Grant Fraud Risk Guide - HTML

Grant fraud - What is grant funding?

Grants may be awarded by government to public sector organisations, businesses or individuals for a range of purposes. For example, they may be used to support projects which further government’s policy objectives, provide a subsidy for a specific purpose, or fund research. There would normally be statutory provision for the award of the grant and it would be subject to certain conditions, specified in a grant agreement.

What is grant fraud?

Grant fraud can include a range of scenarios, such as:

using false information to support a grant application, or a grant claim (where payment is in arrears);
misrepresenting the status of the funded project in monitoring returns;
using grant funding for purposes other than those specified/intended/applied for; or
claiming grant funding for the same purpose from more than one funding organisation.

Why produce a Guide on grant fraud risks?

The volume and profile of government grant funding has increased dramatically since the beginning of the COVID-19 pandemic in early 2020. In the UK, billions of pounds have been distributed via government grants, primarily to support and sustain key areas of the economy. In Northern Ireland, as part of a total COVID-19 support package of over £6.2 billion, over £1 billion has been paid out purely in grants, to support businesses, agriculture, education, transport, sport and the arts.

Two reports by the Comptroller and Auditor General (C&AG), on the Sports Sustainability Fund (published in June 2021) and the Small Business Support Grants Scheme (due to be published in November 2021), highlight issues which could potentially have increased the risk of grant fraud. A number of Accounting Officers sought Ministerial Directions for emergency grant expenditure, recognising that it was inherently risky.

While most organisations, businesses and individuals claiming grant support will be legitimate and will use the grant for the purposes intended, there will be those who have taken advantage of the exceptional circumstances created by the pandemic in order to obtain funding to which they are not entitled. The increased risk of fraud in emergency situations is widely recognised among counter fraud experts. It is therefore timely to remind public sector organisations about the key grant fraud risks, not just in COVID-19 times but in normal times, and set out how those risks can be mitigated.

Structure of the Guide

The Guide sets out the key fraud risks/red flags and mitigating controls under a number of headings:

general;
design and development;
market engagement;
application assessment;
award of grant;
performance monitoring; and
review and evaluation.

Further information

The Guide draws on information already in the public domain. You will find links to the sources used, illustrative case examples and a self-assessment checklist towards the end of the Guide.

General

Fraud Risks/Red Flags	Mitigating Controls
Lack of clarity on roles and responsibilities in relation to a grant scheme can increase the risk of fraud.	There should be appropriate committee/Board/Council involvement in key decisions around grant schemes. A senior responsible officer/owner (SRO) should have oversightacross all stages of the grant process and be responsible for thedesign of the scheme. The SRO should be appointed before design and developmentstage so they can carry out the role effectively. The SRO should be at the appropriate grade for the grant scheme(scale, volume, nature etc.) and have the requisite capacity, capability,experience and delegated authority. The SRO’s responsibilities should be clearly defined.
There may be no clear structure or process for managing grant activity.	Organisations should have a framework covering risks, controls and assurance in relation to their grants activity. Organisations should consider the use of data analytics in relation to grant activity, to proactively identify potential grant fraud.
Those responsible for the various stages of the grant scheme may not have the appropriate skills, experience or fraud awareness.	All staff involved in grant administration should be appropriately trained and experienced. This should include fraud awareness training. Specialist support e.g. counter fraud, legal, financial etc., should be available as required to those administering grant schemes. Staff involved in grant administration should be familiar with the concept of ‘professional scepticism’, which means being alive to the potential for fraud or error at all stages of the grant process and critically assessing any documentary evidence provided.

Design and Development

Fraud Risks/Red Flags	Mitigating Controls
The business case, or equivalent document, seeking to justify the grant funding has not been properly developed, leading to the risk of poor value for money and fraud.	The development of grant schemes should have appropriateexpert input (financial, legal, counter fraud etc.) to helpminimise fraud risks. Eligibility and assessment criteria should be pre-determined.
The business case for grant funding does not include proper consideration of risk and fraud.	A fraud risk assessment, proportionate to the size andnature of the grant scheme being developed, should bepart of the design and development stage. For good practice in managing fraud risk, including fraud risk assessment,please see ‘Managing Fraud Risk in a Changing Environment’, NIAO, 2015. The SRO is responsible for managing risks at each stage. This should include updating the business case and fraud risk assessment, where required, to address changing fraud risks.
Those making the case for a grant scheme may have a vested interest.	Organisations should ensure that proper procedures around declarationand management of conflicts of interest are in place in relation to grant schemes. For good practice in managing conflicts of interest, please see ‘Conflicts of Interest: a Good Practice Guide’, NIAO, 2015.
Governance arrangements for the development of grant schemes may not be sufficiently robust, increasing the risk of fraud.	Design should include a robust governance framework covering roles and responsibilities, delegations, reporting structures and lines of accountability. Assurance arrangements should include controls put in place by management, oversight of the management of the scheme, and independent assurance through the audit process.
Consideration of fraud risk should be a factor when deciding between a direct award of grant and an open call/market engagement process.	There must be a clear and robust audit trail to support the proposed method of grant award. Potential conflicts of interest must be properly managed.

Market Engagement

Fraud Risks/Red Flags	Mitigating Controls
Lack of market engagement could mean that risks associated with the proposed grant funding are not properly identified.	Early market engagement will help to identify potential fraud riskswithin a proposed grant scheme.
Early market engagement at business case stage could lead to bias or give a competitive advantage to some organisations.	Early market engagement must be fully transparent and aboutraising awareness of opportunities; it should not give anyorganisation a competitive edge. There should be a clear and robust audit trail of market engagement.

Application Assessment

Fraud Risks/Red Flags	Mitigating Controls
A weak assessment process which fails to address all risk indicators will increase the risk of fraud and loss.	Use a pre-qualification checklist to help identify possible fraud riskindicators in relation to grant applicants, and to ensure consistencyof the assessment process. Once risks are identified they can bemitigated. Key risk areas to consider include financial stability, controlenvironment, previous experience of managing grants, grant value,grant period etc. All parties to the grant arrangement (grant awarding body, potentialgrant recipient and any other relevant third parties) should share informationon risks, including fraud risk, so that risks can be mitigated. If the risk level is too high, take the decision not to fund.
There is a risk that false information may have been provided in support of the grant application.	Due diligence checks should include background and eligibility of the grant applicant, independently verified where possible. Due diligence checks must be carried out by those with the appropriate skills. For complex or contentious grants, seek expert input, e.g. legal/financial. The grant application form should include a statement that the information provided may be shared for the purpose of prevention and detection of crime, that misleading information will render the application invalid, and that all fraud will be reported to the police.
Those assessing applications may have a conflict of interest.	Assessors should be asked to complete conflict of interest declaration forms and disclose any conflict tothe SRO. Organisations should have a conflicts of interest policy in placeand should maintain, and regularly update, a register of interests. The assessment process should be monitored to ensure consistency.

Award of Grant

Fraud Risks/Red Flags	Mitigating Controls
Grant may be awarded without sufficient due diligence in relation to the recipient. The ethical standards of the recipient may not match those expected by the funding organisation.	There should be a robust grants approval process, which includeschecks on the recipient’s financial status and ethical standards. There should be appropriate committee/Board/Councilinvolvement in decisions to award grant funding.
The conditions for grant award may be unclear, increasing the risk of fraud.	An appropriate grant agreement should be in place which includes:performance monitoring arrangements; performance measures; intendedoutcomes; a definition of eligible expenditure; what happens in the event of fraud; assurance arrangements; events of default and associated clawbackarrangements; defined start and end dates; and a named point of contact. Consider using a template for grant agreements which has had legal, financial and counter fraud input, to ensure all key areas are covered. The grant agreement should include clawback arrangements, so that funding used for ineligible or fraudulent purposes can be recovered. The grant agreement should be signed before any monies are paid out.
A grant may be awarded despite recognition of additional risk factors.	Put in place additional controls for grant awards which are deemed riskier, such as increased monitoring, additional support and greater internal audit involvement. Consider including bespoke pre-conditions which must be met before release of funding. The fraud risk assessment for the grant, and the mitigating controls, should be reviewed throughout the life of the grant to ensure they remain relevant and appropriate. Seek assurance that staff and Board members within grant recipients have had fraud risk awareness training and are aware of good practice in grant management.
The grant recipient may have received funding for the same purpose from another source (duplicate funding).	Grant recipients should be asked to declare that award of thegrant will not result in duplicate funding. Establish communication channels with other grant funders tohelp reduce the risk of duplicate funding. Explore the use of data sharing/data matching to detect multiplegrant applications and awards. In relation to grants to the NI voluntary and community sector, the Government Funders’ Database, available on the Department for Communities website, may help to identify possible duplicate funding. Ensure that you update the Government Funders’ Database when administering grants to the voluntary and community sector, to ensure it is as complete as possible. Consider registering to receive updates from the Government Funders’ Database (see link above) so you are fully informed about other potential funders.
Payment of all grant funding up front increases risk.	Grants should be paid in arrears or in instalments, with appropriate supporting documentation provided to justify payments. Ensure that the terms and conditions of grant include robust clawback arrangements.

Performance Monitoring

Fraud Risks/Red Flags	Mitigating Controls
The grant may not be used for the intended purpose.	Grant recipients should be required to keep a full audit trail of allgrant expenditure, with original supporting documentation, whichshould be available for review by the grant awarding authority. Grant recipients should be required to demonstrate that they have an appropriate system of internal controls/assurance in place to ensure the proper administration of grant funding, recognising that ‘trust’ is not an internal control. Grant agreements should include provisions regarding what happenswhen fraud is identified, including when to involve the police. Grant recipients should be required to report immediately to the fundingorganisation any actual or suspected fraud or irregularities in relation to the grant awarded. Funding organisations should immediately report any actual, suspected or attempted grant frauds to the Comptroller and Auditor General for Northern Ireland (C&AG) or the Local Government Auditor as appropriate (via their sponsor department, in the case of arm’s length bodies). Fraud is a crime and should be reported to the police in accordance with the funding organisation’s fraud response plan.
Grant may be claimed for, or spent on, personal expenses or ineligible expenditure, contrary to the terms of the grant.	Financial monitoring should identify any ineligible or fraudulent expenditure, and clawback arrangements should be in place to ensure any such monies are recovered. Ensure that the grant agreement includes provision of a clear route for both the funding organisation and the recipient to raise any concerns about possible fraud or irregularity.
Grant expenditure may be subject to weak/no controls.	There should be an appropriate, proportionate control frameworkin place for managing the grant. It should be made clear to thegrant recipient that professional standards are expected in theadministration of the grant. Controls should include: verification of expenditure through original supporting documentation; periodic financial reports to the grant awarding body; retention of appropriate records; documented procedures; separation of duties; appropriate authorisation of expenditure; and identification of a responsible person within the funded body to sign off accounts and provide the necessary assurances. Grant recipients should immediately notify the grant awarding body if they find or suspect any fraudulent activity.
Inadequate monitoring arrangements increase the risk of fraud.	There should be clear arrangements in place for regular performance monitoring, e.g. site visits, periodic financial reports, statements of grant usage by category etc. Those responsible for monitoring should be appropriately trained to recognise grant fraud risk indicators, e.g. false or amended supporting documentation (invoices, bank statements, timesheets etc.). Those responsible for monitoring grants must ensure that sufficient and appropriate original supporting documentation is provided.

Review and Evaluation

Fraud Risks/Red Flags	Mitigating Controls
Unused grant may have been retained by the body and used for improper purposes, contrary to the grant agreement.	The annual or end of grant review should determine whether there has been any underspend of grant and, if so, confirm that it hasbeen returned to the grant paying body. Clawback arrangements should be enforced to recover any inappropriate or fraudulent expenditure. Fraud is a crime and any grant frauds identified as part of the review process should be reported to the police in accordance withthe funding organisation’s fraud response plan. Funding organisations should immediately report any actual, suspected or attempted grant frauds to the C&AG or the Local Government Auditor as appropriate (via their sponsor department, in the case of arm’s length bodies).

Fraud Risks/Red Flags

Mitigating Controls

Unused grant may have been retained by the body and used for improper purposes, contrary to the grant agreement.

The annual or end of grant review should determine whether there has been any underspend of grant and, if so, confirm that it hasbeen returned to the grant paying body.
Clawback arrangements should be enforced to recover any inappropriate or fraudulent expenditure.
Fraud is a crime and any grant frauds identified as part of the review process should be reported to the police in accordance withthe funding organisation’s fraud response plan.
Funding organisations should immediately report any actual, suspected or attempted grant frauds to the C&AG or the Local Government Auditor as appropriate (via their sponsor department, in the case of arm’s length bodies).

Useful Sources

Guidance for General Grants: Introduction, Cabinet Office, August 2021

General Grants: Minimum Requirements, Cabinet Office, August 2021

(see links to each Minimum Requirement embedded in the above document at pages 5 and 6)

Government Functional Standard: Grants, HM Government, July 2021

Government Functional Standard: Counter Fraud, HM Government, August 2021

Code of Conduct for Recipients of Government General Grants, HM Government, November 2018

Tackling Grant Fraud, ACF, May 2020

Managing Public Money NI: Annex 5.1: Grants, Department of Finance

Getting to know your grant holders, Fraud Advisory Panel, 2018

Managing Fraud Risk in a Changing Environment, NIAO, November 2015

Conflicts of Interest: a Good Practice Guide, NIAO, March 2015

Case Examples

NI charity director found guilty of fraud

In 2015, the director of a charity based in the north-west of the Province was found guilty of 10 charges of fraud, including fraud by false representation, and forgery, relating to a number of grant funding applications made between 2009 and 2011.

It was found that the fraudster had submitted duplicate funding applications to the Office of the First Minister and Deputy First Minister and to Derry City Council, failing to disclose to each organisation that he had received funding from the other.

He was sentenced to two years in jail, suspended for two years.

Source: NI media reports, April 2015

NI community-based company defrauded by director

A community interest company, established in December 2013 with the aim of promoting sport and physical activity to excluded groups, was dissolved in 2017 following the fraudulent actions of its director.

The fraudster was the only active director of the organisation and it had no employees. He abused his position to gain access to a Big Lottery Fund grant of almost £10,000 and also a bank overdraft of £20,000.

In July 2020, he was sentenced to 15 months in prison, suspended for three years, and banned from operating as a company director for five years.

Source: NI media reports, July 2020

Bogus organisation – the value of due diligence

Your organisation receives a grant application from a body wishing to deliver an arts project. In support of its application, the body submits photographs of a similar event, a number of governance documents, and details of a referee who works for the local authority.

You check online and find that the body has no website. You have concerns about the validity of the photographs supplied in support of the application and you also find that the governance documents are generic and freely available online. You call the referee contact at the local authority, but the number does not work.

This application would appear to be dishonest. The red flags discovered during due diligence checks will allow your organisation to challenge the application and prevent grant funding falling into the hands of those not entitled.

Source: adapted from example in Tackling Grant Fraud, ACF, May 2020

Duplicate funding – ask the question

Your organisation receives a funding application from a body for a specific project with a total cost of £5,000. The body also applies to three other organisations who could potentially provide funding.

Your organisation agrees to fund the full cost of the project. The other three organisations also agree to fund the full cost of the project.

Whether the applicant has done anything wrong depends on whether it has been deceptive. If your organisation asked, as part of the application process, whether the body was applying to other funding organisations and it said no, this is deceptive and more likely to indicate fraud. If your organisation does not ask whether funding has been applied for or received from other sources, then the actions of the body may not be dishonest. Always ask the question so that you have evidence, or not, of dishonest intent.

Source: adapted from example in Tackling Grant Fraud, ACF, May 2020

False invoices – the importance of clawback arrangements and a route for raising concerns

Your organisation has funded a body to run an event for young people. The funded body provides evidence that the event has taken place by submitting invoices from suppliers of equipment for the event, as well as photographs of the day.

Your organisation receives an anonymous phone call stating that the event did not take place and that payments were not made to suppliers. You take a closer look at the photographs and find that they were not taken on the day or at the location which was claimed. You contact the companies named on the supporting invoices and they tell you that they have not supplied the goods and services detailed. This is dishonest activity. Your grant agreement should provide for clawback of funding obtained by deception. It should also include provision for reporting any fraudulent activity to the police and other relevant authorities.

Source: adapted from example in Tackling Grant Fraud, ACF, May 2020

Underspend of grant

Your organisation has provided £7,000 of grant funding to another organisation for a specific project, and you are happy with the outcome. However, the organisation has spent only £5,000 of the £7,000 grant on the project. It creates false invoices for ‘sundry expenses’ to cover the remaining money and submits them to your organisation. Once received, the surplus money is retained by the chairman and treasurer of the grant funded body.

Deliberately creating false invoices to deceive a grant funding body is fraudulent, and fraud will be reported to the police in line with the funder’s fraud response plan. The grant agreement should make clear what happens in the case of a budget underspend, i.e. that any unrequired funds are either not drawn down in the first place or, if already drawn down, are returned to the grant funding body.

Source: adapted from example in Tackling Grant Fraud, ACF, May 2020

Self-assessment checklist

Please note: This checklist is for guidance only and is not intended to be exhaustive. It can be completed periodically to help provide a degree of assurance in relation to your organisation’s overall grants process, and can also be used in relation to individual grant schemes.

Good practice standard	Yes / No	Action required
1. General
1.1 We have clear responsibilities, processes and procedures in place for managing grants.
1.2 All those involved in administering grant schemes receive annual fraud awareness training and are familiar with the concept of professional scepticism.
1.3 We ensure that those involved in administering grants, at any stage, have declared any potential conflicts of interest. Any conflicts are appropriately managed.
2. Design and Development
2.1 Our development of grant schemes includes input from an appropriate range of experts, e.g. financial, legal, counter fraud etc.
2.2 We complete a proportionate fraud risk assessment as part of the development of each grant scheme, and keep it under review.
3. Market Engagement
3.1 We engage appropriately, and in a timely manner, with the relevant market when developing a grant scheme, to help ensure that potential fraud risks are identified at an early stage.
4. Application Assessment
4.1 We use a pre-qualification checklist to help identify fraud risk indicators in relation to grant applicants.
4.2 We have a range of checks in place to establish that the grant applicant is bona fide, financially sound and has appropriate ethical standards, e.g. web searches, checks with relevant regulators, review of key documentation etc.
4.3 Our grant application forms include appropriate wording about the consequences of fraudulent applications, as a deterrent.
5. Award of Grant
5.1 We have an appropriate grants approval process in place.
5.2 We ensure appropriate committee/Board/Council involvement in decisions to award grant funding.
5.3 We use a robust grant agreement template for all grant awards. The template can be tailored to suit the nature and magnitude of the grant.
5.4 We ensure that the grant agreement is signed by the relevant parties before any grant monies are paid out.
5.5 Our grant agreement is clear about outcomes, what is (and is not) eligible expenditure, and what should happen in the event of fraud.
5.6 Our grant agreement includes robust clawback arrangements so that funding used for ineligible or fraudulent purposes can be recovered.
5.7 Our grant agreement requires staff and Board members of recipient organisations to have fraud awareness training.
5.8 As part of our grant award process, we ask grant recipients to declare that the award will not result in duplicate funding.
5.9 We review the Government Funders’ Database as appropriate, to identify possible duplicate funding, and we update the database in relation to any grant we award.
5.10 We have arrangements in place to communicate with other grant funders, to reduce the risk of duplicate funding.
5.11 We pay our grants in arrears or in instalments to reduce risks.
6. Performance Monitoring
6.1 We require grant recipients to keep a full audit trail of all grant expenditure, which should be available for review. Original supporting documentation should include invoices, receipts, bank statements etc.
6.2 Those responsible for monitoring are appropriately trained to recognise grant fraud risk indicators, e.g. false or amended supporting documentation.
6.3 We require grant recipients to have a documented system of internal controls, so that grant funding is properly administered, and to ensure those controls are operating.
6.4 We provide a reporting route for those wishing to raise concerns about possible fraud or irregularity in relation to grants.
6.5 We have clear arrangements in place for regular performance monitoring, including (as appropriate) site visits, periodic financial reports, statements of grant usage by category etc.
6.6 Where financial monitoring identifies any ineligible or fraudulent expenditure, we activate clawback arrangements to recover the funding.
6.7 We immediately report any actual, suspected or attempted grant frauds to the C&AG or the Local Government Auditor as appropriate (via our sponsor department).
6.8 We recognise that grant fraud is a crime which should be reported to the police in accordance with our fraud response plan.
6.9 We challenge instances where a funded organisation seeks an addition to the agreed level of funding, to ensure there is a valid reason for the request.
7. Review and Evaluation
7.1 We complete an end of grant review and financial reconciliation. We ensure that any underspend of grant is returned and not retained fraudulently by the grant recipient.