Official Report (Hansard)
Date: Wednesday, 21 March 2012
Committee for Finance and Personnel
Annual Theft and Fraud Report 2010-11: Departmental Briefing
The Chairperson: You are very welcome. For members' information, the secretariat has tabled a paper. There are some suggested areas for discussion, although if we do not cover them all, we may submit them to the witnesses for a written response. I welcome Fiona Hamill, the treasury officer of accounts; Alison Caldwell, the head of fraud and internal audit policy; and Colm Doran, the acting head of the finance branch of the corporate services group. I ask you to make some opening remarks, after which we will go into some discussion with the Committee.
Ms Fiona Hamill (Department of Finance and Personnel): Theft and fraud reports are compiled annually by the Department of Finance and Personnel (DFP) on the basis of information that is submitted by all Departments over the year. They include actual, attempted and suspected frauds that have been classified as involving public funds. We have produced the reports for a number of years, as far back as the early 1990s. The main aim of the production of the reports is to try to identify and highlight fraud, where it is coming from and the steps that can be taken by organisations. They provide a summary analysis of the fraud. As each fraud is identified, it is automatically under managing public money; there is a requirement that, at that point, it is reported to DFP and the Comptroller and Auditor General (C&AG). This report is a year-end summary of all the frauds that have been identified or suspected during the year.
The Chairperson: Thank you very much. The opening section of your report identifies the economic circumstances for the likely increase in fraud. Has that altered your approach with regard to prevention rather than detection? If economic circumstances continue to be difficult for the foreseeable future, it would seem to indicate that need is a more prevalent rationale than greed for fraud or theft. Does that alter your approach?
Ms Hamill: Judging by the cases to which we are being alerted, there seems to be an increase in the pilfering types of fraud. Prevention is always our first line, and that is the correct application of the controls. We look to Departments and organisations to make sure that they apply controls. The purpose of the report is to bring that issue to people's attention and to highlight it. We are using it to re-emphasise that that is where we are seeing cases at the moment. We cannot say that it is a result of the economic downturn, but it seems to be reflective of it. It is about reinforcing the fact that Departments need to be careful in the areas in which those kinds of pilfering crimes may occur.
The Chairperson: Another Committee has looked at issues related to social security. More was lost through staff error than through fraudulent claims. That assessment was made in the agency. Does DFP apply a similar exercise? As well as DFP's annual fraud and theft report across the Departments and the agencies, does it analyse what is lost through error across all those agencies and Departments? There is a very high-level return from some of the non-departmental public bodies (NDPBs).
Ms Alison Caldwell (Department of Finance and Personnel): No. Our exercise is done purely on cases of actual, attempted and suspected fraud during a year. That ranges from theft to grant fraud to income-related issues. DFP does not look at error rates in Departments, although there may be such exercises in individual Departments that are not in our remit.
The Chairperson: Do you agree that that might give you a false picture of what is lost from the public purse? I am not saying that the Social Security Agency's experience is replicated across the board, but while the focus is on misdemeanours, fraud and theft, more might be lost to the public purse through error and mistakes in Departments than through fraud and theft.
Ms Hamill: I understand the point. I suppose that that is where I see the role of the value-for-money studies that the C&AG undertakes. That office looks across the public sector to see where systems could be improved and tightened and to prevent those kinds of things.
The Chairperson: The C&AG is more specific and does not necessarily conduct overarching reports. This report is an overarching one on theft and fraud across the public sector. I am sure that the C&AG will look at individual areas about which errors and other issues are reported to it, without conducting an overarching review.
Ms Hamill: Chairman, I understand your point exactly, but I am not quite sure how it would be surveyed. Specific exercises would need to be undertaken. In social security, for instance, errors can be identified because claimants' error rates can be identified or corrections have to be made to awards to individuals. That would apply in areas in which money is moving out to members of the public. At a broader level, it is more difficult.
The Chairperson: Are the fairly high rates in NDPBs due to less control? Is it the case that there is less control in arm's-length bodies? Has a common cause been identified?
Ms Hamill: That is reflective of where the front line is. Public sector front-line services are delivered by agencies, NDPBs and health and social care boards; they are not delivered by core Departments. That is where the interaction is, and that is why the frauds appear at a higher level there.
Mr D Bradley: Good morning. I notice that you do not have any figures for prosecutions taken or convictions. Why is that?
Ms Caldwell: For compilation of the fraud report, we send out a commissioning letter at the end of March each year asking about cases that have been identified during the year. Quite often, action has not been taken at the time that we get the information because of the time it takes for cases to go to criminal prosecution. We gather some figures on that, but because of the timing, they are not particularly meaningful. Additionally, it is highly unlikely that prosecutions will be possible in a few of the cases. You will note from the report the number of thefts that occur and the number of cases in which the perpetrator is, unfortunately, unknown. So although we have some information to hand, we have not included it in this report because of the context in which it is set. That said, it is for organisations, along with the Police Service of Northern Ireland (PSNI), to decide whether a criminal prosecution can be taken, and it is up to them to liaise.
Mr D Bradley: I see that contractor fraud is highest in monetary value. What actions have been taken to come to terms with that and to ensure that it decreases in the future?
Mr Colm Doran (Department of Finance and Personnel): I can tell you a bit about that. There were no incidents of construction fraud in DFP as a Department in this report. However, the Central Procurement Directorate (CPD) issues organisations with a whole suite of guidance at procurement stage, based on the overriding principles of transparency, equality and non-discrimination. Those controls are set so that there is sufficient transparency around the tenderers that apply for specific procurement contracts. Also, there is now proportionate advertising of all contracts open to the public sector or the private sector to be applied for through the e-sourcing portal. If contracts are of a significant value, they are advertised through the Official Journal of the European Union (OJEU). All the contracts for which people submit tenders through e-sourcing are opened at the same time, so people cannot see tenders before others have been opened. That is a control in ensuring that there are no misdemeanours through contracts being tampered with. At post-award stage, project managers are assigned to each of the contracts, and there is a separation of duties between the placing of orders and their payment. There is a series of controls through the procurement guidance notes and the public control limits about procurement contracts, all of which are designed to combat construction fraud.
Mr D Bradley: It will be interesting to see what effect that has next year.
Mr McQuillan: My question is along the same lines as Dominic's point about contractor fraud. The report highlights two cases in paragraph 3.9; what value were the rest of the cases to make it up to 47%? Were they small or large cases?
Ms Caldwell: There were two very high-value cases of contractor fraud, neither of which were for the Department of Finance and Personnel. From memory, other cases that fell into that category were certainly smaller in value. At the time that the returns were submitted, some of them were unable to put a definite value on those particular ones. That was the case in 56 of the total number of cases that were reported to us. It is either very difficult to place an exact figure or, at the time of reporting, they had not yet got to that quantity.
Mr McQuillan: It is strange that you can get to 47% if you cannot put a value on them.
I will move on to whistle-blowing. The report states that 27 cases were reported. Had it not been for whistle-blowing, would those 27 cases have gone unnoticed? I refer to paragraph 3.22.
Ms Caldwell: Over the past five to six years, one part of our work has been to disseminate guidance on whistle-blowing to other Departments. There have been a number of cases in which fraud had come to light because of whistle-blowing. In 2008, we worked with Public Concern at Work, which is a registered charity that is seen as the expert on whistle-blowing legislation. With it, we developed a template that we issued to all Departments and agencies. It sets out that the public sector wants people to come forward when they have concerns or issues. The template sets out different routes at different levels at which concerns can be reported internally in the organisation and, indeed, externally, including to the Northern Ireland Audit Office (NIAO). It also refers staff to the fact that they can seek advice from Public Concern at Work, which will act in an advisory capacity.
There have always been cases in which people have brought forward concerns through what might be called whistle-blowing procedures. However, it is fair to say that since we issued that guidance and all Departments have put their own bespoke arrangements in place, we have noticed what is best described as a slight marked increase in the number of cases that people have said were brought forward because of formal whistle-blowing procedures. Whether people come forward through a formal whistle-blowing policy or just pick up the phone and ring somebody, the key issue is that Departments want to know about it.
Mr McQuillan: People now have the confidence to come forward because of the policy that was introduced by the Department.
Ms Caldwell: Yes.
Mr Cree: I am interested in the number of incidents versus their actual value. It is interesting to note that, in the tables in the report, although the theft of assets represents 45% of the number of frauds, it accounts for only 7% of the value of the frauds, whereas contractor fraud, to which other members referred, represents only 3% of the number of frauds that were reported but 47% of the value of fraud cases. How can we be assured that prevention and audit work is targeted to maximum effect, rather than just geared towards numbers or whatever?
Ms Caldwell: This year's report was quite unusual with regard to contractor fraud because there were two very high-value frauds, which have been mentioned. As regards the theft of assets, the reason why the value is quite small is because some of the items about which we are notified have quite low values. It takes quite a lot of them to build up.
The public sector's policy is that we do not want any fraud. However, it is also important that any checks and balances that are built in are cost-effective and proportionate and that while we are trying to diminish fraud overall, we are aware of the risk. A key purpose of the report is to identify risk areas and the sort of controls that can be built in to try to prevent the recurrence of such cases.
Mr Cree: Is there an awareness that numbers are not the only criteria? That is really the issue that I am getting at: where the biggest value and loss are likely to occur.
Ms Hamill: The way in which we look after and deal with fraud is through the fraud and internal policy unit, which Alison heads up. We have a fraud forum that involves all Departments and which is attended by representatives from all Departments — the heads of their fraud units. We work collectively to look at the issues and at emerging matters. The fraud forum also includes the PSNI. As a group, we are always looking collectively and trying to identify the key areas and ongoing risks and how they are moving. Alison also sits on one of the subgroups of the Organised Crime Task Force.
Mr Cree: So it is flexible and is targeted each year or several times in a year. Does the emphasis change?
Ms Hamill: It does. At the moment, one example is that there is a change of emphasis towards theft of —
Ms Caldwell: — fuel and metal. We have noticed a marked increase in the number of cases of oil and other fuel disappearing from tanks. Also scrap metal or metal being —
Mr Cree: Some of it is not even scrap but is taken out of people's plumbing.
Ms Caldwell: Absolutely. As that trend has emerged, we have been to the fraud forum and spoken with PSNI representatives. Through contacting the Organised Crime Task Force, I am aware that the Department of Justice, the Department of the Environment and the PSNI are looking at that area to see what action they can take collectively to help to prevent the metal thefts in particular.
In the report, meantime, we have replicated some information that the Northern Ireland Audit Office issued, because it had also noticed an increase in particular types of theft in recent years.
Mr Cree: Have any obvious steps been taken, such as getting in touch with scrap-metal dealers to see what they are up to?
Ms Caldwell: I believe that they have.
Mr McLaughlin: Down South, because that is where most of it is going.
The Chairperson: I was going to say, "Good luck with that."
Ms Caldwell: I understand that consideration is being given to tightening up the regulation of scrap-metal dealers down South. Obviously, there is the potential to shift focus as a result of any steps that are taken elsewhere.
Mr Cree: It has been going for only two years.
Mr McLaughlin: Cross-border body.
Mr P Maskey: Did the procurement fraud involve someone putting a falsified tender in or a member of the Civil Service?
Ms Caldwell: Off the top of my head, I cannot recollect the exact details. Again, I know that it was not a DFP case.
Mr P Maskey: I ask because some contractors have put in tenders that were way under the odds. They could not afford to do the job and came back to renegotiate. I know of Housing Executive examples in which contractors could not afford to do the work for a considerable time because they had to renegotiate. That meant that other people who had put in cost-effective tenders were being badly underpriced by contractors who then could not afford to do the work. Would that be deemed fraud?
Mr Doran: As I said, through the e-sourcing portal, all tenders for public works are now opened at the same time. The ability to tamper with, or open, a quote for a piece of work should not exist. The ability to undercut such a piece of work through the procurement guidelines, procurement guidance notes and the e-sourcing portal should be minimised. Therefore, the ability to undercut should not exist. All those controls are intended to minimise the potential for fraud, but I suppose it is sometimes difficult to eradicate fraud completely.
Mr P Maskey: Would it be deemed fraud if someone undercuts everyone else in a tendering exercise in a procurement process, and then renegotiates that price after being awarded the contract but failing to do the work?
Mr Doran: Controls are also in place to manage the quality of work and performance of contractors through procurement guidance notes. It would be for individual organisations to manage their contractors' performance — the quality of their work and the price at which they are supposed to deliver it. Again, it would be down to each organisation to manage individual contracts to minimise the risk of that happening.
Ms Hamill: I understand your concern, but I think that it probably would not ever be picked up or identified as a fraud, because you have to prove intent.
Mr P Maskey: That is fair enough. The reason I ask is that there is a small number of cases — five in total — which have no money, no costs awarded to them. Look at page 17. There are "cases where no value given", and no cost or estimated value. I suppose that you have to make sure that there is intent. Is it ever looked into to find out whether there was intent? Has someone deliberately tendered, won the contract, has not been able to afford to do the work and then renegotiated the deal after they had been awarded the contract?
Ms Hamill: Looking at it from the fraud side, I think that you would have to say no. You would have to speak to the Central Procurement Directorate to find out how it handles situations that may arise post-award and what thinking it puts into whether to renegotiate.
Ms Caldwell: The sorts of contract fraud that I have seen coming in over the past number of years are more likely to occur when work has been billed that has not actually been done, or when excessive rates have been charged. Obviously, the fraud is a bit more clear-cut in such cases. If the work is not done, it is not done.
Mr P Maskey: It might be worthwhile for the Department to undertake to look at that issue at some stage. I am concerned that it might be the case with a lot of contractors. It is not a level playing field if contractors who put in a tender are undercut, and then whoever won the contract cannot afford to do the work and renegotiates. I do not think that that is fair.
Mr Doran: As I say, the guidelines are clear. The playing field is level when the tenders are submitted, and none of them is opened until all of them are opened. I take your point: someone submits a tender intentionally low and cannot then deliver for that cost. That is a contractual issue, I would imagine, between the contracting Department and the contractor. It is a valid point.
Ms Hamill: We can certainly clarify CPD's guidance in those circumstances for the Committee.
Mr McLaughlin: Is there a lower threshold, in monetary value, at which you will record statistics?
Ms Caldwell: No. We record all cases of actual, attempted and suspected fraud that are reported to us, regardless of the value.
Mr McLaughlin: In theory, that could be something to the value of £5 or £10?
Ms Caldwell: Yes.
Mr McLaughlin: Is it a major task to indicate that type of petty fraud?
Ms Caldwell: To be honest, thefts of assets, by and large, are —
Mr McLaughlin: Petty?
Ms Caldwell: It depends on what sort of threshold you are talking about. The theft of some of the assets of which we are notified have limited values. Some of the income-related frauds can be £10 or £15 short in the petty cash. I stress that that may be actual or suspected fraud. It is sometimes very hard to distinguish between the two. It could just be an error, but there is also a reasonable suspicion that the money could have been taken by theft or pilfering. We require notification of all cases.
Mr Doran: The Department's anti-fraud policy and fraud response plan is clear: the Department has zero tolerance of fraud, which means that we expect all cases to be reported through the arrangements in our anti-fraud policy. In the report, the value of the loss to the Department was pretty low. It was less than £2,000, and most of that was as a result of theft of equipment. Nonetheless, the intention of the anti-fraud policy is to report all actual, suspected or attempted fraud.
Mr McLaughlin: I am interested in whether the reporting mechanism breaks that down so that we are talking about office consumables as opposed to equipment or assets, perhaps. I know that they are all assets, but I suppose it puts it into a particular category.
Paragraph 2.6 gives three figures for the "actual"; the "attempted but prevented"; and the remainder, which is almost £1 million, for the "suspected". How long do cases remain in that area? Does suspected mean not proven, or does it mean that it is a live investigation, in all these circumstances as they are reported? At what point do people have to move on?
Ms Caldwell: That is one of the limitations of the annual fraud report in that it is based on information at a point in time. At the point in time on which we sought that information, £965,000 was categorised as suspected. That could have been because investigations were ongoing, and they might come up with a more accurate figure in due course. Alternatively, it might be that fraud cannot be absolutely determined in the finish-up, or some of that money might be categorised later as being bona fide.
There are inherent difficulties with trying to put quantities on the value of fraud, which has been borne out in a number of studies across countries. We are aware of the limits of the report; it is a snapshot of only one point in time. Not all cases get a value at that time, or they might change subsequently. Also, some of those funds could be recovered down the line. Being honest, there is also the "unknown unknown", which is when people report something to us that they have picked up or suspected. There is no doubt that cases go undetected. In the absence of any other information, this is the best that we can have.
Mr McLaughlin: The report ends up with a fairly precise figure . Does that indicate that those frauds are under investigation?
Ms Caldwell: Again, it will depend on how far they are through the process at the time at which they are reported to us at the end of each financial year. Not all of them are finalised. At one stage, we considered basing the report on only those that had been finalised. However, given that the main purpose of the report is to flag up trends and, more importantly, actions that Departments should be taking to try to prevent frauds in the future, we felt that this was the most appropriate and timely mechanism.
Mr McLaughlin: I appreciate that. In that area, there are suspected frauds that continue to be investigated. I suspect that there are some that have been investigated but cannot be proven. Is there a point at which they come off the screen or go into a different subcategory of "suspected but not proven" or "no longer under investigation" or "written off by the Department", for instance?
Ms Caldwell: We do not keep a track of those, but the relevant Departments, agencies and NDPBs see those cases through to completion, whatever the outcome may be. We do not monitor the outcome of every case.
Mr McLaughlin: Do you see what I am getting at? At some stage, they have to be finalised. I absolutely accept that that will not be in any 12-month cycle, because cases could very easily run into subsequent years. However, I suppose that there would be a point at which the return for effort made and the resources for investigation would have to be looked at, and you would simply have to conclude that you are not going to take the case any further. How is that process recorded?
Ms Hamill: When cases are concluded in Departments, the loss will need to be written off. The cause of a loss, whether it is through fraud or being written off as a loss, will be an internal matter for the Department.
Mr McLaughlin: Even in circumstances in which there is a prosecution or whatever, you may not recover the money.
Ms Hamill: Losses should be recorded in the Department's annual accounts.
Mr Doran: Yes.
Mr McLaughlin: There is no column in the fraud report that details losses through fraud that did not result in the attribution of responsibility.
Ms Hamill: No. It is worth saying that the accuracy of the valuations of the actual losses, under the heading "suspected" in the table on page 13 that lists the number of frauds reported by category, has not been established. Some of those figures are estimates of the potential losses caused by the suspected fraud. They can increase dramatically or could decrease dramatically; it could prove to be a very low value. It is only an estimate.
When the Treasury produced a report such as this in the past — it does not do so any more — it did not include suspected fraud. It reported on the actual level of fraud across the sector rather than including matters that were under investigation. As Alison said, for us locally, if we use it as a vehicle to spot the trends, the suspected fraud figures are sometimes as valuable as the actual fraud figures.
Mr McLaughlin: First, it is clear that good work is being done here. The statistics that determine the patterns that may be established over a period might still be fairly young. Do we have a system — a red, amber and green (RAG) system or whatever — that gives us indicators that the anti-fraud measures in particular bodies, be they arm's-length bodies or departmental, are not sufficiently robust, or are there recurring patterns that indicate embedded problems? Do we then intervene?
Mr Doran: In our Department — I am speaking only about our own return — we would expect business areas to determine whether each attempted, suspected or actual fraud has been detected through existing controls or whether the controls need to be reviewed. If so, we would expect the business areas to report again in the returns about what they have done to tighten the controls. However, it has to be said that, of the 16 cases in DFP in the report, around half were detected by existing controls. Although business areas review those controls to ensure that they are still tight enough, it is, in a way, reassuring to a business area that existing controls are picking up on any attempted fraud. The majority of ours were attempted frauds and were caught on by the controls in our Department or by our external partners.
Ms Hamill: All Departments have fraud response plans. They should be part of their risk management processes, and it will be for Departments to decide whether their individual organisations have their own fraud response plans, or, for example, in the case of DFP, where it is part of the Department's. Land and Property Services, for example, which is a big element of the Department, is part of the core Department's fraud response plan rather than at arm's-length, because it is such a critical income area. The way in which the fraud response plan is managed internally in the risk management process of each organisation will be for individual Departments to decide.
Mr McLaughlin: Therefore, there is no overarching assessment or analysis that would point up the need for either an intervention or for people to be called in to discuss their fraud prevention processes.
Mr Doran: The Department has a fraud working group, which is almost a mirror image of what happens at Northern Ireland Civil Service (NICS) level. It is made up of representatives from each of the business areas across the Department as well as the Audit Office.
Mr McLaughlin: Is that the forum?
Ms Hamill: There is the fraud forum at NICS level, which Alison looks after. DFP and the Department for Regional Development (DRD), with all the roads, materials and assets, and so on, will have similar internal forums if it is appropriate. There is a scaling up.
Mr Doran: Our internal audit people undertake fraud awareness sessions for any business areas in which the risk of fraud is considered to be higher than others. Our internal audit team has done quite a lot of that over the past couple of years. We disseminate all the information through our fraud working group. The theft of fuel and materials, for instance, was recently discussed at our fraud working group at departmental level. Any central guidance or information that becomes available is disseminated across the Department and targeted to those areas in which the risk of fraud is considered to be higher.
The Chairperson: The Bribery Act 2010 has been in place for nine months. You said that there is specific guidance on that, but I was trying to get some sense of whether it applies to Departments and arm's-length bodies. Do you have any idea about penalties? What preparations are being made, and what are the mitigating factors? I presume that the fraud forum deals with it and its implications across all Departments.
Ms Caldwell: The Bribery Act is UK-wide legislation. Bribery has never been legal; it has always been illegal. That sounds as if I am stating the obvious, but there has been a lot of focus on the Bribery Act and the belief that it is something new, when, essentially, it is not. The new Act clarifies the legal position and makes it easier to prosecute. The fraud forum has considered it. Obviously, there are two forms of bribery: active and passive, whereby someone receives a bribe and gives a bribe. The section 7 offence created a bit more focus in Departments. It states that an organisation could be bribed if someone bribed on its behalf. A lot of thought went into where in the public sector it is likely that someone would bribe. We sought legal advice on whether a Department could be prosecuted for a section 7 offence. As a result of that advice, we issued a "Dear accounting officer" (DAO) letter to the Departments to advise that the Bribery Act had become effective. It gives some clarification on the section 7 offence and highlights the fact that bribery is a risk that should be considered as part of Departments' overall risk assessments. Obviously, some areas in the public sector will be more at risk from bribery than others. A number of Departments already had bribery on their risk assessments, depending on their business areas. The Ministry of Justice also provided some guidance on what an organisation might want to do to have a defence against the section 7 offence. That was included in our DAO.
The Chairperson: A new offence is created:
"Failure of commercial organisations to prevent bribery"
by persons associated with them. I appreciate the fact that bribery has always been a crime, and, therefore, there will be a risk assessment in the Departments that would be more susceptible. You imagine that there is a greater likelihood of bribery with planning or anything to do with major infrastructure. The Act has been in place for nine months. It has obviously changed the picture somewhat, and you are issuing further guidance based on the new Act that came in last July. How close are we to that? Has that brought about significant change in respect of your advice across the Departments?
Ms Caldwell: Since the annual fraud report has been issued, we have also issued guidance on the Bribery Act. It has not particularly changed what Departments have been doing because bribery should always have been on their radar. We have worked with colleagues in corporate HR, who will make sure that reference to the Bribery Act is included in the staff handbook. That will make it explicit, if it was not already, that bribery is not acceptable. Through discussions at the fraud forum, I know that other Departments, including DFP, have been more focused on bribery, although the risk is probably the same as it ever was.
The Chairperson: Thank you very much. We had some questions that the secretariat had worked on, and, if you do not mind, we will forward those to you in case any of them were not picked up in the discussion. Perhaps you will respond in writing.
Ms Hamill: We will, absolutely.