b'FRAUDThe use of email to approve transactions increases the schools exposure to loss from cyber security breaches.Does the board of governors receive sufficient assurance that fraud and bribery risks are being actively managed within the school?Do governors receive regular reports on fraud and bribery allegations and the outcome of any investigations?Are you satisfied that the school has access to the right level of expert resource in this area?Policy frameworkIs there a robust anti-fraud and bribery policy in place?Does the policy set out a zero-tolerance response to such activity?Is the policy accompanied by a suitable response plan that can be deployed promptly where needed?Has the policy and response plan been reviewed by a counter-fraud specialist for adequacy and completeness?Is the policy appropriately communicated to staff, parents, suppliers and the general public? such as remote working and a greater reliance on Risk assessment technology will become permanently embedded Do you understand which business processes,into your operating environment. The way the school systems and even particular personnel are most atinteracts with parents, staff and suppliers will be risk of fraud or bribery? different to how things were pre-pandemic so your Has a recent, comprehensive risk assessment ofinternal control procedures may also need to be all organisational activity been completed, withupdated. Some things to consider:appropriate independent oversight? Reviewing the scheme of delegation to ensure Are fraud and bribery risks articulated, recordedit remains appropriate for the types of financial and monitored in the same way as your othertransactions the school is undertaking.organisational risks? Updating the process for approval of transactions from physical sign-off to electronic. Consider how Awareness will this be initiated and recorded.Do all staff understand what fraud and bribery are,Online banking and credit card transactionsare you and how these offences might present themselves insatisfied with the security measures in place?the schools operating environment? Changing the frequency of reconciliations for key Do all staff understand how they should react whenaccounts.they identify fraud or bribery? Appropriate segregation of duties and review Do we actively encourage staff to raise concerns, andprocesses when staff are working remotely/at provide them with sufficient, secure reporting routes? different times. Cyber security and access to key systems including Prevention and detection activityemail. Communication with parents and suppliers. Are controls regularly tested to an anti-crime standard? Kerry Gallagher is a specialist not-for-profit Is testing and analytics activity routinely deployed inaudit director at RSM. Kerry can be contacted relevant areas to identify where fraud may have beenon kerry.gallagher@rsmuk.com. committed?Gemma Higginson is a member of RSMs Time to review internal controls? Fraud Risk team. Gemma can be contacted on Some of the changes brought about by the pandemicgemma.higginson@rsmuk.com. www.independentinsight.netIwww.iexcellence.co.ukIwww.i25awards.co.uk 33'