Scottish Public Finance Manual

The Scottish Public Finance Manual (SPFM) is issued by the Scottish Ministers to provide guidance on the proper handling and reporting of public funds.

Annex 3: fraud response plan


1. This Fraud Response Plan sets out arrangements to ensure that when suspected frauds against the Scottish Government (SG) are reported, either to line managers, HR, Internal Audit, finance business partners, sponsor units or the Fraud Response Team, effective action is taken to:

  • investigate the circumstances
  • minimise the risk of subsequent loss
  • ensure that appropriate recovery action is taken or, failing recovery, to initiate action to write off any losses
  • remedy any weaknesses in internal control procedures
  • initiate disciplinary and legal procedures, where appropriate
  • demonstrate that the SG is not a soft target for attempted fraud


2. The core SG and SG Main Executive Agencies are covered by these arrangements. However, an Agency may establish its own arrangements, consistent with the SG Fraud Response Plan, covering both external and internal fraud.

3. Business areas within the core SG that have significant grant-giving or contract-letting responsibilities should also establish additional local arrangements for dealing with external fraud. This should be based on the particular process and the risks involved. The SG Fraud Response Team need to be notified of any local arrangements for dealing with external fraud.

An example external fraud response plan is at appendix 4.

4. The procedures will also apply in respect of SG members of staff who are seconded or loaned to other bodies. In such cases, the body to which the member of staff is seconded will be consulted on the handling of the investigation. The procedures will also apply to individuals who are loaned or seconded to the SG. In these cases the parent body will be consulted on the handling of the investigation.

5. Sponsor units should ensure that sponsored bodies have appropriate fraud response arrangements in place for both external and internal fraud, based on the relevant operational environment and pertinent risk factors.

Fraud Response Team

6. The Fraud Response Team for the SG is based in the Finance Directorate. The functions of the Fraud Response Team include:

  • To receive and record information (anonymously or otherwise) about suspected frauds, either by telephone (using the CrimeStoppers fraud hot-line: 08000 15 16 28) or in writing, from individual members of staff or the public
  • To consult and coordinate on counter fraud matters as required; agree what action, assistance and communication is required from within SG and external sources (e.g. Police)
  • To ensure that, where it is considered appropriate, senior management and/or Audit Scotland is informed about relevant cases as soon as possible after they come to light
  • To report annually to the Scottish Government Audit and Risk Committee

Integrity Group

7. The primary purpose of the IG is to lead on the implementation of effective counter fraud policy across SG. The IG also monitors relevant cases of suspected external and internal fraud that are reported to the Fraud Response Team through formal reporting lines. It is also available to advise on the handling of specific cases of external and internal fraud where required.

8. The permanent members of the IG are:

  • The SG Counter Fraud Champion (Chair)
  • The SG Senior Risk Manager (Head of the Fraud Response Team)
  • The Head of Finance Programme Management
  • The Head of Finance Policy
  • A nominated HR representative
  • The Chief Security Officer
  • A nominated Scottish Government Legal Directorate (SGLD) advisor
  • A nominated Internal Auditor

9. The IG may co-opt additional members with particular knowledge or expertise to assist in consideration of a specific case or require individual members of staff to attend its meetings.

Individual IG Members

10. IG members will be responsible for ensuring the necessary action in their functional areas. The immediate actions of the functional areas, insofar as they are appropriate to the particular case, will include:

  •  Counter Fraud Champion and Fraud Response Team: lead in promoting an anti-fraud culture including communications; coordinate reporting of fraud and lessons learned across the SG, including fraud alerts; assist in assessing the risk of fraud in policies and programmes; work with counter fraud networks in the public, private and voluntary sectors; coordinate fraud investigation activity across the SG; lead, on behalf of the IG, counter fraud policy development.
  • Finance, in conjunction with business areas: safeguard funds possibly at risk; plug any immediately obvious gaps in financial controls; consider the case for recovery action and initiate action to recover funds as required; determine the financial effects of frauds; arrange, where necessary, for notation of the relevant accounts.
  • HR (in consultation with the IG): if appropriate, arrange to suspend SG members of staff pending the outcome of any investigations (and review the notice of suspension at regular intervals throughout the period of investigation); appoint an Investigating Officer; liaise with SGLD on legal implications under employment legislation; consider, in consultation with line management, the sensitivity of the allegations in terms of public interest and whether the Communications Directorate and/or Ministers should be briefed; implement disciplinary procedures against perpetrators of frauds and other members of staff whose actions may have facilitated frauds; consider the action to be taken if lesser instances of misconduct have been identified during the investigation.
  • Departmental Security: protect accounting and other records; safeguard relevant records and assets possibly at risk; restrict access to offices and records of individuals involved by altering or withdrawing cards/passwords; pursue cases of straightforward theft; lead on information assurance work and counter fraud activity on information and communication technology.
  • SGLD: provide advice as appropriate.
  • Internal Audit: if appropriate, carry out investigations and liaise with the appropriate Police/Procurator Fiscal Service contacts; make recommendations for improvement where appropriate and advise on potential lessons to be learned

11. While these responsibilities are listed separately, they are clearly inter-linked and close liaison on developments in specific areas is essential, as is the involvement of line management at an appropriate level. It will invariably be necessary to act with extreme urgency at this stage.


12. Following the reporting of suspicions of fraud to either line managers, Human Resources, Internal Audit, finance business partners or sponsor units, the information must be passed on to the SG Fraud Response Team for coordination purposes. A recommendation from a specialist area (e.g. HR, Internal Audit or Legal Directorate) will then be sought, as appropriate, to advise the IG whether any allegations warrant further action or investigation.

13. If further action or investigation is agreed, the IG should initiate the following action, insofar as it is appropriate to the particular case:

  • decide the level at which line management should be involved and bring the allegations to the notice of line management if it is not already aware of them, at the same time confirming the investigative arrangements and reporting lines
  • secure records and assets, including restrictions on access to offices and computer terminals
  • based on advice from HR, involving Legal Directorate as required, consider the prima facie case for suspension of SG members of staff who are the subject of allegations
  • agree the scope and nature of any investigative work required to establish the facts of a particular case
  • notify senior management as required, including the Permanent Secretary, Director HROD and relevant Accountable Officer(s)
  • decide whether the appropriate Police/Procurator Fiscal Service contacts should be informed
  • agree a timetable for completion of any agreed actions

14. Fraud investigations can be undertaken by Internal Audit, HR or an Independent Investigating Officer, depending on the circumstances.

15. Any investigation will take account of any relevant work or recommendations by a specialist area e.g. Internal Audit and HR reports. Preliminary investigation findings must be reported to the Fraud Response Team for consultation before being reporting back to the IG.

16. The IG should consider carefully the terms of reference for any investigative work. Investigations should not be restricted solely to allegations against an individual that may lead to a charge of gross misconduct. If there is a possibility that instances of serious misconduct (e.g. misconduct other than fraud) may also have occurred, these should be investigated at the same time as the fraud allegations by HR under the SG’s Disciplinary Policy and Procedures.

Selection of Investigating Officer

17. It is a matter for HR to appoint, where necessary, the independent Investigating Officer although the IG will be informed of the proposed appointment. The Investigating Officer should be at least B3 level with the appropriate skills to undertake an investigation and, if necessary, knowledge of the area of work under investigation. The Investigating Officer should be a person who has not had close personal or work related ties with the person under investigation.

Action on investigation findings

18. As soon as possible after investigations have been completed and the IG is satisfied that no further investigations are required, it must ensure:

  • that disciplinary action, if any, is being taken (in line with Disciplinary Policy and Procedures)
  • that disciplinary action, if any, is being taken if the initial allegation appears to be malicious
  • that the form and content of any report to senior officers is appropriate
  • that the Police/Procurator Fiscal is notified if required

Case closure, follow up and review

19. Where evidence of fraud or serious misconduct has been identified, the IG should consider whether any action needs to be taken to prevent a recurrence. In such cases, an action plan should be drawn up setting out recommendations. In practice, much of the required action is likely to relate directly to action plans drawn up by Internal Audit or HR and a cross reference to these plans is all that is required.

20. Action plans will include the required steps to take in response to an investigation’s findings. An occurrence of fraud may hold lessons to be learned for an individual business area or the whole SG. The IG has a lead role in ensuring that all appropriate action is taken forward effectively.

21. The IG should be informed by HR of the outcome of cases where a charge of gross misconduct has been made. In any case where such a charge has been brought but a disciplinary hearing does not uphold the charge or an appeal panel overturns the panel’s decision, the IG should be informed of the reasons for the Panel's decisions. The IG must consider whether, in light of this information, there are lessons to be learned in terms of the handling of cases and whether the Fraud Response Plan and related guidance, for example on disciplinary procedures, is operating effectively.

22. The IG should make recommendations for any changes to procedures that it considers necessary in light of the outcome of individual cases and should consult relevant interests, including the CSGU, on any recommended changes. If appropriate, where individuals have been dismissed or subject to other disciplinary action for matters other than fraud (e.g. abuse of IT systems), HR will inform Internal Audit of the circumstances of the case and consideration given to whether a further review (by Internal Audit) should be undertaken to establish whether or not there has been possible misuse of other systems by the same individual(s).


23. Members of the IG will receive the appropriate information relating to individual cases. They must treat all information relating to individual members of staff on a Restricted - Staff basis and should ensure that it is only passed on to colleagues on a strictly need to know basis. HR will place a record on the career folder of a SG member of staff only where there has been disciplinary action taken. Further information is provided under the SG Whistle-blowing procedures.

Reporting cases of fraud

24. Details of fraud dealt with under local arrangements should be reported at least annually to the relevant Executive Agency and to the Fraud Response Team. Details of fraud where actual losses have been incurred must also be reported to the relevant finance business partners to arrange for notation of the accounts.

25. The Fraud Response Team will make an annual report to the Scottish Government Audit and Assurance Committee (SGAAC) covering the arrangements for dealing with fraud within the SG as a whole and providing summary details of cases coming to light during the preceding financial year. The report will be copied for information to all SG Executive Agencies. 

26. Framework documents for sponsored bodies and non-ministerial departments or Executive Agencies should include a requirement for the reporting of cases of fraud that may have wider implications to the SG Audit and Assurance Committee.

External fraud

27. External frauds are frauds perpetrated by third parties against the SG (e.g. contract fraud or fraudulent applications for grants or subsidies or expenses). Cases of external fraud will normally be dealt with under local arrangements put in place by SG Executive Agencies and higher risk SG business areas i.e. based on the particular process and the risks involved, such as significant grant-giving or contract-letting. The SG Fraud Response Team is available to advise on any local arrangements for dealing with external fraud.

28. The IG is available to advise on cases of external fraud. Procedures for responding to suspected external fraud, insofar as they are appropriate to the particular case, may include the following:

  • a report by operational management on the circumstances 
  • a formal assessment of whether the evidence tends to substantiate fraud. Any invalid claims or invoices that could reasonably be argued were submitted in good faith should not normally be regarded as fraud
  • notification of the Police / Procurator Fiscal, where appropriate
  • recovery action
  • consideration of control procedures and lessons learned

29. It will normally be sufficient to alert the IT Security about any cases of internet scams. If fraud by a supplier is suspected, the Scottish Procurement & Commercial Directorate should be kept informed of developments. Cases of straightforward theft (which does not qualify as fraud) should be notified to the Departmental Security Officer (or local equivalent) for action.

30. If there is any suspicion of collusion on the part of SG members of staff in a suspected or discovered external fraud, the procedures relating to internal fraud should apply as appropriate, given any requirements arising from ongoing Police/Procurator Fiscal investigations.


Page Updated: December 2023

Back to top