4.117 President's Office
Suspected Dishonest or Fraudulent Activities
Date Adopted/Most Recent Revision: 02/10/17

Next Scheduled Review: 11/2019

I. Policy Statement

 Midwestern State University (“University”) prohibits fraudulent and dishonest behavior by members of the University community and University affiliates.  It is the policy of the University to prevent and detect dishonest and fraudulent activities and consistently investigate suspected cases brought to the attention of University officials.

II. Reason for Policy

The purpose of this policy is to establish University policy regarding internal investigations of suspected defalcation, misappropriation, and other fiscal irregularities by providing for administrative steps to promptly identify and investigate such suspected cases of dishonest or fraudulent activities, demonstrating expectations of ethical behavior from members of the University community and University affiliates.

III. Application of Policy

 This policy applies to University employees, students, and affiliates.  It assigns responsibilities to specific University employees involved in handling suspected cases of dishonest or fraudulent activities.

IV. Definitions

 Affiliates:

Individuals who have a business relationship with the University outside of traditional employment.  They can be paid or unpaid, and include but are not limited to, affiliations associated with employees of contractors and volunteers.

Dishonest or Fraudulent Activities:
May include, but are not limited to, any or all of the following situations whether in tangible, paper or digital form as applicable:

  • Misappropriation of University property or other fiscal irregularities.
  • Forgery or inappropriate alteration of checks, drafts, promissory notes, or securities.
  • Forgery or inappropriate alteration of employee benefit or salary-related items such as time sheets, billings, claims, surrenders, assignments, or changes in beneficiary.
  • Forgery or inappropriate alteration of records relating to health.
  • Forgery or inappropriate alteration of student-related items such as grade, transcripts, loans, or fee/tuition documents.
  • Forgery or falsification of any official University document.
  • Misappropriation of funds, securities, supplies, or any other state asset.
  • Illegal or fraudulent handling or reporting of money transactions.
  • Acceptance or solicitation of any gift, favor, or service that might reasonably tend to influence the employee in the discharge of his or her official duties.
  • Willful and unauthorized destruction of records, furniture, fixtures, or equipment.
  • Unauthorized alteration, manipulation or transfer of computer files or records.
  • Fraudulent or dishonest financial reporting.
  • Bribery, unlawful rebates, or kickbacks.
  • Research or other academic fraud.
  • Unauthorized disclosure of confidential or proprietary information of the University, student educational records, private personnel information, and medical information.
  • Theft of University information, property, records or assets.
  • Violation of an applicable state or federal statute.
  • Violation or noncompliance with an applicable state or federal rule or regulation.
  • Other similar illegal, dishonest or fraudulent conduct.


V. Responsibilities

1. Management must:

  • a. Establish and maintain a system of internal controls which provides reasonable assurance improprieties are prevented and detected.
  • b. Be familiar with the types of improprieties which might occur in his or her area and be alert for any indication of dishonest or fraudulent activity.
  • c. Assure notification is made to an appropriate University official and to the Office of Internal Audits when dishonest or fraudulent activity is suspected.
  • d. Support the University’s fiduciary responsibilities and cooperate with law enforcement agencies in the detection, investigation, and reporting of criminal acts, including prosecution of offenders.
  • e. Maintain the confidentiality of information regarding suspected cases of dishonest or fraudulent activity under investigation to the extent permitted by law.
  • f. Maintain paper and electronic records in accordance with the University’s records retention schedule.

2. Office of Internal Audits must:

  • a. Ensure a link to the State Auditor’s Office Fraud Hotline is included on the homepage of the University’s website.
  • b. Coordinate and or work with the University Police Department (“MSUPD”) and the General Counsel to provide assistance to federal, state, and local law enforcement agencies.
  • c. Coordinate with the Chief Information Security Officer or any other University office necessary to sufficiently investigate suspected dishonest or fraudulent activity.
  • d. Assist MSUPD in investigations of suspected criminal activity that require accounting or auditing knowledge.
  • e. Supervise all audits of allegations of defalcation, misappropriation, and other fiscal irregularities.
  • f. Secure and limit access to investigative work papers to those individuals or entities designated by the Director of Internal Audits.
  • g. Maintain the confidentiality of information gathered regarding dishonest or fraudulent activity under investigation to the extent permitted by law.
  • h. Determine if additional work is needed in order to provide the University’s Audit, Compliance, and Management Review Committee and appropriate University officials with a basis for taking corrective action following notification of a related investigation.
  • i. As delegated by the Office of the President, notify the State Auditor’s Office of suspected fraud or dishonest activity related to the operation of the University.  The Office of Internal Audits shall report the reason and basis for the alleged fraud to the state auditor as required by Texas Government Code Chapter 321, Section 321.022.
  • j. When appropriate, notify the President, MSUPD, and the General Counsel when the investigation of an allegation reveals suspected criminal activity which may constitute a felony offense.  The President, or her or his designee, is responsible for notifying Chairperson of the Board of Regents.
  • k. Consult with:
    • (1.) the General Counsel about all requests for information and assistance related to investigations conducted by federal, state, and local agencies; and
    • (2.) The Director of Human Resources or her or his designee about an investigation when appropriate.

3. University Police Department must:

  • a. Coordinate investigations of all suspected criminal cases involving University operations.
  • b. Coordinate assistance provided to federal, state, and local law enforcement agencies as required by the General Counsel.
  • c. Coordinate investigations of suspected criminal activity to assure appropriate investigatory techniques are used should the case result in a decision to pursue criminal prosecution. 

4. General Counsel must:

  • a. Advise on legal issues associated with investigations and subsequent actions.

5. Chief Information Security Officer must:

  • a. Collect, secure, and preserve relevant University digital data such as transaction, access, authentication, and system logs, emails, and electronic files in anticipation of a legal request, upon request from a University official.
  • b. Assist MSUPD in investigations of suspected dishonest or fraudulent activity which require specialized knowledge of or access to the University’s network, computers or other information systems.
  • c. Report significant security incidents involving the unauthorized disclosure or modification of confidential information, e.g., sensitive personal information as defined in Section 521.002(a)(2), Business and Commerce Code, promptly to his or her immediate supervisor. If the security incident is assessed to involve suspected criminal activity e.g., violations of Chapters 33, Penal Code (Computer Crimes) or Chapter 33A, Penal Code (Telecommunications Crimes) it shall be reported promptly to law enforcement in accordance with University policy and with state or federal information security or privacy laws.

6. Employees must:

  • a. Notify University officials or call the EthicsPoint Hotline (855-734-4210) or website to report any suspected dishonest or fraudulent activity involving University activities or property.  The hotline is available 24 hours a day, 365 days a year and allows anonymous reporting with confidentiality maintained within the confines of the law.
  • b. Not knowingly make incorrect or false accusations.
  • c. Avoid alerting suspected individuals an investigation is underway.
  • d. Cooperate fully with any investigation conducted by the University including but not limited to MSUPD, the Office of Internal Audits, and the Information Technology Department or with federal, state, and local law enforcement agencies as directed by the General Counsel.

7. Faculty, Staff, Students and the General Public may:

  • a. Directly contact the Director of Internal Audits, the Chairperson of the Compliance and Ethics Coordinating Committee, University Chief of Police, Director of Human Resources, General Counsel or other University management whenever an activity is suspected to be dishonest or fraudulent.  Individuals receiving such reports shall retain the anonymity of the reporting party subject to the extent allowable by law.

VI. Procedures

 The procedures set forth in this section apply to suspected incidents of dishonest or fraudulent activity.

  • 1. Notification Responsibilities – As described in section V. Responsibilities, certain individuals must make notifications under this policy.  These individuals and their assigned notification responsibilities are outlined in Appendix A - Notification Responsibilities for Suspected Dishonest or Fraudulent Activity.  This appendix includes the nature and timing of the notification required.
  • 2. The University will vigorously pursue steps to recover any losses resulting from dishonest or fraudulent activities
  • 3.  Coordination with External Law Enforcement Agencies - As described in section V. Responsibilities, University officials must coordinate assistance provided to federal, state, and local law enforcement agencies.

    a. All requests for information or assistance from such agencies received by other areas of the University shall be immediately forwarded to MSUPD.

    b. MSUPD shall consult with the General Counsel for determination and appropriate handling of the request.

    c. All appropriate assistance will be given to law enforcement agencies when properly requested.

4. Investigations

a. The Office of Internal Audits must be made aware of all suspected cases of dishonest or fraudulent activity. When an investigation reveals suspected criminal activity or is initiated due to an allegation of criminal activity, MSUPD must be notified immediately.

b. Investigations of suspected improprieties or irregularities shall be conducted by the University in a manner to avoid false accusations or to avoid alerting suspected individuals an investigation is underway. Accordingly, the person who made the report should not:


(1) Contact suspected individual to determine facts or demand restitution; or

(2) Discuss any facts, suspicions, or allegations associated with the case with anyone, unless specifically directed to do so by the Office of Internal Audits, MSUPD, or the General Counsel.

c. Confidentiality of those reporting dishonest or fraudulent activities will be maintained to the extent permitted by law, including but not limited to the applicable provisions of the Texas Public Information Act. An exception will occur when an individual is required to serve as a witness in legal proceedings.

d. All inquiries from the suspected individual, his or her representative, or attorney shall be directed to the Office of the General Counsel.

e. The Office of Internal Audits must keep its work papers secure and limit access to those individuals or entities as designated by the Director of Internal Audits and the General Counsel.

f. The Director of Internal Audits has the discretion to stop the audit if the investigation fails to detect criminal activity or upon advisement from the Office of the General Counsel.

g. For criminal investigations conducted by MSUPD, only prosecutors have the authority to make the legal determination regarding whether to pursue a criminal prosecution or terminate further investigation.

h. The results of audits or investigations may not be disclosed or discussed with anyone other than authorized representatives of law enforcement or regulatory agencies and those persons associated within the University who have a legitimate need to know such results in order to perform their duties and responsibilities, subject to the provisions of state and federal law, including but not limited to the Texas Public Information Act.

i. The Office of Internal Audits may communicate with management recommendations for improvements to strengthen internal controls, or actions to correct existing conditions or to enhance performance based on issues uncovered during an investigation.

5. Non Retaliation

a. The University prohibits and does not tolerate retaliation against any individual who in good faith files a complaint of suspected illegal, dishonest, or fraudulent conduct or is involved as a witness or participant in the complaint or investigation process.

b. Engaging in unlawful retaliation may result in disciplinary action, up to and including dismissal from the University.

c. An individual who files a complaint that the individual knows or believes to be false is not protected by this provision against retaliation, and may be subject to disciplinary action up to and including dismissal from the University.

d. The University encourages any person, who believes he or she has been subject to unlawful retaliation, or observes or is otherwise aware of an incident of unlawful retaliation in violation of this policy, to report the incident promptly to the EthicsPoint Hotline by phone (855-734-4210) or website HotLine.

VII.

Related Statutes, Policies & Procedures and Websites

General Appropriations Act for the 2016-17 Biennium, 84th Texas Legislature, Regular Session, Part 7. Reporting Requirements,  7.09 Fraud Reporting.

Texas Government Code, Title 3, Subtitle C, Chapter 321.

Texas Education Code, Chapter 51. Provisions Generally Applicable to Higher Education Sec. 51.9337(b), as amended by Senate Bill 20.

Texas Administrative Code, Chapter 202, Security Reporting Rule Section 202.73.

Texas Penal Code Chapter 33 Computer Crimes and Chapter 33A Telecommunications Crimes.

Ethics Policy for Employees of Midwestern State University 3.314.

Midwestern State University Office of Internal Audits Charter.



VIII. Responsible Office(s)

Contact:    Office of Internal Audits
Phone:       (940) 397-4914           Fax: (940) 397-4037
Email:        leigh.kidwell@mwsu.edu

IX. Appendix A – Notification Responsibilities for Suspected Dishonest or Fraudulent Activity [Attached]

 

Appendix A
Notification Responsibilities for Suspected Dishonest or Fraudulent Activity

Who

When

Notifies Whom

University Employees

  • Immediately upon observation of suspected dishonest or fraudulent activity

Notification may be made through any of these options:

  • University Police Department
  • Director of Internal Audits
  • University Compliance & Ethics Coordinating Committee Chair
  • Director of Human Resources
  • University Management
  • EthicsPoint Hotline

(855-734-4210) or website

University Compliance & Ethics Coordinating Committee Chair

  • Immediately upon notice of possible dishonest or fraudulent activity

Director of Internal Audits

Vice President for Administration and Finance

  • Immediately when known significant loss has occurred (for insurance/fidelity bond claim notification)

The President

Chief Information Security Officer

  • Immediately when security incident has occurred to assess the business impact on affected resources and the current or potential technical effect of the incident.
  • Immediately when known the security incident will result in criminal violations, involve unauthorized disclosure or modification of confidential information or assessed to involve suspected criminal activity.

Vice President for Administration and Finance

 

 

Vice President for Administration and Finance,
University Police Chief,
General Counsel,
The President

Director of Internal Audits

  • As deemed appropriate when an internal audit investigation reveals suspected criminal activity which may constitute a felony offense; also when an investigation is initiated due to an allegation of criminal activity

The President,
University Police Chief,
General Counsel,
Board of Regents’ Audit, Compliance & Management Review Committee Chair

  • As delegated by the President

State Auditor’s Office

University Police Chief

  • Immediately when MSUPD is involved in fraud investigation, and for periodic updates on progress of investigation

Vice President for Student Affairs

General Counsel

  • Periodically update on progress of Internal Audits’ investigations

The President,
Board of Regents Chairperson

President, or her or his designee

  • As deemed appropriate when an internal audit investigation reveals suspected criminal activity which may constitute a felony offense; also when an investigation is initiated due to an allegation of criminal activity.

Board of Regents Chairperson