POL-U5315.25 Reporting Loss of University Funds or Property

Dates and Approval

Effective Date:

April 24, 2006

Revised Date:

April 7, 2025

Approval Date:

March 28, 2025

Approved by:

President Sabah Randhawa

Who does this policy apply to?

This policy applies to all University faculty, staff, and student employees.

Overview

The University recognizes the importance of employee assistance in identifying potential loss of public resources and/or financial irregularities so that they may be promptly investigated and reported to the State Auditor’s Office as required by law. This policy outlines internal reporting requirements by employees and collaboration between key offices to ensure such investigations and reporting to the state. 

Definitions

Property

Property includes inventoriable assets, non-inventoriable assets, intangible assets, capital assets, small and attractive assets, and inexhaustible collections. See definitions for these terms in the Managing and Safeguarding University Assets Policy  (POL-5346.01).

Reportable Loss/Losses

Any known or suspected loss of state funds (Chart 1) or property which includes but is not limited to:

  • Any dishonest or fraudulent act resulting in financial loss to the University,
  • Forgery or alteration of records or documents,
  • Any misuse of funds, securities, supplies, furniture, equipment or other asset,
  • Acceptance of kickbacks or bribes,
  • Irregularities in the handling or reporting of money transactions,
  • Use of University facilities and equipment for the purpose of conducting an outside business or for private financial gain,
  • Participation by personnel in transactions with the University that result in economic gain to themselves, their immediate families, or a non-profit or commercial business with which they are directly associated,
  • Impersonations leading to the defrauding of University customers, or
  • Theft, loss, or damage to University computing devices and cell phones.

The definition of reportable loss or losses, for the purposes of this policy, does not include:

  • Reasonable “over and short” situations from cash receipting operations as part of normal accounting procedures unless unusual trends occur,
  • Non-sufficient checks or counterfeit currency accepted by the University,
  • Reasonable inventory shortages identified during a physical count as part of normal accounting procedures unless unusual trends occur,
  • Breaking and entering or other vandalism of property, which should be reported immediately to University Police or appropriate law enforcement agency,
  • Fraudulent eligibility-based funding (e.g., misrepresentation of income on a financial aid application),
  • Payroll overpayments, or other expenditures made in error, that are being or are successfully recovered from the recipient, or
  • University vehicle accidents reported to Risk Management.

The list above is not comprehensive; therefore employees are encouraged to contact Internal Audit if unsure if a loss or financial irregularity should be reported. Internal Audit will also evaluate if the situation may be a violation of other laws, regulation, or University policy. 

Cybersecurity Breach

Any successful computer hacking effort, infiltration of information databases, or unauthorized access to or personal use of confidential information.

Financial Records

Financial information includes, but is not limited to, credit/debit card information, bank account information, or federal tax information.

Policy Statements

1. Director of Risk Management Ensures Effective Process to Assess and Report Losses

Under the purview of the Assistant Vice President for Risk, Ethics, Safety and Resilience, the Director of Risk Management is delegated the responsibility to ensure an effective and compliant reporting process for the loss of University funds or property.

2. Employees Must Immediately Report Loss

All employees must immediately report known or suspected loss, as defined by this policy, to Western’s Internal Audit Department in accordance with the Reporting Loss of University Funds or Property Procedures (PRO-U5315.25) to ensure:

  1. Losses are minimized,
  2. Investigations and audits are not unnecessarily delayed,
  3. Unauthorized settlements are not made with employees (see Section 6),
  4. Appropriate personnel actions are taken,
  5. Employees are protected from false accusations,
  6. Bond and insurance claims are not jeopardized, and
  7. The University complies with all applicable laws and regulations.

3. Employees Must Immediately Report Cybersecurity Incidents

In accordance with the Securing Information Systems Policy (POL-U5100.07), employees are responsible for reporting any suspected information security incident or data breach to the Help Desk to be evaluated by the Information Security Office. 

For the purpose of this policy, the Information Security Office is to notify Risk Management if the reported incident is determined to be a cybersecurity breach that involves funds or financial records. 

4. Department Heads Must Ensure Other Reporting Obligations are Met

In addition to reporting a loss internally, a department head must ensure all other applicable reporting requirements to regulatory agencies, grantors, or contractors, for which they are responsible, are met.

5. Employees Must Retain Records Related to Loss and Cooperate with Investigators

Employee must maintain all pertinent records related to the loss. All original records related to the loss should be provided to investigators or secured in a safe place to protect from loss or destruction until an investigation or audit has been completed.

6. Employees Must Not Attempt to Correct the Loss Prior to Reporting

Personnel will not attempt to correct the loss without first reporting to the authorities identified in the reporting procedures. State law requires written approval of the Assistant Attorney General and State Auditor’s Office (SAO) before the University can make any restitution agreement, compromise, or settlement of claims that are related to losses that are required to be reported to the SAO.

7. Internal Audit Will Lead Investigation

If Internal Audit determines an investigation is necessary, Internal Audit will: 

  1. Lead the investigation in partnership with other relevant offices (e.g., University Police),
  2. Issue an internal report with findings stating the actual or estimated loss and internal control recommendations, including disciplinary action, to mitigate future risk, and
  3. Issue the report will be issued in accordance with procedures.

8. University Police Will Determine if Criminal Code Has been Violated

In accordance with the reporting procedure, University Police will be notified by Internal Audit of reported losses when there is a need to:

  1. Evaluate the case for possible criminal conduct,
  2. Make recommendations for prosecution, and
  3. Forward relevant information to the Whatcom County Prosecutor’s Office (WCPO) when appropriate.

University Police shall inform Risk Management, Internal Audit, and other relevant offices about its recommendations and the status of the case if forwarded to WCPO.

9. The University Will Immediately Report Losses and Certain Cybersecurity Incidents to State Auditor

Western Washington University, as a state agency, is required to report certain known or suspected loss of public funds or assets and cybersecurity incidents involving funds or financial records to the SAO. The University will report all losses as required by the State Auditor’s Office and in accordance with the Reporting Loss of University Funds or Property Procedures (PRO-U5315.25).

10. Disciplinary Action will Be Taken if Misconduct, Theft, or Fraud is Found

If the investigation determines misconduct, theft, fraud, or other illegal activity has occurred by an employee, Human Resources (or the Provost’s Office if applicable) will work with the employing leadership to evaluate the case for appropriate disciplinary action to be implemented.

If the individual in question is a student or student employee, the Office of Student Life will evaluate the case for disciplinary action or other appropriate remedial action under the Code of Student Conduct (WAC 516-21).

11. Risk Management May Seek Restitution to Recover Losses

The Director of Risk Management will work with the Assistant Attorney General’s Office to determine whether to seek restitution and obtain SAO approval when applicable. See also SAO Restitution Guidelines.

Policy Information