Annex A
INTERNAL AUDIT
COUNTER FRAUD REPORT
2021/2022
1. Introduction
1.1 The Council’s Financial Regulations require all officers and members of the Council to notify the Chief Internal Auditor of any matter that involves, or is thought to involve, corruption or financial irregularity in the exercise of the functions of the Council. Internal Audit will in turn pursue such investigations in line with the Counter Fraud Strategy and Framework.
1.2 Within the Orbis Internal Audit Service, the Counter Fraud partnership team provides resource and experience to support ESCC with both proactive and responsive support relating to any instances of financial irregularities and fraud related risks.
1.3 The annual Internal Audit Plan for 2021/22 carried within it a contingency budget for ‘Irregularity and Special Investigations’ of 150 days. This contingency covered time to investigate ‘irregularities’ (actual or alleged financial impropriety, corruption, and other similar matters) as well as time for proactive counter fraud work and to support the National Fraud Initiative (NFI), detailed in the latter part of this report.
1.4 Internal Audit reports following irregularity investigations typically help to provide independent evidence to support (or not) a management case against an employee under formal disciplinary procedures, to support potential criminal prosecutions and to help strengthen controls in areas where weaknesses are identified. Irregularity audit reports are not subject to the same distribution as general audit reports due to their confidential and sensitive nature.
2. Summary of investigations between 1 April 2022 and 31 March 2021
Resources
2.1 During the 2021/22 financial year, a total of nine Internal Audit officers charged time to work on irregularity investigations amounting to 123.8 days. This includes preliminary assessments, liaison with departments, fieldwork, reporting and subsequent support for disciplinary and criminal activities.
2.2 The Counter Fraud team also monitors the ESCC Confidential Reporting Hotline, giving advice to members of staff on whistleblowing, and signposting to other departments where required.
Number and Types of Investigations
2.3 A total of 23 allegations were received in the financial year (11 in the first half of the year and 12 in the second half). For comparison, 18 allegations were received in the previous financial year.
2.4 New allegations were brought to the attention of Internal Audit by the following methods:
· 16 were raised by Council management;
· 1 was identified during audit work;
· 1 was raised by an employee;
· 2 originated from an external source to the Council;
· 3 were raised through confidential reporting.
2.5 Full details of the categories by which fraud and irregularity investigations are reported are attached at Appendix A. All proven fraudulent or irregular behaviour by officers may be considered misconduct; similarly, poor controls increase the likelihood of fraud occurring. The categories therefore reflect alleged specific types of fraud or irregularity.
2.6 The number of all recorded allegations across the Council’s departments is shown in Figure 1, while Figure 2 shows the categories of allegations received.
Figure 1. Allegations by department from 1 April 2021 to 31 March 2022
Figure 2. Summary of irregularities by type from 1 April 2021 to 31 March 2022
2.7 Of the allegations received, 3 were closed with no action taken, 2 were passed to an external body, 10 were taken forward for investigation by Internal Audit or support provided to a management investigation, and 6 were conduct or capability issues dealt with by management with support from HR where appropriate. Two referrals related to the same case and this investigation is still active.
2.8 The following paragraphs provide a summary of the investigation activity undertaken by Internal Audit in the last 12 months.
2.8.1 Multiple Employment– we provided advice to HR following a report that a member of staff who was on sick leave was working as a manager at a care home. The member of staff had already resigned prior to the information coming to the attention of the service. Overpayment of salary was recovered from the member of staff.
2.8.2 Cash Handling- we provided advice following the receipt of a referral alleging that £2,000 from a school PTA was being held insecurely. There was no evidence that the money was missing, and the school were in receipt of the funds. No further action was taken.
2.8.3 Mandate Fraud- a referral was received following a member of staff receiving an email alerting them that their bank account in payroll had been changed. The change had not been instigated by the member of staff. Following an investigation, we were able to confirm that controls were in place to prevent such attempts but on this occasion the correct process had not been followed. Staff from within the service have now attended Fraud Awareness Training.
2.8.4 Deprivation of Capital- we provided advice and support to Adult Social Care in respect of two cases where clients who had made an application for a Direct Payment had potentially deprived themselves of capital in order to obtain financial assistance from the Council. One case was referred to the police and the second case was referred to the service to make a decision on deprivation.
2.8.5 Grant Fraud- intelligence was received from two neighbouring local authority internal audit teams that they were independently investigating a specific provider of adult residential care associated with the alleged falsification of documents to support Department of Health Social Care (DHSC) Infection Control Grant expenditure, and the alteration of Council correspondence for financial gain. Following receipt of this intelligence, a targeted investigation took place at ESCC into the Infection Control Grant expenditure by this same provider. We reviewed information and invoices provided and undertook independent validation enquiries with suppliers. No irregularity was identified, and the provider was found to have complied with DHSC grant expenditure conditions. An investigation report was issued to the service and the matter was closed.
2.8.6 Pecuniary Interest- a review of the matches produced as part of the National Fraud Initiative identified a business interest that had not been included on an individual’s Declaration of Interest. A review confirmed that no conflict had arisen, and no personal gain was made. The individual concerned was reminded of their responsibilities in this regard and the Declaration of Interest has now been brought up to date.
2.8.7 False Documents- we provided support and advice to the Pension Service following a potential false will being provided as evidence for a claim in respect of a death in service benefit. It was concluded that the will was likely a false document, but as this did not change the outcome of the death in service benefit recipient, no further action was taken.
2.8.8 Procurement Fraud- an allegation was received relating to improper procurement practices in relation to the re-procurement of a large framework agreement within the Council. In response to the allegation, it was agreed that we would review the procurement arrangements to ascertain whether the this was conducted fairly and in compliance with Public Contract Regulations. Whilst we were able to confirm compliance, we did identify a need to clarify the governance arrangements around decision-making and ensure that tender documentation was clear to bidders. A robust action plan was agreed with management to address these issues.
2.8.9 Abuse of Position- During a routine audit at a school, it was identified that some off payroll payments to senior staff, relating to EIP activities, had been made without appropriate approval and without the necessary deductions being made at source. Whilst we were unable to find any explicit guidance provided to EIP’s or their Chairs on the permitted or expected usage of delegated funding to cover this work, our investigation identified a number of concerns regarding the procedures followed. These were reported to the Children’s Services Head of Education Improvement with a view to strengthening controls around the processing of EIP payments. Repayment of all the original sums concerned was agreed with the individuals to enable payment to be made through the correct route (payroll) with the necessary deductions at source.
2.8.10 Spear Phishing - The team provided advice following the submission of false invoices for payment in respect of Housing Repairs and Property Voids being sent to the S151 Officer. The invoices claimed that ESCC owed in excess of £29million in respect of work conducted for housing repairs and reducing outstanding property voids in Hastings. Clearly, no payments were made and the false invoices were reported to the Police, the National Anti-Fraud Network and the bank’s Fraud Team.
3. Proactive fraud prevention and awareness work
3.1 As well as the investigation work referred to above, we continue to be proactive in the identification and prevention of potential fraud and corruption activity across the Authority and in raising awareness amongst staff. The following paragraphs outline some of the proactive work undertaken in the past year.
3.2 The Council has in place a Counter Fraud Strategy that sets out its commitment to preventing, detecting, and deterring fraud. Internal Audit has reviewed the sovereign strategy to align with best practice and to ensure a robust and consistent approach to tackling fraud. The strategy was updated to include revisions to the Fighting Fraud and Corruption Locally framework and was approved by the Audit Committee in September 2021.
3.3 Fraud risk assessments are regularly reviewed to ensure that the current fraud threat for the Council has been considered and appropriate mitigating actions identified. We have updated the risk assessment to include new and emerging threats. This includes potential threats to payroll, staff frauds relating to home working and the ever increasing cyber threat.
3.4 One of the key controls in fighting fraud is having a strong culture in place with staff vigilant to the threat of fraud. In the past year, Fraud Awareness sessions have been delivered to Business Operations, focussing on the risks to the Council of bank mandate fraud and cyber fraud. In addition, the team have published fraud bulletins raising awareness of emerging threats, in particular risks from the COVID19 pandemic. These have been published on the intranet and shared with high-risk service areas. The team continue to monitor intel alerts and work closely with neighbouring councils to share intelligence and best practice.
National Fraud Initiative
3.5 The results from the biennial National Fraud Initiative exercise, overseen by the Cabinet Office, were received in January. The exercise compared records relating to payroll, pensions, creditors, Blue Badges and concessionary travel passes, with data from 1,300 public and private sector organisations used to help prevent and detect fraud and error.
3.6 The exercise identified over 12,000 data matches, flagged for investigation for evidence of fraud and error. The results from the initial review of high priority data matches include:
• The cancellation of over 2,800 concessionary travel passes where the pass holder had passed away, with the Cabinet Office estimated saving from this being over £67,000;
• 15 cases where a pensions recipient has passed away, and we were not previously aware;
• No issues identified from the matches relating to Blue Badges; and
• Clearing over 6,000 matches in relation to duplicate invoices that are believed to be ‘false-positives’.
Partnership working
3.7 We meet regularly with partners across the southeast to discuss emerging threats and share intelligence. More specifically for the East Sussex area, we are working with District and Borough colleagues to explore opportunities for further developing countywide data matching capabilities for the prevention and detection of fraud.
Appendix A
Reporting categories for irregularities
Reporting category |
Description |
Examples (not an exhaustive list) |
Legislation / Policies (examples) |
False representation |
Knowingly making an untrue or misleading representation to make gain, cause loss or expose the Council to the risk of loss |
Submitting incorrect expense claims; falsely claiming to hold a qualification |
Fraud Act 2006 |
Failure to disclose information |
Intentionally withholding information to make gain, cause loss or expose the Council to the risk of loss |
Failing to declare pecuniary interests, or assets as part of a means tested assessment |
|
Abuse of position |
Use of position to act against, or fail to safeguard, the interests of the Council or Surrey’s residents |
Nepotism; financial abuse of individuals receiving social care |
|
Theft |
Misappropriation of assets (often cash) belonging to the Council or individuals under the Council’s care |
Removing cash from safes; removing individuals’ personal items in care homes |
Theft Act 1968 |
Corruption |
Offering, giving, seeking or accepting any inducement or reward which may influence a person’s actions, or to gain a commercial or contractual advantage |
Accepting money to ensure a contract is awarded to a particular supplier |
Bribery Act 2010 |
False reporting |
Intentional manipulation of financial or non-financial information to distort or provide misleading reports |
Falsifying statistics to ensure performance targets are met; delaying payments to distort financial position |
Theft Act 1968; Financial Regulations; Procurement Standing Orders
|
Misuse of public funds |
The use of public funds for ultra vires expenditure or expenditure for purposes other than those intended |
Officers misusing grant funding; individuals misusing social care direct payments |
|
Procurement |
Any matter relating to the dishonest procurement of goods and services by internal or external persons |
Breach of the Procurement Standing Orders; collusive tendering; falsifying quotations |
|
Misconduct |
Failure to act in accordance with the Code of Conduct, Council policies or management instructions |
Undertaking additional work during contracted hours; inappropriate use of Council assets and equipment |
Code of Conduct IT Security Policy |
Poor Control |
Weak local or corporate arrangements that result in the loss of Council assets or a breach of Council policy |
Storing a key to a safe in the immediate vicinity of the safe |