1. Introduction

The University is committed to the proper use of funds, both public and private.

As a consequence, it is essential that everyone associated with the University - including staff, students, employees, contractors and third-parties - are aware of the risk of fraud, corruption, theft and other activities involving dishonesty, in all its forms. The University aims to reduce instances of fraud to the absolute practical minimum - and to also put in place arrangements that hold any fraud to a minimum level on an ongoing basis. The University’s approach to counter-fraud is designed to be on a risk managed basis, balanced, comprehensive, cost-effective and professional, using specialist expertise if, as and when required.

2. Scope of the Policy

This policy applies to all University of Derby employees. The policy sets out the procedures that must be followed to enable the University to comply with its expectations and legal obligations.

3. Definition of Fraud, Corruption and Bribery

Fraud can be defined as

(i) wrongful or criminal deception intended to result in financial or personal gain and

(ii) a person or thing intended to deceive others, typically by unjustifiably claiming or being credited with accomplishments or qualities.

Both definitions are, clearly, directly applicable to the Higher Education sector. Corruption can be defined as dishonest or fraudulent conduct, typically involving bribery. Bribery can be defined as the offering, giving, receiving or soliciting of any item of value (money, goods, favours or other forms of recompense) to influence the actions of an official or other person in charge of a public or legal duty.

4. Counter Fraud Policy Objectives

Most organisations adopt a multi-faceted approach to fraud and the University is no exception. The eight key objectives of the University’s counter-fraud policy are:

1. Establishment of a counter-fraud culture

2. Maximum deterrence of fraud

3. Active and successful prevention of any fraud that cannot be deterred

4. Rapid detection of any fraud that cannot be prevented

5. Professional investigation of any detected fraud

6. Effective internal and external actions and sanctions against people found to be committing fraud, including legal action for criminal offences

7. Effective communication and learning in relation to fraud, and

8. Effective methods of seeking redress when/where fraud has been perpetrated.

The overriding objective of the University’s counter-fraud activity is to ensure that (i) fraud is seen as unacceptable by each and every stakeholder and (ii) counter-fraud is seen to have the unwavering focus of the University as a whole.

This document sets out the University’s policy and procedures for dealing with suspected cases of fraud, including corruption, and includes summarised instructions about what to do, and who to contact/notify, should any fraud-related concerns arise. It does not include theft and other criminal/illegal acts involving dishonesty, which is the subject of a separate security policy document, details of which can be found under Section 8, covering associated policies, below).

At a practical level, fraud is deemed to be deliberate intent to deprive the University (and its associate activities) of money or goods through the falsification of any records or documents (e.g. submission of false invoices, inflated time records or travel claims and/or the use of purchase orders to obtain goods for personal use). This is an important distinction, intended to clarify the crucial difference between deliberate fraud and unintentional error, removing - wherever possible - any potential confusion or ambiguity.

5. University of Derby Policy

The University is absolutely committed to the highest standards of honesty, accountability, probity and openness in its governance. As a direct consequence of this, the University is committed (i) to reducing fraud associated with any of its activities, operations and locations to the absolute practical minimum and (ii) to the robust investigation of any fraud issues that should arise.

Any such investigation will be conducted without regard to factors such as position, title or length of service. Where any acts of fraud or corruption are proven, the University will make every endeavour to ensure that the perpetrator(s) are dealt with to the full extent of the law and University disciplinary policy/contractual processes (where a third-party is involved), and will also take every step to recover any and all losses in full. It is the responsibility of everyone associated with the University - including staff, students, employees, contractors and third parties - to report any fairly based suspicions of fraud or corruption.

The University has a “no retaliation“ policy for people reporting reasonably-held suspicions, and concerns can be raised if necessary under the University’s Whistleblowing Policy (details of which can be found under Section 9 covering associated policies)

This policy applies to any fraud, or suspected fraud involving everyone and anyone associated with the University - including staff, students, employees, contractors and third parties.

6. Examples of Fraud Risks to which University of Derby may be exposed

These can include, but are not limited to:

7. Counter Fraud Actions

Where there is suspicion that fraud or corruption has occurred, or is about to occur, then it is essential that the appropriate person within the University is contacted immediately; a list of appropriate persons and how to contact them is contained in Appendix 1 to this policy.

The University has a no retaliation policy for people reporting reasonably held concerns and suspicions, and any retaliation against such people - including victimisation and deterring/preventing reporting - will be treated as a Serious Offence under the University’s disciplinary processes. Equally, however, abuse of process by reporting malicious allegations will also be regarded as a disciplinary issue. Any contravention of the no-retaliation policy should be reported through the dedicated process contained in University’s Whistleblowing Policy.

8. In the Event of a Known or Suspected Fraud

A fraud response plan is shown in Appendix 2 to this policy and should be followed in the event of a known or suspected fraud

9. Whistleblowing Policy

The University's Whistleblowing Policy is designed to allow staff, student and all members of the University to raise at high level concerns which they believe in good faith provides evidence of malpractice or impropriety.

Individuals discovering or suspecting malpractice, impropriety or wrongdoing are able to disclose the information without fear of reprisal. A disclosure in good faith which is subsequently not confirmed, will not lead to action against the person making the disclosure. The Counter Fraud policy links to both the Anti Money Laundering Policy and the Anti Bribery Policy as two specific areas where the University may be susceptible to fraudulent action. These policies are available on the Finance pages of the University’s website.

10. Fraud with Academic Implications

Fraud can often be associated with direct financial gain, such as procurement and invoicing fraud. However, in the University/Higher Education sector, academic fraud is a further possibility, including fraud related to immigration, admissions, internships, examinations and awards. Such a fraudulent activity could be very high-profile, with potentially significant consequences for the University. In such cases, it is again essential that an appropriate person is contacted at the earliest opportunity, together with other senior University officer(s), as deemed appropriate.

As each case of this type is different, it is largely impossible to produce fully definitive guidance to follow. Such a fraud may involve a number of stakeholders, including the police and professional bodies, but decisions regarding their involvement - generally - remain the purview of senior University officers.

To ensure that the investigation is not compromised, however, it is vital that the number of people aware of the investigation is kept to an absolute minimum. Notwithstanding, it should be recognised that some frauds of this nature will involve the police initiating their own investigation.

Appendix 1: University list of appropriate persons and how to contact them

Appropriate PersonTitle / RolePhoneEmailPostal Address
Kathryn Mitchell Vice-Chancellor, Executive 01332 591000 University of Derby, Kedleston Road, Derby, DE22 1GB
Craig Jones Director of Finance - University of Derby, Kedleston Road, Derby, DE22 1GB
FC Financial Controller - University of Derby, Kedleston Road, Derby, DE22 1GB
Registrar University Secretary and Registrar - University of Derby, Kedleston Road, Derby, DE22 1GB

Appendix 2: Fraud Response Plan

Introduction The University is accountable to a wide range of stakeholders for the use and management of those funds, and the associated controls.

It is the responsibility of all University officers and staff to ensure that University funds and resources are used honestly and correctly, and to report any circumstances which may indicate their improper use. Channels to make such reports are covered later in this plan.

Universities promote and practice openness and collegiality, which can lead to a lack of segregation of duties, independent oversight and fraud focus.”. When fraud is suspected or indicated, it is essential that prompt and professional reactive action is taken, and it is here where the need for trained fraud ‘first-responders’ within the University is clear.

Fraud is unpredictable, time consuming to investigate, relationship-damaging, very disruptive and unpleasant and has the potential to require significant stakeholder involvement. Primary responsibility for the prevention and detection of fraud rests with officers and staff who also have responsibility to manage the risk of fraud.

Investigation of fraud is the overall responsibility of the VC & FD supported by fraud first-responders or other trained investigators and the project team that may be set up to investigate selected cases. The University’s Fraud Response Plan detailed below outlines the process to be adopted if suspected fraud is reported or detected; the Supporting Appendices also contain a range of useful information, including potential fraud indicators or warning signs.

Definition of Fraud  

The term fraud is a broad and widely-used term to describe a number of fraudulent-type activities that include theft, false accounting, misappropriation, bribery, corruption, deception and collusion. Some definitions of these and related terms are contained in Appendix A. In general, a fraud may be described as any type of deception that results in a gain to one party and/or a loss to another, in this case the University. The Fraud Act 2006 outlines three classes of fraud:

In terms of the University’s Fraud Response Plan, fraud may be defined as deception with the intention of:

The Fraud Response Plan Purpose

The purpose of the Fraud Response Plan is to define authority levels, responsibilities for action and reporting lines in the event of a suspected fraud or financial irregularity.

The use of the plan allows the University to:

The plan covers the following 15 key stages:

1. Initial Response

2. Initial Reporting

3. Meeting of the Fraud Response Team

4. The Lead Investigator’s plan

5. Communications during, and after, the investigation

6. Establishing and securing evidence

7. Staff under suspicion

8. Interviewing/statements

9. Police involvement

10. Prevention of further losses

11. Recovery of losses

12. Administration, including HR-type issues such as references

13. Reporting, including notifying HEFCE

14. Review, communication and action on findings

15. Closure 


1. Initial Response

A fraud or financial irregularity may be discovered in a variety of ways, from your own or a colleague’s observations, someone from inside or outside the University ‘blowing the whistle’, financial controls identifying a discrepancy, internal or external audit discovering a problem or external bodies identifying an issue.

A fraud or financial irregularity may also come to light through:

Irrespective of how a potential fraud is discovered, the following - Things to do, Things not to do and Things to remember - should always be borne in mind:

Things to do:

1. Stay calm - remember you are a witness not a complainant

2. If possible, write down your concerns immediately - make a note of all relevant details such as what was said in phone or other conversations, the date, the time and the names of anyone involved

3. Consider the possible risks and outcomes of any immediate action you may take

4. Make sure that your suspicions are supported by facts, as far as is possible at this stage

Things not to do:

1. Don’t become a private detective and personally conduct an investigation or interviews

2. Don’t approach the person/persons potentially involved (this may lead to conflict, violence, him/her destroying evidence etc.)

3. Don’t discuss your suspicions or case facts with anyone other than those persons referred to below (Head of Department and/or the Director of Finance and/or the Head of HR) unless specifically asked to do so by them

4. Don’t use the process to pursue a personal grievance

Things to remember:

1. You may be mistaken or there may be an innocent or good explanation - but this will come out in the investigation

2. The fraud response and investigation process may be complex and relatively lengthy and, as a consequence, you may not be thanked immediately. Moreover, the situation may lead to a period of disquiet or distrust in the University despite you having acted in good faith.

2. Fraud - Initial Reporting

All actual or suspected incidents should be reported immediately either:

provided reports are made in good faith then an individual is generally protected by the University and the law against retribution, harassment or victimisation and the individual’s confidentiality must be preserved.

If the disclosure involves or implicates any of the individuals identified above then the disclosure should be made to the Vice Chancellor and/or the Chair of University Council and/or the Chair of Audit Committee as appropriate and/or Funding Council and/or police Guidance for managers on receiving a report of fraud Managers who receive a report of a fraud should:

3. Meeting of the Fraud Response Team

As soon as practicable a meeting of a Fraud Response Team should be convened, normally consisting of the members to decide on the initial response: to include (from):

It may also be necessary to involve colleagues in communications if there are potential public relations and/or media issues. This group will decide:

4. The Lead Investigators Plan

The Fraud Response Team should appoint a Lead Investigator who should then create a plan to cover the subsequent actions.

5. Communications

The Lead Investigator should take single responsibility for all subsequent communications.

6. Establishing and securing evidence

The Lead Investigator should take single responsibility for all evidence and record log of evidence should be kept which can be referred to during an investigation.

7. Staff Under Suspicion

The Lead Investigator should take lead in deciding if any staff under suspicion should be informed prior to the start of any investigation. If a decision to discuss the suspicion with the staff, HR should be consulted to ensure all employment laws are abided by.

8. Interviewing/statements

The University will follow standard and established disciplinary procedures against any member of staff who has committed fraud. Additionally, the University will normally consider prosecution of any such individual. The investigators and Internal Audit will ensure that:

Where the initial investigation provides reasonable grounds for suspecting a member or members of staff of fraud, the Fraud Response Team will decide how to prevent further loss.

This may require the suspension of the individual(s) suspected of fraud and removal of physical (i.e. campus, building and office) and systems access rights. Any suspension will be in accordance with University’s disciplinary procedures, but it may be necessary to plan the timing of suspensions to prevent individuals from destroying or removing evidence that may be needed to support the investigation process.

However, it should be recognised that there may occasionally be circumstances where it is decided to allow a fraud - and associated losses - to continue to identify, for example, further culprits.

When interviewing employees under suspicion it must be made clear whether it is a formal interview or an informal discussion. It should be explained that the University and the interviewers have no pre-set view, the suspicion should be outlined and the employee given adequate time to respond. If it is decided that formal questioning is needed because potential involvement in a criminal offence is suspected, then the interview should be conducted in accordance with the principles of the UK Police and Criminal Evidence Act (PACE). Guidelines can be found on the Home Office Website.

PACE provides protection for the individual and ensures that any evidence collected through interviews, (including the taking of statements) can be presented in court, whether or not such interviews are being carried out under caution. PACE covers such rights as the right to silence, to legal advice, not to be held incommunicado, to accurate recording and protection against evidence obtained through oppression. Because of this, very early consideration should be given to police involvement, or consultation in these circumstances. Legal advice should also always be sought, recognising that there may be variations in local legislation where an overseas campus, for example, is involved. Interviews should only be carried out with the approval of the Fraud Response Team.

There are strict rules relating to tape recorded interviews and investigators must be suitably trained, skilled and experienced if these are to be used. Ideally, statements should be taken from witnesses using their own words. The witness must be happy to sign the resulting document as a true record - the witness can be given a copy of the statement if desired. It is also very important to keep contemporaneous notes on file, in the event that they are needed for future reference (e.g. court, tribunal or disciplinary hearing).

9. Police involvement

At some point a decision will need to be made as to whether an incident is reported to the police. However, even if it is reported there needs to be an element of realism as to the likely extent of police involvement.

For large-scale frauds, it may be appropriate to ask the police to attend meetings of the Fraud Response Team. The lead investigator should prepare an ‘Evidence Pack’ that can be handed to the police at the time the fraud is reported, and a Crime Reference Number obtained. The Evidence Pack should include a summary of the fraud, highlighting (where known) the amount, the modus operandi, and the location, and including photocopies of key supporting documents and contact details of the person leading the investigation. All contact with the police should be channelled through one person which would generally be the investigator or, possibly, the communications lead (i.e. the person leading the investigation).

10. Prevention of Further losses

Immediate review of controls and processes would be needed to prevent further loss and investigation into what control has failed or if one existed. Short term changes in policy would need to be proposed to prevent further loss which would require approval from the VC & FD.

11. Recovery of losses

Recovering losses is clearly a major objective of any fraud response investigation. Internal Audit or those investigating the incident should ensure that in all fraud investigations the amount of any loss is quantified. Repayment of losses should be sought in all cases. Where the loss is (potentially) substantial, legal advice should be obtained without delay about the need to freeze an individual’s assets through the courts pending the conclusion of the investigation.

Legal advice should also be sought about the prospects for recovering losses through the civil court in circumstances where the perpetrator(s) refuse repayment. The University would normally expect to recover costs in addition to losses.

The University’s insurers should be involved in such cases and, indeed, their notification (above) may be a mandatory requirement of cover.

12. Administration and HR issues

Careful administration of the investigation is of vital importance. A disordered investigation, without clear records and logs of events, communications, key dates etc., will cause problems at any court hearing, tribunal or disciplinary panel. It is equally important that confidentiality is kept both for paper and electronic (e-mail) communications. Where e-mail is used for communication, subject names that have no direct link to the investigation should, for example, be considered. Within the employment law framework, HR must deal with any requests for references from staff who have been disciplined or prosecuted for fraud and related issues.

13. Reporting, including notifying regulators

The Fraud Response Team should provide a confidential and regular report to the Chair of the Audit Committee, the Vice Chancellor, the external audit partner and other nominated individuals at an agreed frequency.

The scope of the report should include the circumstances surrounding the case, contributory factors and progress with the investigation. Any incident meeting the criteria for a report to regulators should be reported without delay to the Vice-Chancellor, the Chair of the Audit Committee and the Chair of the Finance Committee where there is a (potential) financial loss. The Team should also consider if incidents not meeting the criteria should be reported, both to the regulator as well as to sector fraud alert networks (e.g. via BUFDG), to anonymously warn other sector bodies of potential risks.

14. Review, communication and action on findings & Closure

On completion of the investigation the Fraud Response Team should submit to the Audit Committee a report typically containing:




Last reviewed: 30/10/2020

Policy Owner: Finance