APS 4012 - Fiscal Misconduct Reporting

PDF Version

Policy Profile

Policy Title: Fiscal Misconduct Reporting
APS Number: 4012
Effective: July 1, 2009
Approved by: President Bruce D. Benson
Responsible University Officer: Vice President of Finance
Responsible Office:  
Policy Contact:  
Supersedes: 02/01/1993 Version
Last Reviewed/Updated: July 1, 2009
Applies to: All campuses

Policy Snapshot

Brief Description:  Establishes the procedures and responsibilities for reporting and resolving instances of known or suspected fiscal misconduct at the University of Colorado.

I.  Introduction

This policy establishes the procedures and responsibilities for reporting and resolving instances of known or suspected fiscal misconduct in order to: protect the assets and interests of the University, ensure a coordinated approach toward resolution of fiscal misconduct, and encourage compliance with applicable State Fiscal Rules and Colorado Revised Statutes. The policy is derived from the statutes noted below and outlines specific responsibilities for individuals involved in a fiscal misconduct situation.

State Fiscal Rules require reporting losses from fraud, theft or embezzlement in excess of a specified dollar limit to the State Division of Accounts and Control. The State Controller authorized an increase in the University's reporting threshold to $10,000, due to the University's policies and internal processes for handling fiscal misconduct.

II.  Policy Statement

  1. Any employee or student associated with the University who knows of or suspects fiscal misconduct must promptly notify either one's immediate supervisor or one of the following investigative units: the Department of Internal Audit, Office of University Counsel, the appropriate campus police department, and/or the appropriate campus Human Resources or Personnel department. This duty to report by an individual or supervisor is in compliance with State law and State Fiscal Rules. State employees have "whistle blower" protection from State law when they are in compliance with the requirements set forth in statute.
  2. Because of the often unique and complex nature of fiscal misconduct, which investigative unit to contact first may be a function of the situation. The Department of Internal Audit and Office of University Counsel are more often the preferred primary contacts because these units have more flexibility in the manner in which they conduct a review or investigation where there is some doubt about what actually occurred. In any case, the notified investigative unit shall contact the other units to establish the necessary team to progress with the review or investigation.
  3. All affected departments and/or individuals shall cooperate fully with the investigative team to identify whether or not actual or suspected fiscal misconduct has occurred.
  4. The investigative team shall keep University campus officials apprised of on-going investigations as appropriate. Given the nature of some of these investigations, there are times when the scope of the problem must be determined before notification is possible.
  5. Loss reporting will follow standard University processes for each investigative unit. The Internal Auditor will report all instances of actual loss greater than $10,000 to the State Division of Accounts and Control. The report will state the circumstances and corrective action taken.

III.  Procedures and Responsibilities

The following sections outline the basic responsibilities of those units or individuals involved with an incident of actual or suspected fiscal misconduct.

  1. The responsible administrator of the unit where the known or suspected fiscal misconduct may have or may be occurring is responsible for:
    1. Reporting all known or suspected incidents of fiscal misconduct as required by law and State Fiscal Rules;
    2. Not attempting to conduct an independent investigation or audit;
    3. Notifying one of the investigative units to obtain guidance on how to proceed. It is preferred to contact the Department of Internal Audit first;
    4. Fully securing and strictly limiting access to any relevant computer and manual records as soon as the fiscal misconduct is suspected, or when there is reason to believe further losses may occur. Common steps may include changes in staff assignments, obtaining keys, removing systems access, stopping long-distance telephone access, and reassigning signature and approval authority;
    5. Not confronting or accusing the individual suspected of fiscal misconduct and not making any arrangements for resolution of the matter without consultation with the appropriate personnel officer, the Department of Internal Audit, and/or legal counsel as noted in (b) above;
    6. Using discretion and not discussing the circumstances with persons not involved in the incident or with persons without an essential need-to-know. Supervisors can and should be informed if first cleared by the investigative team;
    7. At the completion of any investigation, implementing changes in policy and procedures for improved internal controls to prevent reoccurrence.
  2. The University Department of Internal Audit is responsible for:
    1. Conducting an  assessment of an incident where insufficient facts or evidence is apparent to determine if, in fact, fiscal misconduct has occurred;
    2. Notifying other departments, units and/or University campus officials who may need to be involved in a review or investigation as appropriate;
    3. When a loss has occurred, determining how the loss occurred, the amount of the loss, and possible individuals involved. If the loss is over$10,000, notifying the University Controller and the State Controller;
    4. Gathering available evidence to support loss findings;
    5. Evaluating the systems of internal control and making recommendations for improvements;
    6. Scheduling meetings, as required, with the campus police department, the appropriate personnel officer, administration, and legal counsel to coordinate and assess the progress of the audit and investigative activities;
    7. Following standard audit reporting procedures.
  3. The campus police department is responsible for:
    1. Conducting a preliminary assessment of an incident where sufficient facts or evidence are apparent and/or criminal misconduct is suspected;
    2. Notifying other departments, units, and/or University campus officials who may need to be involved in an investigation, as appropriate;
    3. Determining if, in fact, criminal actions have occurred, and conducting an investigation based on the determination;
    4. Coordinating legal actions with the District Attorney, University Legal Counsel, Office of Internal Audit, and external law enforcement agencies.
    5. Notifying the campus controller, who will in turn notify the University Controller and Internal Auditor if theft exceeds $10,000.
  4. The campus personnel officer is responsible for:
    1. Notifying other departments and units as appropriate to initiate appropriate investigative procedures;
    2. Providing guidance to the appointing authority, administration, and others affected as to appropriate personnel actions to be taken if the suspect is a University employee;
    3. Providing personnel policy interpretation and guidance;
    4. Participating in the resolution process and preparing reports, as necessary.
  5. Legal counsel is responsible for:
    1. Notifying other departments and units as appropriate, including Public Relations. Serve as the liaison with external legal entities and coordinate investigations which may require reporting;
    2. Consulting with campus departments and/or University campus officials as to appropriate investigative and corrective actions;
    3. Providing policy interpretation and guidance;
    4. Participating in the resolution process and preparing reports, as necessary;
    5. Consulting with the campus police department prior to finalizing any monetary or administrative agreement which may affect impending prosecution.
  6. The University Controller is responsible for:
    1. Providing policy interpretation as required;
    2. Working with the affected units to implement the necessary management controls to change and improve business practices which permitted the fiscal misconduct.

IV.  References and Resources

The following references cite the legal basis from which this policy was developed:

    •   Retaliation Prohibited C.R.S. 24-50.5-103
    •   Embezzlement of Public Property C.R.S. 18-8-407
    •   Duty to Report a Crime C.R.S. 18-8-115
    •   Department of Administration C.R.S. 24-30-202 (13)
    •   Theft C.R.S. 18-4-401
    •   Official Misconduct C.R.S. 18-4-404
    •   Forgery C.R.S. 18-5-102
    •   Code of Ethics C.R.S. 24-18 Part 1 Fraud, Theft or Embezzlement--State Fiscal Rules  (Rule 1-9)

University Resources:

V.  Definitions

Italicized terms used in this Administrative Policy Statement are defined in the Administrative Policy Statement Policy Glossary.

Fiscal Misconduct - Examples include circumstances of embezzlement; defalcation; misappropriation of goods, services, or resources; diversion of assets; conflict of interest situations that result in financial loss; and violation of University fiscal policies and procedures for personal gain. Some of these terms are technical legal terms and the references noted above should be reviewed if clarification is required.

Suspected Fiscal Misconduct - A reasonable belief or actual knowledge that fiscal misconduct has or is occurring. Failure to show an actual diversion of assets or loss shall not be considered unreasonable.