University Policy 3003

Code of Virginia Section 23.1-1301, as amended, grants authority to the Board of Visitors to make rules and policies concerning the institution. Section 6.01(a)(6) of the Board of Visitors Bylaws grants authority to the President to implement the policies and procedures of the Board relating to University operations. Section 7.01 of the Board of Visitors Bylaws grants specific authority to the Chief Audit Executive.

Code of Virginia, Section 30-138, as amended - State agencies, courts, and local constitutional officers to report certain fraudulent transactions; penalty.

Board of Visitors Policy 1610 - Charter of the Internal Audit Department

Abuse - excessive or improper use of something, or to use something in a manner contrary to the natural or legal rules for its use. Examples include the intentional destruction, diversion, manipulation, misapplication, maltreatment, or misuse of University resources; or extravagant or excessive use as to the abuse of one's position or authority. Abuse can occur in financial or non-financial settings.

Fraud - an illegal act of intentional deception or misrepresentation used to benefit oneself or others or to cause detriment to others or the University. Fraud includes but is not limited to false representations of material fact, false or misleading statements, or the concealment of something that should have been disclosed, which deceives and is intended to deceive.

Waste - the thoughtless or careless expenditure, consumption, mismanagement, use, or squandering of University resources to the detriment or potential detriment of the University. Waste also includes incurring unnecessary costs resulting from inefficient or ineffective practices, systems, or controls.

This policy applies to all employees, students, volunteers, employees of affiliated organizations who are paid through the University, and visitors to the institution. Employees include all staff, administrators, faculty, full- or part-time, and classified or non-classified persons who are paid by the University. Students include all persons admitted to the University who have not completed a program of study for which they were enrolled; student status continues whether or not the University's programs are in session. Affiliated organizations are separate entities that exist for the benefit of the University through an operating agreement and include the foundations, the Community Development Corporation, and the Alumni Association. Visitors include vendors and their employees, parents of students, volunteers, guests, uninvited guests and all other persons located on property, owned, leased, or otherwise controlled by the University.

The Code of Virginia, Section 30-138, as amended, requires that, "Upon the discovery of circumstances suggesting a reasonable possibility that a fraudulent transaction has occurred involving funds or property under the control of any . . . agency of the Commonwealth, . . . as to which one or more officers or employees of state or local government may be party thereto, the state agency head . . . shall promptly report such information to the Auditor of Public Accounts (Auditor), the State Inspector General and the Superintendent of State Police (Superintendent)."

Upon discovery of information or circumstances suggesting fraud, waste or abuse, it is the responsibility of University employees and students to immediately notify either the State Employee Fraud, Waste, and Abuse Hotline or the University Audit Department. The individual may also additionally contact other University departments such as the Department of Human Resources, the Department of Public Safety, Office of Finance and/or University Counsel. When fraud, or circumstances suggesting fraud, is reported to any of these offices, the other offices listed above should be contacted in a timely manner to inform them of the situation, if warranted.

The above departments should agree as to the respective roles each office should have in the investigation of the situation. Different circumstances may require different departments to lead the investigation (e.g., if the situation is criminal, financial or administrative in nature).

Upon notifications of possible fraud, the University Auditor should ensure that the proper authorities within the department and University management have been notified of the potential loss. The University Auditor should work to ensure that the University promptly notifies other state departments as required under Section 30-138 of the Code of Virginia.

The University Audit Department will perform sufficient tests to identify any weaknesses in financial, operating, or technology controls that permitted the loss and will evaluate the impact the weaknesses have with respect to other activities of the institution. In addition, the University Audit Department will recommend improvements to correct the weaknesses and incorporate appropriate tests in future audits to detect whether the same or similar weaknesses exist in other areas of the institution.

Applicable records must be retained for three years following the end of the fiscal year in which the records were closed and then destroyed in accordance with the Commonwealth's Records Retention Schedule (General Schedule Series 102, Series 012086).

Chief Audit Executive

University Policy 3002 - Authority of the University Audit Department