Fraud prevention for academies
There have been numerous recent cases where schools have been the subject of targeted fraud attempts. Fraudsters often pose as the Principal, or other individuals in authority, requesting payments for finance staff. Schools are an easy target as there tends to be a lot of information on academy websites. They often detail the roles of individuals, such as the Senior Leadership Team and Governors, often including e-mail addresses. The press may publicise large capital projects, such as a new building. This alerts fraudsters of large planned payments and provides the opportunity for supplier payments fraud.
The Charity Commission has recently published guidance on tackling fraud and many of the recommendations apply to Academy Trusts.
Fraud prevention starts with good governance. It is important for Governors to understand where the risks are in the organisation and put mitigation plans in place. The Governors must be seen as being committed to ensuring robust fraud defences are in place so that this becomes the culture throughout the school.
With respect to cybercrime, improving passwords can mitigate most cyber threats. The list of the top ten passwords used still contains ‘Password’ and ‘123456’! With the impact of GDPR, the loss of data will have increasingly serious financial consequences. This is in addition to the reputational damage caused. The Trust should have a password policy in place and the IT department should monitor passwords to ensure staff compliance. Individuals should change their passports regularly and receive appropriate guidance.
The use of social engineering in banking frauds often establishes the victim’s trust. The fraudster gathers information about the Trust and the staff from websites and social media. They then use this to gather additional information which can then be used to access bank accounts or persuade a member of staff to make payments. They often suggest that there is an element of urgency in their requests. Staff should know the risks so that they are wary of requests for information or urgent payments. Staff should also be careful of what e-mail attachments they open, as these can contain malware.
Supplier Payment Amendments
In relation to supplier payment details, a procedure should be in place for changing the bank details of suppliers so that any requests are verified directly with a known contact at the supplier and evidenced in writing.
Internal Finance Systems and Procedures
In addition to the risk of fraud from individuals outside the Trust, there is also a risk of internal fraud. Governors need to ensure that robust finance systems and procedures are in place in order to minimise the risks of fraud.
There should be an effective way for staff to report suspected or known fraud so that any concerns are addressed as soon as possible. The Trust should have a fraud prevention and whistleblowing policy in place so that staff know how to report and deal with concerns. Fraud awareness should form part of the staff induction and ongoing training. The majority of staff in the Trust will have some involvement in the management of school funds, whether through ordering goods, managing budgets or organising school trips, and fraud can occur in any area.
If you have any questions or would like to discuss fraud prevention with us in more detail, please contact our team on 0191 285 0321.
This article originally appeared on the blog of fellow MHA member firm, MHA Moore & Smalley.