16.4 Malfeasance Reporting
Malfeasance is any misconduct or unlawful act carried out by a public official that cannot be legally justified or conflicts with the law, including, but not limited to fraud, waste, and abuse. The Board of Regents of the University System of Georgia is committed to preventing and detecting fraud, waste, abuse, and other forms of malfeasance and implementing corrective action when acts of malfeasance have occurred. Employees are subject to disciplinary action up to and including dismissal as a result of participation in or commission of any malfeasance. It is the policy of the University System of Georgia to refer all potentially criminal acts to law enforcement for investigation. See sections 16.4.3 and 16.4.4 for additional detail on the investigation process.
16.4.1 General Definitions of Fraud, Waste, and Abuse
Fraud is defined as a false representation of a matter of fact that is intended to deceive another. A fraudulent act may be illegal, unethical, improper, or dishonest and may include, but is not necessarily limited to:
- Alteration or falsification of documents
- False claims
- Theft of any asset
- Inappropriate use of computer systems, including hacking and software piracy
- Bribery or kickback
- Conflict of interest
- Misrepresentation of facts
A fraudulent act may have criminal and/or civil law consequences. The Office of Internal Audit and Compliance is not required to use a determination by a criminal justice authority to criminally prosecute as the basis for determining whether an act may be fraudulent. It is the internal determination of the above criteria that defines an act as potentially fraudulent under this policy.
Waste is defined as the expenditure or allocation of resources in excess of need that is often extravagant or careless.
Abuse is defined as the intentional, wrongful, or improper use of resources. Abuse can be a form of wastefulness as it entails the exploitation of “loopholes” to the limits of the law, primarily for personal advantage.
16.4.2 Duties and Responsibilities
Any USG employee who has a reasonable basis for believing a fraudulent act has occurred has a responsibility to promptly notify one of the following:
- His or her supervisor
- Internal Audit department at the institution or at the BOR
- Institution police department
- Institutional or BOR Ethics and Compliance Hotline
The Office of Internal Audit and Compliance has the primary obligation for investigating reported malfeasance for the University System Office (USO) and for institutions without an institutional auditor. Institutional Audit departments have the primary obligation for malfeasance investigations at local campuses.
The Internal Audit departments at both the Board level and the institutional level may contact other departments, including the Legal Office and university police departments, to establish the necessary team to proceed with the review or investigation. The investigative team will attempt to keep source information as confidential as possible. In those instances where the investigation indicates potential criminal activity, an initial report shall be submitted to the USG Chief Audit Officer. The USG Chief Audit Officer, in consultation with the USG Director of Safety and Security will determine when and if appropriate law enforcement notifications are to be made. The USG Chief Audit Officer, in consultation with the USG Office of Legal Affairs, shall submit this report to the Georgia Department of Law for further investigation.
16.4.4 Institution Triage Committees
All USG institutions are encouraged to establish a triage committee to address fraud, waste, and abuse. Triage committee members may include representations from internal audit, legal affairs, compliance, human resources, public safety/campus police, information security or other functions per the discretion of the institution president. It is this committee’s responsibility to monitor the institutional Ethics and Compliance Hotline and to ensure appropriate remediation of hotline issues. Local committees may treat the incident as an administrative issue addressed by committee and/or a designee. Alternatively, the committee may report the issue to Internal Audit to perform an objective review and/or investigation. Absent a formal triage committee, institutional management is responsible for ensuring compliance with this section. Issues involving members of the triage Committee or institutional executive management shall be referred to the USG Office of Internal Audit and Compliance for remediation and/or investigation.
Incidents involving suspected criminal employee malfeasance must be reported to the USG Chief Audit Officer once an initial determination has been made that employee malfeasance was likely. Malfeasance reports should be marked confidential and submitted in draft form. Malfeasance reports should include:
- Institution’s name and point of contact to include email and phone number;
- Description of the incident to include incident time, date, location, improper activity, and estimated loss to the institution (if any);
- Known suspect information to include employee name, title, employment status (administrative leave, pending termination, etc.), and supervisor’s name; and,
- Current case status to include law enforcement involvement and the results of any internal audit investigation.
The USG Chief Audit Officer, in consultation with the USG Office of Legal Affairs, shall transmit employee malfeasance reports to the Georgia Department of Law. The transmittal letter shall include an incident summary and may include a recommendation as to whether to pursue further investigation.