Tufts University

Fraud Prevention

In light of the corporate scandals over the past several years and stronger state and federal legislation, management and governance boards are under increasing obligation to ensure that systems are in place to provide for the detection and reporting of fraudulent activities.

Fraud takes many forms. Some examples include: embezzlement, kickbacks, theft, fraudulent financial reporting, environmental crimes, software piracy, bid rigging, computer-related crime, identity theft, credit card fraud, check fraud, fraudulent workers compensation claims, ghost employee schemes, expense report schemes, "dummy" vendors, unreported conflicts of interest, etc.

What makes fraudulent activity more likely to occur?

The risk of employee fraud occurring in an organization is contingent upon a combination of factors:

• Motive - usually caused by personal financial pressures
• Opportunity - caused by poor internal controls
• Personal integrity of the employee

Poor internal controls contribute to an environment where it is easier to rationalize that “if I take something it is okay because it is an unofficial perk of the job." This perception often results when organizations do not actively promote sound internal control concepts and business ethics.

Who is responsible for fraud prevention?

It is important to distinguish between AMAS' role and management's role concerning employee fraud and other forms of employee misconduct. Many individuals believe that frauds and other transgressions are only the concern of AMAS and the Office of Public Safety. However, this is incorrect. University management is responsible for maintaining an adequate system of internal control designed to prevent or detect improper operating activities. AMAS' role is to independently evaluate the adequacy of the existing system of internal control by analyzing and testing. We also perform fraud investigations, and promote a positive control environment throughout the University.

How can I decrease the risk of a fraud occurring in my organization?

There are two approaches to help reduce fraud risk: prevention and detection. The best approach is to prevent illegal and inappropriate acts from occurring in the first place.

As a Tufts University employee, you are responsible for ensuring departmental funds, property and equipment are safeguarded from loss. One important underlying concept which must be accepted is the reality that a fraud is possible in your organization. If you do not believe fraud is possible, you will not identify it even if it is clearly evident. Very often fraud symptoms are viewed as administrative errors because individuals cannot conceive of the existence of fraud particularly in organizations where there is a longtime affiliation with co-workers.

The following procedures should be adopted to help reduce the risk of fraudulent activity occurring within your organization:

• Establish a positive internal control environment. A genuine interest and concern related to implementing sound internal controls should be conveyed to all personnel. The major tenets of an internal control system include: (1) separation of duties; (2) physical safeguards over assets; (3) proper documentation; (4) proper authorizations; (5) adequate supervision; and (6) independent validation of transaction accuracy.
• Identify university assets for which you have responsibility. Examples include: budgeted funds, supplies, computers, office and lab equipment, petty cash, and amounts collected as revenue.
• Identify the risks associated with safeguarding these assets. Ask yourself: (1) How could they be improperly used or stolen? (2) If these assets were misused or stolen, how would I know? (3) What internal controls (policies and procedures and/or checks and balances) exist to prevent or detect any inappropriate use or loss of assets? (4) What additional controls are necessary to ensure that assets are adequately protected from loss?
• Request background checking of a new hire contingent upon the individual’s level of accessibility to significant University assets.

How can I determine if our organization’s activities are governed by good internal controls?

Click on the following link to access an internal control self-assessment questionnaire to determine how well you have incorporated internal controls related to several administrative activities shared by many University organizations. (self-assessment questionnaire link ). One thing to keep in mind is that any new or existing internal controls should be reasonable in relation to the risk involved and costs to implement and administer them.

What role do internal auditors play in detecting and investigating suspected fraud?

Many of AMAS’ audit programs contain specific fraud detection procedures. These additional procedures were in response to the changing role of both internal and external auditors concerning responsibility for detecting fraud. Two department members have been designated Certified Fraud Examiners by the Association of Certified Fraud Examiners. We are familiar with many aspects of white-collar crime and related audit detection techniques.

What if I suspect or observe improper employee business conduct at the University?

As a member of the Tufts community, you are expected to report a suspected fraud to the Director of Audit & Management Advisory Services (AMAS). If the suspected fraud is initially reported to a supervisor, chairperson, director, dean, vice president, or other responsible person, that person is to report the instance to the Director of AMAS. Suspected research misconduct should be reported to the Associate Provost for Research. Any theft of physical assets should be reported to Tufts Police at 617-627-6911.

It is the policy of Tufts University that any person is free to lawfully disclose whatever information supports a reasonable belief of suspected employee misconduct. The University is committed to protecting employees from interference when they make such disclosures.

Situations may exist where members of our community feel uncomfortable discussing these matters with their colleagues or supervisors. To assist with these particular situations, the University has an agreement with a 3rd party anonymous reporting provider, EthicsPoint, Inc, to maintain a Tufts University internet application and call center for individuals to report any concerns related to financial, regulatory, compliance, environmental health and campus safety matters. You may access this service by clicking on the Tufts University Anonymous Reporting Hotline link. You can also access this reporting option by visiting the Finance Division, Office of Equal Opportunity or Environmental Health and Safety websites and locating the links for anonymous reporting. Access is also available by dialing toll-free 1-866-384-4277.