4.1. Scope
This policy applies to all staff and associated persons (anyone acting on behalf of the University), including (but not limited to):
● employees and workers (whether casual, temporary, fixed-term, permanent or on open-ended contracts), agency workers, seconded workers, volunteers or interns; and
● associated persons, including (but not limited to):
○ agents, contractors, associates, consultants, third-party representatives and business partners, suppliers, donors, sponsors, or any other person associated with the University wherever located;
○ external members of Council and University committees, panels or boards if they perform services for or on behalf of the University;
○ researchers and academic visitors whether self-funded or employed by other entities (such as other funders, universities or Oxford colleges), and retired members of staff, if they perform services for or on behalf of the University;
○ University subsidiary companies and joint venture entities where the University wholly owns or controls the entity unless separate policies have been formally approved and adopted by the Boards of those companies and endorsed by Council’s General Purposes Committee. This covers the joint venture partners and, where applicable, those companies conducting services on behalf of the joint venture;
○ Kellogg, St Cross and Reuben Colleges, which are societies of the University of Oxford, but not to other colleges, which have their own policies; and.
○ students (i.e. anyone who has a contract for study with the University) when employed by or otherwise acting on behalf of the University, e.g. as members of committees or when representing the University in sports or other competitions.
This policy has been adopted by the Council and applies throughout the University apart from Oxford University Press, which has its own policy and procedures for the prevention and detection of fraud. This policy applies in full to majority and wholly owned subsidiary companies unless separate policies have been formally approved and adopted by the Boards of those companies and endorsed by Council’s General Purposes Committee.
4.2 Responsibilities
Every member of staff and associated persons who act on behalf of, or provide services to, the University is responsible for ensuring that they comply at all times with the Anti-Fraud Policy. This involves maintaining and monitoring compliance with internal controls and agreed policies and procedures; immediately reporting details of any suspected fraud, whether by an employee or an external organisation, and assisting in the investigation of suspected fraud.
Responsibilities for the effective management of fraud risk within the University are organised along a three lines of defence model, as follows:
4.2.1 First line of defence
The Council is responsible for the administration of the University and for the management of its finances and assets and for setting the University policy to prevent and detect fraud. It is also responsible to the Office for Students for meeting its conditions of registration, which include operating comprehensive corporate risk management and control arrangements.
The Registrar is responsible for ensuring that the strategic responsibility for fraud is assigned, that the Anti-Fraud Policy is implemented and maintained, and that appropriate explanatory guidance is provided. The Registrar also convenes and chairs the Financial Misconduct Review Group (FMRG; see below).
Relevant Directors are responsible for managing risks of fraud within their respective functional areas (Finance, HR, Research Services, Estates, etc.)
The Chief Finance Officer is responsible for developing, implementing and maintaining adequate systems of financial management and internal control to mitigate/minimize the risk of financial fraud and to detect financial fraud.
Heads of Division, Heads of Department (including Faculty Board Chairs), and Heads of University Services (UAS and GLAM) are responsible for ensuring that adequate systems of financial management and internal control to mitigate/minimize the risk of fraud and detect fraud are operating in their divisions, departments or sections (as appropriate) and that staff, affected students, and other associated persons are made aware of the Anti-Fraud Policy and associated explanatory guidance. Heads of Department (HoDs) also have specific responsibilities for ensuring their staff comply with the relevant policies and for supporting appropriate reporting and investigations of instances of fraud and near misses. (See Financial Regulations which set out the responsibility to operate systems of internal control).
The Boards of Directors of majority and wholly owned subsidiary companies of the University are responsible for ensuring that the Anti-Fraud Policy, or an alternate policy that is approved by Council’s General Purposes Committee, is implemented and maintained within those companies, and that staff and other associated persons are made aware of the policy and associated explanatory guidance.
4.2.2 Second line of defence
The Senior Counter Fraud Lead and Financial Compliance Manager is responsible for developing and delivering strategy to ensure that effective Anti-Fraud arrangements are in place. They are responsible for embedding Anti-Fraud activities, ensuring that arrangements are regularly reviewed, and providing reporting and assurance over them. They also support and/or undertake bribery, fraud and review investigations, in particular those overseen by the FMRG.
The Audit and Scrutiny Committee is responsible for overseeing the adequacy of the University's arrangements to prevent and detect irregularities, fraud and corruption, to include being notified of any action taken under the University's policy.
The Financial Misconduct Review Group (FMRG) oversees the investigations into alleged fraud and bribery.
The Head of Internal Audit is responsible for assisting with/undertaking investigations into suspected cases of bribery and fraud, as directed by the FMRG, and also is responsible for providing reports on serious incidents and fraud to the Audit and Scrutiny Committee.
Prior to undertaking an internal audit review of the investigations process, the University will assess whether or not there are any perceived and/or actual conflicts of interest, as a result of the Head of Internal Audit’s role in supporting investigations into fraud or financial misconduct. Where potential conflicts are determined, other independent parties will be appointed to undertake and / or oversee this audit.
4.2.3 Third line of defence
The Director of Assurance is responsible for coordinating reporting on financial and non-financial fraud to the Audit and Scrutiny Committee.
The University expects Third Parties acting for or providing services to the University not to commit fraud and will take appropriate measures and action should it discover that third parties are engaging in fraud. Third parties are advised, therefore, to make themselves fully aware of the provisions of this policy and, in particular, the Standards relating to fraud. Where appropriate, the University will include contractual obligations in respect of adherence to this policy in its agreements with third parties.