Northern Ireland Assembly Flax Flower Logo

Session 2007/2008

Fifth Report

Public Accounts committee

Report on
Tackling Public Sector Fraud

TOGETHER WITH THE MINUTES OF PROCEEDINGS OF THE COMMITTEE RELATING
TO THE REPORT AND THE MINUTES OF EVIDENCE

Ordered by Public Accounts committee to be printed 13 December 2007
Report: 13/07/08R (Public Accounts committee)

Public Accounts Committee
Membership and Powers

The Public Accounts Committee is a Standing Committee established in accordance with Standing Orders under Section 60(3) of the Northern Ireland Act 1998. It is the statutory function of the Public Accounts Committee to consider the accounts and reports of the Comptroller and Auditor General laid before the Assembly.

The Public Accounts Committee is appointed under Assembly Standing Order No. 51 of the Standing Orders for the Northern Ireland Assembly. It has the power to send for persons, papers and records and to report from time to time. Neither the Chairperson nor Deputy Chairperson of the Committee shall be a member of the same political party as the Minister of Finance and Personnel or of any junior minister appointed to the Department of Finance and Personnel.

The Committee has 11 members including a Chairperson and Deputy Chairperson and a quorum of 5.

The membership of the Committee since 9 May 2007 has been as follows:

Mr John O’Dowd (Chairperson)
Mr Roy Beggs (Deputy Chairperson)

Mr Willie Clarke* Mr Trevor Lunn
Mr Jonathan Craig Mr Patsy McGlone
Mr John Dallat Mr Mitchel McLaughlin
Mr Simon Hamilton Ms Dawn Purvis
Mr David Hilditch

* Mr Mickey Brady replaced Mr Willie Clarke on 1st October 2007

Contents

List of abbreviations used in the Report v

Report

Executive Summary
Summary of Recommendations
Introduction
Learning Lessons from the Agency’s Fraud
Wider Counter Fraud Initiatives

Appendix 1:

Minutes of Proceedings

Appendix 2:

Minutes of Evidence

Appendix 3:

Fraud Prevention: Update from Mr David Thomson, Treasury Officer of Accounts, Departments of Finance and Personnel
Chairperson’s letter of 22 October 2007 to Mr Paul Sweeney, Accounting Officer, Department of Culture. Arts and Leisure
Correspondence of 2 November 2007 from Mr Paul Sweeney, Accounting Officer, Department of Culture. Arts and Leisure
Chairperson’s letter of 22 October 2007 to Mr Bruce Robinson, Accounting Officer, Department of Finance and Personnel
Correspondence of 30 October 2007 from Mr David Thomson, Treasury Officer of Accounts, Department of Finance and Personnel

Appendix 4:

List of Witnesses

List of Abbreviations
used in the Report

The Agency                              Ordnance Survey of Northern Ireland

The Department                       Department of Culture, Arts and Leisure

PSNI                                        Police Service of Northern Ireland

DFP                                        Department of Finance and Personnel

LEDU                                      Local Enterprise Development Unit

C&AG                                      Comptroller and Auditor General

NDPBs                                     Non Departmental Public Bodies

TOA                                        Treasury Officer of Accounts

FE                                           Further Education

Executive Summary

Introduction

1. Ordnance Survey of Northern Ireland (the Agency) is an executive agency within the Department of Culture, Arts and Leisure (the Department) with responsibility for the supply of mapping and geographical information services for Northern Ireland.

2. In August 2003, an internal fraud was uncovered within the Accounts Branch of the Agency and a subsequent investigation found that the fraudster, a supervisor, had defrauded the Agency of £70,690. The fraudster was formally charged by the Police Service of Northern Ireland (PSNI) with stealing cash and falsifying records. On 20 January 2006, he pleaded guilty to the charges at Belfast Crown Court and on 7 April 2006 he was sentenced to twelve months imprisonment, suspended for two years.

3. Because fraud is an ever present threat, the Department of Finance and Personnel (DFP) has a key role to play in co-ordinating the drive across the public sector to combat fraud. This includes the dissemination of Public Accounts Committee recommendations; guidance on counter fraud best practice; sharing of data and information through a Fraud Forum; an annual report on the types, causes and means of discovery of fraud; and the regular monitoring and review of legislation.

Learning Lessons from the Agency’s Fraud

4. This fraud was not particularly sophisticated in nature and was due in large part to serious shortcomings in the control environment. Although the Agency detailed a range of controls it had subsequently put in place, their omission at the time of the fraud reflects a significant failing on its part.

5. Supervisory negligence also played a major part in allowing this fraud to occur and to remain undetected for so long. Following an independent investigation, one member of staff received a written warning while another escaped censure. The Committee questions whether the disciplinary action taken against these supervisory staff was sufficiently robust. The Committee is satisfied that if a similar degree of negligence occurred in the private sector, it would be sanctioned more severely.

6. The fraud occurred over a five year period from 1998 to 2003, despite a number of clear and consistent warning signals which should have led to it being detected much earlier. It was only discovered while the fraudster was on extended sick leave and the basic failure to ensure segregation of duties means that it is quite possible that, were it not for his sickness absence, these fraudulent activities could have continued for a further considerable period. It is clear to the Committee that there was a lack of a counter fraud culture in the Agency at this time and that many of the warning signals were ignored.

7. The Department told the Committee that it has learnt lessons from this fraud. However, it is notable that this was not the first fraud in the Agency. Furthermore, there are also elements of this case which resonate with the evidence given to the previous Public Accounts Committee in relation to a fraud in the former Local Enterprise Development Unit (LEDU). It is disturbing that the lessons from both the previous fraud in LEDU and in the Agency itself were not learnt and that the same types of control and supervisory failures recurred.

8. On discovery of the fraud, the Agency immediately established a Case Management Group to oversee the investigation. This appears to have worked effectively and to represent a good model for the investigation process. In addition, the Agency effected full restitution of the money stolen. This sends out an important message that the full rigours of the law will be brought to bear against those who commit fraudulent acts against the public purse.

9. An interesting aspect of this case was the Department’s decision, on unequivocal legal advice, not to pursue the option of seeking forfeiture of the fraudster’s pension rights. The Committee believes that the forfeiture of pension rights, whether in whole or in part, must be a remedy that can be applied against public servants who defraud the public purse and where restitution cannot otherwise be obtained.

Wider Counter Fraud Initiatives

10. The Serious Crime Bill will provide new data matching and data sharing powers. This will enable the public sector to share data both internally and with the private sector for the prevention and detection of fraud. It will also allow the Comptroller and Auditor General (C&AG) to replicate data matching exercises similar to those conducted by the Audit Commission in England and Wales to identify cases which could signify fraud or error. The first fruits of this exercise should appear within 12 to 18 months and savings of £4 million may be attainable in Northern Ireland.

11. The Fraud Forum is a best practice counter fraud advisory group established by DFP. While the Committee welcomes the work of the Fraud Forum, it is concerned that lessons may not be disseminated effectively to bodies at arm’s length from central government.

12. The Fraud Forum has produced a “Memorandum of Understanding between the Public Sector and the PSNI”. However, fraud can occur anywhere and, if there is genuinely to be zero tolerance of fraud, the Committee believes it is essential that the public sector has the capacity, and a sufficient number of trained investigators, to deliver its responsibilities under the memorandum.

13. DFP produces an Annual Fraud Report, covering suspected and proven frauds involving public funds. The Committee sees the Fraud Report as a potentially useful source of information. However the report is limited in scope. It does not quantify the total value of frauds; does not include the substantial risk areas of social security, agriculture and prescription frauds; and does not analyse, by type of body, where fraud occurs.

14. DFP recently commissioned a survey of 120 public sector bodies to assess their implementation of counter fraud measures. While recognising that the overall results are relatively positive, the Committee also notes some areas of weakness. One specific area of concern relates to the absence of whistle-blowing policies in 25% of the bodies. This is a valuable element of a good counter fraud strategy that all public sector bodies should have in place.

Summary of Recommendations

Learning Lessons from the Agency’s Fraud

1. Departments and their agencies cannot afford to simply assume that the controls they have in place are sufficient and are working effectively. The Committee recommends that in high risk areas, such as cash handling, management must assure themselves that controls are appropriate and are being applied rigorously. Management should put in place arrangements commensurate with the level of risk involved to test and record the level of compliance. All managers and supervisors should be fully aware of their responsibilities (see paragraph 11).

2. The Committee considers that the limited disciplinary action in this case does not send the right signal about the seriousness of ineffective supervision. In future cases departments must give full weight to the Committee’s concern on this matter. DFP should review the range of disciplinary sanctions available for supervisory negligence in cases of internal fraud and ensure they are applied effectively (see paragraph 15).

3. The Committee recommends that senior line management should ensure that payment of bonuses to supervisory staff in an area of work where a fraud has been discovered must be prepared to offer robust and compelling explanations to justify such payments (see paragraph 16).

4. It is important that a strong counter fraud culture is embedded within all public sector organisations. The Committee recommends that DFP, in consultation with departments and agencies, devises and implements a strategy for firmly embedding a counter fraud culture in all parts of the public sector (see paragraph 20).

5. It is disturbing that lessons from previous frauds in LEDU and in the Agency itself were not learnt and that the same types of control failures recurred. It is important that public bodies are fully and regularly apprised of the key facts pertaining to all internal frauds. The Department has used this case study with its Arm’s Length Bodies. However, the Committee believes that the lessons from this case need to be learned more widely and recommends that DFP encourages other departments to use it in their efforts to raise awareness of internal fraud (see paragraph 24).

6. A fraud on this scale is precisely the type of activity which is liable to lead to a serious loss of confidence in the public service and should therefore qualify for forfeiture of pension rights. The Committee recommends that DFP reviews the legislation on this issue to ensure that forfeiture can be applied if full restitution has not been made. DFP should issue guidance to departments on the procedures for initiating such action in cases of proven internal fraud (see paragraph 30).

Wider Counter Fraud Initiatives

7. The Committee wishes to be consulted on the proposed protocols for data matching (see paragraph 35).

8. The Committee recommends that the Fraud Forum satisfies itself that the wider public sector is informed of its work and that each department has established mechanisms to ensure that the advice and guidance emanating from the Forum is systematically disseminated to all its subsidiary bodies (see paragraph 38).

9. It is important that efforts to detect, investigate and prosecute fraud are not undermined by a lack of capacity and expertise in the wider public sector. The Committee recommends that DFP undertakes a stocktaking exercise across the wider public sector to assess the availability of trained investigation staff on front line investigation work, and, if necessary, devises a strategy to fill any skills gaps identified by this exercise through mechanisms such as training programmes or short-term redeployment of existing resources (see paragraph 42).

10. In the Committee’s view, there is scope to improve the Fraud Report in order to offer better quality information. The Committee recommends that it should report, at least in summary, on all fraud in the public sector, quantify the value of that fraud and analyse the types of public sector body in which fraud occurs. The Fraud Report should be presented annually to this Committee (see paragraph 48).

11. The Committee would like to see much more emphasis given to whistle-blowing as an important means of identifying potential fraudulent activity. There is no excuse for 25% of departments and agencies not having whistle-blowing policies in place and we expect DFP to ensure this deficit is addressed and that full compliance is achieved. The Committee also expects DFP to ensure that departments are proactive in training and encouraging staff to blow the whistle and for DFP to include an analysis of activity levels of whistle-blowing across departments, as part of its annual Fraud Report (see paragraph 54).

Introduction

1. The Public Accounts Committee met on 18 October 2007 to consider the Comptroller and Auditor General’s report: “Internal Fraud in Ordnance Survey of Northern Ireland” (HC187, Session 2006-07). The Committee also considered a written submission from the Department of Finance and Personnel (DFP) entitled “Fraud Prevention: Update for PAC (September 2007)”. The witnesses were:

The Committee also took written evidence from Mr Sweeney and Mr Thomson.

2. Ordnance Survey of Northern Ireland (the Agency) is an Executive Agency within the Department of Culture, Arts and Leisure (the Department). In August 2003, an internal fraud was uncovered within the Agency’s Accounts Branch. The fraud had been perpetrated over a five year period between 1998 and 2003 during which the fraudster stole £70,690. The fraudster was subsequently charged, pleaded guilty to the offences and was sentenced to twelve months imprisonment, suspended for two years. The Agency achieved full restitution of the monies stolen.

3. In taking evidence on the Comptroller and Auditor General’s report, the Committee focussed on a number of issues. These were:

4. Turning to wider fraud initiatives, the Committee scrutinised several aspects of DFP’s submission (see Appendix 3) including:

Learning Lessons
from the Agency’s Fraud

General Findings

5. This case of internal fraud focuses on a number of serious shortcomings in the Agency’s ability to deter fraud through strong governance arrangements. To have one fraud may be regarded as misfortune but two looks like downright carelessness. Failures of this sort are traumatic for everyone; cause serious reputational damage to the Department and Agency; and are stressful and demoralising for the fraudster’s colleagues and tragic for him and his family.

6. There are important lessons to be drawn from this case and we look to DFP to ensure that these lessons are disseminated widely across the public sector and bodies take heed of them. The Committee would like the C&AG to bring to our attention any cases of serious fraud so that the Committee can examine the lessons to be learned and require departments to address them.

Weaknesses in the Control Environment

7. Although there was a degree of cunning involved in perpetrating this fraud, it was not particularly sophisticated in nature and was due in large part to serious shortcomings in the control environment. The fraudster was able to open the post on his own, remove cheques and exchange the cheques with cash from the Agency’s Map Shop. He then raised false credit notes to cover his tracks.

8. A number of factors enabled the fraud to be perpetrated. There was inadequate segregation of duties and cash and cheques were not securely stored. There were failures of supervision, illustrated by the Finance Manager (the fraudster’s supervisor) withdrawing from the day-to-day operations of Accounts Branch at a time when the Agency was experiencing a rapid increase in turnover. There was no financial procedures manual which meant that staff were not in a position to recognise or challenge whether appropriate controls were being applied.

9. The control framework in place was wholly inadequate and the Committee very much welcomes the Accounting Officer’s frankness in recognising these weaknesses. The Department assured the Committee that it had immediately implemented a number of actions to improve the control framework and that the chances of fraud were now much less. While the Agency detailed a range of controls it had subsequently put in place, their omission at the time of the fraud reflects a significant failing on its part.

10. DFP added that there is a requirement for Accounting Officers to sign a Statement of Internal Control providing assurance that departments carry out sufficiently robust and frequent testing of their controls. While we accept that this measure provides useful assurance on the control environment, we are not persuaded that it will necessarily ensure the regular testing of controls at business or branch unit level, which is necessary.

Recommendation 1
11. Departments and their agencies cannot afford to simply assume that the controls they have in place are sufficient and are working effectively. The Committee recommends that in high risk areas, such as cash handling, management must assure themselves that controls are appropriate and are being applied rigorously. Management should put in place arrangements commensurate with the level of risk involved to test and record the level of compliance. All managers and supervisors should be fully aware of their responsibilities.

Supervisory Negligence

12. Supervisory negligence also played a major part in allowing this fraud to occur and to remain undetected for so long. The Department told the Committee that the fraudster had worked for the organisation for 25 years and that excessive trust was placed in this individual, who had an unblemished record. The Department accepted that this should never have been allowed to happen.

13. Following its discovery, the Agency commissioned an independent investigation to examine management oversight during the period of the fraud. This concluded that the Finance Manager had failed to properly supervise the fraudster and had fallen short, to a significant extent, of the role expected of him. The Finance Manager received a written reprimand, to remain on his record for three years. A professional accountant within Accounts Branch had identified concerns as early as October 2002, based on queries from customers, but had failed to ensure there was follow-up action before leaving the Agency shortly thereafter. The investigation recommended that this officer should not be subject to disciplinary action.

14. On the basis of the evidence, the Committee questions whether the disciplinary action taken against these supervisory staff was sufficiently robust. A written reprimand is, in the Committee’s view, one of the mildest sanctions available in the Civil Service, while the lack of disciplinary action against the accountant sends a weak message about tolerating supervisory failures. The Committee is satisfied that, if a similar degree of negligence occurred in the private sector, it would be sanctioned more severely.

Recommendation 2
15. The Committee considers that the limited disciplinary action in this case does not send the right signal about the seriousness of ineffective supervision. In future cases departments must give full weight to the Committee’s concern on this matter. DFP should review the range of disciplinary sanctions available for supervisory negligence in cases of internal fraud and ensure they are applied effectively.
Recommendation 3
16. The Committee recommends that senior line management should ensure that payment of bonuses to supervisory staff in an area of work where a fraud has been discovered must be prepared to offer robust and compelling explanations to justify such payments.

Failures to Detect the Warning Signs of Fraud

17. This fraud occurred over a five year period from 1998 to 2003, despite a number of clear and consistent warning signals which should have led to it being detected much earlier. In particular, queries and complaints were being received from customers who had paid their bills by cheque. In the Department’s view, the tipping point was around October 2002, when the accountant raised specific concerns about customer queries, but failed to follow these up.

18. However, the Department also contended that it was only a matter of time before the fraud was discovered. The Agency was in the process of undertaking an exercise to address its bad debt situation and the Department claimed there was an inevitability that, through this process, the fraud would have been detected. The Committee is not convinced that this is in fact the case. The fraud was only discovered while the fraudster was on extended sick leave and the basic failure to ensure segregation of duties means that it is quite possible that, were it not for his sickness absence, these fraudulent activities could have continued for a further considerable period.

19. It is clear to the Committee that there was a lack of a counter fraud culture in the Agency at this time and that many of the warning signals were ignored. The Department has acknowledged that the presumption was that there was a failure in the systems and that the culture should have been more cognisant of the possibility of fraud. The fact that no fraud awareness training had been provided in the Agency at the time of the fraud and that it failed to introduce a whistle-blowing policy until 2003 are symptomatic of the lack of a counter fraud culture.

Recommendation 4
20. It is important that a strong counter fraud culture is embedded within all public sector organisations. The Committee recommends that DFP, in consultation with departments and agencies, devises and implements a strategy for firmly embedding a counter fraud culture in all parts of the public sector.

Learning the Lessons from Previous Frauds

21. The Department told the Committee that it has learnt lessons from this fraud. It has used it in a case study with its other arm’s length bodies; the fraud has also featured as a topic for discussion at the DFP Fraud Forum; and the Department has commissioned a series of Governance and Accountability audits in all its arm’s length bodies.

22. The Committee commends these actions. However, it is notable that this was not the first fraud in the Agency. A previous, smaller, fraud had occurred from 1988 to 1991 in the Agency’s Map Shop. The Committee is astonished that lessons were not more fully learnt from the first fraud, particularly as cursory supervision and control environment weaknesses had also been evident in this case. The Department acknowledged that there was an insufficient connection made at that time between the front office activities of the Agency’s Map Shop (where the first fraud occurred) and the back office activities of its Accounts Branch.

23. There are also elements of this case which resonate with the evidence given to the previous Public Accounts Committee in relation to a fraud in the former Local Enterprise Development Unit (LEDU). In this instance also, inadequate segregation of duties and poor supervisory controls were contributory factors.

Recommendation 5
24. It is disturbing that lessons from previous frauds in LEDU and in the Agency itself were not learnt and that the same types of control failures recurred. It is important that public bodies are fully and regularly apprised of the key facts pertaining to all internal frauds. The Department has used this case study with its Arm’s Length Bodies. However, the Committee believes that the lessons from this case need to be learned more widely and recommends that DFP encourages other departments to use it in their efforts to raise awareness of internal fraud.

Effective Investigation, Prosecution and Restitution

25. On discovery of the fraud, the Agency immediately established a Case Management Group to oversee the investigation. This appears to have worked effectively and to represent a good model for the investigation process. The subsequent success of the prosecution highlights the importance of establishing a fraud investigation team immediately, implementing a Fraud Response Plan, taking action to protect the evidence and establishing working arrangements with the PSNI.

26. In this case, the court imposed a penalty of £30,000 on the fraudster and the Department initiated civil action to recover the balance of £40,690. In July 2007, the Department received this balance and therefore successfully achieved restitution of the total amount defrauded. This sends out an important message that the full rigours of the law will be brought to bear against those who commit fraudulent acts against the public purse. The Committee welcomes the fact that full restitution was made in this case and hopes that it acts as a salutary lesson to any public servant tempted to consider undertaking fraud.

27. Equally, the Committee recognises that any fraud of this nature imposes additional burdens on the public purse over and above the amount defrauded. It is evident that there were a range of detection, investigation, and prosecution costs incurred by the Agency and the wider criminal justice system for which the public purse was not recompensed.

28. An interesting aspect of this case was the Department’s decision, on unequivocal legal advice, not to pursue the option of seeking forfeiture of the fraudster’s pension rights. The Department indicated that there are two situations in which forfeiture can be considered, one of which is where a Minister certifies that actions would be liable to lead to a serious loss of confidence in the public service. We asked to see the legal advice but were surprised that no written legal advice was provided by the Departmental Solicitor to the Agency. In the absence of written advice from the Departmental Solicitor it is not clear why forfeiture of the fraudster’s pension could not be pursued.

29. In this case, because full restitution was achieved by other means, the issue of forfeiture of pension rights was not tested. This Committee believes that the forfeiture of pension rights, whether in whole or in part, would be a strong deterrent against internal fraud and must be a remedy that can be applied against public servants who defraud the public purse and where restitution cannot otherwise be obtained.

Recommendation 6
30. A fraud on this scale is precisely the type of activity which is liable to lead to a serious loss of confidence in the public service and should therefore qualify for forfeiture of pension rights. The Committee recommends that DFP reviews the legislation on this issue to ensure that forfeiture can be applied if full restitution has not been made. DFP should issue guidance to departments on the procedures for initiating such action in cases of proven internal fraud.

Wider Counter Fraud Initiatives

Legislative Developments

31. DFP updated the Committee on the implications for Northern Ireland of the Fraud Review. This was a UK-wide exercise commissioned by the Attorney General and the Chief Secretary to the Treasury on ways to reduce fraud and the damage that it causes to the economy and society.

32. The Committee notes that the most significant impact from the UK-wide Fraud Review on Northern Ireland will be the new data sharing and data matching powers provided under the Serious Crime Bill[1], a UK piece of legislation. DFP indicated that protocols and codes of practice need to be put in place for the sharing of information and noted the need to strike a balance between protecting individuals and sharing data.

33. Data sharing will enable the public sector to share data both internally and with the private sector for the purpose of preventing and detecting fraud. Data matching is mandatory and will enable the C&AG to replicate data matching exercises similar to those conducted by the Audit Commission in England and Wales to identify cases which could signify fraud or error. The most recent exercise generated financial savings of £111 million in England and Wales and, by preventing and detecting fraud and error, it can therefore generate significant savings. A pro-rata estimate for Northern Ireland would suggest savings of £4 million are attainable.

34. The C&AG suggested that the first fruits of this exercise would appear within 12 to 18 months. He highlighted that Northern Ireland’s participation in the legislation was due to DFP’s initiative. The Committee commends DFP for its work in ensuring Northern Ireland’s participation in the National Fraud Initiative, and welcomes the fact that protocols will be established to safeguard individuals’ rights.

Recommendation 7
35. The Committee wishes to be consulted on the proposed protocols for data matching.

The Role of DFP’s Fraud Forum

36. DFP established the Fraud Forum in March 2005 as a best practice advisory group. The Fraud Forum provides an opportunity to offer advice and guidance to departments and so fits well with DFP’s own emphasis on prevention. As an example of its work, DFP noted that it had held a major counter fraud conference for the wider public sector in October 2006.

37. The Committee questioned DFP on the merits of extending membership to include the wider public sector and the voluntary sector. In response, DFP indicated that it is content with the current structure of the Fraud Forum and indicated that it is for departments and Accounting Officers to take responsibility for their arm’s length bodies. As currently constituted, DFP feels the Fraud Forum is useful for discussing and sharing best practice and cascading lessons. It accepted, however, that it should review the membership on a continued basis. While the Committee welcomes the work of the Fraud Forum as a means of offering best practice advice, it is concerned that lessons may not be disseminated effectively to bodies at arm’s length from central government.

Recommendation 8
38. The Committee recommends that the Fraud Forum satisfies itself that the wider public sector is informed of its work and that each department has established mechanisms to ensure that the advice and guidance emanating from the Forum is systematically disseminated to all its subsidiary bodies.

39. The Fraud Forum has produced a series of best practice guidance notes including, most notably, a “Memorandum of Understanding between the Public Sector and the PSNI”. This established a basic framework for the working relationship in the investigation and prosecution of suspected fraud cases and is supported by more detailed procedural guidelines.

40. The Committee asked DFP about the availability of suitably qualified staff to undertake fraud investigations across the wider Public Sector. DFP explained that most investigations are carried out by trained investigators or internal audit staff and emphasised that in high risk areas, such as social security, prescription fraud and agriculture, there are trained investigators and teams in place. The memorandum is aimed at staff who are not trained investigators and is designed to ensure bodies act in a manner which will not prejudice a prosecution.

41. However, fraud can occur anywhere and, if there is genuinely to be zero tolerance of fraud, the Committee believes it is essential that the public sector has the capacity, and a sufficient number of trained investigators, to address this risk and to deliver its responsibilities under the memorandum. Pressure on fraud investigation resources is likely to increase when public sector bodies are expected to investigate those cases detected by the new data matching powers.

Recommendation 9
42. It is important that efforts to detect, investigate and prosecute fraud are not undermined by a lack of capacity and expertise in the wider public sector. The Committee recommends that DFP undertakes a stocktaking exercise across the wider public sector to assess the availability of trained investigation staff on front line investigation work, and, if necessary, devises a strategy to fill any skills gaps identified by this exercise through mechanisms such as training programmes or short-term redeployment of existing resources.

DFP’s Fraud Report

43. Departments are required to report suspected and proven frauds to DFP. This facilitates the production of an Annual Fraud Report covering departments, agencies, NDPBs and public funds disbursed by voluntary bodies and other agents. In 2006-07, departments reported 116 cases of actual and suspected fraud with an estimated value of £1.53 million.

44. Grant fraud accounted for 26% of the cases reported and affected eight departments. These types of fraud generally reflect a failure to meet a condition of the grant. DFP also provided illustrations of other categories recorded in the Fraud Report. These ranged from small scale thefts of individual items such as laptops and cameras, through to frauds relating to income (as with the Agency case) and payment processes. The latter included abuse of credit cards, wrongful ordering and diverted delivery of goods.

45. The Committee notes that the three biggest areas of risk (Social Security, Agriculture and Prescription frauds) are not included in the Fraud Report but are all reported on separately by the respective departments. Latest figures indicate that annual fraud in these three areas amounted to almost £28 million.

46. The Committee asked DFP whether there was a greater propensity for fraud to occur in certain types of bodies. Subsequent information provided by DFP (see Appendix 3) suggests that the risks of fraud may be greater in bodies which are at arm’s length from departments.

47. The Committee sees the Fraud Report as a potentially useful source of information. Currently, however, the report does not quantify the value of frauds; does not include the substantial risk areas of social security, agriculture and prescription fraud; and does not analyse, by type of body, where fraud occurs.

Recommendation 10
48. In the Committee’s view, there is scope to improve the Fraud Report in order to offer better quality information. The Committee recommends that it should report, at least in summary, on all fraud in the public sector, quantify the value of that fraud and analyse the types of public sector body in which fraud occurs. The Fraud Report should be presented annually to this Committee.

Counter Fraud Measures Across the Public Sector

49. The Agency fraud case illustrated where management had failed to adequately test the robustness of its control systems. In response, DFP noted that there is now a requirement for Accounting Officers to sign a Statement of Internal Control and that this process provides greater assurances on the robustness of systems in public sector. DFP also noted that it had gained assurances through a survey of counter fraud measures which it had recently commissioned. This covered 120 public sector organisations and, DFP indicated that the results suggested departments generally had counter fraud measures in place.

50. While recognising that the overall results are relatively positive, the Committee notes some areas of weakness. For example some 25% of respondents had not undertaken an overall fraud risk assessment. DFP acknowledged that this was disappointing, but indicated that it was clear to them from other responses to the questionnaire that bodies were actually tackling the risk of fraud through other risk management processes, such as Fraud Response Plans and Fraud Policy Statements.

51. The Committee welcomes DFP’s survey of counter fraud measures across the wider public sector, regarding it as a good benchmark and one that should be built on. However there are risks with self-assessment surveys, such as complacency and that respondents tell you what they think you want to hear. It is therefore important that DFP does not place too much emphasis on this as a source of evidence but reinforces to departments the Government Accounting requirements to carry out a systematic assessment of fraud risk, as part of a continuous cycle, at both organisational and operational levels.

52. One specific area of concern to the Committee relates to the issue of whistle-blowing policies. DFP confirmed that a requirement already exists to report anything irregular under the Code of Ethics. It indicated that, as only around 3% of serious frauds were identified through whistle-blowing, it was not a priority compared with other mechanisms such as internal controls that play a much greater part in fraud prevention. Nevertheless, it is currently developing a model template which would provide a more open and formal procedure for whistle-blowing.

53. The Committee welcomes the development of the whistle-blowing template and notes that one of the lessons from the Agency case study is the potential for whistle-blowing to facilitate earlier detection of wrongdoing. This is a valuable element of a good counter fraud strategy that all public sector bodies should have in place.

Recommendation 11
54. The Committee would like to see much more emphasis given to whistle-blowing as an important means of identifying potential fraudulent activity. There is no excuse for 25% of departments and agencies not having whistle-blowing policies in place and we expect DFP to ensure this deficit is addressed and that full compliance is achieved. The Committee also expects DFP to ensure that departments are proactive in training and encouraging staff to blow the whistle and for DFP to include an analysis of activity levels of whistle-blowing across departments, as part of its annual Fraud Report.

Minutes of Proceedings of The Committee
Relating to the Report

Thursday, 18 October 2007
Senate Chamber, Parliament Buildings

Present: Mr John O’Dowd (Chairperson)
Mr Roy Beggs (Deputy Chairperson)
Mr Mickey Brady
Mr Jonathan Craig
Mr Simon Hamilton
Mr David Hilditch
Mr Trevor Lunn
Mr Mitchel McLaughlin
Ms Dawn Purvis

In Attendance: Mrs Cathie White (Assembly Clerk)
Mrs Gillian Lewis (Assistant Assembly Clerk)
Mrs Nicola Shephard (Clerical Supervisor)
Mr John Lunny (Clerical Officer)

Apologies: Mr John Dallat
Mr Patsy McGlone

The meeting opened at 2.00pm in public session.

2.04pm Ms Purvis joined the meeting.

3. Evidence on the NIAO Report ‘Internal Fraud in Ordnance Survey of Northern Ireland’

The Committee took oral evidence on the NIAO report ‘Internal Fraud in Ordnance Survey of Northern Ireland’ from Mr Paul Sweeney, Accounting Officer, Department of Culture, Arts and Leisure and Mr Iain Greenway, Chief Executive, Ordnance Survey of Northern Ireland. The witnesses answered a number of questions put by the Committee.

The Committee requested that the witnesses should provide additional information on issues raised by members during the evidence session to the Clerk.

3.13pm The evidence session finished and the witnesses left the meeting.

4. Evidence on Fraud Prevention

The Committee took oral evidence on fraud prevention from Mr David Thomson, Treasury Officer of Accounts, Department of Finance and Personnel (DFP), Mr Ciaran Doran, Deputy Treasury Officer of Accounts, DFP, and Ms Alison Caldwell, Head of Fraud and Internal Policy, DFP. The witnesses answered a number of questions put by the Committee.

The Committee requested that the witnesses should provide additional information on issues raised by members during the evidence session to the Clerk.

4.11pm The evidence session finished and the witnesses left the meeting.

[EXTRACT]

Thursday, 13 December 2007
Room 144, Parliament Buildings

Present: Mr John O’Dowd (Chairperson)
Mr Roy Beggs (Deputy Chairperson)
Mr Mickey Brady
Mr Jonathan Craig
Mr John Dallat
Mr Simon Hamilton
Mr David Hilditch
Mr Patsy McGlone
Mr Mitchel McLaughlin
Ms Dawn Purvis

In Attendance: Mrs Cathie White (Assembly Clerk)
Mrs Gillian Lewis (Assistant Assembly Clerk)
Mrs Nicola Shephard (Clerical Supervisor)
Mr John Lunny (Clerical Officer)

Apologies: Mr Trevor Lunn

The meeting opened at 2.00pm in public session.

2.05pm Ms Purvis joined the meeting.

2.23pm The meeting went into closed session.

10. Consideration of Draft Committee Report on Tackling Public Sector Fraud.

Members considered the draft report paragraph by paragraph. The witnesses attending were Mr John Dowdall CB, C&AG, Mr Eddie Bradley, Director of Value for Money, Mr Patrick O’Neill, Audit Manager, and Mr Joe Campbell, Audit Manager.

The Committee considered the main body of the report.

Paragraphs 1 – 10 read and agreed.

Paragraph 11 read, amended and agreed.

Paragraphs 12 – 13 read and agreed.

Paragraph 14 read, amended and agreed.

Paragraph 15 read and agreed.

Paragraph 16 read, amended and agreed.

Paragraphs 17 – 18 read and agreed.

Paragraph 19 read, amended and agreed.

Paragraphs 20 – 21 read and agreed.

Paragraph 22 read, amended and agreed.

Paragraphs 23 – 27 read and agreed.

Paragraph 28 read, amended and agreed.

Paragraph 29 read and agreed.

Paragraph 30 read, amended and agreed.

Paragraphs 31 – 41 read and agreed.

Paragraph 42 read, amended and agreed.

Paragraphs 43 – 50 read and agreed.

Paragraph 51 read, amended and agreed.

Paragraphs 52 – 54 read and agreed.

The Committee considered the Executive Summary of the report.

Paragraph 1 read and agreed.

Paragraph 2 read, amended and agreed.

Paragraphs 3 – 5 read and agreed.

Paragraph 6 read, amended and agreed.

Paragraphs 7 – 14 read and agreed.

Agreed: Members ordered the report to be printed.

Agreed: Members agreed that the Chairperson’s letters requesting additional information to Mr Paul Sweeney and Mr Bruce Robinson, and the responses would be included in the Committee’s report. The Committee agreed that further correspondence would be treated under the Osmotherly rules.

Agreed: Members agreed to embargo the report until 00.01am on 24 January 2008, when the report would be officially released.

Agreed: Members agreed not to hold a press conference to launch this report.

[EXTRACT]

Appendix 2

Minutes of Evidence

18 October 2007

Members present for all or part of the proceedings:
Mr John O’Dowd (Chairperson)
Mr Roy Beggs (Deputy Chairperson)
Mr Mickey Brady
Mr Jonathan Craig
Mr Simon Hamilton
Mr David Hilditch
Mr Trevor Lunn
Mr Mitchel McLaughlin
Ms Dawn Purvis

Also in attendance:

Mr John Dowdall CB

Comptroller and Auditor General

Mr David Thomson

Treasury Officer of Accounts

Witnesses:

Mr Iain Greenway

Ordnance Survey of Northern Ireland

Mr Paul Sweeney

Department of Culture, Arts and Leisure

1. The Chairperson (Mr O’Dowd):

I ask witnesses and members of the public to ensure that their mobile phones are turned off and not on silent mode; they interfere with the recording equipment. Today’s evidence session concerns internal fraud in the Ordnance Survey. Mr Paul Sweeney, who is the accounting officer for the Department of Culture, Arts and Leisure, will give evidence. Mr Sweeney will introduce his colleague and outline his responsibilities.

2. Mr Paul Sweeney (Department of Culture, Arts and Leisure):

Good afternoon. My colleague is Mr Iain Greenway, who has been the chief executive of Ordnance Survey of Northern Ireland since July 2006.

3. The Chairperson:

I will start the session with questions, and my colleagues will then be introduced to ask further questions. Evidence sessions usually take approximately two hours, although there is no fixed time limit.

4. I thank the witnesses for their attendance. The Audit Office report that we are examining today concentrates on a figure of approximately £70,000. Although that is by no means a massive amount of money in the context of the public purse, the Committee has chosen to examine the report because it views its subject matter as a case study and a reminder to other Departments that all financial proceedings for which they are responsible have to be properly managed and monitored.

5. The Committee acknowledges that the fraud that the report refers to was eventually detected, and a criminal prosecution resulted from that. However, prior to that fraud, the Ordnance Survey was the subject of another fraud a number of years ago.

6. The Committee wants to know the reasons that the lessons were not learnt from the first instance of fraud. When a Department, or an office of a Department, is dealing with finances, especially cash, there is always the possibility that fraud can occur. Why were the measures that were introduced after the first instance of fraud not imposed more stringently? Why did those measures not act either as a deterrent to the second instance of fraud or detect it at a much earlier stage?

7. Mr Sweeney:

It may be helpful if I were to differentiate between the two frauds. The first took place in 1988-91 in the map shop, and the second occurred in what I describe as a back-office context. The lessons that were learnt from and the recommendations that were made as a result of the first fraud were specific to the map shop enterprise.

8. Regrettably, insufficient connection was made between the proceedings in the map shop and the back-office, which was primarily responsible for cheque handling and credit control. Therefore, although a great deal of focus was on the map shop and cash reconciliation, there was a failure to make the connection between front-office and back-office functions.

9. The Chairperson: Both instances were similar in nature; they both involved cash flow through a Department. They both should have flagged up the same warning signals — any small business or any venture that has cash flowing through it always faces the possibility of fraud.

10. Therefore, although there may have been a physical and a duty separation, both frauds were similar. The recommendations that resulted from detection of the first fraud were relevant to the second. Therefore, are you saying that that was not the case, that there was a breakdown in communication or simply a breakdown in the system?

11. Mr Sweeney:

There is no doubt about that. I characterise the common features as follows: in both instances, there were serious shortcomings in the control framework in systems and procedures, and there was a failure to comply even when systems and procedures were in place. There was a failure of segregation of duties and a failure of management to provide adequate supervision. There was also serious failure in that no financial procedures manual was in place in either fraud. Therefore, there is no doubt, there were common features in both frauds, even though the degree and scale of fraud in the two were different.

12. Although lessons that were specific to the map shop and the cash reconciliation were learnt from the first fraud, with hindsight, insufficient effort was made to extrapolate those lessons into the back-office functions, where the more serious and substantive fraud took place.

13. The Chairperson:

The reason that I emphasise that is because this is a case study. I want to ensure that, when we publish our report, other Departments can look at it and that this is not dismissed as a case in which the individual involved has been arrested and prosecuted. The Committee feels that it is important that the report be drawn to the attention of other Departments in order that they know that although mistakes were made twice in the Ordnance Survey, other Departments could make similar mistakes. All Departments should, therefore, take heed of the report.

14. Moving on to a related subject, following the prosecution — or as a result of the prosecution — the court stipulated that approximately £70,000 had to be repaid by a certain date. Have those funds been recouped, or is a process in place to recoup them?

15. Mr Sweeney:

It was always the intention of the Department and the agency to seek full restitution. That decision was made in 2004. At the time, however, the best advice was to let the criminal case take its course first. That reached a conclusion in June 2006. Compensation of £30,000 was awarded in favour of the agency. That left a balance of approximately £40,000 to be recouped. Given our decision to seek full restitution, once the criminal case was over we commenced a civil action. We issued a writ in January 2007 for the repayment of £40,690. In response to that, we received a letter from the fraudster’s solicitors in February 2007. They indicated that there would be full restitution of the £40,690. The fraudster had undertaken to sell his family home, and full restitution would coincide with the date on which he was due to pay the original £30,000 compensation.

16. In July this year, we received two cheques from the fraudster through his agents. We received a cheque for £30,000, which was the compensation awarded by the court, and the £40,690, which resulted from the civil case that we brought in January. Therefore, full restitution of all the stolen funds has been achieved.

17. The Chairperson:

Are you saying that the fraudster had to sell the family home to make restitution?

18. Mr Sweeney:

We understand that his solicitor undertook in February to sell the house. Anecdotally, I am advised that that is indeed what happened. I do not want to show total disregard for the tragedy involved, but, in any event, the full sum has been repaid to the Department.

19. The Chairperson:

I do not want to minimise the theft of £70,000, but the fact that the fraudster had to sell his family home adds another tragic aspect to the story.

20. I should have stated at the start of the meeting that the Committee has two evidence sessions today in which it will deal with this case. After Mr Sweeney and Mr Greenway, the Committee will hear from Mr David Thomson of the Department of Finance and Personnel. That is information for members of the public who are present.

21. Members are free to ask questions. Mr Mickey Brady is the first questioner.

22. Mr Brady:

In 1999, shortly after the fraud began, the new chief executive allowed the finance manager to withdraw from day-to-day operations of the accounts branch. Can that be justified, given that the control environment may have been weakened at a time when there was a rapid growth in receipts?

23. Mr Sweeney:

There is no doubt that it cannot be justified. I have the company profile before me. The company’s turnover was increasing dramatically. There were staffing difficulties at the time, although that is not an excuse. A decision was taken to create that segregation. With hindsight, that was a serious mistake. The fact that turnover was increasing rapidly at the time is not a sufficient excuse; there were staff shortages, but they should have been addressed. Failure to address them created an environment in which fraud became more likely.

24. Mr Brady:

Was no provision made for the fact that a rapid growth had occurred? Was the intention that resources would be used to deal with that at a later stage?

25. Mr Sweeney:

Yes. The organisation — or agency — increased its income year-on-year from £1·5 million in 1997-98 to the current figure of approximately £10·7 million. The public had a phenomenal demand for OSNI services. Regrettably, there was not a commensurate increase in staff to catch up with that rapid demand for map sales.

26. Mr Brady:

Apart from the fraud, such a situation would, by definition, have put a lot more pressure on existing staff.

27. Mr Sweeney:

Yes.

28. Mr Iain Greenway (Ordnance Survey of Northern Ireland):

With the permission of the Chairperson, I will provide more detail. As Mr Sweeney has outlined, the growth in revenues was significant and was part of an ongoing growth in ordnance survey as a Government entity. Much of that growth resulted from significant payments from other Government bodies for the use of mapping, and those payments took the form of a single cheque or a single financial transfer that went into OSNI’s bank account. Therefore, the growth in activity would not be directly proportionate to the growth in revenue because those large single payments flowed into bank accounts. In January 2004, the map shop took £25,000, which comprised £14,500 in cheques and £10,500 in cash. Although that is a snapshot, it is illustrative of a wider picture of the sort of amounts that were flowing into the map shop.

29. Mr Brady:

The report explains how the fraud was committed. Basically, Mr Steenson opened post on his own, removed cheques as he pleased and retained cash in his drawer. How was such an environment for cash handling allowed to develop, particularly as there had been a previous fraud?

30. Mr Sweeney:

The picture is one of an individual in his late forties who worked for the organisation for approximately 29 years. He worked in a financial role function since 1993. The report says that the fraud was not particularly sophisticated. The mechanics were such whereby the fraudster arrived at work between 7.30 am and 8.00 am each day, and he opened all the incoming post, which included cheques. Iain Greenway has already given a broad indication of how much was involved in any one month. Therefore, Mr Steenson was able to open the post and identify a number of cheques. He was also in receipt of the cash from the map shop. He stole the cash, replaced it with cheques, and drew fictitious credit notes for the debtors who had paid by cheque, and the money was lodged. In hindsight, that should never have been allowed to happen, as Mr Steenson was a credit controller. There was a failure of segregation of duties whereby he was able to open the cheques, reconcile the cash at the end of the day, and authorise credit notes, some of which he fabricated.

31. Mr Brady:

You said that the fraud was not sophisticated but that it was discovered only when Mr Steenson was on sick leave. Is there a possibility that had he not gone on sick leave, the fraud would not have been discovered and would have continued because he was in a position to cover his tracks?

32. Mr Sweeney:

The fraud in question was more sophisticated than the first fraud, which was very basic. There was a degree of cunning in the second fraud, in the sense that several activities were involved. Again, that was because the failure of segregation of duties led to the individual’s being able to manipulate a number of circumstances. There is no doubt that the situation’s coming to a head coincided with a serious period of illness for Mr Steenson.

33. There was a bad debt arrangement in the agency, and significant resources were put into addressing that problem. At that stage, it was noticed that irregularities were, regretfully occurring as far back as October 2002. With hindsight, there was some indication of irregularity. On balance, there is a good chance that the bad debt was being managed, and we were working to eradicate large bad debts down to smaller amounts. I believe that it was only ever going to be a matter of time before the discovery of the irregularities to do with the letters and telephone calls from customers who had sent cheques for which they were not credited. There is no doubt about that. However, those irregularities proceeded for several years before they were absolutely discovered.

34. Mr Brady:

There is a possibility that had the employee been on a short, rather than an extended, period of sick leave, the irregularities may not have been discovered.

35. Mr Sweeney:

There is that possibility. However, I am advised that it was inevitable that the irregularities on the management of the bad debt would be identified. I do not take any satisfaction from that, but it is possible that the crime would have been uncovered if Mr Steenson had not been off work.

36. Mr Brady:

The report lists a series of control failures, including inadequate segregation of duties and poor supervision. Do you consider those to be the most basic of controls? Who do you think is to blame for that complete lack of proper financial stewardship?

37. Mr Sweeney:

As I said at the beginning of the meeting, there was a control framework, and systems and procedures were in place. In hindsight, however, they were inadequate. Several internal audit exercises were carried out at the time, and a number of weaknesses was demonstrated. However, internal audit also identified how the agency adhered to several recommended practices for locking away cash, for instance. However, that was not always the case. There were some shortcomings in basic tasks: for example, one person opened the morning post, when the working practice presumed that there should have been two. There was, therefore, a failure to comply with systems and a failure of supervision.

38. Mr Brady:

It has already been mentioned that the sum of money involved was relatively small. However, the basic controls over larger amounts of money — payments from other agencies, for instance — might have been greater. Basic controls should be in place, irrespective of whether £20 or £70,000 is being sent to the agency. The controls were not in place to ensure that irregularities did not occur.

39. Mr Sweeney:

There were serious shortcomings in the control framework at the time. I am sure that we will go on to talk about the arrangements that are in place now. Strenuous efforts have been made to address those shortcomings, but when the two frauds were being perpetrated, there were serious shortcomings in the control framework and in the adherence to it.

40. Mr Craig:

I will continue in the same vein. Paragraph 12 on page 8 of the Comptroller and Auditor General’s report refers to a “lack of written financial procedures”. I know that the agency found itself in an interesting situation, given the rapid increase in the workload, but that inevitably leads to staffing issues. I am surprised that detailed written financial procedures were not in place, because it would have been a difficult situation to handle without them. In the absence of those procedures, how was anyone in the office supposed to recognise that illegal practices were taking place?

41. Mr Sweeney:

Various practices had built up in the office, but no comprehensive financial procedures manual was in place. For example, a core feature of such a manual would have provided a challenge function, through which other members of staff could have challenged what they considered to be shortcomings. A financial procedures manual that was accessible to all staff could have at least mitigated the circumstances in which this type of fraud was committed. A financial procedures manual should have been in place and available to all staff, but there was none, which was a serious shortcoming. That has subsequently been done, and it is updated regularly. Various audits have been carried out since then. The staff have been trained in the use of the manual and are adhering to it.

42. Mr Craig:

Paragraph 45 of the report states that the agency had not trained staff in fraud awareness. I found that surprising, given the fraud that occurred in 1991. Surely if any sort of fraud training had been provided to the staff it would have mitigated the extent of the second fraud. Are you aware of any reasons that no fraud training had been given in the wake of the 1991 incident?

43. Mr Sweeney:

As you know, central guidance had been made available in the agency from as early as 1998. The agency put in place a fraud policy in 2002, but it was not until 2004 that it developed a systematic approach to training staff in fraud awareness. I am not saying that there was complete ignorance of fraud in the organisation at the time, but the formal establishment of a fraud policy and a fraud response plan, with formal training for staff, did not happen until 2004 onwards.

44. Mr Craig:

Paragraph 46 of the report explains that although whistle-blowing legislation was enacted in 1999, the agency did not introduce a whistle-blowing policy until 2003. Does that explain the situation? I was surprised that the agency had not introduced that policy sooner.

45. Mr Sweeney:

Again, the fact that the agency did not adopt that policy until 2003 was a serious shortcoming.

46. Mr Craig:

Do you think that there was an element of complacency in the management of the incident at the time?

47. Mr Sweeney:

Members may feel that this is a self-serving statement, but the agency did some fine work. Its role and significance was growing, and as an exemplar in the public sector, it turned itself around from a loss-making concern into an organisation with a surplus of about £1·8 million this year. There is much in the organisation that is highly commendable. However, those two frauds — and this Audit Office report — have indicated that there was insufficient awareness of the management of fraud. There was certainly an over-reliance on the trustworthiness of one long-serving member of staff, who, all other things aside, had an unblemished performance record. There was a serious flaw in that that individual found a place in the line of command where there were vulnerabilities.

48. Mr Craig:

One can never fully guard against fraud, but are you satisfied that the procedures and awareness training that are now in place could potentially stop such an incident happening again?

49. Mr Sweeney:

It was true of the earlier fraud that several recommendations on basic cash reconciliation were almost immediately introduced, and so it was with the second fraud.

50. Internal audit played a very proactive role. A whole series of recommendations were identified and actions taken with regard to the control framework, and, in particular, the segregation of duties and the supervisory role. As a result of the work carried out by internal audit and by senior management within the agency, and the implementation of various policies and training programmes, there is much less chance of fraud being perpetrated again.

51. Mr Greenway:

It might help the Committee if I gave a feel for the range of controls that are now in place in OSNI. As Mr Sweeney mentioned, a seminar on managing fraud has been delivered to over 50 staff — all those in supervisory grades and above, and all those with responsibility for handling money. That is about a third of the agency’s staff. The seminar covered issues such as the nature of fraud, the warning signs of fraud and how to reduce the risk of fraudulent activity.

52. OSNI has a regularly revised fraud policy, a whistle-blowing policy and a fraud-response plan, and they are subject to annual review by the management board. As Mr Sweeney mentioned, there is a complete financial procedures manual, which goes into significant detail on handling everything through the accounts branch, and there is a parallel document in the map shop. They both detail procedures, but they also allow staff to have greater confidence to challenge what is happening in the office, if they feel that something is not being done correctly.

53. All senior managers have been trained in risk management. There is an annually reviewed risk-management policy. Fraud appears on OSNI’s risk register, which is regularly reviewed by the management board. The audit and risk management committee has been reconstituted; it now has a chairperson from outside OSNI. We have reviewed the terms of reference to ensure that they include anti-fraud and whistle-blowing matters.

54. We have appointed a security officer and we have a clear-desk policy, which is regularly reviewed through random checks carried out by Department of Culture, Arts and Leisure staff, who report back to the management board. As Mr Sweeney said, non-accounts staff now open the post — two staff members open all post and record all cheques. The banking for accounts branch and for the map shop are now carried out completely separately. Money is put into tamper-proof bags each day and taken to the bank by Securicor. Accounts branch has no access to cash, other than the minimal amounts in the petty cash float. All activities involving cash, raising credit notes and so on are subject to percentage checks by finance managers who do not have any involvement with those activities, as a result of segregation of duties.

55. There are pro formas for the raising of credit notes for journal entries, which must be counter-signed by at least two staff of managerial grade. The finance manager cannot raise credit notes, because he is responsible for some of the checking of those activities. The writing-off of bad debts has been formalised into a pro-forma system that requires at least two managerial signatures, so there has been a segregation of duties there as well. I hope that that helps the Committee to get a feel for the range of responses that OSNI has tightened and reviewed — and continues to regularly review — with assistance from internal audit.

56. Mr Beggs:

A PAC report in 2002 dealt with similar frauds in the finance branch of the Local Enterprise Development Unit (LEDU). It identified inadequate separation of duties and poor supervision as the main control weaknesses. It is disturbing to see those same mistakes repeated. Mr Sweeney, what actions did your Department and its agencies take on receiving that PAC report in 2002? How did you learn the lessons from that?

57. Mr Sweeney:

I can only outline what I imagine would have happened in the Department at that time, based on what happens with all PAC reports. Such reports are cascaded down through the Department, with the presumption that people will read them and learn lessons from them. On two occasions, our organisation has used the OSNI fraud as a case study in working with senior management and external bodies.

58. To return to your specific question, Mr Beggs, beyond my presumption that that report would have been cascaded down through the organisation and an obligation placed on senior management to take on board the lessons learnt, I cannot be more specific. I cannot say what specific steps the Department and the agency took in 2002 in respect of the LEDU case.

59. Mr Beggs:

Do you accept that, if management had read and understood that report, the subsequent fraud would not have occurred?

60. Mr Sweeney:

I cannot give that guarantee.

61. Mr Beggs:

Is it likely that, if the recommendations about the segregation of duties and other issues had been implemented and the management had developed a better understanding of their responsibilities, the fraud would have been detected earlier?

62. Mr Sweeney:

My view is that an over-reliance on that long-serving individual and a failure to segregate duties were ingrained practices in the modus operandi of OSNI. Even if the lessons from the report on the fraud in LEDU had been fully taken on board, I cannot guarantee that this instance would have been avoided. One would like to think that that should have been the case, but there was misplaced over-reliance on the trustworthiness of an individual.

63. Mr Beggs:

Figure 2 and appendix 1 of the report show that there are a number of lessons to be learnt from this case. Can you summarise what you think those key lessons are?

64. Mr Sweeney:

The overarching lesson is, simply, that fraud will not be tolerated, and when fraud is perpetrated, the full rigour of the law should be brought to bear. No officer should be given the impression that there is a lackadaisical attitude to fraud.

65. Beyond those overarching lessons, the core characteristics of the fraud that I would identify are: a failure to comply with the systems that were in place; a failure of supervision; a failure to segregate duties; and, of course, the absence of a financial procedures manual, which was a particular shortcoming in this instance.

66. Mr Beggs:

Are you satisfied that those lessons have been circulated as widely as possible in the Department, to other relevant agencies, and, indeed, to other Departments?

67. Mr Sweeney:

Several steps have been taken. Apart from the measures that Mr Greenway outlined, which relate specifically to OSNI, in 2004, the then permanent secretary of the Department of Culture, Arts and Leisure brought together the Department’s senior managers and the NDPBs and arm’s-length bodies for which the Department is responsible. The OSNI fraud was used as a case study, and the circumstances that gave rise to it, the lessons that were learned and the steps that have been taken were considered. That was important — important enough for me to repeat the exercise last year. In September 2006, I brought together the Department’s senior finance personnel and the people responsible for financial accountability in the arm’s-length bodies, and, again, we used the OSNI fraud as a case study in order to learn lessons.

68. Further to those actions, other steps were taken. Recently, I conducted a governance and accountability audit of all the external bodies for which the Department is responsible. I sought to identify areas of risk and weakness and, in particular, to zone in on those bodies’ fraud policies and their risk-management systems relating to fraud. That exercise has been completed.

69. Finally, to bring you completely up to date, I recently asked internal audit to independently assess the Department’s management of fraud, and it has been rated as satisfactory.

70. Mr Beggs:

This discussion has been about the Department of Culture, Arts and Leisure. Have the lessons learned in the LEDU and OSNI cases been grasped by other Departments and agencies, in order to prevent similar cases in the future?

71. Mr David Thomson (Treasury Officer of Accounts):

Perhaps there will be an opportunity for me to discuss this with the Committee later on. This is one of the topics that have been discussed at the fraud forum.

72. Mr Beggs:

Paragraph 42 of the report refers to a review in March 2004. It is noted that only 77% of the significant recommendations made following the fraud had been implemented. That means that 23% of the recommendations had not been implemented after a period of seven months. Which recommendations were not implemented promptly — and why?

73. Mr Sweeney:

All of the recommendations were acted on. However, by that stage — March 2004 — only 77% had been fully implemented. There were seven areas where a number of recommendations had not been fully implemented. If it helps the member, I can go through each of those seven areas. Shall I do that?

74. Mr Beggs:

Yes, please.

75. Mr Sweeney:

First of all, a security officer for the building had not been appointed by March 2004. Mr Greenway has already mentioned the security officer. There were no formal records of when staff discounts had been applied. I have been advised that, in fact, they were in place, but the auditors at that time had not picked up that fact. There was an issue as regards to the credit-card swipe machine, which was not yet able to blank out the last three digits on a till receipt. I am advised that it was not feasible to do that at that time. There was a shortcoming as regards to general journal entries, in that there was an inadequate separation of duties. The issue of petty cash remained outstanding at that time. There was also an issue about the location of debt management staff. There was a suggestion that staff should be separated from each other and that posts should be regularly rotated. However, it was later agreed with internal audit that there was no need for that recommendation to be implemented.

76. I want to assure the Committee member that — although only 77% of the recommendations had been fully implemented at that stage — all of the recommendations were being acted on. When a full compliance audit was conducted in September 2006, 100% of the recommendations that could feasibly be implemented had been implemented.

77. Mr Beggs:

Are you saying that seven months after a review which identified some issues that are pertinent to the case, those issues had not been acted on — journal entries, separation of duties? Why had they not been implemented? Is that not the responsibility of management?

78. Mr Sweeney:

In some instances it turned out that it was not feasible to enact them. That was the case with the credit-card swipe machine. In some instances, internal audit subsequently agreed that the recommendation did not have to be acted on. Action was being taken in other areas, such as the appointment of a security officer. By March 2004, the security officer had not been appointed, but subsequently that person was appointed. I must assure the Committee member that all the recommendations were being acted on. The fact was that, by the time of the interim compliance check, not all of the recommendations had been 100% implemented.

79. Mr Beggs:

In paragraph 44 of the report, the Northern Ireland Audit Office states that you:

“placed a high degree of reliance on the ongoing positive reports from internal and external audit.”

80. Is that not a basic misunderstanding of the role of the audit process and the responsibility that falls on management? Management should not rely on an external audit to say that all is well and should delve into everything. Do you accept that you and your Department have placed too much reliance on the audit process?

81. Mr Sweeney:

I concur with the member’s opinion. The function and role of internal audit is to assist senior management in discharging their responsibilities. However, it should be only one of the mechanisms that senior management brings to bear as a means of satisfying itself about the appropriateness of the control framework. I do not want to give the impression that those two fraudsters were able to do what they did because internal audit let down the Department and the agency. That is not the case. Internal audit, in my experience, generally provides a very good service. However, it is only one of senior management’s functions that may be brought to bear when discharging their accountability responsibilities.

82. As Iain Greenway said, a number of steps have been taken to beef up the role of the audit and risk management committee in the agency, including the appointment of an external chairperson. The deputy secretary of the Department now sits on that committee. I do not wish to apportion blame to internal audit for what happened in OSNI.

83. Mr Beggs:

Who is to blame? Public money was fraudulently removed from the agency: who is to blame? You said that neither management nor internal audit is to blame. This was public money: who is to blame?

84. Mr Sweeney:

On reflection, and having read the report, there were serious shortcomings in the control framework, in systems and procedures, in compliance and in the segregation of duties. Excessive trust was placed in one individual, and a financial procedures manual was not in place. Those were serious shortcomings.

85. Mr Hamilton:

You said that there was perhaps an inevitability in detecting the fraud, because of the nature of it, and that there was a possibility, even without extended sick leave, that the fraud might have been detected. Paragraphs 30 to 35 of the report highlight some clear, consistent warning signals that showed that the fraud should have been detected earlier. There were inconsistencies in the debtors report. There were a series of customer complaints and a general problem of one individual opening the post. If those warning signals had been acted on, could the fraud have been detected earlier?

86. Mr Sweeney:

With hindsight, there is no doubt about it. There was a tipping point around October 2002 when the accountant at the time became concerned about debtors who had received correspondence and who had subsequently contacted the agency to state that they had actually paid their debt. However, at that time, fraud was not suspected. The context was one of an organisation that was growing dynamically in its turnover. There were staffing issues, and the presumption was that there was a failure in systems. Again, with the gift of hindsight, if there had been a greater culture of fraud awareness, perhaps an explanation about systems failures would have been questioned. In October 2002, there may have been an opportunity to proactively identify the propensity for fraud.

87. Mr Hamilton:

A lack of culture of fraud detection meant that even though some of those warning signs had been raised — and some were explicitly clear — almost fell on deaf ears. Would it be fair to say that there was no fraud awareness to enable those warning signs to be picked up and taken forward in order to lead to a proper investigation to unearth the fraud?

88. Mr Sweeney:

I would not use the term “deaf ears”. However, to fast-forward to now, part of the fraud policy is a presumption whereby it is incumbent on all senior management, particularly in finance functions, to be aware of fraud, to be intolerant of it, and to positively create an anti-fraud culture. That means that a degree of suspicion must be built into the way in which senior management deliver their job. There is now a serious awareness of the responsibilities of having an anti-fraud presumption within an organisation, agency or Department, compared to October 2002. If the culture that pertains now had pertained in October 2002, the telltale signs that had initially been identified as systems failures might have led to another line of plausible inquiry, which would have been a presumption of fraud. There was an insufficient presumption that fraud was a possibility in that instance.

89. Mr Hamilton:

Do you believe that that culture was not there at the time, but that it is now?

90. Mr Sweeney:

I am not saying that there were “deaf ears” or that people were oblivious to the potential for fraud, but, as a result of the steps that have now been taken, when shortcomings are identified, one line of inquiry would have to proactively be a presumption towards an explanation that arises from the possibility of fraud, as opposed to presuming that there was a systems failure.

91. Mr Hamilton:

Paragraph 32 specifically says that the accountant was aware of the customer queries that you mentioned: the complaints about their balances not matching what they had paid. In attempting to deliver a high standard of service throughout the public sector, customer complaints are an important aspect of the job. Quite a volume of customers were complaining, and a lot of money was involved. What does that say about the attitude, or indeed the culture, towards customer complaints in the organisation at that time?

92. Mr Sweeney:

I do not want to contradict the member. Large sums of money were coming in, in the form of cash and cheques. However, I think that there were 10 complaints, or fewer; there were not a plethora of complaints on a daily basis. Although significant sums of money were involved, the number of debtors that contacted the agency to say that they had paid was 10 or fewer.

93. Mr Greenway:

That is true and, because the debts were related to the map shop, they would have been in the order of tens of pounds, not larger amounts. There were small numbers of complaints for small amounts of money. With hindsight, they pointed to something bigger. However, they were pursued as customer complaints and dealt with on a case-by-case basis. Systems were looked at; in reference to your and Mr Sweeney’s earlier point, we would now almost start with the suspicion that fraud is there until proved otherwise.

94. Mr Hamilton:

Without wanting to minimise the number of cases or the money involved, the number of cases and the amount of money was not that great. However, the culture of a lack of awareness of fraud meant that it was not picked up at the time when the complaints were being received.

95. Mr Sweeney:

I do not want to be pedantic, but there was insufficient awareness of fraud. I would not say that there was a complete lack of awareness of fraud. The evidence suggests that there was insufficient awareness of fraud in the sense that the culture now is that fraud would be considered as an explanation for those irregularities. It is regrettable that that presumption was not made at that time.

96. Mr Hilditch:

Paragraph 15 refers to the case management group that was established to handle the fraud. What was the role of that group, and is that the best model for handling the follow-up to serious fraud?

97. Mr Sweeney:

That is something that should be a core part of our anti-fraud response. A fraud investigation team should be established. One of the core functions is to protect the evidence. Where prima facie evidence emerges that fraud has been perpetrated, there is a service-level agreement with the PSNI — a memorandum of understanding — whereby we can involve the police at an early stage. The fraud response plan kicked in immediately and, subsequently, the agency has been commended for the manner in which it dealt with the issues thereafter. The perpetrator admitted the fraud, and that assisted the police with the criminal proceedings. The fraud investigation team and the fraud response plan have been established and inculcated into the operation of the agency. I do not want to say that the agency was wonderful, but it has been commended for the steps that it took once the fraud had been identified. The report recognises that the steps that the agency took and its fraud response plan complied with best practice.

98. Mr Hilditch:

OK. Basically, the case management group was an in-house group. Was there no external representation, other than occasional police attendance?

99. Mr Greenway:

The case management group consisted of the chief executive of OSNI, the corporate services director of OSNI and the internal audit manager, who had been appointed as the investigating officer under the procedures set out in the fraud response plan. That was the core membership of the group, with secretariat services provided by internal audit. That group brought in the Departmental Solicitor’s Office, the police and others, as necessary, as the work progressed.

100. Mr Hilditch:

Of the 10 meetings that took place, how many did the police attend?

101. Mr Greenway:

I would have to provide that information in writing to the Committee.

102. The Chairperson:

Please do.

103. Mr Hilditch:

The Committee will want to know the answer to my next question. Mr Steenson worked in the accounts branch from 1993, but paragraph 16 indicates that the earliest date for which bank details were available was October 1997. How can you be satisfied that the figure of £70,000-plus that you have identified represents the full amount of the fraud?

104. Mr Sweeney:

Under the departmental financial procedures manual, our practice is to keep bank records for seven years. Therefore, October 1997 was the furthest that we could go back. We now know that that was 11 months before the fraudster started to steal the money. We went as far back as was possible, given the available bank records. In that 11-month period, there was no evidence that money was being stolen from the finance branch or the map shop. All the reconstruction of the reconciliation between bank records and cash and cheques indicated that Mr Steenson was the only person involved.

105. Mr Hilditch:

So you are assuming that the clean bill of health during those 11 months reflected the previous four years?

106. Mr Sweeney:

No; there was a clean bill of health right from October 1997, which was the earliest date for which we had bank records that we used to reconcile with the records of cash and cheques in the map shop and the back-office functions of finance in OSNI. We had records for the period over the five years when the fraudster perpetrated the crime. However, there was that period of 11 months. Had we been able to go back further, we would have done so, but no further bank records were available to us. As I said, we keep bank records for seven years, after which they are expunged.

107. Mr Lunn:

Paragraphs 22 and 23 refer to disciplinary action taken against the finance manager. He received a written reprimand. I imagine that that is as close to a slap on the wrist as you can get; it is one of the mildest sanctions available in the Civil Service. Does that not sent a very weak signal about what happens to a finance manager who fails in his duty?

108. Mr Sweeney:

Several steps were taken at the time. It was a serious issue, and the appropriateness of taking disciplinary action had to be examined. The Department brought in an independent assessor to examine all the facts, and that person made a recommendation about what would be proportionate discipline. The management at the time, with the benefit of that independent review, reprimanded the finance manager, and a note was placed on that person’s file for up to three years.

109. For a person whose career is in the public sector, such a reprimand is far from being a slap on the wrist. The fact that the case has rightly become a cause célèbre and an example from which others can learn, means that day and daily the individual concerned is highly conscious of their shortcomings and the role that they played. The reprimand was an extremely serious measure that was not taken lightly.

110. Given that the individual still works in the Department of Culture, Arts and Leisure, I know the impact that the case has had on him. The person did not treat the reprimand and the three-year note on his file as though it was a slap on the wrist. At the time, the considered view of management was that it was a proportionate level of discipline. Nevertheless, it was a serious disciplinary measure.

111. Mr Lunn:

I am afraid that all my questions are about discipline, or, if you like, retribution. Paragraph 24 of the report discusses how the professional accountant who identified concerns as early as October 2002 failed to ensure that they were followed up before leaving the agency. Yet there was no disciplinary action taken. The report states:

“the matter should be drawn to the attention of the accountant.”

Is that not another weak signal about your tolerance of failures relating to anti-fraud controls?

112. Mr Sweeney:

I will ask Iain Greenway to answer that.

113. Mr Greenway:

I refer to what Mr Sweeney has said: an external assessment was carried out on all the events connected to the fraud and on all the disciplinary issues. That assessment assisted in informing management and the chief executive of any appropriate disciplinary steps. Given the weight of evidence that was available at the time, the decision was made to draw the matter to the accountant’s attention. As Mr Sweeney suggested, in hindsight, that was the tipping point when the fraud may have been discovered.

114. However, at the time, the problem seemed to be that there were some glitches in the system, and the individual member of staff left the agency within a few weeks of that incident. Taking into account all the evidence that existed at the time, it was felt to be an appropriate level of discipline.

115. Mr Lunn:

Following on from that, although it was thought that the customers’ queries were due to system glitches rather than evidence of fraud, presumably the accountant would have started a file that they would have passed on to their immediate successor, if there was one. Yet everything seems to have simply been lost when the accountant left and was not followed up.

116. Mr Greenway:

At that point, the failing was that when the individual accountant left the agency, she did not pass on the information to anyone. As she had no immediate successor, it should have been passed on to the finance manager.

117. Mr Lunn:

Paragraphs 22 to 24 suggest that there was a considerable degree of supervisory negligence. During the period of the fraud, were any performance bonuses paid to the chief executive of the agency or to Mr Steenson’s line managers? If so, how much did they receive?

118. Mr Sweeney:

Chair, if it meets with your approval, I will have to write to the Committee specifically about that because I do not have that information at hand now.

119. The Chairperson:

OK. That is satisfactory.

120. Mr Lunn:

Paragraph 26 states that you decided “on legal advice” not to pursue the forfeiture of any pension rights. I am curious about the reason that that decision was made. I can see that it was made on legal advice, but surely the forfeiture of one’s pension rights would be a strong deterrent against internal fraud.

121. Mr Sweeney:

That mechanism is available as one of a range of steps that can be taken to discipline people or to seek restitution.

122. At the time, the Department sought legal advice about the appropriateness of the forfeiture of pension rights. The clear legal advice was that it would be inappropriate to apply it in that case. There are two situations in which the forfeiture of pension rights can be considered, but the legal advice was unequivocal in stating that it should not be applied in this case. We complied with the legal advice.

123. Mr Lunn:

Was the legal advice given on the basis that the offence was not serious enough to justify forfeiture of pension rights, or was there some other reason?

124. Mr Sweeney:

I did not engage myself with the legal advice, and I have not taken the opportunity to look at it, beyond the fact that there are two situations in which forfeiture of pension rights can be considered. Those situations include, for example, an overt threat to the state. That gives you an idea of the degree of circumstances within which forfeiture of pension rights can be considered. However, the legal advice on the incident that we are discussing was very clear: forfeiture of pension rights was not considered to be an appropriate action.

125. Parallel to that, the Department had already proactively decided that, regardless of the outcome of the criminal case, if it created a gap in compensation, it would go for full financial restitution by way of a civil action. As it happens, it seems that the individual recouped money by selling his family home. Forfeiture of pension was an option, but it was rejected on legal advice.

126. Mr Greenway:

It may help the Committee to know that the two grounds to which Mr Sweeney is referring are that it is possible to pursue forfeiture of pension in a situation where an offence has been committed and:

“certified by a Minister of the Crown either to have been gravely injurious to the State or to be liable to lead to a serious loss of confidence in the public service;”

That is the relevant legal reference.

127. Mr Lunn:

The second could possibly apply. Are you saying that the offence was not considered to be serious enough offence to justify forfeiture of his pension, or any part of it?

128. Mr Sweeney:

The offence was very serious, and the Department was determined that there would be full restitution. The forfeiture of pension was considered an option, but under unequivocal legal advice it was not pursued. It would have been foolhardy to have set aside the legal advice at the time.

129. Mr Lunn:

I will not say that this man has got off scot-free, because he has not; he has lost his reputation, and he may or may not have had to sell his family home. These days, an awful lot of people who are at the stage in life that he reached sell their family homes for perfectly good reasons, such as downscaling. I am not convinced that he had to sell his family home to avoid the suspended sentence being invoked.

130. In response to Mr Beggs earlier, you said that there was now zero tolerance of fraud, and that you wanted to send out the right message to anybody who might be contemplating it. However, this man does not appear to have been fined or served any time in jail, and he does not appear to have had any financial loss whatever. He has stolen the money, and he has possibly stolen more than has been discovered — who knows? The failure of bank records means that I do not know what happened before it was discovered. He has got off without financial penalty, and that was the reason that I was asking about the possibility of forfeiture of pension.

131. Mr Sweeney:

All public servants subscribe to a code of ethics to which honesty and integrity are central. Therefore, it is intolerable and a total betrayal of taxpayers’ trust when a public servant gets involved in such actions. I am proud of the public sector’s track record, which is highly commendable. However, it was a matter for the courts to reach a decision on this individual in the first instance. I do not want to second-guess the proportionality of the punishment that the judge adjudged to be appropriate.

132. The judge handed down a suspended custodial sentence. He also made it clear that a compensation package of £30,000 must be paid within 12 months. Had that not been paid within 12 months, the person would have had to have gone to jail for nine months and still have had to pay the £30,000. Over and above that, the Department was determined to seek full restitution of any balance. I cannot say with certainty the reasons that the individual sold his house, or whether, indeed, he did sell it. I can say, however, that he had a heart attack when the matter came to a head in July. The prima facie evidence emerged in August. It is a matter for the member to judge. However, this matter provides a salutary lesson for any public servant who engages in fraudulent activity: it simply will not be tolerated, and there is a serious price to be paid.

133. Mr Lunn:

Mr Sweeney has made the point for me: I hope that others will have noted that salutary lesson.

134. The Chairperson:

That concludes Mr Sweeney and Mr Greenway’s evidence session. I am probably setting myself up for a fall, but to paraphrase Oscar Wilde, one fraud may be regarded as a misfortune; two looks like downright carelessness. Obviously, Wilde was referring to losing parents. The evidence has shown what has been confirmed in the Comptroller and Auditor General’s report; namely, that the fraud was uncomplicated and should have been detected easily. On consideration of the evidence that has been presented, it appears that lessons have been learnt. As the Committee prepares its report, it will be able to establish more firmly whether that has been the case.

135. However, the more evidence sessions that I hear from various Departments, whether they concern fraud, malpractice or whatever, it seems that a great deal comes back to the lack of written documentation, guidance, codes of practice, or a simple memo. As you have mentioned several times, it appears that in this case there was no written financial guidance. Mr Greenway has described a lengthy list of guidance and management controls that are now in place. One of the Public Accounts Committee’s roles is to identify best practice for other Departments. If the Committee believes that those controls demonstrate best practice, it will be more than happy to identify those and for other Departments to take guidance from them.

136. However, several issues must be dealt with. When you forward your evidence on how often the PSNI attended meetings, and so on, Mr Greenway, can the Committee also have a copy of the legal advice to which you referred earlier?

137. Mr Greenway:

That information was provided to the Audit Office as it prepared its report. Do you wish us to provide it to the Committee as well?

138. The Chairperson:

It would be useful if that information could be provided to the Committee for ease of reference. Mr Lunn had asked for information.

139. Mr Lunn:

I cannot recall what about, Chairman.

140. Mr Sweeney:

There was a question about performance.

141. Mr Greenway:

There was a question about case-management meetings.

142. The Chairperson:

The Committee will write to you outlining the articles that it requires in writing. Thank you for you contribution.

143. Mr Sweeney:

Thank you, Chairman.

18 October 2007

Members present for all or part of the proceedings:
Mr John O’Dowd (Chairperson)
Mr Roy Beggs (Deputy Chairperson)
Mr Mickey Brady
Mr Jonathan Craig
Mr Simon Hamilton
Mr David Hilditch
Mr Trevor Lunn
Mr Mitchel McLaughlin
Ms Dawn Purvis

Also in attendance:
Mr John Dowdall CB, Comptroller and Auditor General

Witnesses:

Ms Alison Caldwell
Mr Ciaran Doran
Mr David Thomson

Department of Finance and Personnel

144. The Chairperson (Mr O’Dowd):

I now welcome Mr Thomson, who is a familiar face to the Committee. Mr Thomson, I invite you to introduce your team and describe their responsibilities.

145. Mr David Thomson (Department of Finance and Personnel):

I will take 30 seconds to introduce Mr Ciaran Doran, who is deputy treasury officer of accounts and who chairs the fraud forum. It is my intention to attend most Public Accounts Committee hearings as treasury officer of accounts (TOA) on behalf of the Department of Finance and Personnel (DFP) and to help the Committee when I am needed. However, that may not always be possible. For work-management purposes, I would like Mr Doran to attend the Committee as my deputy occasionally.

146. Therefore, it is a good opportunity to introduce Ciaran to the Committee and to tell you that I am planning — I have mentioned this to the Committee Clerk — for Ciaran to act as TOA on the job-evaluation hearing that is planned for December 2007. Alison Caldwell is the head of the fraud and internal audit policy unit in DFP.

147. The Chairperson:

The very alarming estimates of fraud are mentioned in paragraphs 4 and 19 of your briefing paper. The Committee is determined to lean against any assumptions that such massive misuse of resources has to be accepted. What are the priorities in tackling fraud more effectively and reducing that enormous strain on the public purse?

148. Mr Thomson:

The figures in that briefing paper regard estimates of fraud in the general economy — they are not indicative of fraud in the public sector only. However, fraud in the public sector is a serious matter, and it concerns us.

149. We have taken a lot of steps over the past few years that I hope are reflected in the briefing paper. The real emphasis is on fraud prevention. A secondary measure will be making sure action is taken if we become aware of any instances of fraud — we heard that issue being discussed during the last session.

150. However, the real emphasis must be on fraud prevention. DFP’s role is to help other Departments to do that. We will do that primarily through the provision of advice and guidance, and we will also try to be proactive. I am pleased that the fraud forum is now up and running, because that provides us with the opportunity to get Departments together and actively share lessons with them.

151. The Chairperson:

Paragraph 26 of your briefing paper highlights new powers that will enable the Comptroller and Auditor General, in conducting a national fraud initiative, to:

“analyse data from any part of the public sector on a mandatory basis”.

152. How will you ensure that all public-sector bodies will be geared up to participate in a national fraud initiative?

153. Mr Thomson:

The Serious Crime Bill is still proceeding through Westminster, but the assumption can be made that it will receive Royal Assent in due course having worked its way through Parliament. That will mean that Departments will have a statutory requirement to participate and to provide any evidence that the Comptroller and Auditor General may want. Therefore, Departments will not be able to opt out. However, I do not envisage Departments having to be forced to comply — I think that they will willingly share information. Ciaran may want to comment, as he has been involved in drawing up the legislation.

154. Mr Ciaran Doran (Department of Finance and Personnel):

Over the past number of months, we have worked closely with the Audit Office on this piece of legislation. The National Fraud Initiative has operated for a number of years in England and Wales. The intention will be to use the experience from England and Wales initially to start the process. That will probably be from the start of the next financial year.

155. The Chairperson:

Did you say that the framework for that exists in England and Wales?

156. Mr Doran:

Yes. The National Fraud Initiative has operated informally in England and Wales for —

157. The Chairperson:

Therefore, it has been run almost on a pilot basis. Has it proven successful, or is it too early to gauge its success?

158. Mr Doran:

The last published figure from the Audit Commission in England stated that approximately £110 million savings to the public sector was made. The importance of the National Fraud Initiative is that it is essentially a means of preventing fraud and detecting its possibility.

159. Essentially, mismatches of information are supplied to the public-sector body to follow-up. In some cases, those mismatches might be fraud; in others, they might be genuine error. The importance is that it is a means of generating significant savings in the public sector.

160. The Chairperson:

OK. Thank you.

161. Mr McLaughlin:

Thank you, David; we are becoming familiar with each other in these circumstances. I want to ask several questions, but, first, I draw attention to a point that I found interesting. The first sentence of paragraph 4 of your paper says:

“Before addressing the management of fraud in the Northern Ireland public sector”.

That might be an unfortunate choice of words. If journalists, such as Newton Emerson, were to read that, they might comment. We are talking about fraud prevention rather than fraud management.

162. Mr Thomson:

As the author of the document, I fully accept that point. I assure the Committee that I do not manage fraud.

163. Mr McLaughlin:

We would need to refer to Mr Steenson and others.

164. Paragraph 5 refers to the fraud review that the Treasury commissioned and that was published in July 2006. To what extent are the issues and problems that were raised in that review relevant to the North?

165. Mr Thomson:

The fraud review was a UK-wide examination of fraud across the economy, and it dealt with some high-level matters. It looked at the creation of a national fraud strategic authority, and a national police force to pick up from the City of London Police’s fraud squad. Members might have seen articles about a merger of the Assets Recovery Agency.

166. However, I wish to draw the Committee’s attention to three issues. First, the review emphasised the prevention of fraud. It said that there were some simple steps that businesses and individuals could take to prevent fraud. It re-emphasised the essential nature of fraud prevention and its importance.

167. Secondly, there was a lot of material on reporting fraud. There was a general acceptance that there are rarely proper reporting procedures and that it is very difficult to report on fraud. Our fraud report tries to introduce proper reporting to the public sector. We must give more consideration to reporting.

168. Thirdly, there is the matter of data matching and data sharing. The fraud review said that that should have a proper statutory basis, and that is what the Serious Crime Bill, which is currently proceeding through Westminster, will do. That will allow data to be shared between the public sector and recognised organisations in the private sector, under statute, and bodies, such as the Comptroller and Auditor General, will be able to match different sets of data to look for differences. Data sharing and data matching will have the most significant impact in Northern Ireland.

169. Mr McLaughlin:

Apart from the legislative powers that have been and are being introduced, were there any specific recommendations in that review that have yet to be adopted by your Department?

170. Mr Thomson:

There are no specific recommendations for Northern Ireland. The Home Office is consulting on a series of UK-wide recommendations, most of which deal with the wider economy, rather than the public sector. The main issues for the public sector concern the data matching and data sharing, which we are working on.

171. Mr McLaughlin:

Moving on to paragraph 10, the fraud forum has already been mentioned. Its membership comprises representatives from Civil Service Departments, the PSNI, and the Audit Office. Have you considered the merits of extending that membership to include the public and voluntary sectors? The references to establishing an anti-fraud culture are laudable, but they also point to the need — perhaps in a way that is anomalous with the issue of gender blindness — to address problems that exist, but that cannot be recognised. The potential for complacency was mentioned earlier. Have you considered the merits of bringing in outside eyes and ears to help address those issues?

172. Mr Thomson:

We have thought about it. I am not saying that the current structure is the right one, but it is what we are going with at the moment, for two reasons; first, I would prefer Departments and departmental accounting officers to take responsibility for what is happening in their Departments and their sponsor bodies, so I would much prefer the lessons to be cascaded down. As Paul Sweeney said earlier, he had got all his arm’s-length bodies together and used that mechanism, within the departmental context, to talk about issues. There is a lot of merit in Departments’ doing that.

173. Secondly, one of the values of the fraud forum is the ability for people not just to listen, but to discuss and share best practice. With 11 Departments and representatives from the police and DFP, there are perhaps 20 people around the table as it is. My worry, if there were 100 people in the room, is that it would move from being a discussion forum to a lecture. I am not sure that a lecture situation would allow either buy-in or discussion. That is the reason that we thought that the smaller group would allow those messages to cascade down to individual Departments. If there is a better way to do it I am open to suggestions. Mr Doran is the chair of the forum; he may want to say something about that.

174. Mr Doran:

We had considered the possibility that we could regularly invite people from outside the central Departments to attend the fraud forum for particular issues. We invited the whole of the public sector in Northern Ireland to a conference last October, at which we covered a range of issues, including the best practice discussions from the fraud forum. I accept that we must examine the membership continually, and we are happy to do that and review it at any point.

175. Mr McLaughlin:

It is important that that is the case, and I accept the assurances that people periodically revisit the issue and consider the implications.

176. Paragraph 14 of your submission mentions a memorandum of understanding between the public sector and the PSNI in respect of the investigation and prosecution of suspected fraud. How can we be confident that the public sector has the capacity and the capability to deliver on its responsibilities as defined in the memorandum? Are there enough trained investigators in the system?

177. Mr Thomson:

Rather than being a burden on Departments and public bodies, the memorandum was designed to help them. Its purpose is to ensure greater consistency, and to help public bodies know what their respective responsibilities are compared to the police. As Paul Sweeney said earlier, it is designed to ensure that material such as original documents are preserved and that public bodies do not act in a way that might subsequently prejudice a prosecution. It is meant to be a guide to Departments, so that they know what to do if a fraud is detected. In paragraph 15 of our submission we mention that the memorandum is supported by an acceptance criteria and evidence pack. It outlines responsibilities and procedures in order to help Departments. I hope that it is not onerous. As Mr Doran said, we had a conference that was attended by a great many bodies that are aware how the memorandum operates. That is a good development.

178. Mr McLaughlin:

I am not quite sure how we ended up discussing how onerous it would be, although people are entitled to expect that it would be rigorous. Do we have the capacity for the measure? Are there enough investigators? Let us not assume that everybody is at the same level of awareness and as a matter of course can recognise fraud. The idea of preserving evidence has been highlighted in some of our recent inquiries. We have encountered some difficulties about the destruction of paper trails in evidence that we have heard. The question is whether there is sufficient capacity in the public sector to deliver. It is a two-sided arrangement between the formal investigation and prosecution mechanisms and the public sector’s management responsibilities.

179. Mr Doran:

To an extent, the memorandum of understanding is aimed at people who are not trained investigators, in that it is designed to be a step-by-step approach to identifying which matters to consider. I emphasise that it is about contact, and in some circumstances informal contact, with the police, such as picking up the phone to speak to specialists in the PSNI. That is one of the major merits of the memorandum; it means that people have a ready-made checklist.

180. Mr McLaughlin:

Do I take it that DFP and the Civil Service generally do not consider there to be a need for an investigatory capability in such circumstances, and that what they need is a line into the PSNI to conduct the criminal investigation, and that is sufficient?

181. Mr Doran:

No. Certain Departments employ trained investigators, particularly in higher-risk areas. In some circumstances, they will effectively take on the investigation themselves. In other circumstances, perhaps in smaller organisations in which those resources are not available, the memorandum of understanding points people in the right direction.

182. Mr Thomson:

Most investigations are carried out internally by staff. There are trained teams in the main high-risk areas, such as social security, prescriptions and agriculture. Other Departments rely almost solely on internal audit. It is not a case of phoning the police to cry for help, announce that you have discovered a fraud and ask them to deal with it.

183. Mr McLaughlin:

The case in question did not happen in a high-risk area, and the fraud employed fairly mundane methodology. In the scheme of things, it was not a massive sum of money. However, if this is meant to be a case study, the lesson is that fraud can occur anywhere. My specific question is whether there is sufficient capacity to deal with it, and it is really a yes or no answer. If the answer is yes, the Committee can hold the Department to account on that claim. Is the issue being addressed or not?

184. Mr Thomson:

It is being addressed. Even over the last five or six years, governance in Departments has improved. Had I been sitting here five or six years ago, I would not have been able to talk with such confidence about, for example, audit committees. Now, most Departments and main public bodies have independent directors and board members, and one of their jobs is to hold people to account. The whole governance side of things is much tighter.

185. I will not sit here and say that I am satisfied, because, inevitably, things will happen. The case study did not involve a sophisticated fraud, but it was clever. The individual took a number of steps to cover his tracks. When someone deliberately sets out to defraud and takes such measures to cover his tracks that the obvious signs of the fraud will not become apparent, it is not always easy to detect. We cannot say that every fraud will be detected, because it will not be.

186. Mr McLaughlin:

Paragraph 26 of your submission states that the new Serious Crime Bill will enable:

“public sector bodies to share information with the private sector as part of a nominated UK anti fraud organisation.”

187. What sort of information do you envisage that it will be useful to share?

188. Mr Thomson:

It is early days, because data sharing has not happened yet. Strict protocols will have to be put in place to govern it.

189. Mr McLaughlin:

Will that be codified?

190. Mr Thomson:

Yes. Data sharing will give us the opportunity to do many things, but there are huge risks attached to it. We have to strike a balance whereby the individual and the data are protected. Therefore, codes of practice will have to be agreed with the Information Commissioner. For example, addresses. If some part of the public sector had a concern or suspicion about a grant claim coming from a certain address, it could perhaps go to a nominated body — not just any body — and check whether there is something suspicious about that address. If that nominated body were to receive information from other places, they could confirm whether that address is suspicious. The Bill is still going through Parliament, but when it receives parliamentary approval and becomes law, steps must be taken to put protocols in place.

191. Mr Doran:

That is exactly the point. There are strict controls on data sharing, and the understanding is that it would be done on a case-by-case basis. One of the advantages perceived for such an arrangement is that the public sector and the private sector could co-operate with a shared objective.

192. Mr McLaughlin:

According to paragraph 27 of your submission, the Audit Commission identified savings of £111 million in the most recent national fraud initiative exercise in England and Wales, and you note that an equivalent figure in the North would be £4 million. How quickly could we expect an impact of that nature? How much would it cost to achieve that?

193. Mr Thomson:

I am tempted to pass that question to the Comptroller and Auditor General.

194. Mr McLaughlin:

I intend to ask him next.

195. Mr Thomson:

The Government are giving these powers to the Comptroller and Auditor General. The Departments will not carry out the data-matching exercises.

196. Mr John Dowdall CB (Comptroller and Auditor General):

We envisage that when we have gone through the steps of establishing the code that Mr Thomson has talked about, in co-operation with the Department of Finance and Personnel, we will bring Northern Ireland’s public-sector databases into the national fraud initiative as quickly as possible. I hope that most of those databases will be included when the next exercise is run, next year. That would mean that the first benefits in Northern Ireland equivalent to those in Great Britain would be achieved in 12 to 18 months. We will not know until we try it whether that £4 million, which is a simple pro-rata figure, will turn out to be as accurate, but there is no reason why we should not be reporting to the Committee on the benefits in 18 months’ time.

197. Mr McLaughlin:

When you get those data-matching powers, what support and involvement will you expect from the Department of Finance and Personnel and other public-sector bodies?

198. Mr Dowdall CB:

I pay tribute to the officials from the Department of Finance and Personnel. We have had good co-operation from them so far. We would not be participating in the GB legislation, which is now the UK legislation, if departmental officials were not pushing this very hard. As Mr Thomson has said, it is encouraging that departmental participation is to be mandatory and, therefore, generally, Departments here will comply. The really critical thing — and this is where we will be looking for support from the Department of Finance and Personnel — is that, when the information flows back from the national fraud initiative exercise identifying items in the databases that seem to be peculiar and that merit investigation, the Departments put resources into investigating those items in the way that they normally would in response to such anomalies. However, there will be more investigations. It will require more effort, and we will look for support in that.

199. Mr McLaughlin:

One final question — I am pushing the boat out today. Can you give us any more background on the existing data-matching exercises that you refer to in paragraph 28? Can you give some indication of how successful those have been?

200. Mr Doran:

I do not have a huge amount of detail on that. The Social Security Agency, for example, works on a co-operative basis with its counterpart in GB and also has a memorandum of understanding with the Southern Irish authorities. Under fairly strict legal criteria, information of mutual benefit is shared. The best other example is in the area of pensions. Information on deaths is used against existing pension records to ensure that no errors are occurring.

201. Mr McLaughlin:

Thank you; I know I have pushed my luck.

202. The Chairperson:

Perhaps, if there is more information available, you can forward it to the Committee.

203. Ms Purvis:

Paragraph 16 of your submission lists the best practice guidance issued by the fraud forum, and mentions identity theft, which is an issue that we are all concerned about in our private lives. Is that guidance related to electronic fraud on bank accounts and credit cards?

204. Mr Thomson:

No, that reference to identify theft relates to a particular issue. It was not to do with our system; the systems in the public sector are fairly robust, and a lot of time and effort goes into making them secure. The issue was that some data had been downloaded onto microfiche, which few public bodies still have the technology to deal with. The microfiche, which contained personnel data, was being transported across Belfast to be processed by another public-sector body. It was reported lost, and contingency action was immediately put in place. As it happened, the microfiche was not lost — the public-sector body had put it into its safe and then could not find it. It was a little scare, but sufficient for the Department to issue further guidance. That guidance was not about the technology; it was to advise of some of the things to be aware of to ensure that identity theft does not happen when data is taken off a system and transported elsewhere. It was a good example of the fraud forum in operation. An unexpected issue arose; the fraud forum picked the issue up immediately; it issued guidance and cascaded that guidance around Departments.

205. Ms Purvis:

Is there a risk that an electronic breach of security could lead to the removal of large sums from Government accounts? Are procedures in place to cover electronic identity fraud?

206. Mr Thomson:

As a person who is responsible for putting into the Civil Service a new accounting system, which is due to go live in the next month or two, I sincerely hope that that will not happen. We have used reputable software — it is not something that we have devised ourselves — and we have put rigorous security checks in place. We have to go through rigorous internal processes and, in the last fortnight, I got an internal certificate to link my new accounting system to over 50 DFP sites. We spend a lot of time on ensuring that the checks and balances are in place. I am fairly confident that our systems are robust.

207. I worry more that, when someone downloads something for transfer, the controls might not be sufficiently tight. That is where the risk lies; the main system is secure.

208. Ms Purvis:

My next question is about the robustness of the systems. According to paragraph 21 of your submission, organisations are encouraged to consider the robustness of their own systems against the findings of the Civil Service annual fraud report. The last case that we looked at, in Ordnance Survey, was a case in point. There, controls had not been properly tested for more than five years. How can you be sure that Departments carry out sufficiently robust and frequent testing of their controls?

209. Mr Thomson:

I can answer that in several ways. As part of their accounts, accounting officers are now required to sign statements of internal control. That was not required in the period 2000-02. There is a formal process that Departments must go through in producing that statement of internal control.

210. I would also refer you to the table at paragraph 30. Perhaps a member will ask me about this later. Not only have we the fraud forum, but we sent a questionnaire to Departments and asked many questions, so that we could satisfy ourselves that the correct mechanisms were in place. The table does not show the full questionnaire; it is just an indicative response. The response to that gave us assurance that, across the piece, things are happening. We intend to re-issue that questionnaire — not annually, because it is a huge amount of work and things will not change significantly from year to year, but we intend to do it every few years. It checks with Departments that controls are in place.

211. Ms Purvis:

I am from a social science background, and I treat questionnaires with caution. In questionnaires, respondents often tell you what they think you want to hear.

212. My next question leads on to the table at paragraph 30. Your submission says that you issued the questionnaire:

“to all departments, agencies, Non Departmental Public Bodies and other sponsored bodies”.

You received returns from 95 bodies. Is that the total number of questionnaires that you sent out?

213. Ms Alison Caldwell (Department of Finance and Personnel):

We set out a list of the bodies that we wanted returns from. The 95 includes 11 Departments and 13 agencies. We also received 71 from other bodies, which included the health boards and trusts and a large number of non-departmental public bodies that we wished to survey. Since these figures were compiled, we have received further returns from other bodies. At present, we are following up on another six bodies to analyse their responses. We did get returns from all the bodies that we expected to respond, with the exception of the five or six outstanding.

214. Ms Purvis:

So you sent out 101 questionnaires in total?

215. Ms Caldwell:

We did not send out 101 individual questionnaires; we sent out a commissioning letter with a list of bodies. Because of the nature of the list, and the ways the bodies are organised, some of the bodies returned a composite reply for their Department and, for example, their agency.

216. Mr Thomson:

The responses covered about 120 bodies. Elsewhere in the submission, I talk about the number of bodies that have signed up to the memorandum of understanding. There are about 120 public bodies and Departments in Northern Ireland, so this is fairly comprehensive.

217. I take your point about questionnaires fully.

218. Ms Purvis:

The figures that you present are the percentages of the returns, not the percentages of the bodies in the public sector, so it does affect the statistics.

219. Mr Doran:

We accept that point, but I must add that all the very large public-sector bodies have responded to the questionnaire — the Departments, the non-departmental public bodies and virtually all the councils. The document is much more comprehensive than it might appear from the table. To that extent, some assurance has been given, but we accept the point that bodies will sometimes answer questions in a particular way.

220. Ms Purvis:

I welcome the fact that the survey has been carried out. It is a good benchmark, and it should be built on.

221. A significant number — 25% — of Departments and agencies do not have a whistle-blowing policy and have not assessed the overall risk of fraud. What do you intend to do about that?

222. Mr Thomson:

As paragraph 17 of our submission states, we are currently working on developing a model template for whistle-blowing procedures. That said, the Northern Ireland Civil Service code of ethics — which is a very short document — includes a section on rights and responsibilities, which places a requirement on civil servants to report anything irregular that they may come across. Therefore, the requirement to report already exists. The development of a whistle-blowing procedure is an attempt to find a more open, formal approach to whistle-blowing. We are looking at that to see what else can be done.

223. To my mind, whistle-blowing is down the list. It is a good thing to have, but internal controls play a much greater part in fraud prevention. Indeed, some evidence was published at the beginning of the week that showed that only around 3% of serious frauds were identified through whistle-blowing. That said, we are working on a template; it is very much a work in progress.

224. The response to the question on the assessment of the overall risk of fraud was disappointing. However, it was clear from other answers that the Departments that had owned up to not having assessed the overall risk of fraud were actually addressing risks.

225. Ms Caldwell:

Six Departments and agencies who said no to that question did add that, while they may not have carried out a detailed formal risk assessment, they had identified risks through their risk-management process, with the risk of fraud being included in their corporate risk register or in divisional and business-unit risk registers. Others advised that they also managed risk by developing a fraud policy statement and fraud-response plan, and through the provision of fraud-awareness training for all staff. Therefore, it is not the case that those organisations had not thought about risk assessment; they had considered it, but perhaps not in a formalised way.

226. Ms Purvis:

The table at paragraph 30 suggests that, in some areas at least, anti-fraud policies, plans and procedures are less well established in “Other Bodies” — the catch-all term for sponsored bodies and councils — which are presumably more arm’s length in nature. Is that a cause for concern, and are any measures being taken to address that issue?

227. Mr Thomson:

Yes, that is a concern. It goes back to Mr McLaughlin’s earlier point about the best way of ensuring that arm’s-length bodies are doing what they are meant to be doing to tackle fraud. At the minute, we are relying on the dissemination of information through Departments. However, we need to consider the matter further.

228. Mr Doran:

That issue raises concerns. The survey includes district councils, and traditionally councils have not operated within the same guidance framework as non-departmental public bodies. However, they did attend the conference last October. It is a matter of our building links with the councils, and we need to look at that in the future.

229. Mr Thomson:

You will appreciate that DFP cannot issue directions or formal guidance to councils. We will issue best practice.

230. Mr McLaughlin:

With regard to the review of public administration and the question of devolving additional powers down to some re-designated councils, is the issue of accountability and fraud prevention part of that remit? Are you being consulted on that?

231. Mr Thomson:

I have been consulted on accountability. I have not been consulted specifically on fraud prevention.

232. Mr McLaughlin:

I presume that very much larger budgets could be involved?

233. Mr Thomson:

Yes.

234. Mr McLaughlin:

Perhaps there could be a marker?

235. Mr Thomson:

Yes, that is a valid point, and one which we have made ourselves.

236. Mr Beggs:

I want to pursue Ms Purvis’s question about the survey of fraud responses. It was said that virtually all councils had responded. There could be other public bodies, as well as councils. Do you have a list of the bodies that have not responded? Frequently, those who do not respond may not have the relevant policy and the appropriate answers. Have you a neat list of all those public bodies that did not respond, and can the Committee have a copy of it?

237. Ms Caldwell:

Yes. I can provide the Committee with a list of the bodies that have not yet responded. It is also worth saying that when we do get the full returns from all the bodies, we intend, through the fraud forum, to carry out a much more detailed analysis of the responses that have been received. In response to Ms Purvis’s comments, it is fair to say that we will need further information from some of the respondents to enable us to accurately analyse what has been provided.

238. Mr Beggs:

Paragraph 18 mentions the different types of Government bodies that exist — Departments, non-departmental public bodies (NDPBs), intermediary funding bodies. In which of those areas is the value of fraud the greatest? Can you assure the Committee that counter-fraud efforts are being appropriately targeted in the greatest areas?

239. Mr Thomson:

The three big areas that we see as being at the highest risk of fraud are identified in paragraph 19, and they are not included in the fraud report. They are social security, prescriptions and agriculture, and they are reported on separately. A lot of work is ongoing in those three areas.

240. Outside of those three areas, the table at paragraph 20 shows where the big risks are. The biggest risk area is in grant payments, where people make fraudulent claims. Next to that, although it does not feature exactly on the table, is cash handling. Cash handling is always very susceptible to fraud, both in the public and private sector, and that is what we have been talking about with respect to the Ordnance Survey case.

241. Mr Beggs:

Yes, but in which type of body — Departments, NDPBs or intermediary funding bodies — is fraud most likely to occur?

242. Mr Doran:

In respect of the returns for the last couple of years, it has been fairly consistent across Departments. I do not have the information broken down by non-departmental public bodies or intermediate funding bodies. However, it has been fairly broadly spread across Departments.

243. Mr Thomson:

Internal fraud — that is, fraud by civil servants or public-sector workers themselves does not appear to be a big issue. There is, thankfully, still a very high code of ethics among civil servants, where integrity and honesty still feature highly. The problems are with external fraud coming in from the outside.

244. Mr Beggs:

Perhaps you could come back to us on how you have detected fraud, and how it is broken up in percentages via Departments, NDPBs and other agencies such as intermediate funding bodies. It would be interesting to be aware of that.

245. You referred to three specific areas into which you are carrying out separate investigations, which account for approximately £30 million of fraud in the public sector. How are the lessons from those three areas brought together with wider lessons from a range of other areas, in order to disseminate the appropriate information?

246. Mr Thomson:

That is done in the fraud forum where representatives from those areas will share their experiences.

247. Mr Doran:

The Social Security Agency, which built up expertise over a number of years, has made presentations to the fraud forum. They have been helpful in sharing best practice, which has benefited other Departments, as has the Department of Agriculture and Rural Development. Currently, there are service-level agreements in place between certain specialists who operate in those areas — notably from the Department of Agriculture and Rural Development — with other Departments. That is a way of sharing expertise across the sector.

248. Mr Beggs:

Following paragraph 20 of the briefing paper there is a table of analysis of reported actual and suspected frauds by percentage of total number and value. That table gives a useful snapshot of what is involved. Can you please take the Committee through the 10 types of fraud that are listed in that table and give a typical heading for each, in practice? Where does the Ordnance Survey fraud fit into that structure?

249. Mr Thomson:

Please concentrate on the two columns on the right of the table, which give the percentage of total cases and the percentage of value. The value for 2006-07 is a broad estimate of £1·53 million, and the total number of number of cases is 116.

250. The title grant covers cases in which there is either a failure to meet a condition, or a grant claim has come into a Department, and they have checked and found an indication, such as the absence of an audit trail. That could be a mixture of an actual fraud or a suspected fraud.

251. The next category deals with theft, where the total number of cases is large — 24 — but the value is relatively small. That typically covers laptops, cameras, and other small pieces of equipment that go missing. It is often suspected fraud rather than actual fraud, although generally a missing laptop can be traced. The pattern for that category is large numbers, but small values.

252. Examples of the third category, payment processes, are abuse of credit cards or wrong orders and diverted delivery. The fraud that falls under the payment processes category amounts to 16%, or £300,000 in value. The OSNI fraud probably falls under the next category, which discusses income. That heading covers Civil Service income, such as fees. The pay-related category covers abuse of overtime or sick pay, for which there is neither a large number of cases nor a large amount of value recorded.

253. The next heading in the table discusses the abuse of position/information and asset exploitation. An important example that falls under that heading is recorded by the 2005-06 report that the Comptroller and Auditor General carried out on fraud in the Department of Enterprise, Trade and Investment, which concerned a number of public bodies.

254. The pension category covers cases that involved pensions that were claimed for people who were deceased. The category travel and subsistence is self-explanatory, and the cases are small in number and value. The next category is contractor/procurement fraud. One fraud under that category that was notified to us this year involved a further education (FE) college. The final category, attempted bribery, involved an official in the Planning Service whom someone tried to bribe for a planning application.

255. Mr Beggs:

Grant fraud accounts for 61% of the total fraud value. In which Departments and spending programmes does the grant fraud occur?

256. Mr Thomson:

I may have to describe this in detail, because it is fairly broad. One example of grant fraud is in the Department for Social Development, because it gives out so many grants, including EU grants, but we will get you that information.

257. Mr Beggs:

You mentioned the 20-member fraud forum. Given that only 20 individuals are on the fraud forum, how can you ensure that some of the most basic lessons from the Audit Office report on the need for financial procedures and segregation of duties is cascaded down through each Department and each associated body in the Department? Can you assure me that financial procedures are in operation where the appropriate segregation of duties is concerned?

258. Mr Thomson:

The guidance is that there always should be. It is very easy for DFP to issue guidance, but the fraud forum follows up on that, which is what I like about it. It continually ensures that the risk of fraud, and the need for fraud prevention, is kept uppermost in people’s minds. If it does nothing else, it does that. Management in the public sector is not easy; managers have so much to do. The fraud forum keeps them aware of fraud.

259. Mr Doran:

The Department had a specific session on the OSNI fraud at the last fraud forum meeting, but I take the point that we cannot be 100% sure that that information is being shared right the way through the organisations. That is why the conference that was held last October to follow up on that was so important, and there are plans to organise seminars and conferences next January. We will try to ensure that we cover a wide area of the public sector at those meetings, and that will allow us to get the message across to people directly.

260. Mr Beggs:

Are risk assessments carried out? They would show up who had received information.

261. Mr Thomson:

Yes. Most public bodies have risk registers and will have to carry out risk assessments. A raft of governance improvements has taken place over the last five to 10 years. There is certainly a much greater emphasis on risk management now than there was a decade ago.

262. Mr Beggs:

OK; thank you.

263. The Chairperson:

If we can go back to the table page 7, I am very concerned that 16 % of total cases were abuse of credit cards. Did I pick you up correctly?

264. Mr Thomson:

I used that as an example of what payment processes covered; I am not saying that 16% was credit-card abuse.

265. Ms Caldwell:

That is a mixture of cases where purchases have appeared on credit cards that have been picked up through reconciliations, and quite often the money is quickly refunded to the public purse. Also included in those figures are attempted bank-transfer transactions. That is when a bank is provided with documentation that seems to come from a Department, but refers it back to the Department or agency, and it turns out to be a failed attempt to defraud the public purse.

266. The Chairperson:

Does that mean that the system is working?

267. Mr Thomson:

Yes.

268. The Chairperson:

I have a question in conclusion.

269. The situation in the Ordnance Survey that we examined earlier showed that the limited safeguards that it had in place did not work. You quoted that around 3% of cases were uncovered because of whistle-blowing. Are you satisfied that sufficient guidelines are in place to deal with whistle-blowing — Dawn Purvis touched on this too — and will you provide a table, or graph, in your next fraud report to show many cases are detected by whistle-blowing?

270. Mr Thomson:

I am sure we could do something on that. I say in the report that we are working on whistle-blowing. Everything that can be done to help the detection and prevention of fraud is worthwhile. I was simply trying to put whistle-blowing into context.

271. The Chairperson:

It clear from the past hour of deliberations and questions that a lot is happening on fraud prevention and detection. That has to be welcomed because, we, as elected representatives, know only too well that there are limited funds in the public purse, and if there are losses from it as a result of fraud or theft, it has to be detected and stopped.

272. We welcome your comments. There is no doubt that the Comptroller and Auditor General will bring to our attention any further cases of fraud that his office detects. Although the amount that was lost in the OSNI case was small, the Committee has used it almost as a case study, or as an examination of where things can so simply go wrong. Other Departments should take heed of that example.

273. I thank the witnesses for their contributions.

Appendix 3

Correspondence

Fraud Prevention:
Update from Mr David Thomson,
Treasury Officer of Accounts,
Department of Finance and Personnel

Introduction

1. The Northern Ireland Civil Service (NICS) is committed to ensuring that the highest standards of regularity and propriety are observed in its management of public funds. All public servants are expected to observe the highest standards of conduct. The NICS Code of Ethics issued to all Civil Servants, emphasises the standards of behaviour expected including integrity, honesty and impartiality.

2. Government Accounting Northern Ireland (GANI) sets out guidance as to how these high standards of conduct apply in the financial context. It emphasises the need for departments to develop anti fraud measures that demonstrate to all that seek to defraud the government that such action is unacceptable and will not be tolerated.

3. Over recent years the Department of Finance and Personnel (DFP) has worked with departments and our colleagues in the NIAO to ensure a coordinated approach to fraud prevention and management is implemented across the Northern Ireland public sector. This paper seeks to set out the action taken by DFP to promote an anti fraud culture and to define some of the recent issues and developments related to fraud prevention and detection within the NI context.

Fraud in the economy

4. Before addressing the management of fraud in the Northern Ireland public sector, it might be worth setting it in context. Overall it is generally accepted that no accurate baseline quantifying the scale of fraud exists. Home Office research indicates that the economic and social costs of organised crime across the UK amount to more than £20bn per year or more than £300 for every person in the country. This could equate to over £500m for Northern Ireland based on a population ratio. It is accepted that quantifying the scale of fraud is difficult and therefore it is questionable what value can be attached to this estimate. Nevertheless it does emphasise the possible scale of the problem. It is important to note that this figure is not a direct cost to the Exchequer and includes private sector costs

The Fraud Management Context

5. In the UK, the Fraud Review, commissioned by the Attorney General and Chief Secretary to the Treasury, published in July 2006 makes a number of recommendations about how best to adopt a more strategic approach to the issue and these are being taken forward at national level. Two specific pieces of legislation impacting on Northern Ireland have been taken forward on a UK basis. The Fraud Act, which became law in January 2007 and the Serious Crime Bill expected to become law by the end of this year.

6. The Assembly and Westminster PACs have commented upon the scale of actual and suspected fraud in Northern Ireland at different points in time, notably following a series of PAC hearings and reports covering DHSSPS, DARD, DETI and DSD. One of the general themes from these reports was the need for co-ordination in anti fraud measures. In December 2005, the Westminster PAC recommended that departments need to tackle fraud by producing information on the scale of the problem, appropriate use of sanctions and proactive use of systems to enable data matching.

Guidance on Fraud

7. GANI includes a considerable amount of advice on the management of public funds. In relation specifically to fraud, it places an obligation on accounting officers to manage the risk of fraud making clear that:

8. This general framework has been supplemented by more detailed guidance. A guide entitled ‘Managing the Risk of Fraud – A Guide for Managers’ was issued 1998 (and updated in 2003) to provide detailed guidance on the anti fraud measures which organisations should have in place and on the controls that might be expected over key systems to help prevent fraud. This covers, for example, cash handling, payroll and grants.

9. A ‘Good Practice Guide on Tackling External Fraud’, produced jointly by the National Audit Office and Treasury, was also issued in June 2004 by DFP.

Northern Ireland Civil Service (NICS) Fraud Forum

10. In addition to the framework of guidance which has been developed, and to address recommendations made by previous PAC reports, DFP established an NICS Fraud Forum in March 2005 as a best practice advisory group. It is chaired by a senior DFP official and includes departmental, PSNI and NIAO representation. Under the Forum’s terms of reference, the group is responsible for developing practical ways to promote an anti fraud culture using existing best practice from within departments and other sources.

11. Through sharing information on emerging issues at departmental level, the Forum facilitates the sharing of fraud expertise built up in particular departments and allows lessons learned from significant fraud cases to be disseminated through the NICS. Examples include presentations on fraud risk assessments which have been carried out by individual departments, a “lessons learned” session on the OSNI cash handling and receipts fraud, and updates on the introduction of the Fraud Act.

12. The chair of the Forum sits on the Inter Departmental Group on Organised Crime (IDGOC) and reports to it on public sector fraud matters. The IDGOC is chaired by the Head of the Civil Service and includes senior representation from all Departments. The IDGOC Chair in turn sits on the Organised Crime Taskforce (OCTF) and this link provides a mechanism for NICS Departments to review progress on departmental issues identified in relation to organised crime. The Fraud Forum terms of reference was agreed by the IDGOC.

Fraud Forum Best Practice Guidance

13. In addition to the general guidance referred to above, DFP has developed in conjunction with the Fraud Forum, a series of best practice guidance notes which have been issued to departments and the wider public sector.

14. Most notably, this includes a “Memorandum of Understanding between the NI Public Sector and the PSNI”. The MOU has been signed up to by some 120 Public Sector Bodies including Departments, Agencies, NDPBs, Health Bodies, Education Bodies and Local Councils. Its sets out a basic framework for the working relationship between the PSNI and public sector bodies in respect of the investigation and prosecution of fraud cases. Its aim is to ensure greater consistency in the way fraud cases are investigated across the range of public sector bodies and to ensure a more targeted approach to criminal prosecution cases.

15. The Memorandum is supported by an “Acceptance Criteria and Evidence Pack” which provides guidance on the procedures to follow when formally referring a suspected fraud case to the police. The MOU has been widely accepted in the NI Public Sector. The MOU was formally launched by the DFP Minister in October 2006, at a major conference organised by the Fraud Forum with the PSNI, with the aim of also generally raising awareness of fraud issues. The conference was addressed by the DFP Minister, the Head of the Civil Service, the Chief Constable and the C&AG and was attended by representatives from all parts of the public sector.

16. Other best practice guidance issued by the Fraud Forum includes:-

17. The Forum is also currently working on developing a model template for whistle blowing procedures which it is hoped will be endorsed by the charity ‘Public Concern at Work’ as best practice. This will support existing personnel guidance in this area.

Fraud Reporting

18. GANI currently requires departments to report suspected and proven frauds to NIAO and DFP, although the level of reporting is under review. This facilitates the production of an Annual Fraud Report covering departments, agencies, NDPBs and public funds disbursed by voluntary bodies and other agents such as Intermediary Funding Bodies. The report concentrates on the control and prevention issues arising from the cases reported, rather than seeking to quantify the scale of fraud.

19. The exercise does not include a number of key external risk areas, notably Benefit Fraud, Family Practitioner and Agriculture Grants fraud. Separate reporting arrangements apply in these areas because of the specialist nature of the sectors concerned. A number of these areas have published estimated levels of fraud within their annual accounts or specialist annual reports. However these figures, by their nature, are indicative and should be treated with caution.

20. The table below, taken from the NICS 2006/07 Annual Fraud Report, shows the key fraud risk areas over the last three financial years as reported to DFP. It demonstrates in percentage terms the cases reported in each category and their financial value against the overall total reported for the year. The value figure shown at the bottom of the table underpins the column showing % of value. However it should be considered only as an indicator of the scale of internal fraud because it actually is an amalgam of proven, suspected and attempted frauds. It does not net off recovered sums and the trend shown reflects the number of cases reported as well as high value attempts at fraud. For these reasons the figures should be treated with extreme caution.

Analysis of Reported Actual and Suspected Frauds by Percentage of Total Number and Value

Type of fraud
2004/05 2005/06 2006/07
% of total cases % of value % of total cases % of value % of total cases % of value
Grant
16%
66%
15%
51%
26%
61.5%
Theft
28%
6%
22%
7%
21%
1%
Payment process
21%
15%
21%
3%
16%
21%
Income
7%
1%
18%
6%
10%
8%
Pay Related
7%
12%
9%
6%
9%
0.5%
Abuse of position /information, asset exploitation
3%
-
8%
27%
7%
-
Pension
-
-
-
-
4.5%
1%
Travel and subsistence
9%
-
7%
-
3.5%
-
Contractor/ procurement fraud
9%
-
-
-
2.5%
7%
Attempted bribery
-
-
-
-
0.5%
-
Cases
95
142
116
Value
£0.44m
£1.39m
£1.53m

21. The NICS Annual Fraud Report is issued to Accounting Officers for circulation to all other relevant bodies. It is also available to the wider public sector through the DFP website. Organisations are encouraged to consider the contents of the report and to consider the robustness of their own systems in light of the report findings.

Fraud Review

22. The Fraud Review, commissioned by the Attorney General and Chief Secretary to the Treasury, published in July 2006 made a number of recommendations about how best to adopt a more strategic approach to fraud. Following public consultation, the Government’s response was published in March 2007. As a result seven key areas have been identified and public/private sector working groups have been set up to provide detailed budgets and plans in respect of:- National Fraud Strategic Authority; Measurement Unit; National Fraud Reporting Centre; National Lead (Police) Force; Crown Court Powers; Financial Court; and Framework for Plea Negotiations.

23. This work is being overseen by a high level Programme Board in the UK, chaired by the Director of Policy at the Attorney General’s Office. The Board aims to provide implementation plans for approval early in 2008.

24. Although primarily focusing on England and Wales, the Review has implications for Northern Ireland. In particular, the recommendations in relation to the use of data sharing and data matching in the prevention and detection of fraud. This aspect which is within DFP’s remit has been taken forward within the Serious Crime Bill (currently being considered by Parliament). We will need to monitor other developments and liaise with relevant departments as appropriate.

Serious Crime Bill/National Fraud Initiative

25. The Serious Crime Bill is a UK wide piece of legislation, expected to become law by the end of the year, which sets out a number of proposals adding to existing powers available to address organised and financial crime. Included within the bill are provisions to enable the public sector to share data both internally and with the private sector as one method of helping to detect and prevent fraud.

26. There are two aspects directly relevant:

27. The second point builds on the current National Fraud Initiative (NFI) run by the Audit Commission in England which identified savings of £111m during the most recent exercise. An equivalent saving of £4m has been identified for NI, but this is likely to be an under-estimate as the scope for data matching under the new powers is significantly extended. Indeed as a result of the proposed legislation Northern Ireland audit powers in this regard will be more comprehensive than any other part of the UK.

28. The NFI builds on some existing data matching exercises in place in NI departments, notably where pension data has been matched to the deaths register, as well as ad hoc exercises undertaken by the SSA and NIHE under their legislative framework. The new arrangements will allow for a more systematic approach to be adopted with any potential constraints addressed in the legislation. DFP officials will work closely with NIAO colleagues to take forward the NFI on the assumption that the Serious Crime Bill becomes law later this year.

Anti Fraud Measures Questionnaire

29. In order to ascertain the impact and effectiveness of the work of the Fraud Forum and the existing guidance, DFP recently commissioned an Anti Fraud Measures Questionnaire. The questionnaire was issued to all departments, agencies, Non Departmental Public Bodies and other sponsored bodies, including the NI Councils and Health Trusts.

30. The table below summarises the data provided from the 95 bodies who responded.

  Departments and Agencies

Other Bodies

Total

No. % of total No. % of total No. % of total
Total Number of questionnaires completed
24
71
95
Organisations that:
Have an anti fraud policy in place
24
100%
66
93%
90
95%
The anti fraud policy has been approved by the Board and/or Audit Committee
24
100%
63
89%
87
92%
Has nominated overall responsibility for the anti fraud strategy to a senior official
22
92%
62
87%
84
88%
Has a separate fraud response plan in place
23
96%
56
79%
79
83%
Provides clear channels for reporting suspicions of fraud
24
100 %
66
93%
90
95%
Has procedures in place which require DFP and the NIAO to be notified of all suspected and actual frauds
24
100%
59
83%
83
87%
Has a whistle blowing policy in place which is accessible to staff
18
75%
63
89%
81
85%
Have assessed the overall risk of fraud
18
75%
53
75%
71
75%
Monitors progress of all fraud cases under investigation
23
96%
58
82%
81
85%
Has a specialist fraud investigation team or
9
38%
7
10%
16
17%
Where a specialist team is not in place has used Finance or Internal Audit resources to undertake this work if required
15
62%
53
75%
68
72%

31. The survey suggests that positive progress has been made by the wider public sector in developing and operating the range of anti fraud measures recognised as being key in the prevention and detection of fraud. The returns provided will be used to inform the future work of the Fraud Forum.

Raising Awareness and Training

32. Awareness of fraud is one of the key development areas for the Fraud Forum. Some Departments have already implemented fraud awareness programmes within their organisations.

33. As a result of positive feedback from the conference which launched the MOR with the PSNI, the Forum aims to run a series of further seminars concentrating on the practical outworking of the NFI and covering examples of good practice in fraud prevention from the NICS.

34. Additionally, DFP is currently working with the Centre of Applied Learning to include fraud awareness sessions in all Institute of Leadership and Management accredited courses for newly appointed staff at management level. We are also considering the potential for developing a fraud awareness e-learning module which will enable organisations to target training at a wider range of staff.

Conclusion

35. While significant progress has been made in developing anti fraud measures to tackle fraud within the NICS and the wider public sector, it is recognised that work in this area will be ongoing.

36 Future work areas which we would see as being key priorities include:-

37. In doing this DFP, and the wider NICS, are committed to ensuring that all the required mechanisms are in place to ensure that fraud is prevented and that the public purse is protected.

Chairperson’s letter of 22 October 2007

NIA Logo

Public Accounts Committee
Parliament Buildings
Room 371
Stormont Estate
BELFAST
BT4 3XX

Tel: (028) 9052 1208
Fax: (028) 9052 0366
Email: cathie.white@niassembly.gov.uk

Mr Paul Sweeney
Accounting Officer
Department of Culture, Arts and Leisure
Interpoint
20-24 York Street
Belfast
BT15 1AQ

Date: 22 October 2007

Dear Paul

Re: Public Accounts Committee Evidence Session 18 October 2007

Further to the evidence session at the Public Accounts Committee yesterday, please provide the following additional information which members requested at the meeting:

1. The Case Management Group held 10 meetings. Please inform the Committee how many of these meetings were attended by the PSNI.

2. Were any performance bonuses paid to the Chief Executive of Ordnance Survey of Northern Ireland or Mr Steenson’s line managers covering the period of the fraud, and, if so, how much?

3. Please provide a copy of the legal advice on forfeiture of pensions to which Mr Greenway referred.

I would be obliged for a response by Friday, 2 November 2007.

Yours sincerely

John O’Dowd

Chairperson
Public Accounts Committee

Correspondence of 2 November 2007
from Mr Paul Sweeney

Date: 2 November 2007
Our ref: SECINV427-07

Mr John O’Dowd
Chairperson
Northern Ireland Assembly
Public Accounts Committee
Parliament Buildings
Room 371
Stormont
BELFAST
BT4 3XX

Dear Mr O’Dowd

Re: Public Accounts Committee Evidence Session – 18 October 2007

Thank you for your letter of 22 October requesting additional information following the PAC evidence session on 18 October 2007. With regard to the information requested please see below:

1. The Case Management Group held 10 meetings. Please inform the Committee how many of these meetings were attended by the PSNI.

The Case Management Group met ten times in the year following discovery of the fraud to oversee the investigation. Its membership was the Chief Executive and Corporate Services Director of OSNI, and the Audit Manager from Department of Education who was assigned to lead the investigation. Internal Audit also provided a secretary to the meetings. In those ten meetings, the following other representatives attended:

The minutes of the meetings indicate that a range of correspondence and discussions took place with PSNI, DSO and other organisations outside the formal Group meetings, with the outcomes of those discussions being reported back to the Group. Following successful prosecution of the case, the PSNI wrote to OSNI as follows: ‘May I take the opportunity to thank you and your staff for the amount of work and effort afforded to the enquiry which was of paramount importance and was of great assistance particularly in the interview stage’.

2. Were any performance bonuses paid to the Chief Executive of Ordnance Survey of Northern Ireland or Mr Steenson’s line managers covering the period of the fraud, and, if so, how much?

I should be grateful for a short extension of the Committee’s deadline for a response to enable me to give this matter some further consideration.

3. Please provide a copy of the legal advice on forfeiture of pensions to which Mr Greenway referred.

The reference with regard to forfeiture which was read out by Mr Greenway in the Committee hearing was from section 8 of the 1972 Rules of the Northern Ireland Principal Civil Service Pension Scheme, to be found on page 117 of the Rules which can be accessed at http://www.civilservicepensions-ni.gov.uk/the_1972_section.pdf. I attach a copy of the most relevant page for the Committee’s convenience (please see para 8.2). These were the rules referenced by DSO at the time of discussions on forfeiture and on this basis DSO advised against going down the route of forfeiture. No written legal advice on forfeiture was provided. The 2002 rules repeat the same material on forfeiture, subject to some reformatting of content.

Yours sincerely

Signature of Paul Sweeney

Paul Sweeney

section

Chairperson’s letter of 22 October 2007

NIA Logo

Public Accounts Committee
Parliament Buildings
Room 371
Stormont Estate
BELFAST
BT4 3XX

Tel: (028) 9052 1208
Fax: (028) 9052 0366
Email: cathie.white@niassembly.gov.uk

Mr Bruce Robinson
Accounting Officer
Department of Finance and Personnel
Room S5
Rathgael House
Balloo Road
Bangor
BT19 7NA

Date: 22 October 2007

Dear Bruce

Re: Public Accounts Committee Evidence Session 18 October 2007

Further to the evidence session at the Public Accounts Committee yesterday, please provide the following additional information which members requested at the meeting:

1. Please provide further examples of data matching exercises and an indication of how successful they have been.

2. Please provide the percentage of fraud by departments, NDPBs, and Intermediate Funding Bodies.

3. In which departments and spending programmes does Grant fraud occur?

I would be obliged for a response by Friday, 2 November 2007.

Yours sincerely

Signature of John O’Dowd

John O’Dowd

Chairperson
Public Accounts Committee

Correspondence of 30 October 2007
from Mr David Thomson

Department of Finance and Personnel Logo.ai

Treasury Officer of Accounts
David Thomson

Central Finance Group
Rathgael House
Balloo Road
BANGOR BT19 7NA

Tel No: 028 9185 8150 (x 68150)
Fax No: 028 9185 8262
mail: david.thomson@dfpni.gov.uk
and jill.downie@dfpni.gov.uk

John O’Dowd
Chairperson
Public Accounts Committee
Parliament Buildings
Room 371
Stormont Estate
BELFAST BT4 3XX

30 October 2007

Dear John

Public Accounts Committee Evidence Session 18 October 2007

I refer to your letter of 22 October to Bruce Robinson which followed the recent evidence session held with DFP on 18 October 2007.

Firstly, in terms of the context, you might wish to be aware that the legislation giving statutory authority to the Comptroller and Auditor General to undertake data matching for the purpose of detecting fraud and error has now received Royal Assent. This will enable the National Fraud Initiative – the most recognised example of data matching – to operate within Northern Ireland within a clear statutory authority.

I attach the information requested. In relation to the second and third items requested, these both relate exclusively to the table headed ‘Analysis of reported, Actual and Suspected Fraud…’ as set out in the paper.

I would reiterate the point which we made at the hearing that this table covers only those fraud (suspected and actual) cases reported directly to DFP. The caveats set out in my original paper also apply to this additional information.

During the hearing a reference was made to the public bodies which had not completed the questionnaire. For information, currently the returns from only 5 district councils and 2 minor bodies are outstanding and I expect these to be completed and received shortly.

If I can assist in any way further please contact myself or Ciaran Doran, Deputy Treasury Officer of Accounts.

Yours sincerely

Signature of David Thomson

David Thomson

cc Bruce Robinson
John Dowdall
Ciaran Doran
Cathie White
Alison Caldwell
Paddy Hoey

Additional Information

1. Further Examples of Data Matching exercises and an indication of how successful they have been.

Data matching is the process of comparing computer records from different systems to identify inconsistencies in the data held. Data can be matched within an organisation, or between different ones, but identifying fraud or errors depends on comparing the right data sets. Data matching can also be used for other purposes – for example to ensure citizens are receiving all their entitlements.

The Attorney General’s Fraud Review drew particular attention to the National Fraud Initiative (NFI) run by the Audit Commission in England as an example of good practice. Whilst the Audit Commission’s existing powers enabled NFI to operate, the new legislation (the Serious Crime Bill) broadens the range of bodies able to participate and puts the initiative on a clear statutory footing. In an exercise conducted in 2006 the NFI identified frauds which cost the taxpayer £111 million pounds. In Scotland a separate NFI exercise has been run and published in May 2006. This reported overpayments and forward savings of over £15 million covering:

In Northern Ireland, uncertainty about the statutory powers of the C&AG has restricted the use of the NFI. However Pension Scheme information was matched against registered deaths and analysed. No specific savings figures are available in these areas, but the system has operated successfully for some time.

In the questionnaire summarised in the DFP paper and referred to at the PAC hearing, we specifically asked departments and public bodies for information on the extent of data matching schemes operating within Northern Ireland, namely:

The Society Security Agency maintains a data catalogue that lists the various data exchanges it undertakes. The Agency depends on a co-operative approach to sustain the effort to reduce fraud and error. The Department of Work and Pensions, PSNI, HMRC and the UK Immigration Service are some of the partners which have working arrangements formalised through Memorandums of Understanding and Partnership agreements. The Agency has also concluded Memorandum of Understandings with the Republic of Ireland and Holland to co-operate on counter-fraud measures abroad. The SSA points to reductions in losses from benefit fraud of £60m in 2001 to £18.1m in 2006 as evidence of success here.

I would emphasise that these exercises are different in nature from the National Fraud Initiative which is based on a specific statutory authority for the C&AG and thus covers all the bodies audited by the C&AG.

2. Breakdown of Fraud Notification

Organisation No. cases Percentage
Department 24 21
Agency 36 31
NDPB 29 25
Intermediary Funding Body 6 5
Other – Housing Associations 11 10
Other – Public Corporation 1 1
Higher Education 3 2
Other – FE Colleges 5 4
Other – company 1 1
Total 116 100%

3. Grant

Actual, attempted and suspected grant fraud reported to DFP for 2006/07.

A total of thirty cases were reported covering the following Departments and their sponsored bodies. This equated to approx 26% of the total number of cases reported.

DARD 5 Claims for items not verifiable under EU funding programmes PEACE II, Leader Plus and Building Sustainable Prosperity.
DEL 4 Included false education maintenance and childcare dependent grants submitted to FE Colleges (3 cases).Also included suspected irregularities in grant under PEACE programme (1 case).
DENI 3 False childcare grants submitted to Education and Library Boards and incorrect details on student loan applications.
DETI 9 Invest NI (or previous LEDU) grants allocated to companies. Employment and marketing grants’4 cases related to the Emerging Business Trust PAC report.
DFP 3 EU funding cases reported through SEUPBPeace II (2 cases) and Interreg III
DHSSPS 1 False Claim made under Welfare Foods Scheme
DRD 1 False claim under concessionary fares and fuel duty rebate scheme
DSD 4 One case incorrect details submitted for NIHE renovation grant.Other 3 EU funding cases (one BSP and two related to PEACE II)

Appendix 4

List of Witnesses Who Gave
Oral Evidence to the Committee

1. Mr Paul Sweeney, Accounting Officer, Department of Culture, Arts and Leisure.

2. Mr Iain Greenway, Chief Executive, Ordnance Survey of Northern Ireland, Development of Culture, Arts and Leisure.

3. Mr David Thomson, Treasury Officer of Accounts, Department of Finance and Personnel.

4. Mr Ciaran Doran, Deputy Treasury Officer of Accounts, Department of Finance and Personnel.

5. Ms Alison Caldwell, Head of Fraud and Internal Policy, Department of Finance and Personnel.

In Attendance:

6. Mr John Dowdall CB, Comptroller and Auditor General.

7. Mr David Thomson, Treasury Officer of Accounts, Department of Finance and Personnel.

1The Serious Crime Bill received Royal Assent on 30 October 2007

Printed in Northern Ireland by The Stationery Office Limited
© Copyright Northern Ireland Assembly Commission 2008