| Adoption: 2012-10-29 Instance of Approval: Board of Governors |
| Modification: 2026-04-28 Instance of Approval: Board of Governors |
| Responsible Department: Office of the Chief Risk Officer |
1. PURPOSE
1.1. The purpose of this Policy is to define Financial Fraud, outline general principles and to establish the authorities in the reporting and investigation of Financial Fraud in order to support the University of Ottawa’s commitment to the sound management of its financial resources.
2. APPLICATION
2.1 This Policy applies to all University Members.
3. DEFINITIONS AND INTERPRETATION
3.1 For the purposes of this Policy and procedures adopted pursuant to it, the following words and expressions have the following corresponding meaning:
“Disclosure” means the act of reporting or communicating a known or suspected Financial Fraud in according with this Policy.
“Financial Fraud” means any known or suspected act or omission involving University Funds that misrepresents, conceals or otherwise deceives resulting in financial loss to the University or posing risk its integrity or its economic interests. Financial Fraud includes, but is not limited to, the following:
a) theft, bribery, misappropriation, destruction, unauthorized use, suppression or concealment of University Funds or of tangible or intangible property owned by or under the University’s custody and control where a financial impact is involved;
b) forgery, falsification, alteration, destruction or fabrication of any paper or electronic financially related record (for example, cheques, grant applications, time sheets, contracts, requisitions, budgets, accounting records);
c) making false financial claims and statements, including authorizing or receiving payment for hours not worked;
d) inappropriate use of computer or electronic systems that impacts University Funds, including but not limited to, unauthorized access and software piracy, unauthorized or deceptive electronic funds transfer or payment instructions, or other manipulations of systems or of financial or banking information, whether initiated internally or through external deception (including phishing or other types of social engineering);
e) corruption, unauthorized giving or receiving of discounts or rebates, and authorizing or receiving payments for goods not delivered or services not performed;
f) non-compliance with the financial provisions of University policy, procedure or practice or with any applicable laws.
“Head of Unit” means the University employee who holds a University position with the highest level of managerial decision-making authority of an academic or administrative unit.
“Interim Measure” refers to any temporary, precautionary action taken while a preliminary review of a Disclosure or an Investigation is ongoing. These measures are intended to protect University Funds, stabilize the situation, preserve the ability to do a proper Investigation, prevent further incidents, safeguard individuals from retaliation or threats of retaliation, address safety or other pressing concerns, and/or provide appropriate support. Interim Measures shall not be construed as evidence of either a finding or non-finding of a violation of this Policy.
a) Examples of Interim Measures include but are not limited to preserving University records, implementing financial controls and other actions to remediate deficiencies or to assist with the prevention and detection of similar incidents in the future.
b) Examples of Interim Measures imposed on a University Member include but are not limited to disabling a University Member’s access to University IT systems or to University Funds, restricting contact between individuals, modifying a University Member’s duties or schedule, or imposing a temporary, non-disciplinary leave of absence. Interim measures that are imposed on a University Member are protective in nature and do not constitute disciplinary action.
“Investigation” means the act of formally examining the alleged Financial Fraud in a manner appropriate in the circumstances.
“Investigator” means a person either in the Internal Audit Office or Office of the Chief Risk Officer or an external investigative services firm retained by the Internal Audit Office or Office of the Chief Risk Officer to do an initial assessment or an Investigation of a Disclosure.
“University Funds” means funds owned or administered by, or in the care of, or due to the University.
“University Member” means any of the following:
a) full-time, part-time or temporary University employee,
b) University appointee (for example, University volunteers, those with a University academic appointment or adjunct, visiting, fellow or emeritus appointment),
c) member of the Board of Governors, of the Senate and any of their respective committees, as well as a member of any other committee formed to help the University achieve its goals,
d) anyone engaged by the University to provide services or goods to the University (for example, consultants, contractors) or
e) anyone who has access to University accounts involving University Funds.
3.2 If the Senior Manager, Internal Audit or the Chief Risk Officer or the Secretary-General are the subject of a Disclosure, the President or their delegate will assume responsibility for the oversight of any Disclosure and any preliminary review or Investigation. If the President is the subject of a Disclosure or an Investigation, then the Chair of the Audit Committee will assume responsibility for the oversight of any Disclosure and any preliminary review and Investigation.
4. GENERAL PRINCIPLES
4.1 The University is committed to preserving the public trust and confidence in its financial activities and to protecting against Financial Fraud by maintaining internal controls and procedures to prevent Financial Fraud and to protect its financial resources.
4.2 University Members must act honestly and uphold the highest ethical standards when performing their University Responsibilities involving University Funds.
4.3 The University does not tolerate Financial Fraud. University Members who engage in Financial Fraud will be subject to consequences, including but not limited to, termination of employment, appointment, contract or of any other engagement with the University and may face criminal prosecution or civil suits.
4.4 Heads of Unit and University employees at all levels of management are responsible for ensuring financial and administrative internal controls and measures to assist in the prevention of Financial Fraud within their academic or administrative unit.
4.5 A University Member who makes a Disclosure or provides information about a Disclosure in good faith and in accordance with this Policy will not be subject to reprisal.
4.6 A University Member who knowingly makes false allegations of Financial Fraud will be subject to consequences or discipline, up to and including termination of employment or of their relationship to the University. A false allegation is different from an unsubstantiated allegation; an unsubstantiated allegation means one that is made in good faith but there is insufficient supporting evidence to determine whether the allegation is true or false.
5. CONFIDENTIALITY
5.1 All individuals involved in reporting a Financial Fraud or in an Investigation into Financial Fraud must keep the matter confidential to safeguard individuals against unsubstantiated allegations, protect the rights of those involved in an allegation of Financial Fraud and preserve the integrity of the Investigation.
5.2 Information related to a Disclosure, an Investigation, the analysis of the allegations or of the facts, findings or conclusions, decisions are to be kept confidential, unless the sharing of such information is permitted or compelled by applicable law. Information can only be shared with those persons who have a legitimate need to know this information for the implementation of this Policy, the preliminary review, the Investigation, Interim Measures, decisions, consequences or corrective action or to perform their University duties.
6. DISCLOSURE OF FINANCIAL FRAUD
6.1 A University Member who discovers a known Financial Fraud or has a reasonable basis for believing that Financial Fraud may have occurred or is occurring, must disclose it to their manager or Head of Unit or directly to:
a) the Senior Manager, Internal Audit; or
b) the Chief Risk Officer, if reporting it to a) is inappropriate; or
c) the Secretary-General, if reporting it to a) and b) is inappropriate; or
d) the President, if reporting it to a), b) and c) is inappropriate
e) the Chair of the Audit Committee (care of the Office of the Secretary-General), if reporting it to a), b), c) and d) is inappropriate.
If the manager or Head of Unit is the recipient of the Disclosure, they are responsible for ensuring that the Disclosure is reported to appropriate channel of reporting set out above.
6.2 An anonymous Disclosure of an allegation of Financial Fraud can be considered by the recipient of the Disclosure if it consists of sufficient, substantive and verifiable information and if the anonymity of the person disclosing the Financial Fraud does not prejudice the fairness of the follow-up or Investigation of the Financial Fraud. An anonymous Disclosure may pose limitations on the ability to investigate and follow-up.
6.3 A Disclosure must contain enough information, details and accompanying documents (if any) to allow for a preliminary review (as referred to in Section 7 of this Policy). For example, a Disclosure should contain the following information:
a) nature of the suspected incident(s) involving University Funds
b) name of the person(s) believed to have engaged in the suspected incident(s) and the academic or administrative unit(s) involved
c) dates of the incidents, if known
d) description of how the suspected incident(s) came to light
e) documentation, if any, in support of the Disclosure
f) contact information of the person making the Disclosure.
6.4 Upon receiving a Disclosure, the Senior Manager, Internal Audit will notify the Chief Risk Officer, the Secretary-General, Human Resources or Faculty Relations (as applicable if the Disclosure involves an employee) and the Head of Unit where the suspected Financial Fraud occurred.
7. PRELIMINARY REVIEW
7.1 The Senior Manager, Internal Audit will conduct a preliminary review of the Disclosure of an allegation of Financial Fraud and will, if necessary, seek additional information, consult internally and retain external subject matter expertise for assistance, as needed. The preliminary review will be conducted in a timely and confidential manner.
7.2 The purpose of the preliminary review is to assess whether or not to proceed with an Investigation. The preliminary review will consider whether the,
a) allegations, if true, would constitute Financial Fraud within the meaning of this Policy,
b) information provided is specific enough to be investigated, and
c) subject matter is within the University’s authority to investigate.
7.3 The Senior Manager, Internal Audit may convene and lead a cross-functional advisory group with relevant skills to support the imposition of Interim Measures, the preliminary review and any Investigation (should the Disclosure proceed to an Investigation). The composition of such advisory group will depend on the situation but could be comprised of Protection Services, Financial Resources, Human Resources or Faculty Relations, Legal Counsel Office and others as deemed by the Chief Risk Officer to be appropriate. If specialist skills are required or the internal capacity to do the preliminary review or potential Investigation could pose challenges, the Senior Manager, Internal Audit can engage an external specialist or investigative services firm to assist with or conduct the preliminary review or the Investigation.
7.4 When the preliminary review is complete, the Senior Manager, Internal Audit will recommend to the Chief Risk Officer whether there is sufficient basis to proceed with an Investigation, who in turn, will report the outcome of the preliminary review to the Secretary-General for a decision.
7.5 The Secretary-General will decide on whether to initiate an Investigation and on whether to involve police or other relevant law enforcement agency (if the alleged Financial Fraud appears to constitute an offence under the Criminal Code), in which case the Director of Protection Services will be responsible for communicating with police or other such relevant law enforcement agency and remain the point of contact on behalf of the University.
7.6 For a potential breach of responsible conduct of research involving research funds, the Senior Manager, Internal Audit will consult with the Director, Research Ethics and Integrity prior to proceeding with an Investigation to identify considerations related to University Policy 115 – Responsible Conduct of Research or to research sponsors’ requirements that may impact the Investigation.
7.7 If the outcome of the preliminary review is that the Disclosure falls outside of the scope of this Policy and should be dealt with under a different University policy or procedure or under a collective agreement, the Senior Manager, Internal Audit will inform the person who made the Disclosure of the potential University policy or procedure or collective agreement under which the matter should be dealt with (see examples in Section 8.10) and will confidentially notify the appropriate Head of Unit who is responsible for administering the University policy or procedure and Human Resources or Faculty Relations, as applicable.
8. INVESTIGATION
8.1 If the Secretary-General decides that the Disclosure warrants Investigation, either the Senior Manager, Internal Audit or an external Investigator will do the Investigation into the Disclosure. The Secretary-General will inform the President and the Chair of the Audit Committee of the decision to initiate an Investigation and as applicable, the Head of Unit in authority over a University Member who is alleged to have engaged in Financial Fraud.
8.2 Investigations shall be conducted responsibly and adhere to the principles of procedural fairness, in a manner that is respectful of individuals and that ensures appropriate and acceptable evidence is obtained. The Investigator will have the authority to preserve relevant documentation, examine, copy, and/or secure the contents of files, desks, cabinets, and other storage facilities, including electronic files and devices, with the exception of personal property.
8.3 To the extent permitted so as not to comprise the integrity of an Investigation or law enforcement proceeding, the Head of Unit in authority over a University Member who is alleged to have engaged in an act of Financial Fraud (or such other University authority as the Secretary-General may deem appropriate in the circumstances) will provide the University Member with a written summary of the allegations against them to inform them of the Investigation and to communicate or give direction on any Interim Measures relevant to them. Human Resources or Faculty Relations, as applicable, should be consulted prior to informing the University Member. The Investigator will give the University Member an opportunity to respond to the allegation of Financial Fraud against them and to provide any additional information to the Investigator before the Investigation report is finalized.
8.4 During an Investigation, Interim Measures may be implemented by or under the direction of the Secretary-General (in consultation with Internal Audit, Human Resources or Faculty Relations or others as appropriate).
8.5 At the conclusion of the Investigation, the Investigator will issue an Investigation report to the Chief Risk Officer and Secretary-General. The Investigation report should include the following elements:
a) details of the allegation of Financial Fraud, the effect on the University’s Funds and financial information,
b) the steps taken to do the Investigation,
c) the findings and evidence gathered during the Investigation,
d) the identified risks associated with the Financial Fraud, and
e) recommended actions to remediate any identified deficiencies and to assist with the prevention and detection of similar incidents in the future.
8.6 The Chief Risk Officer may make any further recommendations related to identified risks, if any, to the Secretary-General.
8.7 The Secretary-General will use the Investigation report and recommendations made by the Chief Risk Officer, if any, to decide on whether Financial Fraud occurred.
8.8 Where the Secretary-General has concluded that Financial Fraud has occurred, they will inform the President. The Secretary-General will also inform the Chair of the Audit Committee and the University’s external auditors as soon as the circumstances permit (and not wait until the next quarterly report to the Audit Committee as referenced in Section 9.1) if the Financial Fraud:
a) resulted in a significant loss of University Funds; or
b) involved executive or senior University administrators; or
c) is material to the financial statements or could reasonably be expected to influence the audit of the University’s financial statement, the scope of audit procedures; or
d) revealed significant deficiencies or weaknesses in internal financial controls; or
e) has other significant qualitative impacts on financial reporting integrity, even where the monetary amount is not significant.
The Secretary-General must document the rationale for determining whether a Financial Fraud is material or relevant to the audit, considering paragraphs a) to
e) above any other quantitative factors and qualitative factors. Where uncertainty exists regarding the materiality or audit relevance of the identified Financial Fraud, the Secretary-General will err on the side of transparency to ensure that the Audit Committee and the University’s external auditors have sufficient information regarding the Financial Fraud to perform their duties effectively.
8.9 The Secretary-General will also decide on any further actions, including, without limitation, the following:
a) as applicable, informing Human Resources, Faculty Relations and the Head of Unit in authority over a University Member, who in turn, will inform the University Member of the outcome of the Investigation and on any further investigation or action which may lead to discipline or other consequence on a University Member who has been found to have engaged in an act of Financial Fraud;
b) imposing (or recommending to the Administration Committee for a decision, as applicable,) process improvements, financial controls or other administrative internal controls to assist in the prevention and detection of similar incidents in the future;
c) directing Protection Services to report the matter to police or other relevant law enforcement agency;
d) taking measures to recover losses resulting from a Financial Fraud, including but not limited to, commencing civil action or other recourse against those responsible for the Financial Fraud;
e) directing the Senior Manager, Internal Audit to contact the person who made the Disclosure of the Financial Fraud to inform them that the Investigation is complete and to the extent permitted, the outcome;
f) ensuring other appropriate follow-up or action.
8.10 The conduct of a University Member giving rise to Financial Fraud might be addressed by another University policy or procedure or by a relevant collective agreement. Therefore, any further Investigation into the University Member’s conduct or application of consequence and corrective action can depend on applicable collective agreement provisions and other relevant University policies and procedures, as may be established or amended from time to time. Examples of other University policies include, but not limited to, the following:
Policy 2b) – Discipline (Non-unionized Administrative and Support Staff) and Procedure 18-16 – Disciplinary Process (Non-unionized Administrative and Support Staff)
Policy 70 - Conflict of Interest
Policy 115 Responsible conduct of research and Procedure 29-2 Addressing Allegations of a Breach of Responsible Conduct of Research
8.11 A University Member that is found to have engaged in an act of Financial Fraud will be subject to disciplinary and corrective action, up to and including termination of employment, appointment, contract or of any other engagement with the University. The process for such disciplinary and corrective action will be in accordance with the terms that govern the relationship between the University Member and the University, namely, the relevant collective agreement, employment contract, appointment, contract or other University policy or procedure agreement that governs the terms of their engagement with the University.
9. REPORTS TO AUDIT COMMITTEE
9.1 On a quarterly basis, the Senior Manager, Internal Audit will compile a confidential summary report of all the Disclosures of suspected or known Financial Fraud received for the Chief Risk Officer and the Secretary-General. The report will note the outcome of any preliminary review or Investigation and will be submitted to the Audit Committee for information by the Secretary-General.
10. APPROVAL AND AMENDMENTS
10.1 The Secretary-General is responsible for periodic review of this Policy, for interpreting this Policy and for recommending to the Audit Committee any amendments to it.
10.2 Amendments to this Policy require the approval of the Board of Governors.
10.3 The Secretary-General may establish, amend or abrogate procedures for purposes of the effective implementation of this Policy, provided that such procedures are consistent with the provisions of this Policy.
10.4 Notwithstanding 10.2 of this Policy, the Secretary-General may amend this Policy without the need to submit such amendment to the Board of Governors for approval if such amendment is required to:
a) update or correct the name or title of a position, unit, law, bylaw, policy, procedure or authority; or
b) correct punctuation, grammar, typographical errors, revisions to format and other technical revisions, where appropriate, if the correction does not change the meaning of a provision, or make such other correction if it is clear both that an error has been made and what the correction should be; or
c) correct the form of expression of a provision in French or in English to be more compatible with its form of expression in the other language; or
d) make consequential amendments to conform with or arising from another University bylaw, resolution, policy or procedure.