Fraud Prevention

Our Commitment to Preventing Fraud

As a public, research intensive (R1) university, we are entrusted with public funds, research dollars, student resources, donor resources, and more. These resources are safeguarded through a culture of ethics, transparency, accountability, and strong risk management practices.
Fraud undermines our mission and erodes trust. Every employee—faculty, staff and administrators—plays a vital role in preventing, detecting and reporting concerns.
Good faith reports are encouraged and protected. Reports made in good faith are protected from retaliation as provided by university policy and applicable state law.

Fraud Within the University’s Enterprise Risk Management (ERM) Program

Fraud is recognized as a significant institutional risk within the university’s Enterprise Risk Management (ERM) framework. ERM provides a structured process for identifying, assessing and managing risks that could impact the university’s operations, finances, compliance posture and reputation.

Fraud affects several ERM risk categories, including:

  • Financial Risk: loss, misappropriation or misuse of university assets
  • Operational Risk: process failures or control breakdowns
  • Compliance Risk: violations of laws, grant requirements or policy
  • Reputational Risk: diminished trust in the University

By preventing and reporting fraud, employees directly contribute to the university's overall risk management strategy and help reduce institutional exposure.

Board Policy 350.1: Your Responsibilities

Every university employee shares responsibility for the prevention of fraud, waste and abuse. The policy requires employees to:

  • Uphold ethical conduct in all university activities.
  • Follow established financial and administrative controls.
  • Report suspected fraud, waste or abuse promptly.
  • Cooperate fully in related reviews or investigations.

View Board Policy

At a Glance: How to Report a Concern

Employees are encouraged to report concerns, in good faith, through established channels. Prompt reporting supports early intervention, strengthens the university’s ERM posture, and helps maintain a secure and ethical environment.

Reporting options include:

  • To your supervisor and/or unit leadership, unless you prefer the following alternative reporting option
  • Directly to Internal Audit at 1-866-252-9838 (or) University Financial Compliance

Sandra Sturgeon, Director of Financial Compliance
236 Uptown West
1 University of Arkansas
Fayetteville, AR 72701
Phone: 479-575-5553

What To Report?

If you see activities that could constitute loss, theft or misuse of university assets, or behavior that is dishonest or unethical, you should report it. The following are some examples of potentially fraudulent or dishonest activities:

Asset Misuse & Misappropriation

  • Theft, loss or unauthorized use of university or research property (equipment, technology, supplies, specialized research materials).
  • Personal use of P Cards/T Cards or other purchasing instruments.

Grants, Sponsored Projects, and Research Compliance

  • Unallowable expenses, personal purchases on grants or improper cost transfers between awards.
  • Inflated or falsified effort reporting (e.g., certifying time that does not reflect actual effort on federally funded work).

Procurement & Contracting

  • Bid rigging, vendor collusion or steering awards to friends, family or undisclosed related businesses.
  • Signing contracts outside of authorized processes.

Reimbursements, Payroll & Time Reporting

  • False, inflated or duplicate expense/travel claims.
  • “Ghost” employees, falsified student worker hours or unauthorized payroll adjustments.

Records & Information Integrity

  • Forgery or manipulation of official records (financial, personnel, academic, administrative).
  • Improper changes to student related records (grades, transcripts, residency, financial aid, tuition/fee records).
  • Information and data misuse—accessing or sharing secure data for non university purposes; manipulating system entries for personal gain.

Conflicts of Interest / Commitment & Gifts

  • Failure to disclose outside employment or financial interests as required.
  • Using university resources for outside work; directing staff/students to perform personal tasks.
  • Accepting or soliciting gifts, favors, or items of value that could influence—or appear to influence—official decisions.

Not sure if something is potentially fraudulent? If something seems off, report it. We would rather review a well intentioned concern than miss a potential problem.

Higher education institutions are facing unprecedented challenges from fraud. From ghost students to artificial intelligence (AI)-generated identities, these risks intersect with many ERM categories, particularly financial, operational, and information-security risks.

For awareness of emerging risks across higher education, Auburn University publishes Case in Point: Lessons for the Proactive Manager—a monthly newsletter that highlights fraud, ethics, compliance, privacy, security incidents and other risk-related events affecting colleges and universities. Each issue summarizes real incidents that have occurred at institutions nationwide, offering valuable insight into how misconduct and operational failures can develop within a university setting. The monthly newsletter is available as a free digital subscription through the Case in Point website, with each issue delivered directly to subscribers’ email inboxes.

By learning from these real-world examples, our employees gain a clearer understanding of potential vulnerabilities and the importance of strong internal controls. This proactive awareness helps us better protect our campus, strengthen decision making and promote a culture of accountability across our organization.

Practical Ways to Minimize Fraud (Department-Level Controls)

The following preventative control examples also strengthen the university's overall ERM framework by reducing exposures across financial, operational and compliance risk areas:

  • Separate duties (no single person controls all steps of a transaction)
  • Perform timely reconciliations and review exceptions
  • Ensure proper approvals by authorized personnel
  • Monitor high risk activities (procurement, grants, cash handling, auxiliaries)
  • Review carefully—not just cursory checks.
  • Maintain appropriate access controls and remove access promptly when roles change
  • Communicate an ethical Tone at the Top and speak up culture
  • Conduct periodic inventories of equipment and sensitive assets
  • Screen new hires appropriately and verify vendors before setup
  • Follow records retention schedules
  • Provide training and refreshers for staff with financial responsibilities
  • Brainstorm risks & controls as a team; document and revisit at least annually

Insights from the 2024 ACFE Report to the Nations

The 2024 ACFE Report to the Nations analyzes 1,921 fraud cases across 138 countries and 22 sectors. Its findings highlight fraud risks particularly relevant to decentralized university environments and align closely with ERM risk categories.

Key Takeaways for Universities:

  • Weak internal controls are the biggest driver of fraud, with more than half of cases involving control gaps or overrides.
  • Tips are the most effective detection method, identifying 43% of cases—far more than audits or monitoring alone.
  • Fraud often involves altered or falsified documents, making digital audit trails essential.
  • Fraud schemes commonly include asset misappropriation and corruption, both of which are highly relevant in decentralized university environments (procurement, grants, auxiliaries).

Why It Matters: Strengthening internal controls, training employees, improving reporting awareness, and monitoring high risk areas all reduce institutional risk – and support the university’s ERM objectives.