Fiscal Misconduct Policy and Procedures
The purpose of this policy is to promote employee awareness, to communicate the University's expectations of its employees regarding suspected fiscal misconduct and the consequences of fiscal misconduct, and to establish a mechanism for reporting fiscal misconduct. Brown University is committed to the highest ethical and professional standards in all aspects of its operations including the management and stewardship of University assets.
II. Definition of Fiscal Misconduct
Fiscal misconduct is the deliberate action by an individual to misrepresent or conceal the facts of a business transaction. Fiscal misconduct includes fraud, embezzlement, the theft of goods or services, and the abuse of Brown University resources (including funds and property from outside entities for purposes such as sponsored research) to secure an unfair or personal gain.
Fiscal mismanagement that results in a material financial risk to the University may also constitute fiscal misconduct. Failure to reasonably safeguard University assets, properly supervise budgets under one's control, and duly adhere to applicable University policies may also constitute fiscal misconduct, if such failure leads to financial loss to the University. Suspected fiscal misconduct is a reasonable belief or actual knowledge that fiscal misconduct has occurred or is occurring.
This policy applies to all University employees, including student workers. All University employees are responsible for the proper conduct and handling of any University resources or fiscal matters entrusted to them, in accordance with laws, regulations, University policies and other expectations of ethical business conduct.
IV. Investigative Procedures
Employees are obligated to promptly report to the Chief University Auditor any actual or suspected fiscal misconduct, whether by members of the University community or by persons outside the University but involving University resources. If fiscal misconduct is instead reported to a supervisor, chairperson, director, dean, vice president, or another responsible person, that individual must immediately notify the Chief University Auditor.
The Chief University Auditor has the primary responsibility for coordinating the initial assessment, investigation, and internal reporting of known or suspected fiscal misconduct and for determining whether and when to convene a meeting of the University's Fiscal Misconduct Evaluation Team (Team). The core Team, which includes the Chief University Auditor, the VP of Human Resources and, the Executive Vice President for Planning and Policy, will respond to the situation and make recommendations to management and/or the President as appropriate. Depending on the circumstances, representatives from other offices including the Office of the Provost, the Division of Biology and Medicine, the Office of Campus Life, the Office of the Vice President for Research, the Dean of the College, or the Chief of Police/Director of Public Safety may be notified.
University employees are required to cooperate fully with those authorized to conduct investigations of suspected fiscal misconduct. Individuals who are not charged with the responsibility for investigating reports of fiscal misconduct shall not attempt to conduct investigations.
V. Consequences of Fiscal Misconduct
Disciplinary action up to and including termination or, for a student, expulsion from the University, will be imposed and appropriate civil and/or criminal action may be pursued if an investigation reveals fiscal misconduct through misappropriation of University funds or resources or other security breaches in the University, including its financial and operating systems. All members of the Brown University community are responsible for ensuring that their own conduct fully complies with this policy, and that anyone reporting to them is aware of this policy.
VI. Procedures and Responsibilities
The following sections outline the basic responsibilities of those units or individuals involved with an incident of actual or suspected fiscal misconduct.
The responsible administrator of the unit where the known or suspected fiscal misconduct may have or may be occurring is responsible for:
- Reporting all known or suspected incidents of fiscal misconduct as required by this policy to the Chief University Auditor to obtain guidance on how to proceed;
- Not attempting to conduct an independent investigation. The administrator should not confront or accuse the individual suspected of fiscal misconduct or make any arrangements for the resolution of the matter without consultation with the Team;
- Fully securing and strictly limiting access to any relevant computer and manual records as soon as the fiscal misconduct is suspected or when there is reason to believe further losses may occur. Common steps may include changes in staff assignments, obtaining keys, removing systems access, and reassigning signature and approval authority;
- Using discretion and not discussing the circumstances with persons not involved in the incident or with persons without an essential need-to-know; and
- At the completion of any investigation, implementing changes in policy and procedures for improved internal controls to prevent reoccurrence.
The Office of Internal Audit Services is responsible for:
- Conducting an assessment of an incident where sufficient facts or evidence is apparent to determine if, in fact, fiscal misconduct has occurred;
- Coordinating and notifying the Team and other departments who may need to be involved in a review or investigation as appropriate;
- When a loss has occurred, determining how the loss occurred, the amount of the loss, and possible individuals involved;
- Evaluating the systems of internal control and making recommendations for improvements; and
- Following standard audit reporting procedures.
The Office of Human Resources is responsible for:
- Providing guidance to the appointing unit, administration, and others affected as to appropriate personnel actions to be taken if the suspect is a University employee;
- Providing personnel policy interpretation and guidance;
- Participating in the investigation and resolution process and preparing reports, as necessary; and
- Consulting with the appropriate senior officer(s) to determine and enforce appropriate disciplinary action if an investigation reveals fiscal misconduct.
The Department of Public Safety is responsible for:
- Conducting a preliminary assessment of an incident where sufficient facts or evidence are apparent and, if in fact criminal actions have occurred, conducting an investigation based on the determination; and
- Coordinating legal actions with the Office of General Counsel, the Office of Human Resources, and external law enforcement agencies.
The University Controller serves as a resource to the Team and is responsible for:
- Providing policy interpretation as required as well as necessary financial information and documentation; and
- Working with the affected units to implement the necessary management and internal controls to change and improve the business practices that permitted the fiscal misconduct.
VII. Anonymous Reporting Mechanism
An anonymous and confidential Ethics And Compliance Reporting System (EARS) has been established for individuals to report fiscal misconduct so that appropriate action can be taken to resolve the issue. Brown University has contracted with EthicsPoint, an outside provider to receive reports regarding concerns on fiscal misconduct. The reporting line is both web [www.Brown.ethicspoint.com] and toll-free telephone based [877-318-9184] to provide options for reporting 24 hours a day, 365 days a year. If an employee is reporting an allegation or concern in good faith, there will be no retaliation or punishment.
The EARS is not meant to replace or supersede reporting methods which already exist on campus; rather, it serves as an additional reporting method for Accounting and Finance matters, Information and Technology matters, Research matters, and Risk and Safety matters. Reporters are encouraged to consult with University resources such as a supervisor, Dean/Director, etc. as appropriate. Reporters should contact EARS if the appropriate University resources do not adequately address their concerns and they believe the matter may involve fiscal misconduct, or if they wish to make a report anonymously.
We expect that reports will be made in a good faith effort to address legitimate issues needing correction, or to otherwise provide reliable information.
Frequently Asked Questions
1. Why do we need a fiscal misconduct policy?
Brown is committed to the highest standards of moral and ethical behavior and is continuously monitoring ways to improve internal controls that help manage risks. Brown University would like to explicitly establish a written policy, definitions, and investigative procedures that will help assign responsibility and inform stakeholders of channels to report concerns to management and the Office of Internal Audit Services.
2. What is fiscal misconduct?
Fiscal misconduct is the deliberate action by an individual to misrepresent or conceal the facts of a business transaction. Fiscal misconduct includes fraud, embezzlement, the theft of goods or services, and the abuse of Brown University resources (including funds and property from outside entities for purposes such as sponsored research) to secure an unfair or personal gain. Fiscal mismanagement that results in a material financial risk to the University may also constitute fiscal misconduct.
3. Who is responsible for reporting claims of fiscal misconduct?
All employees, including student employees, are responsible for reporting claims of fiscal misconduct.
4. Where do I go to report suspected fiscal misconduct or an item of concern?
There are many channels to report your concerns. You can discuss matters directly with the Chief University Auditor or a supervisor. If fiscal misconduct is reported to a supervisor, that individual must immediately notify the Chief University Auditor.
5. I'm afraid I'll lose my job if I report misconduct of my co-workers. What do I do?
The Rhode Island Whistleblowers' Protection Act Section 28-50 prohibits retaliation against employees for disclosing a violation or noncompliance with laws, rules, or regulations. Additionally, employees can report misconduct through the Ethics And Compliance Reporting System (EARS) which offers methods for anonymous and confidential reporting [877-318-9184], [www.Brown.ethicspoint.com ].
6. What are internal controls? I am concerned that I may not have proper internal controls to manage risks in my department. Who can I ask to help?
Internal Controls are actions taken by management, the Corporation, and other parties to manage risk and increase the likelihood that established University objectives and goals will be achieved. These actions are usually in the form of policies, procedures, and processes established to: Safeguard University assets, limit or control risks, promote efficiency and economical use of resources, ensure the reliability and integrity of information, and ensure compliance with laws and regulations. The Office of Internal Audit Services and the Controller's Office both offer advisory services to help improve the system of internal controls and manage risks within your department.
7. Will all reported concerns be reviewed?
Yes. Depending on the subject and severity of the claim, some claims might be handled administratively and corrected with communications to the appropriate unit head. Other claims might require an investigation by the Office of Internal Audit Services. As necessary, claims reported will be reviewed by the Fiscal Misconduct Evaluation Team to determine appropriate steps and to ensure proper follow-up.
8. How do I know my concerns will be considered fairly?
The Office of Internal Audit Services is an independent, objective assurance and consultative function, reporting functionally to the Audit Committee of the Corporation and administratively to the Executive Vice President for Finance and Administration. The Office of Internal Audit Services is committed to fairness in its processes and activities.