POL-U5315.25 Reporting Loss of University Funds or Property
Jump to section
Dates and Approval
Effective Date:
April 24, 2006
Revised Date:
April 7, 2025
Approval Date:
March 28, 2025
Approved by:
President Sabah Randhawa
Who does this policy apply to?
This policy applies to all University faculty, staff, and student employees.
Overview
The University recognizes the importance of employee assistance in identifying potential loss of public resources and/or financial irregularities so that they may be promptly investigated and reported to the State Auditor’s Office as required by law. This policy outlines internal reporting requirements by employees and collaboration between key offices to ensure such investigations and reporting to the state.
Definitions
Property
Property includes inventoriable assets, non-inventoriable assets, intangible assets, capital assets, small and attractive assets, and inexhaustible collections. See definitions for these terms in the Managing and Safeguarding University Assets Policy (POL-5346.01).
Reportable Loss/Losses
Any known or suspected loss of state funds (Chart 1) or property which includes but is not limited to:
- Any dishonest or fraudulent act resulting in financial loss to the University,
- Forgery or alteration of records or documents,
- Any misuse of funds, securities, supplies, furniture, equipment or other asset,
- Acceptance of kickbacks or bribes,
- Irregularities in the handling or reporting of money transactions,
- Use of University facilities and equipment for the purpose of conducting an outside business or for private financial gain,
- Participation by personnel in transactions with the University that result in economic gain to themselves, their immediate families, or a non-profit or commercial business with which they are directly associated,
- Impersonations leading to the defrauding of University customers, or
- Theft, loss, or damage to University computing devices and cell phones.
The definition of reportable loss or losses, for the purposes of this policy, does not include:
- Reasonable “over and short” situations from cash receipting operations as part of normal accounting procedures unless unusual trends occur,
- Non-sufficient checks or counterfeit currency accepted by the University,
- Reasonable inventory shortages identified during a physical count as part of normal accounting procedures unless unusual trends occur,
- Breaking and entering or other vandalism of property, which should be reported immediately to University Police or appropriate law enforcement agency,
- Fraudulent eligibility-based funding (e.g., misrepresentation of income on a financial aid application),
- Payroll overpayments, or other expenditures made in error, that are being or are successfully recovered from the recipient, or
- University vehicle accidents reported to Risk Management.
The list above is not comprehensive; therefore employees are encouraged to contact Internal Audit if unsure if a loss or financial irregularity should be reported. Internal Audit will also evaluate if the situation may be a violation of other laws, regulation, or University policy.
Cybersecurity Breach
Any successful computer hacking effort, infiltration of information databases, or unauthorized access to or personal use of confidential information.
Financial Records
Financial information includes, but is not limited to, credit/debit card information, bank account information, or federal tax information.
Policy Statements
1. Director of Risk Management Ensures Effective Process to Assess and Report Losses
Under the purview of the Assistant Vice President for Risk, Ethics, Safety and Resilience, the Director of Risk Management is delegated the responsibility to ensure an effective and compliant reporting process for the loss of University funds or property.
2. Employees Must Immediately Report Loss
All employees must immediately report known or suspected loss, as defined by this policy, to Western’s Internal Audit Department in accordance with the Reporting Loss of University Funds or Property Procedures (PRO-U5315.25) to ensure:
- Losses are minimized,
- Investigations and audits are not unnecessarily delayed,
- Unauthorized settlements are not made with employees (see Section 6),
- Appropriate personnel actions are taken,
- Employees are protected from false accusations,
- Bond and insurance claims are not jeopardized, and
- The University complies with all applicable laws and regulations.
3. Employees Must Immediately Report Cybersecurity Incidents
In accordance with the Securing Information Systems Policy (POL-U5100.07), employees are responsible for reporting any suspected information security incident or data breach to the Help Desk to be evaluated by the Information Security Office.
For the purpose of this policy, the Information Security Office is to notify Risk Management if the reported incident is determined to be a cybersecurity breach that involves funds or financial records.
4. Department Heads Must Ensure Other Reporting Obligations are Met
In addition to reporting a loss internally, a department head must ensure all other applicable reporting requirements to regulatory agencies, grantors, or contractors, for which they are responsible, are met.
5. Employees Must Retain Records Related to Loss and Cooperate with Investigators
Employee must maintain all pertinent records related to the loss. All original records related to the loss should be provided to investigators or secured in a safe place to protect from loss or destruction until an investigation or audit has been completed.
6. Employees Must Not Attempt to Correct the Loss Prior to Reporting
Personnel will not attempt to correct the loss without first reporting to the authorities identified in the reporting procedures. State law requires written approval of the Assistant Attorney General and State Auditor’s Office (SAO) before the University can make any restitution agreement, compromise, or settlement of claims that are related to losses that are required to be reported to the SAO.
7. Internal Audit Will Lead Investigation
If Internal Audit determines an investigation is necessary, Internal Audit will:
- Lead the investigation in partnership with other relevant offices (e.g., University Police),
- Issue an internal report with findings stating the actual or estimated loss and internal control recommendations, including disciplinary action, to mitigate future risk, and
- Issue the report will be issued in accordance with procedures.
8. University Police Will Determine if Criminal Code Has been Violated
In accordance with the reporting procedure, University Police will be notified by Internal Audit of reported losses when there is a need to:
- Evaluate the case for possible criminal conduct,
- Make recommendations for prosecution, and
- Forward relevant information to the Whatcom County Prosecutor’s Office (WCPO) when appropriate.
University Police shall inform Risk Management, Internal Audit, and other relevant offices about its recommendations and the status of the case if forwarded to WCPO.
9. The University Will Immediately Report Losses and Certain Cybersecurity Incidents to State Auditor
Western Washington University, as a state agency, is required to report certain known or suspected loss of public funds or assets and cybersecurity incidents involving funds or financial records to the SAO. The University will report all losses as required by the State Auditor’s Office and in accordance with the Reporting Loss of University Funds or Property Procedures (PRO-U5315.25).
10. Disciplinary Action will Be Taken if Misconduct, Theft, or Fraud is Found
If the investigation determines misconduct, theft, fraud, or other illegal activity has occurred by an employee, Human Resources (or the Provost’s Office if applicable) will work with the employing leadership to evaluate the case for appropriate disciplinary action to be implemented.
If the individual in question is a student or student employee, the Office of Student Life will evaluate the case for disciplinary action or other appropriate remedial action under the Code of Student Conduct (WAC 516-21).
11. Risk Management May Seek Restitution to Recover Losses
The Director of Risk Management will work with the Assistant Attorney General’s Office to determine whether to seek restitution and obtain SAO approval when applicable. See also SAO Restitution Guidelines.
Division
Policy Information
Authority:
Display all authorities
History:
Display policy history
Revises:
- Reporting Loss of University Funds or Property