fraud. The Group should instruct any further investigations it may consider necessary, for example, where evidence gathered is inconclusive, contradictory or incomplete. Once the Group is satisfied that no further investigations are required, it must consider:

• what, if any, disciplinary action should be taken;
• what, if any, disciplinary action should be taken if the initial allegation appears to be malicious
• the form and content of any report to senior officers; and
• whether the Police/Procurator Fiscal should be notified (if this has not already been done).

Action by Individual Group Members on Findings

15. Responsibility for executive actions, insofar as they are appropriate to the particular case, will rest with the functional areas as follows:

• HR - implement disciplinary procedures against perpetrators of frauds and other members of staff whose actions may have facilitated frauds; consider the action to be taken if lesser instances of misconduct have been identified during the investigation.
• Finance - pursue recovery of funds; determine the financial effects of frauds; issue warning guidance to Scottish interests; consider, in association with Internal Audit, the adequacy of internal control procedures; consider the impact on the resource budget and take any action to deal with the consequences; arrange, where necessary, for notation of the relevant accounts.
• Internal Audit - assist with quantifying the financial effect of individual frauds; identify management and other failings which facilitated the fraud; liase with the Police/Procurator Fiscal as necessary; make recommendations for improvement within the report to the Group for action by the appropriate line managers, the SG Director of Finance and any other interests (especially if there are lessons to be learned for the SG as a whole), as appropriate.
• Security - maintain security of relevant records and assets.
• SGLD - provide advice as required.

16. The Police/Procurator Fiscal are willing to provide advice on an informal basis. However, the Police are obliged to report formal approaches to the Procurator Fiscal. In the latter case, the Police/Procurator Fiscal would expect the SG to have conducted its own inquiries or perhaps limited investigations and to have established at least a prima facie case before referral to the Fraud Squad.

Follow Up and Review of Cases

17. Where evidence of fraud or serious misconduct has been identified, the Group should consider whether any action needs to be taken to prevent a recurrence. In such cases, a Group action plan should be drawn up setting out recommendations. In practice, much of the required action is likely to relate directly to action plans drawn up by Internal Audit or Finance and a cross reference to these plans is all that is required. The Group's recommendations should be agreed with relevant business areas. There may, however, be lessons for the SG as a whole to learn from an episode of fraud in which case the Group's action plans should include appropriate recommendations for the SG Director of Finance/Director of Change and Corporate Services to pursue. The Fraud Response Co-ordinator will also be responsible for ensuring that the agreed recommendations are implemented (e.g. by obtaining confirmation from line management directly details of action taken or Internal Audit conducting a follow-up review to confirm the position).

18. The Group should be informed by HR of the outcome of cases where a charge of gross misconduct has been made. In any case where such a charge has been brought but a disciplinary hearing does not uphold the charge, the Group should be informed of the reasons for the Panel's decisions. The Group must consider whether, in light of this information, there are lessons to be learned in terms of the handling of cases and whether the Fraud Response Plan and related guidance, for example on disciplinary procedures, is operating effectively. The Group should make recommendations for any changes to procedures that it considers necessary in light of the outcome of individual cases and should consult relevant interests, including the TUS, on any recommended changes. If appropriate, where individuals have been dismissed or subject to other disciplinary action for matters other than fraud (e.g. abuse of IT systems), HR will inform Internal Audit of the circumstances of the case and consideration given to whether a further review (by Internal Audit) should be undertaken to establish whether or not there has been possible misuse of other systems by the same individual(s).

Confidentiality

19. Members of the Group will receive all information relating to individual cases. They must treat all information relating to individual members of staff on a Restricted - Staff basis and should ensure that it is only passed on to colleagues on a strictly need to know basis. HR place a record on the career folder of a SG member of staff only of those allegations which have resulted both in disciplinary charges and a finding against the officer.

External Fraud

20. External frauds are frauds perpetrated by third parties against the SG (e.g. contract fraud or fraudulent applications for grants or subsidies or expenses). If there is any suspicion of collusion on the part of SG members of staff in a suspected or discovered external fraud, the procedures relating to internal fraud should apply as appropriate, given any requirements arising from ongoing Police/Procurator Fiscal investigations.

21. Cases of external fraud will normally be dealt with under local arrangements put in place by SG Executive Agencies and higher risk SG business areas e.g. those with significant grant-giving or contract-letting responsibilities. The Fraud Response Group is however available to advise on cases of external fraud where separate local arrangements have not been put in place. Procedures for responding to suspected external fraud, insofar as they are appropriate to the particular case, should include the following:

• a report by operational management on the circumstances surrounding the case, including the results of any investigations;
• a formal assessment of whether the evidence tends to substantiate fraud. Any invalid claims or invoices that could reasonably be argued were submitted in good faith should not normally be regarded as fraud.
• Notification of the Police / Procurator Fiscal;
• recovery action; and
• consideration of control procedures and lessons learned.

22. It will normally be sufficient to alert the IT Security Group (or local equivalent) about any cases of internet scams. If fraud by a supplier is suspected, the Scottish Procurement Directorate should be kept informed of developments. Cases of straightforward theft (which does not qualify as fraud) should be notified to the Departmental Security Officer (or local equivalent) for action.

Reporting Cases of Fraud

23. Details of fraud dealt with under local arrangements should be reported at least annually to the relevant Executive Agency or Portfolio Audit Committee and to the Fraud Response Co-ordinator. In addition details of fraud that may have implications / lessons for the wider SG should be notified to the Co-ordinator immediately that they come to light. Details of fraud where actual losses have been incurred must also be reported to the relevant Executive Agency or Portfolio Finance Team to arrange for notation of the resource accounts.

24. The Co-ordinator will make an annual report to the Scottish Government Audit Committee (SGAC) covering the arrangements for dealing with fraud within the SG as a whole and providing summary details of cases coming to light during the preceding financial year. The report will be copied for information to all SG Executive Agencies and Portfolio Audit Committees.

25. Framework documents for sponsored bodies and non-ministerial Executive Agencies / Departments should include a requirement for the reporting of cases of fraud that may have wider implications to the relevant Portfolio Audit Committee.

Page Published / Updated: March 2009