This fraud policy is established to facilitate the development of controls which will aid in the prevention and detection of fraud within the University of Arkansas System (the “System”). It is the intent of the System to promote consistent organizational behavior by providing guidelines and assigning responsibility for the development of prevention and detection controls and conduct of investigations.
I. Scope
This policy applies to any fraud, or suspected fraud, involving Board of Trustees, employees, consultants, vendors, contractors, outside agencies doing business with employees of such agencies, students and any other parties with a business relationship with the System.
Any investigative activity required will be conducted without regard to the suspected wrongdoer’s length of service, position or title, or relationship to the System.
II. Policy
Management is responsible for the prevention and detection of fraud, misappropriations, and other inappropriate conduct. Fraud is defined as the intentional, false representation or concealment of a material fact for the purpose of inducing another to act upon it to his or her injury. Each member of the management team will be familiar with the types of improprieties that might occur within his or her area of responsibility, and be alert for any indication of irregularity.
Any fraud that is detected or suspected must be reported to the Internal Audit Department, who coordinates investigations with the University’s General Counsel and other affected areas, both internal and external.
III. Actions Constituting Fraud
The terms defalcation, misappropriation, and other fiscal wrongdoings refer to, but are not limited to:
- An entry into the accounting records of the System that is intentionally made to represent what is not true or does not exist, with intent to deceive the officers and Trustees of the University of Arkansas System
- Forgery of a check, bank draft, wire transfer or any other System financial document
- Unauthorized alteration of any financial document or account belonging to the System
- Misappropriation of funds, securities, supplies, or other System assets
- Impropriety in the handling or reporting of money or financial transactions
- Disclosing confidential and proprietary information to outside parties for personal gain, except as allowed under the Arkansas Freedom of Information Act or other law
- Theft of identity
- Accepting or seeking anything of material value from contractors, vendors or persons providing services or materials to the System, except as provided in gift policies
- Unauthorized destruction, removal, or use of records, furniture, fixtures, and equipment for personal gain
- Any similar or related inappropriate conduct
IV. Other Inappropriate Conduct
Suspected improprieties concerning an employee’s moral, ethical, or behavioral conduct, should be resolved by departmental management and human resources personnel rather than Internal Audit.
If there is any question as to whether an action constitutes fraud, contact the Internal Audit Director for guidance.
V. Identity Theft Prevention Programs
In accordance with the Federal Trade Commission issuing the Red Flags Rule under sections 114 and 315 of the Fair and Accurate Transactions Act (FACT), Subpart J, Section 41.90, each campus will prepare a written Identity Theft Prevention Program. This program should be designed to detect, prevent and mitigate identity theft in regard to “covered accounts”, as defined in the law. The programs must be approved by the Board of Trustees and include a requirement for an annual review and update filed with the University of Arkansas System Vice President for Finance and Chief Fiscal Officer through the Chancellor’s Office of each campus.
VI. Investigation Responsibilities
The Internal Audit Department has the primary responsibility for the investigation of all suspected fraudulent financial acts as defined in the policy. If the investigation substantiates that fraudulent activities have occurred, the Internal Audit Department will issue reports to appropriate designated System officers and personnel and to the Board of Trustees through the Audit Committee.
Decisions to prosecute or refer the examination results to the appropriate law enforcement and/or regulatory agencies for further independent investigation will be made in accordance with Arkansas and Federal laws by the Officers and Trustees of the System in consultation with the General Counsel, as will final decisions on disposition of the case.350.1 3
VII. Confidentiality
The Internal Audit Department treats all information received confidentially. Any employee who suspects dishonest or fraudulent activity will notify the Internal Audit Department, and should not attempt to personally conduct investigations or interviews related to any suspected fraudulent act.
Investigation results will not be disclosed or discussed with anyone other than those who have a legitimate need to know subject to Arkansas Freedom of Information Act. This is important in order to avoid damaging the reputations of persons suspected but subsequently found innocent of wrongful conduct.
VIII. Reporting Procedures and Fraud Hotline
Great care must be taken in the investigation of suspected improprieties or wrongdoings so as to avoid mistaken accusations or alerting suspected individuals that an investigation is under way.
An employee who discovers or suspects fraudulent activity will contact the Internal Audit Department either directly or through the System’s established Fraud Hotline. The employee or other complainant may remain anonymous. All inquiries concerning the activity under investigation from the suspected individual, his or her attorney or representative, or any other inquirer should be directed to the Internal Audit Department or General Counsel. No information concerning the status of an investigation will be given out.
The reporting individual should be informed that they should not contact the suspected individual in an effort to determine facts or demand restitution or discuss the case, facts, suspicions, or allegations with anyone unless specifically asked to do so by the General Counsel or the Internal Audit Department.
IX. Termination
The Internal Audit Department does not have the authority to terminate an employee for committing fraudulent acts. Decisions to terminate an employee reside with the University’s senior management and officers in consultation with Human Resources and the General Counsel.350.1 4
X. Administration
The Internal Audit Department is responsible for the administration, revision, interpretation, and application of this policy.
April 17, 2009 (Revised)
September 22, 2007