Anti-Fraud and Theft Policy - fraud and theft policy v2 by nyut545e2


									Anti-Fraud and
  Theft Policy

    October 2009

    Subsidiaries of
                     Anti-fraud and theft Policy   October 2009



1. INTRODUCTION                                              2
2. DEFINITIONS – WHAT IS FRAUD?                              2
3. COMPANY RESPONSIBILITIES                                  3
5. FRAUD RESPONSE PLAN                                       7
6. FRAUD & THEFT DETECTION                                   7
7. REPORTING                                                 8
8. DISCIPLINARY/LEGAL ACTION                                 8
9. LEARNING FROM EXPERIENCE                                  8
11. CONCLUSION                                             12
12. ADDITIONAL GUIDANCE                                    12
13. ENQUIRIES                                              13

                              Anti-fraud and theft Policy                October 2009



Translink/NITHCo requires all staff at all times to act honestly, and with
integrity and to safeguard the Company resources for which they are
responsible. Fraud and theft is an ever-present threat to these resources and
hence must be a concern to all members of staff. Translink/NITHCo views
fraud and theft as an extremely serious matter and is committed to the
promotion of an Anti-fraud and theft Culture throughout the organisation. This
section explains Company and staff responsibilities in relation to both
prevention and detection of fraud and theft.


Fraud is not exactly defined in law but there is now the Fraud Act of 2006
which determines that a person is guilty of Fraud if he/she commits

     1. Fraud by false representation;
     2. Fraud by failing to disclose information;
     3. Fraud by abuse of position;
In addition to the above act fraud may be perpetrated in breach of several acts
e.g. Theft Act (NI) 1969 and the Theft (NI) Order 1978. For the purposes of
this document fraud may involve:

     (i) Manipulation, falsification or alteration of records or documents;
     (ii) Suppression or omission of the effects of transactions from records or
     (iii) Recording of transactions without substance;
     (iv) Misappropriation (theft) or wilful destruction or loss of assets including
        cash; and
     (v) Deliberate misapplication of accounting or other regulations or policies.
     (vi) Bribery and corruption

Computer fraud is covered by the Computer Misuse Act 1990. Such fraud
arises where information technology equipment has been used to manipulate
programs or data dishonestly (for example, by altering, substituting or
destroying records, or creating spurious records), or where the use of an IT
system was a material factor in the perpetration of fraud. Theft or fraudulent
use of computer time and resources is included in this definition.

                           Anti-fraud and theft Policy             October 2009


Translink/NITHCo’s responsibilities as part of DRD are set out in chapter 4 of
Annex 4.7.10 Managing Public Money Northern Ireland.

      “Departments are responsible for undertaking thorough investigations
      where there is suspected fraud and theft taking the appropriate legal
      and/or disciplinary action in all cases where that would be justified.”

      “Investigations should consider any control failures and make
      recommendations on systems and procedures to minimise the risk of a
      recurrence and departments should also take appropriate disciplinary
      action where supervisory or management failures have occurred
      (MPMNI 4.7.12).”

      Guidance on when to involve the PSNI Fraud Unit is given at MPMNI
      4.7.11. Responsibility for exercising disciplinary powers rests with the
      Group Chief Executive (MPMNI 4.7.13).

      Translink/NITHCo will let DRD have details of all discovered fraud and
      theft, proven or suspected, on a monthly and annual basis. All frauds
      and thefts will be reported immediately (MPMNI 4.7.8).

      Translink/NITHCo will submit an annual fraud and theft return in
      response to the Department of Finance and Personnel’s
      commissioning letter (MPMNI 4.7.9).”

                             Anti-fraud and theft Policy              October 2009


•    The Director of Finance is responsible for establishing and maintaining a
     sound system of internal control that supports the achievement of
     Company policies, aims and objectives. The system of internal control is
     designed to respond to and manage the whole range of risks that
     Translink/NITHCo faces. The system of internal control is based on an on-
     going process designed to identify the principal risks, to evaluate the
     nature and extent of those risks and to manage them effectively.
     Managing fraud and theft risk will be seen in the context of the
     management of this wider range of risks and involves:

     o Developing a fraud risk register and undertaking a regular review of the
       fraud risks associated with each of the key organisational objectives in
       order to keep the profile current;

     o Maintaining an effective anti-fraud and theft policy and fraud response
       plan, commensurate to the level of fraud and theft risk identified in the
       fraud and theft risk register;

     o Designing an effective control environment to prevent fraud and theft
       commensurate with the fraud and theft risk register;

     o Establishing appropriate mechanisms for:

        §   reporting fraud and theft risk issues;
        §   reporting incidents of fraud and theft to the Internal Audit Manager;
        §   co-ordinating assurances about the effectiveness of anti-fraud and
            theft policies;

     o Liaising with the Risk Management Committee and Audit Committee;

     o Making sure that all staff are aware of the organisation’s anti-fraud and
       theft policy and know what their responsibilities are in relation to
       combating fraud and theft;

     o Developing skill and experience competency frameworks;

     o Ensuring that appropriate anti-fraud and theft training and development
       opportunities are available to appropriate staff in order to meet the
       defined competency levels;

     o Ensuring that vigorous and prompt investigations are carried out if
       fraud or theft occurs or is suspected;

     o Taking appropriate legal and/or disciplinary action against perpetrators
       of fraud and theft;

                             Anti-fraud and theft Policy             October 2009

    o Taking appropriate disciplinary action against supervisors where
      supervisory failures have contributed to the occurrence of fraud and

    o Taking appropriate disciplinary action against staff who fail to report
      fraud or theft;

    o Taking appropriate action to recover assets;

    o Ensuring that appropriate action is taken to minimise the risk of similar
      thefts and frauds occurring in future.

•   Managers are responsible for:

    o Ensuring that an adequate system of internal control exists within their
      areas of responsibility and that controls operate effectively;

    o Preventing and detecting fraud and theft;

    o Assessing the types of risk involved in the operations for which they are

    o Regularly reviewing and testing the control systems for which they are

    o Ensuring that controls are being complied with and their systems
      continue to operate effectively;

    o Implementing new controls to reduce the risk of similar thefts and fraud
      occurring where thefts or frauds have taken place

•   Internal audit is responsible for:

    o Delivering an opinion to the Director of Finance and Audit Committee
      on the adequacy of arrangements for managing the risk of thefts and
      fraud and ensuring that the Company promotes an anti-fraud and theft

    o Assisting in the deterrence and prevention of thefts and fraud by
      examining and evaluating the effectiveness of controls commensurate
      with the extent of the potential exposure/risk in the various segments of
      the department’s operations;

    o Ensuring that management has reviewed its risk exposure and
      identified the possibility of fraud or theft as a business risk;

    o Conducting fraud and theft investigations.

                              Anti-fraud and theft Policy                October 2009

•    Every member of staff is responsible for:

     o Acting with propriety in the use of Company resources and the handling
       and use of Company funds whether they are involved with cash or
       payments systems, receipts or dealing with suppliers.

     o Being alert to the possibility that unusual events or transactions could
       be indicators of fraud and theft;

     o Reporting details immediately through the appropriate channel if they
       suspect that a fraud or theft has been committed or see any suspicious
       acts or events;

     o Co-operating fully with whoever is conducting internal checks, reviews
       or fraud and theft investigations.

The responsibility for the prevention and detection of fraud and theft,
therefore, rests primarily with managers. There is a need for all managers to
assess the types of risk involved in the operations for which they are
responsible; to review and test regularly the control systems for which they
are responsible; to ensure that controls are being complied with; and to satisfy
themselves that their systems continue to operate effectively. Line managers
should also ensure that all staff are aware of the organisation’s theft and anti
fraud policy and know what their responsibilities are in relation to combating
fraud and theft.

Internal Audit is available to offer advice and assistance on control issues as
necessary. In terms of establishing and maintaining effective controls it is
generally desirable that:

     i. Supervisory/management checks are established in each area of work,
        and such checks are carried out routinely and periodically by

    ii. there is a regular rotation of staff where practicable, particularly in key

    iii. wherever possible, there is a separation of duties so that control of a key
         function is not vested in one individual;

    iv. back-logs are not allowed to accumulate; and

    v. In designing any new system, consideration is given to building in
       safeguards against internal and external fraud and theft.

                              Anti-fraud and theft Policy               October 2009


Translink/NITHCo has prepared a Fraud Response Plan as a guide to follow
in the event of fraud being discovered or suspected. The plan should be read
in conjunction with the detailed guidance set out in DAO (DFP) 12/06 Internal
Fraud: Management Checklist and HM Treasury NAO Good Practice Guide
Tackling External Fraud


Line managers should be alert to the possibility that unusual events or
transactions could be symptoms of fraud and theft or attempted fraud and
theft. Fraud and theft may also be highlighted as a result of specific
management checks or be brought to management's attention by a third
party. Additionally, irregularities occasionally come to light in the course of
audit reviews.

Irrespective of the source of suspicion, it is for line management to undertake
an initial enquiry to ascertain the facts. This enquiry should be carried out as
speedily as possible after suspicion has been aroused: prompt action is
essential. The purpose of the initial enquiry is to confirm or repudiate the
suspicions which have arisen so that, if necessary, further investigation may
be instigated.

The factors which gave rise to the suspicion should be determined and
examined to clarify whether a genuine mistake has been made or an
irregularity has occurred. An irregularity may be defined as any incident or
action which is not part of the normal operation of the system or the expected
course of events. Preliminary examination may involve discrete enquiries with
staff or the review of documents. It is important for staff to be clear that any
irregularity of this type, however apparently innocent, will be analysed.

If initial examination confirms the suspicion that a fraud or theft has been
perpetrated, then to prevent the loss of evidence which may prove essential
for subsequent disciplinary action or prosecution, Management should:

     i. Take steps to ensure that all original evidence is secured as soon as

     ii. Be able to account for the security of the evidence at all times after it
         has been secured, including keeping a record of its movement and
         signatures of all persons to whom the evidence has been transferred.
         For this purpose all items of evidence should be individually numbered
         and descriptively labelled;

 iii. Not alter or amend the evidence in any way;

 iv. Keep a note of when they came into possession of the evidence. This
     will be useful later if proceedings take place;

                              Anti-fraud and theft Policy              October 2009

     v. Remember that all memoranda relating to the investigation must be
        disclosed to the defence in the event of formal proceedings and so it is
        important to carefully consider what information needs to be recorded.
        Particular care must be taken with phrases such as “discrepancy” and
        “irregularity” when what is really meant is fraud or theft.

Additionally, Translink/NITHCo may suspend any member of staff involved
pending the outcome of an investigation (sections 8 and 13 of the document
“Dealing with Suspected Fraud” provides guidance). Suspension itself does
not imply guilt; it can be however another safeguard to prevent the removal or
destruction of evidence.

7.       REPORTING

Managers are required to report immediately to the Internal Audit Manager all
proven or suspected thefts or frauds within the groups perpetrated by
members of its own staff, members of the public, creditors or contractors.
Guidance on how fraud or theft (proven or suspected) should be reported is
set out in the Fraud Response Plan.


After proper investigation, Translink/NITHCo will take legal and/or disciplinary
action in all cases where it is considered appropriate and there will be
consistent handling of cases without regard to position or length of service. In
general, Translink/NITHCo policy in regard to proven thefts and frauds or
suspected thefts or frauds which come to light, whether perpetrated by a
member of staff or by person’s external to the organisation, is that the case
will be referred to the police at the earliest possible opportunity.
Translink/NITHCo will co-operate fully with police enquiries and these may
result in the offender(s) being prosecuted. Steps need to be taken to attempt
to recover all losses resulting from the fraud or theft. A civil action against the
perpetrator may be appropriate. The investigations described above will also
consider whether there has been any failure of supervision. Where this has
occurred appropriate disciplinary action will be taken against those


Where a fraud or theft has occurred management must make any necessary
changes to systems and procedures to ensure that similar thefts and frauds
will not recur. The investigation may have pointed up where there has been a
failure of supervision, a breakdown in or an absence of control. Internal Audit
is available to offer advice and assistance on matters relating to internal

                               Anti-fraud and theft Policy           October 2009



All of us at one time or another have concerns about what is happening at
work. Usually these concerns are easily resolved. However, when they are
about unlawful conduct, financial malpractice, dangers to the public, serious
safety or security issues or a breach of confidence, it can be difficult to know
what to do. You may be worried about raising such issues or may want to
keep the concerns to yourself, perhaps feeling it is none of your business or
that it is only a suspicion. You may feel that raising the matter would be
disloyal to colleagues, Managers or the group. You may decide to say
something but find that you have spoken to the wrong person or raised the
issue in the wrong way and are not sure what to do next. Translink/NITHCo
has introduced this procedure to enable you to raise your concerns about
such malpractice at an early stage and in the correct manner. We would
rather that you raised the matter when it is just a concern rather than wait for
proof. If something is troubling you which you think we should know about or
look into, please use this procedure. If, however, your concern is in relation to
your personal position, please use the Grievance Procedure. This Public
Interest Disclosure procedure is primarily for concerns where the interests of
others or of the Organisation itself are at risk. It is not designed to question
financial or business decisions taken by management nor should it be used to
reconsider any matters which have already been addressed under other
 If in doubt – raise it!

Scope of Policy

This policy applies not only to all permanent and short term employees of
Translink/NITHCo, but also to external consultants, contractors and agency
staff working within Translink/NITHCo.
It is impossible to give an exhaustive list of the activities that could cause
concern, but they include:

•     Financial malpractice, impropriety or fraud
•     Failure to comply with a legal obligation
•     Regulatory non compliance
•     Dangers to health and safety or the environment
•     Criminal activity including theft
•     Attempts to conceal any of the above.

                             Anti-fraud and theft Policy               October 2009

Our Assurances to you

Your Protection

The Group Chief Executive, Senior Management and all Managers, are
committed to this policy. If you raise a genuine concern under this policy, you
will not be at risk of losing your job or suffering any form of retribution as a
result. Provided you are acting in good faith, it does not matter if you are
mistaken. This assurance is not extended to someone who maliciously raises
a matter they know is untrue or to someone who chooses to make disclosures
outside the scope of the procedures set out in this policy. The Public Interest
Disclosure Order, which came into effect in 1999, gives legal protection to
employees against being dismissed or penalised by their employer as a result
of disclosing certain serious concerns.

Your Confidence

The group will not tolerate the harassment or victimization of anyone raising a
genuine concern. However, we recognise that you may nonetheless want to
raise a concern in confidence under this policy. If you ask us to protect your
identity by keeping your confidence, we will not disclose it without your
consent. If the situation arises where we are not able to resolve the concern
without revealing your identity (for instance because your evidence is needed
in court), we will discuss with you whether and how we can proceed.


If you do not tell us who you are it will be much more difficult for us to look into
the matter, to protect your position, or to give you feedback. Accordingly,
while we will consider anonymous reports, these arrangements are not well
suited to deal with concerns raised anonymously.

How to raise a concern internally

Option One

If you have a concern about malpractice, we hope you will feel able to raise it
first with your Line Manager. This may be done orally or in writing.

Option Two

If you feel unable to raise the matter with your Line Manager, for whatever
reason, please raise the matter with any other manager in the Company.
Please state if you want to raise the matter in confidence so that they can
make appropriate arrangements.

                                        - 10 -
                            Anti-fraud and theft Policy              October 2009

Option Three

If these channels have been followed and you still have concerns, or if you
feel that the matter is so serious that you cannot discuss it with any of the
above, please contact:

Gordon Milligan, Director of Human Resources
Direct Line: 028 90899407

Internal Audit
Confidential Mobile No: 07920187965

How we will handle the matter

Once a concern has been raised, we will consider initially what action should
be taken. This may involve an internal inquiry or a more formal investigation.
We will tell you who is handling the matter, how you can contact him/her and
whether your further assistance may be needed. If you request, we will write
to you within 10 days summarising your concern and setting out how we
propose to handle it. When you raise the concern you may be asked how you
think the matter might best be resolved. Meetings between the employee
raising the concern and the person handling the concern and/or the
investigator can take place away from Translink/NITHCo premises at the
request of either party. The employee can be accompanied to any meetings
by a fellow employee of their choice who may be a friend, colleague or a
Trade Union representative. If you do have any personal interest in the
matter, we do ask that you tell us at the start of the process. If your concern
falls more appropriately within the Grievance Procedure (e.g. a grievance is
seeking redress for a wrong or problem which affects you) we will recommend
that route to you. While the purpose of this policy is to enable us to
investigate possible malpractice and take appropriate steps to deal with it, we
will give you as much feedback as we can. If requested, we will confirm our
response to you in writing. Please note, however, that we may not be able to
tell you the precise action we take where this would infringe in a confidence to
someone else.

If you are dissatisfied

You can raise the matter directly with Stephen Armstrong Director of Finance.

If you are unhappy with our response, remember you can go to the other
levels and bodies detailed in this policy. While we cannot guarantee that we
will respond to all matters in the way that you might wish, we will try to handle
the matter fairly and properly. By using this policy, you will help us to achieve

If the channels outlined above have been followed and you believe there is an
ongoing risk , or you feel the matter is so serious that you cannot discuss it
with any of the above, you can raise your concern directly with:

                                       - 11 -
                            Anti-fraud and theft Policy               October 2009

Catherine Mason, (Group Chief Executive NITHCo/Translink/NITHCo)
Direct Line: 028 9025 8109

Independent Advice

If you are unsure whether to use this procedure or you want independent
advice at any stage, you may contact, if applicable the independent charity
Public Concern at Work on 0207 404 6609 or at Their
Lawyers can give you free confidential advice at any stage about how to raise
a concern about serious malpractice at work.

External contacts

While we hope this policy gives you the reassurance you need to raise such
matters internally, we recognize that there may be circumstances where you
feel you can report matters to outside bodies. Public Concern at Work (or,
your Trade Union) will be able to advise you on such an option and on the
circumstances in which you any be able to contact an outside body.

Monitoring this Policy

The Director of Finance will maintain a confidential record of concerns raised
under this policy together with the outcome and will report as necessary to the
Audit Committee.

Review of Policy

The Audit Committee has a responsibility to review this policy annually,
including an assessment of its effectiveness. Changes to the policy will be
notified to employees when they occur.


The circumstances of individual thefts and frauds will vary. But it is important
that all are vigorously and promptly investigated and that appropriate action is
taken. To repeat, Translink/NITHCo views thefts and fraud extremely
seriously and all suspicion of fraud and theft will be acted upon in accordance
with this policy. Proven fraud or theft can ultimately result in dismissal.


Additional guidance on the issue of fraud is contained in the following list of
key documents readily available from the Director of Finance.

Managing Public Money Northern Ireland, Annex 4.7
DAO (DFP) 11/03, Fraud Management and Fraud Reporting
HM Treasury Booklet, “Managing the Risk of Fraud”
DRD Personnel Division Booklet, “Dealing with Suspected Fraud”

                                       - 12 -
                           Anti-fraud and theft Policy            October 2009

CSC 04/03, Guidance on Public Interest Disclosure (“whistleblowing”)
The Seven Principles of Public Life (Nolan Principles)
FD 10/08 Good Practice Guide – Tackling External Fraud

Enquiries about this document should be addressed to Stephen Armstrong,
Director of Finance, 3 Milewater Road, Belfast BT3 9BG - Tel: 028 9035 4057
or Email: stephen.armstrong@Translink/

Should any questions remain in relation to fraud and theft, e.g. as to whether
a matter needs to be reported, either the Internal Auditor or Group Accountant
will be happy to discuss.


October 2009

                                      - 13 -

To top