01.C.04 – Reporting/Investigating Fraudulent Acts
Section: General Administration
Area: Risk Management
This document establishes a uniform method for reporting/investigating fraudulent acts and/or practices against the University of Houston System. It does not address offenses against the person or personal property of faculty, staff, students or visitors of the System.
2.1. The System will pursue available legal remedies against persons or entities involved in fraudulent acts against the System. Remedies include, but are not limited to, terminating employment, requiring restitution, and/or forwarding of information regarding suspected fraud to the appropriate authorities for criminal prosecution. All of the general and criminal laws of the State of Texas are in full force and effect at all state institutions of higher education (Texas Education Code, Section 51.201). This document is designed to inform System employees of their responsibility for detecting and reporting suspected fraud.
2.2. Employees who, in good faith, report a violation of law to an appropriate law enforcement authority as defined by the Texas Whistleblower Act (Texas Government Code, Chapter 554) are protected under the Act against any retaliation by the System for making such a report.
2.3. Employees are required to cooperate with any police or audit investigation, and they may be requested to keep their knowledge of the investigation confidential.
2.4. Employees should immediately contact the applicable university's police agency (or other police agency) if they observe an unlawful act in progress, such as theft or destruction of property, or if they are certain an unlawful act has been committed.
The Association of Certified Fraud Examiners (ACFE) defines "fraud" as: "The use of one's occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization's resources or assets." The ACFE further explains that occupational fraud and abuse encompass a wide range of misconduct by employees, managers and executives ranging from pilferage of supplies to financial statement frauds. Common violations include asset misappropriation, corruption, false statements, false overtime, petty theft and pilferage, use of company property for personal benefit and payroll and sick time abuses. The key is that the activity:
a. Is clandestine;
b. Violates the employee's fiduciary duties to the organization;
c. Is committed for the purpose of direct or indirect financial benefit to the employee; and
d. Costs the employing organization assets, revenues, or reserves.
See Exhibit A for a more detailed list of activities that constitute fraud or are considered fraudulent (reprinted with permission of the ACFE).
4. EMPLOYEE RESPONSIBILITIES
Timely disclosure of suspected fraudulent activities is crucial to ensure an appropriate investigation and response occurs as necessary. As a result, when suspected fraudulent activities are observed by an employee (including a student employee), the employee must immediately make a report as follows:
4.1. If the employee wishes to make an anonymous report, they may contact the State Auditor's Office (SAO) Hotline at https://sao.fraud.texas.gov/ReportFraud or by calling 1-800-TX-AUDIT (1-800-891-8348). Anonymous reports can also be made via the web at Fraud & Non-Compliance Hotline.
4.2. If the employee does not wish to remain anonymous, the employee should notify their supervisor, the Chief Audit Executive, CEO (or designee) and/or an appropriate enforcement authority. If the suspect is a senior manager, administrator, or executive, the employee should notify the Chief Audit Executive and/or an appropriate law enforcement authority.
4.3. If the employee notifies their supervisor (or higher authority), the supervisor (or higher authority) must immediately direct the report to the CEO (or designee) or the Chief Audit Executive.
4.4. The reporting employee will refrain from further examination of the incident, confrontation of the alleged violator, or further discussion of the incident with anyone other than the reporting employee's supervisor, the CEO (or designee), or the Chief Audit Executive and/or an appropriate law enforcement authority.
5. INSTITUTIONAL RESPONSIBILITIES
It is the responsibility of each university to investigate fraud and act on evidence of fraud in accordance with guidelines provided in Exhibit B of this administrative memorandum.
Association of Certified Fraud Examiners , Report to the Nations on Occupational Fraud and Abuse (most current version)
EXAMPLES OF OCCUPATIONAL FRAUD AND ABUSE
INVESTIGATING FRAUD AND ACTING ON EVIDENCE
I. ASCERTAINING EVIDENCE OF FRAUD
In accordance with Sections 4.2 and 4.3 of this SAM, either the CEO (or designee) or the Chief Audit Executive will receive notification of suspected fraudulent activity.
A. Upon receipt of notification, the CEO (or designee) or the Chief Audit Executive will gather facts specific to the case.
B. The CEO (or designee) will notify the Chief Audit Executive (and vice versa, as appropriate) about the suspected fraudulent activity within one business day of the date the incident was reported.
C. If the Chief Audit Executive was not the point of initial contact, they will contact the employee who reported the suspected fraudulent activity within three business days of the date the incident was reported, to confirm receipt of the notification.
D. After facts are gathered and the reporting employee has been contacted, both the CEO (or designee) and the Chief Audit Executive will discuss the facts and ascertain whether or not evidence of fraud exists.
1. If evidence of fraud does not exist, the matter will be considered administrative, and the CEO (or designee) will:
a. conduct an objective review of the facts relating to the incident.
b. prepare a written report and submit it to the Chief Audit Executive within 30 days of the date the incident was reported, and the issue will be considered closed.
2. If evidence of fraud exists, the Chief Audit Executive will take action as specified in Section II of this Exhibit.
II. ACTING ON EVIDENCE OF FRAUD
In accordance with Section I (D), once evidence of fraud is determined to exist, the Chief Audit Executive will conduct an examination of the facts relating to the incident.
A. During an investigation, it may be deemed advisable that an employee be temporarily reassigned, relieved of duties, relieved of authority to expend university funds, and/or removed from the scene of the investigation pending the outcome of the investigation. The purpose of such action would be to safeguard the university's assets or facilitate the investigation. Should the CEO (or designee), General Counsel, and the Chief Audit Executive and/or law enforcement concur that such action is necessary, the employee's immediate supervisor will work with the chief human resources officer to determine the appropriate action. In the case of a faculty member, the chief academic officer (or designee) will be involved in the decision process.
B. The Chief Audit Executive will engage experts, as necessary, to develop accurate and reliable evidence.
C. The Chief Audit Executive will consult with the General Counsel, CEO (or designee), CFO, appropriate law enforcement, and the SAO, as necessary, to determine whether or not fraud (i.e., criminal violation) has occurred, based on evidence. The Vice Chancellor for Research and Technology Transfer will be consulted if sponsored project accounts are being investigated.
D. If the Chief Audit Executive believes that fraud has occurred, they will:
1. Refer all evidence to appropriate law enforcement – The Chief Audit Executive will assist law enforcement, as requested, as well as prepare a written report containing scope of work, findings, and recommendations. Law enforcement will investigate and refer to their jurisdictions of a magistrate/district attorney.
2. Notify the Senior Vice Chancellor for Administration and Finance – The Senior Vice Chancellor for Administration and Finance (or designee) will notify the insurance carrier, if required by the terms and conditions of the insurance policy.
3. Notify the General Counsel, CEO (or designee), and CFO.
4. Determine whether there is a loss or attempted loss to the University of Houston System or one of its universities. If there is a loss or attempted loss, the Chief Audit Executive will notify the SAO. At this point, the SAO may elect to investigate or to monitor any further investigation.
a. If the SAO does not wish to investigate, the Chief Audit Executive will notify appropriate law enforcement as such.
b. If the SAO wishes to investigate, the Chief Audit Executive will notify appropriate law enforcement of the SAO's intent, and they and appropriate law enforcement will coordinate activities and assist the SAO in its investigation as necessary.
E. In the event of a loss, the Senior Vice Chancellor for Administration and Finance (or designee) will notify the insurance carrier to facilitate all insurance and fidelity bond claims. The CEO (or designee) may ask the District Attorney's office to seek restitution. The insurance company may also interact directly with the District Attorney's office on matters of restitution where the coverage applies. In the event the criminal court does not provide for restitution, the CFO may request the General Counsel to initiate a civil action to recover the loss. The CEO (or designee) will report the final disposition of all actions taken by the criminal courts of all reported items under this policy to the CFO, the General Counsel, and the Chief Audit Executive.
F. In all cases, regardless of their outcomes, the Chief Audit Executive will prepare a special project report containing scope of work, findings, and recommendations.
III. SUSPECTED FRAUDULENT ACTIVITY ON THE PART OF SENIOR MANAGEMENT
In accordance with Section 4.2 of this SAM, employees will report suspected fraudulent activity on the part of senior management to the Chief Audit Executive and/or an appropriate law enforcement authority.
A. When the Chief Audit Executive receives an allegation report, they will notify the Chair of the Board of Regents in every case, and notify the SAO if they have reason to believe fraud has occurred.
B. The Chair of the Board of Regents may request that the SAO investigate the allegations.
1. If the Chair wishes the SAO to investigate, the Chief Audit Executive will notify the SAO.
2. If the Chair does not wish the SAO to investigate, the Chief Audit Executive or other investigating entity will conduct an investigation and prepare a report for submission to the Chair.
Last Reviewed/Revised: 01/02/2024
Responsible Office(s): Finance; Internal Audit