Annex A
INTERNAL AUDIT
COUNTER FRAUD REPORT
2023/24
1. Introduction
1.1 The Council’s Financial Regulations require all officers and members of the Council to notify the Chief Internal Auditor of any matter that involves, or is thought to involve, corruption or financial irregularity in the exercise of the functions of the Council. Internal Audit will in turn pursue such investigations in line with the Counter Fraud Strategy and Framework.
1.2 Within the Orbis Internal Audit Service, the Counter Fraud partnership team provides resource and experience to support ESCC with both proactive and responsive support relating to any instances of financial irregularities and fraud related risks.
1.3 The annual Internal Audit Plan for 2023/24 carried within it a contingency budget for ‘Irregularity and Special Investigations’ of 120 days. This contingency covered time to investigate ‘irregularities’ (actual or alleged financial impropriety, corruption, and other similar matters) as well as time for proactive counter fraud work and to support the National Fraud Initiative (NFI), detailed in the latter part of this report.
1.4 Internal Audit reports following irregularity investigations typically help to provide independent evidence to support (or not) a management case against an employee under formal disciplinary procedures, to support potential criminal prosecutions and to help strengthen controls in areas where weaknesses are identified. Irregularity audit reports are not subject to the same distribution as general audit reports due to their confidential and sensitive nature.
2. Summary of Investigations between 1 April 2023 and 31 March 2024
Resources
2.1 During the 2023/24 financial year, a total of seven Internal Audit officers charged time to work on irregularity investigations amounting to 98 days. This included preliminary assessments, liaison with departments, fieldwork, reporting, and subsequent support for disciplinary and criminal activities.
2.2 The Counter Fraud team also monitors the ESCC Confidential Reporting Hotline, prompting investigation activity where appropriate, giving advice to members of staff on whistleblowing, and signposting to other departments where required.
Number and Types of Investigations
2.3 A total of 30 allegations were logged in the financial year (14 in the first half of the year and 16 in the second half). For comparison, 24 allegations were received in the previous financial year.
2.4 New allegations were brought to the attention of Internal Audit by the following methods:
· 15 were raised by Council management;
· 5 were raised by employees;
· 7 originated from an external source to the Council;
· 3 were raised through confidential reporting.
2.5 Full details of the categories by which fraud and irregularity investigations are reported are attached at Appendix A. All proven fraudulent or irregular behaviour by officers may be considered misconduct; similarly, poor controls increase the likelihood of fraud occurring. The categories therefore reflect alleged specific types of fraud or irregularity.
2.6 The number of all recorded allegations across the Council’s departments is shown in Figure 1, while Figure 2 shows the categories of allegations received.
Figure 1. Allegations by department from 1 April 2023 to 31 March 2024
Figure 2. Summary of allegations by type from 1 April 2023 to 31 March 2024
2.7 Of the allegations received, 6 were closed with no action taken, 3 were dealt with through advice to management, and 9 were taken forward for investigation by Internal Audit or support provided to a management investigation. Five were conduct or capability issues dealt with by management with support from HR where appropriate. Seven investigations were still active at the time of writing this report.
2.8 The value of fraud prevented or detected is not always readily quantifiable, however, in cases where this can be estimated, the cumulative value of fraud prevented or detected for the year is approximately £21,833.
2.9 The following paragraphs provide a summary of the investigation activity concluded by the Internal Audit Counter Fraud Team within the last 12 months.
2.9.1 Petty Cash Discrepancy – An investigation was conducted following an allegation of a discrepancy in petty cash accounting at an adult respite service. A total discrepancy of £211.72 was identified and the investigation concluded that there were administrative errors, as well as elements of guidance and controls that were not being complied with. A control report was issued with several recommended actions to strengthen the petty cash accounting procedure.
2.9.2 Inappropriate Use of School Funds – Preliminary enquiries were conducted following concerns that a Headteacher had inappropriately used school funds to pay for the repair costs on a personal vehicle. The investigation concluded that there was insufficient evidence to support the allegation and a decision made that no further action would be taken.
2.9.3 Theft from County Hall – Concerns were raised by Adult Social Care that a pot of charity money had been stolen from County Hall. Insufficient information was available to pursue the investigation further. However, advice was provided relating to the security of personal items.
2.9.4 Bribery Allegation – An anonymous allegation was received alleging that an Officer received a cash payment to provide a positive statement in regard to a planning application. An investigation found that an offer had been made and refused. The offer has been reported to management at the time and appropriate action taken.
2.9.5 Bank Mandate Fraud – An investigation was conducted following the payment of £9,014 as a result of a bank mandate fraud at a school. The investigation found that the school email had been compromised allowing the interception and diversion of correspondence. In addition to the compromised IT security, the procedures for independently verifying changes to vendor records had not been followed. Following the investigation, an internal control report was issued with agreed control actions. In addition, ICT security support was provided to the school. The incident was reported to Action Fraud.
2.9.6 Direct Payment – Following an allegation of misuse of a direct payment identified through monitoring within Adult Social Care, the team supported with the recovery of £3,223 which had been withdrawn without permission by a carer from the account of a recipient of a direct payment. The client has now moved out of the East Sussex area and is no longer receiving support.
2.9.7 Timesheet Fraud – High levels of overtime claims by an individual were identified during an internal audit and therefore referred to the Counter Fraud team for further review. The investigation found no evidence of overclaiming and that the service had improved controls since previous issues in this area, through the introduction of a new rota and increased transparency for the scheduling of shifts.
2.9.8 Bank Mandate Fraud - An attempted bank mandate fraud was logged and reported to Action Fraud. An individual impersonating a senior officer requested via email a change to bank details for salary payments. The request was identified as bogus and not actioned.
3. Proactive Fraud Prevention and Awareness Work
3.1 As well as the investigation work referred to above, we continue to be proactive in the identification and prevention of potential fraud and corruption activity across the Authority and in raising awareness amongst staff. The following paragraphs outline some of the proactive work undertaken in the past year.
3.2 The Council has in place a Counter Fraud Strategy 2021-24 that sets out its commitment to preventing, detecting, and deterring fraud. Internal Audit continues to review this strategy to ensure it is aligned with best practice and to ensure a robust and consistent approach to tackling fraud.
3.3 Fraud risk assessments are regularly reviewed to ensure that the current fraud threat for the Council has been considered and appropriate mitigating actions identified. We have updated the risk assessment to include new and emerging threats. This includes potential threats to payroll, staff fraud relating to multiple employment and the ever increasing cyber threat.
3.4 One of the key controls in fighting fraud is having a strong culture in place with staff vigilant to the threat of fraud. In the past year, Fraud Awareness sessions have been delivered to Business Administration, focussing on the risks to the Council of bank mandate fraud and cyber fraud. The team continue to monitor intel alerts and work closely with neighbouring councils to share intelligence and best practice.
National Fraud Initiative (NFI)
3.5 NFI matches electronic data within and between public and private sector bodies to prevent and detect fraud. These bodies include local councils, police authorities, local probation boards, fire and rescue authorities and a number of private sector bodies.
3.6 In the latest National NFI Report, quantified fraud prevented accounted to almost £23 million over a 12 month period. The next submission date is September 2024 when we are required to submit the following core mandatory datasets:
· Payroll
· Pensions
· Trade Creditors’ payment history and trade creditors’ standing data
· Students eligible for a loan (provided by the Student Loan Company)
· Transport Passes and Permits (including residents’ parking, blue badges and concessionary travel)
· Licences (taxi driver only)
3.7 The results from the latest biennial NFI exercise were received in January 2023, with data matching flagging over 14,000 matches. As well as directly undertaking reviews of the matches for evidence of fraud and error, we have been liaising with the relevant departments to ensure that flagged matches are investigated and actioned appropriately.
3.8 The results from the review of data matches include:
· No issues from matches relating to Pensions, Payroll to Creditors, Procurement to Payroll or Payroll to Companies House (Director);
· The review of over 1,673 concessionary travel passes where the pass holder had passed away, with 34 currently open for verification against social care records;
· 194 cases where a pensions recipient has passed away and we were not previously aware. Three of these are under recovery with a cumulative value of £7,320;
· No issues identified from the matches relating to Blue Badges; and
· Over 4,000 matches in relation to duplicate invoices that are believed to be ‘false-positives’, with one duplicate payment identified and £22,067 recovered.
Partnership working
3.7 We meet regularly with partners across the south-east to discuss emerging threats and share intelligence. More specifically for the East Sussex area, we are working with district and borough colleagues to explore opportunities for further developing countywide data matching capabilities for the prevention and detection of fraud.
Appendix A
Reporting categories for irregularities
Reporting category |
Description |
Examples (not an exhaustive list) |
Legislation / Policies (examples) |
False representation |
Knowingly making an untrue or misleading representation to make gain, cause loss or expose the Council to the risk of loss |
Submitting incorrect expense claims; falsely claiming to hold a qualification |
Fraud Act 2006 |
Failure to disclose information |
Intentionally withholding information to make gain, cause loss or expose the Council to the risk of loss |
Failing to declare pecuniary interests, or assets as part of a means tested assessment |
|
Abuse of position |
Use of position to act against, or fail to safeguard, the interests of the Council or residents |
Nepotism; financial abuse of individuals receiving social care |
|
Theft |
Misappropriation of assets (often cash) belonging to the Council or individuals under the Council’s care |
Removing cash from safes; removing individuals’ personal items in care homes |
Theft Act 1968 |
Corruption |
Offering, giving, seeking or accepting any inducement or reward which may influence a person’s actions, or to gain a commercial or contractual advantage |
Accepting money to ensure a contract is awarded to a particular supplier |
Bribery Act 2010 |
False reporting |
Intentional manipulation of financial or non-financial information to distort or provide misleading reports |
Falsifying statistics to ensure performance targets are met; delaying payments to distort financial position |
Theft Act 1968; Financial Regulations; Procurement Standing Orders
|
Misuse of public funds |
The use of public funds for ultra vires expenditure or expenditure for purposes other than those intended |
Officers misusing grant funding; individuals misusing social care direct payments |
|
Procurement |
Any matter relating to the dishonest procurement of goods and services by internal or external persons |
Breach of the Procurement Standing Orders; collusive tendering; falsifying quotations |
|
Misconduct |
Failure to act in accordance with the Code of Conduct, Council policies or management instructions |
Undertaking additional work during contracted hours; inappropriate use of Council assets and equipment |
Code of Conduct IT Security Policy |
Poor Control |
Weak local or corporate arrangements that result in the loss of Council assets or a breach of Council policy |
Storing a key to a safe in the immediate vicinity of the safe |