Regulation Number: 1.500

Processes for Complaints of Fraud, Waste, Abuse, or Financial Mismanagement; Fraud Prevention and Detection

Category: Finance

Responsible Office: Senior Vice President and Chief Financial Officer




1.500 Processes for Complaints of Fraud, Waste, Abuse, or Financial Mismanagement; Fraud Prevention and Detection.

(1)     The University of Florida is committed to maintaining an organizational culture of adhering to the highest ethical and business practices, including responsible use and management of University resources. The University establishes and maintains organizational structures to prevent and detect Fraud (as defined below), to investigate any allegations or reports of fraud, waste, abuse, or financial mismanagement, and to take appropriate disciplinary or legal action. The University has a zero-tolerance position with respect to fraudulent activity.

(2)     This Regulation applies to all members of the University community, its affiliated and direct support organizations (each an “Affiliate”), the University of Florida Board of Trustees (“BOT”), its employees, entities contracting with the University, vendors, and students.

(3)     Definitions:

(a) “Fraud” means an intentional misrepresentation or concealment of a material fact for the purpose of obtaining a benefit that would not otherwise be received or inducement of another to act upon the intentional misrepresentation or concealment to that person’s detriment. Such activities include, but are not limited to:

i. Inappropriate use or misappropriation of funds, supplies, or any other asset;

ii. Forgery or alteration of documents;  

iii. Misrepresentation of information on documents; or

iv. Theft or unauthorized destruction of any asset.  

(b) “Internal Review Committee” (“IRC”) means a committee that may be established by the University, which will include the Office of Internal Audit (“OIA”), and which will be primarily responsible for overseeing the University’s fraud investigative processes and addressing significant and credible allegations of Fraud, together with senior management as determined by the University.

(c) “Significant and credible allegations” of fraud are those that, in the judgment of the chief audit executive (“CAE”) and the IRC, require the attention of those charged with governance and have indicia of reliability.

(4) Prevention and Detection.

All levels of University and Affiliate management must be familiar with the types of fraud and the risks and symptoms of fraud that may occur in their operational areas of responsibility and must be alert for any indication of fraud. All levels of management must establish and follow internal controls necessary for their operations. The Office of the Chief Financial Officer (“CFO”) will design and implement the University’s antifraud framework and strategies, as well as assist management in establishing effective internal controls and recognizing improper conduct.

(5) Reporting.

All University or Affiliate employees are required to immediately report any incidents of fraud which they suspect, observe, or otherwise have made known to them. Reporting may be done through one of the following mechanisms:

(a) Anonymous reporting through the University Compliance Hotline by calling (877) 556-5356 or using the online reporting service at; or

(b) An employee may report to their supervisor for subsequent reporting by the supervisor to the appropriate management official.

An employee may report to their supervisor for subsequent reporting by the supervisor to the appropriate management official.  Employees who report instances of fraud or other wrongful acts, as well as anyone participating in related investigations, may be protected by Section 112.3187, Florida Statutes (Whistle-blower’s Act) and the University’s protection from retaliation in the workplace, as stated in University Regulation 1.0101.

(6) Investigation and Notification to the BOG.

(a) The IRC will oversee all investigations into significant and credible allegations of Fraud. University and Affiliate employees have a duty to cooperate with those conducting such investigations. The investigating office will inform and consult with the Office of the General Counsel (“OGC”), Office of Research, Human Resources, Office of the Provost, University Police Department, and other university offices, as appropriate. Such significant and credible allegations of fraud within the University and the BOT’s operational authority, as well as the University action and final case disposition, shall be reported by the CAE and the Chief Compliance Officer (“CCO”), to the Office of Inspector General and Director of Compliance (“OIGC”) for the Board of Governors (“BOG”).

(b) The CAE and CCO shall notify the BOG, through the OIGC, of any significant and credible allegation of Fraud against the University President or a BOT member. The notification shall be made in a timely manner and the allegation will be handled consistent with BOG Regulation 4.001.

(c) Any allegation of fraud against the CAE or the CCO shall be referred to the IRC (not including any person against whom an allegation is made) for determination as to whether the allegation is significant and credible. Thereafter, the investigation shall be managed as determined by the IRC.

(7) Remediation.

Any individual or entity found to have participated in fraud or other wrongful acts will be subject to disciplinary action up to and including termination of employment and criminal prosecution, if appropriate. Actions will be taken in accordance with any applicable regulation, policy, or collective bargaining agreement and in consultation with appropriate University offices. Follow-up to the action may include review and remediation of internal control deficiencies.

(8) The University shall report at least annually to the BOT of the status of the antifraud framework in use and any necessary revisions to improve the framework.

(9) This regulation shall be reviewed at least every five (5) years for currency and consistency with applicable BOG and University regulations.

Specific Authority: BOG Regulations 3.003 and 4.001.

History: New 4-22-22.