CareersNewsContact us
EirGrid

Fraud Policy

This policy details what constitutes fraud, our attitude and approach towards it, and what is expected of employees in relation to preventing and reporting fraud.

1. Introduction

In line with EirGrid’s1 core values of being transparent, collaborative, accountable and ambitious, EirGrid Group is committed to conducting its business to the highest standards of integrity, fairness, honesty and in compliance with statutory and regulatory obligations.

EirGrid expects all personnel working on its behalf to maintain the highest standards in this regard and is committed to creating a workplace culture that encourages the reporting of wrongdoings.

In discharging its responsibilities EirGrid is conscious of the trust and confidence of those with whom we deal being one of our most vital corporate resources and the protection of this is of fundamental importance to EirGrid and a key ingredient for success. 

EirGrid does not tolerate fraudulent or attempted fraudulent activity. 

EirGrid commits to investigate all frauds that are discovered or suspected and will take appropriate action against all parties involved in, or assisting with, committing fraudulent activity, including but not limited to, disciplinary processes, recovery and legal action. 

We continually take steps to prevent and detect fraud, increase awareness of fraud amongst employees and other stakeholders, and create a culture where the reporting of suspicions of fraudulent activity is encouraged and expected. 

The Fraud Policy should be read in conjunction with the existing corporate and HR policy framework and related procedures including but not limited to those set out in Appendix A.

1The terms “EirGrid” and “EirGrid Group” includes EirGrid plc, and all its subsidiaries incorporated in the Republic of Ireland.

2. Purpose

The purpose of this policy is to ensure that all persons to which this policy applies understand what constitutes fraud, EirGrid Group’s attitude and approach towards it, and what is expected of them in relation to the prevention and reporting of fraud.  

EirGrid is committed to embedding a strong awareness of fraud risk within the organisation and minimising the opportunity for fraud to occur.

3. Scope

The Fraud Policy applies to any fraud, or suspected fraud in relation to any activity being performed in EirGrid Group and includes:

  • Internal fraud perpetrated against EirGrid and/or its stakeholders which involve the participation or involvement of EirGrid staff; and
  • External fraud perpetrated against EirGrid and/or its stakeholders by a third party which does not involve the participation or involvement of EirGrid staff. 

This policy is intended to provide a safe and secure mechanism for workers who may wish to report any reasonable concerns that they may have about perceived wrongdoing, including Fraud in EirGrid.  

For the purpose of this policy the term ‘worker’ includes all current and past employees and directors of any EirGrid Group company in addition to contractors, casual workers and agency workers while working for or on behalf of an EirGrid Group company.  

For the avoidance of doubt, for the purpose of this policy, a ‘contractor’ is an individual who, personally or through a contract with his or her employer, undertakes with an EirGrid Group company to do or perform work or services for that EirGrid Group company.

Please note that there are no geographical boundaries for the commission of a wrongdoing. Consequently, if the wrongdoing is committed abroad, that is, outside Ireland and Northern Ireland, this policy still applies whether or not the wrongdoing would be regarded in that country as an offence.

4. Responsibility

All parties to whom this policy applies have a responsibility to assist in the prevention and detection of fraud perpetrated by and/or against EirGrid in line with business ethics as defined within our Employee Code of Conduct.  

This responsibility includes operating and monitoring the systems of internal controls which promote the prevention, detection and investigation of fraud, as well as the management of fraud risk, and reporting all suspicions of fraud and situations that could allow a fraud to be perpetrated. 

The key roles and responsibilities in relation to this policy are as follows:

All Staff

All staff/workers are responsible for the successful implementation of this policy, compliance with its requirements and are expected to familiarise themselves with this policy.  

All staff are required to participate in related training programmes to comply with related policies. 

All new employees must receive specific training as part of their induction process.

Heads of Function

Heads of function are responsible for:

  • Taking overall responsibility for ensuring that adequate measures and controls are in place minimise the risk of incidents of fraud occurring;
  • Taking day-to-day operational responsibility for the implementation of this policy;
  • Allocating sufficient and appropriate resources to implement and ensure compliance with this policy, including training and awareness, to ensure that staff know what to do if they encounter any instance(s) of fraud;
  • Operating and maintaining an effective governance framework to promote the prevention, detection and investigation of fraud;
  • Encouraging openness and transparency, fostering an environment that is supportive of staff who raise concerns;
  • Considering exposure to the risk of fraud and implementing initiatives to enhance risk management effectiveness;
  • Ensuring that all employees for whom they are accountable are made aware of the requirements of this policy and are made aware of fraud risks in their business unit; and
  • Reporting incidents of wrongdoing to the Head of Internal Audit and supporting the investigation of those incidents.

Internal Audit

The Head of Internal Audit provides assurance over the effectiveness of the internal control environment, including anti-fraud measures, independently assessing the governance framework in place for managing and detecting instances of fraud and incorporating fraud assessments into individual audit reviews.

In line with Section 6 below, the Head of Internal Audit is responsible for agreeing the terms of reference of and appointing investigators for, investigating breaches of this policy and for providing independent oversight of all investigations undertaken.

Governance, Risk & Compliance

The Head of Governance, Risk & Compliance maintains oversight of anti-fraud policies and procedures and the associated compliance framework in relation to their application.

Board & Executive Management Team

The Board and Executive Management Team are responsible for:

  • Communicating a clear commitment to this policy through leading by example (“Tone at the Top”);
  • Determination of this policy;
  • Facilitating a culture of openness and respect in the organisation that supports the disclosure of wrongdoing; and
  • Supporting the ongoing implementation of this policy including reviewing the procedures for preventing and detecting fraud and by receiving reports on any non-compliance.

5. Fraud Prevention & Detection Measures

Fraud Prevention Measures

A number of fraud prevention measures exist and are embedded within working practices throughout our operations.  Further measures in place include:

  • Culture – supported by our Values & Behaviours and Policy frameworks e.g. Employee Code of Conduct, Protected Disclosures Policies and associated ethics policies and procedures;
  • Risk Assessments – delivered through targeted fraud risk assessments for key processes and the identification of corresponding key controls;
  • Awareness − Training/Awareness Campaigns e.g. Cyber Security Briefings, Security Awareness Campaigns, focused training for specific high-risk areas and regular reporting of fraud-related incidents to the Executive Management Team and Board; and
  • Lessons Learned – using actual examples of fraud and/or attempted fraud within/against EirGrid to enhance prevention measures and awareness.

Fraud Detection Measures

Furthermore, significant fraud detection measures are embedded within our systems and working practices including:

  • Automated system audit trails;
  • Supervisory reviews of transactions;
  • Data analytics, for example, abnormal values;
  • “Right to Audit” clauses embedded in third-party contracts;
  • Management oversight controls; and
  • Internal and external audit processes.

Risk Management Framework

The effective application of the Enterprise Risk Management Framework is a further measure in place to prevent and/or detect fraud, specifically during:

  • Risk Assessments – the exposure to fraud risk should be considered during all risk assessments; and
  • Control Identification & Effectiveness – fraud detection/prevention controls should be specifically identified and assessed for operating effectiveness.

 

6. Policy

Definition

EirGrid defines fraud as an intentional act of deceit to obtain or attempt to obtain an unjust/illegal advantage, for example to make a gain (financial or otherwise), to avoid an obligation or to cause loss to another party. For the purposes of the Fraud Policy, the term “fraud” includes attempted fraud. 

Reporting Procedures

All persons to whom this policy applies: 

  • Have a duty to immediately report any fraud that is suspected or discovered.
  • Will report the matter to their line manager or to the Group Head of Internal Audit. Alternatively, the report may be made in line with the Whistleblowing Policy

Discovery of a Potential Fraud Incident (Dos and Don’ts)

  • Do report the incident
  • Do not discuss the matter with your colleagues or other parties
  • Do report all known facts
  • Do not attempt to investigate the matter
  • Do report your concern/the incident immediately
  • Do not confront the individual

Protection

EirGrid is committed to ensuring that all parties to whom this policy applies can raise a concern relating to fraud or suspicions of fraud without fear of victimisation and that the strictest confidence will be maintained.  For further information you should consult the Protected Disclosures Policy

Investigations Process and Resulting Action

EirGrid commits to investigate all frauds that are discovered or suspected.  Every case of attempted or suspected fraud will be thoroughly investigated and dealt with appropriately without regard to the position held or length of service of the individual(s) concerned, or their relationship to EirGrid. 

The Head of Internal Audit has the primary responsibility for the co-ordination of investigation of all suspected fraudulent acts as defined in the policy.  

The Head of Internal Audit shall seek support from the Chief Finance Officer, Head of Governance, Risk & Compliance and Head of Group Legal Services in advance of an investigation commencing (Fraud Oversight Group).  The investigation will be carried out by appropriately skilled person(s), in line with EirGrid’s Fraud Response Plan.

No person should attempt to conduct their own investigations. 

The Head of Governance, Risk & Compliance reports all incidents of fraud on a quarterly basis to the Audit & Risk Committee. The Fraud Investigation process is presented in the diagram below.

An illustration setting out the steps in the Fraud Response Plan

Enforcement 

Any individual who is under investigation for suspected or discovered fraud may be suspended, pending the outcome of the investigation. 

Where the allegations are substantiated, disciplinary action, up to and including termination of employment, may be taken.

Where the allegations are substantiated, any other party to whom this policy applies may have their contract with EirGrid terminated and/or appropriate action may be taken against the individual(s) concerned, and legal redress may be sought.  EirGrid is obliged under statute to report suspected criminal activity to An Garda Síochána.

Implications of non-compliance with the Fraud Policy 

Non-compliance with the Fraud Policy by EirGrid employees may be treated as a disciplinary matter. 

Non-compliance with the Fraud Policy by any other party to whom it applies, may result in a recommendation to terminate their contract with EirGrid or terminate the engagement of the individual(s), within that contracting entity, found to be in breach of the policy. 

Confidentiality 

EirGrid treats all information received confidentially.  Investigation results will not be disclosed or discussed with anyone other than those who have a legitimate need to know.  

This is important in order to avoid damaging the reputations of persons suspected but subsequently found innocent of wrongful conduct and to protect EirGrid from civil liability. 

7. Training & Awareness

The Head of Governance, Risk & Compliance shall ensure that: 

  • All workers are made aware of this policy on at least an annual basis;
  • All new workers are made aware of this policy through the induction process;
  • Awareness/guidance is available to all workers on an ongoing basis; and
  • Heads of function are aware of their specific responsibilities in relation to this policy.

8. Review

This policy shall be reviewed by the Head of Governance, Risk & Compliance and the Audit & Risk Committee and approved by the board on an annual basis.

Appendix A: Related Policies

  • Employee Code of Conduct
  • Code of Business Conduct for Directors
  • Ethics in Public Office Act Policy
  • Protected Disclosures Policy
  • Group Disclosures of Interests Policy & Procedure
  • Procurement Policy & Procedures 
  • Acceptable Usage Policy 
  • Expenses Policy (incorporating Travel & Subsistence) 

Appendix B: Examples of Fraud

Employee

  • Over-claiming expenses (falsified transactions and mileage)
  • Unrecorded holiday/sick leave
  • Fabricated receipts
  • Entertainment without legitimate business purpose
  • Fraudulent use of office resources – e.g. running a private business with official assets
  • Theft of cash/assets
  • Payroll (overtime, ghost employees)
  • Unauthorised use of corporate credit card
  • False CVs

Cybercrime

  • Denial of Service Attacks
  • Sabotage
  • Ransomware
  • Bank Transfer (Wire) Fraud
  • Identity Theft
  • File Sharing
  • Hacking
  • Viruses
  • Phishing/Vishing

Procurement

  • Bribes, Kickbacks, Bid-Rigging
  • False statements in obtaining contracts
  • Substandard materials
  • Fraudulent testing or false quality assurance representations
  • Failure to comply with contract specifications
  • Inflated bills for goods or services
  • False cost or pricing data

Accounting

  • Writing off recoverable assets or debts
  • Unauthorised transactions
  • Transactions (expenditure/receipts/deposits) recorded for incorrect sum
  • Embezzlement
  • Deliberate/Incorrect treatment of Accounts Payable & Receivable
  • Fake Suppliers
  • Personal Purchases

Financial Misstatement

  • False recognition of costs/revenues
  • Deliberate/Incorrect classification of costs/revenues
  • Incorrect presentation
  • Misleading disclosures