Tackling Fraud and Error

28 November 2024

R.173/2024 jerseyauditoffice.je

The purpose of the Comptroller and Auditor General (C&AG), fulfilled through the Jersey Audit Office (JAO), is to provide independent assurance to the people of Jersey on the extent to which public money is spent economically, efficiently and effectively and on whether the controls and governance arrangements in place within public bodies demonstrate value for money. The C&AG's remit includes the audit of financial statements and wider consideration of public funds, including internal financial control, value for money and corporate governance.

This report can be found on the Jersey Audit Office website at https://www.jerseyauditoffice.je/

If you need a version of this report in an alternative format for accessibility reasons, or any of the exhibits in a different format, please contact enquiries@jerseyauditoffice.je with details of your request.

All information contained in this report is current at the date of publication.

The Comptroller and Auditor General and Jersey Audit Office are not responsible for the future validity of external links contained within the report.

All information contained in this report is © Copyright Office of the Comptroller and Auditor General and the Jersey Audit Office, with the exception of extracts included from external sources, which are © Copyright to those external sources.

The information contained in this report is for non-commercial purposes only and may not be copied, reproduced, or published without proper reference to its source. If you require the material contained in the report for any other purpose, you are required to contact enquiries@jerseyauditoffice.je with full details of your request.

Report by the Comptroller and Auditor General: 28 November 2024

This report has been prepared in accordance with Article 20 of the Comptroller and Auditor General (Jersey) Law 2014.

Contents

Summary ......................................................................................................................................... 4

Introduction ................................................................................................................................ 4

Key Findings ............................................................................................................................... 5

Conclusions ................................................................................................................................ 6 Objectives and scope of the review ............................................................................................ 7 Detailed findings ............................................................................................................................ 9

Strategy and governance .......................................................................................................... 9

Design .......................................................................................................................................17

Implement .................................................................................................................................25

Measure.....................................................................................................................................28

Evaluate .....................................................................................................................................36

Follow up of previous recommendations .............................................................................38

Appendix One – Audit Approach ..............................................................................................41

Appendix Two – Summary of Recommendations, Work planned that should be prioritised and Areas for consideration .......................................................................................................43

Summary

Introduction

1. Fraud is an act of deception carried out for personal gain or to cause a loss to another party. In the public sector, fraud can be committed internally by public sector workers or externally by suppliers, contractors and members of the public. Fraud covers a wide spectrum of activities.
2. For the purposes of this report, there are two main types of error:

• mistakes made by government that result in over or under payments; and

• genuine mistakes made by claimants in making claims to government for payment.

3. Fraud differs from error in that fraud involves an intentional act of deception. Corruption is dishonest conduct by those in power which can include bribery.
4. Preventing and detecting fraud and error are key to minimising loss and ensuring that public funds are spent in the way that taxpayers would expect. With ongoing pressure to cut costs, reducing loss of public funds through fraud and error can be an opportunity for governments to make potentially significant savings.
5. Across many jurisdictions there is a need for governments to do more to estimate their levels of fraud and error, put in place cost-effective counter-fraud and error controls and detect and recover fraudulent payments and payments made in error to protect the taxpayer's interest.
6. Within the States of Jersey, Accountable Officers are responsible for managing the risks which their respective Department or States Bodies face, including fraud and error risk. They are responsible for establishing and maintaining sound systems of internal control to manage such risks. The Public Finances Manual (PFM) sets out requirements in respect of fraud risk assessment, prevention and fraud response.
7. The States of Jersey are in the process of updating their corporate approach to managing fraud, error and corruption risks.

Key findings

8. The States recognised that improvements were required to the corporate approach to managing the risk of fraud and decided to include managing the risk of corruption as part of this approach. Managing the risk of error is not considered separately at this stage but there is commitment to develop this.
9. Progress to date on strategic and governance issues includes widespread training to raise awareness across all departments, a dedicated Counter-Fraud and Corruption Manager appointed from September 2023, and updates to the Anti - Fraud and Corruption Policy and Strategy. Embedding an anti-fraud, error and corruption culture across an organisation as complex and diverse as the States will take time but the trajectory is positive. It will not be possible to conclude that there is such a culture until States Members are also provided with opportunities to participate in new awareness and training initiatives and there is greater participation by staff in training initiatives.
10. Progress in design and implementation of controls to manage the risk of fraud and error is variable across departments. In those departments where compliance and managing the risk of fraud and error are supported by dedicated capacity, there is positive evidence of controls and outcomes. In other areas identified as at risk, evidence is not consistent. A review has recently started to document and test controls in 20 areas of Government business. The first review of staff expenses has identified a number of vulnerabilities although the relative level of spend is not significant.
11. At the current stage in the process, with the exception of Revenue Jersey, Customs and Immigration and Customer and Local Services (CLS), data to measure the level of fraud and error is limited. There is limited evidence to demonstrate:

• the estimated exposure to fraud and error across all areas using available data and benchmarking. Preparation of estimates would help the States to make informed decisions on risk tolerance thresholds, resource allocation to manage the risk, and the evaluation of the cost effectiveness of controls

• that data is maintained in departments on incidence of fraud and error in an agreed format

• costing of controls in key systems so that the cost effectiveness of fraud and error interventions can be assessed; and

• consideration of the potential for data-matching and data analytics as a tool to manage the risk of fraud and error where barriers to data sharing can be addressed.

12. An estimated figure is agreed annually for additional revenue assessed from compliance activities in Revenue Jersey. From a baseline of £2 million additional revenue yield in 2017, the estimate for 2024 is £31.5 million. No other estimates or targets are set in relation to identification or reduction of fraud and error. Recoveries by CLS from Social Benefit fraud average around £800,000 each year. This represents 0.3% of benefits paid and indicates a low level of fraud when compared to some other jurisdictions.
13. Developments are in hand to improve the management of the risk of fraud and error in Customs and Immigration, including introducing compliance audits. As part of this development, Customs and Immigration officers are working with colleagues in Revenue Jersey to share experiences which is good practice.
14. There remain a number of recommendations from my review of Anti-Corruption Arrangements (January 2021) that have not been implemented. There is an inherent risk of corruption related to procurement activities. Delays in implementing recommendations to improve processes and tighten controls mean that the States continue to be exposed to risk.
15. Levels of identified overclaims of financial support from Government increased during the COVID-19 pandemic with the introduction of new schemes to provide support for businesses and individuals. An overclaim rate of 8.2% by value has been identified across the schemes that were introduced (equating to

£12.6 million). At the end of September 2024, £5 million in overclaims had yet to be recovered by Government.

Conclusions

16. The States have a declared intention to strengthen corporate arrangements for managing the risk of fraud and error. Steps have been taken to improve governance arrangements and promote an appropriate anti-fraud and error culture. Processes in place within Revenue Jersey, CLS and Customs and Immigration are more mature than in other parts of the States.
17. More remains to be done to fully embed a culture of anti-fraud and error and to document and test controls in a number of risk areas to demonstrate that risk is being managed appropriately.

Objectives and scope of the review

18. This review has evaluated the States of Jersey's progress in tackling fraud and error against a good practice framework summarised in Exhibit 1. It also follows up on previous recommendations I have made in respect of the related area of anti-corruption arrangements.
19. Fraud is the intentional and dishonest distortion of financial statements and other records by persons internal or external to an organisation in order to obtain an advantage.  Error can have a similar outcome for an organisation but is the result of an unintentional action or mistake. Corruption is dishonest conduct by those in power which can include bribery.

Exhibit 1: Fraud and Error Framework

Strategy and governance

Evaluate Design

Measure Implement

Source: UK National Audit Office Fraud and Error Audit Framework (March 2021)

20. The review has considered each aspect of the framework in the context of Jersey as a relatively small Island jurisdiction and the risks faced.

21. In addition to considering the progress in developing a corporate framework to manage the risk of fraud and error, I have evaluated some of the approaches for managing the risks of fraud and error in the key areas of:

• Customer and Local Services Department – Social Benefits payments (including pensions)

• Treasury and Exchequer Department – Revenue Jersey; and

• Justice and Home Affairs Department – Customs and Immigration Service.

Scope

22. The review has included departments within the States of Jersey. It has not assessed policies and procedures within States controlled and States established entities. The review has not considered financial crime more widely in Jersey or the Government's contribution to combatting financial crime.
23. The review also included consideration of progress in implementing recommendations in the following reviews:

• Anti-Corruption Arrangements (January 2021)

• Government Support to Business during the COVID-19 pandemic – co-funded payroll scheme (November 2021); and

• Government Support to Business during the COVID-19 pandemic – other schemes (November 2021).

Strategy and governance

Evaluate Design Detailed findings

Measure Implement Strategy and governance

24. An effective framework to manage the risk of fraud and error requires a documented strategy and appropriate governance arrangements. I have considered the following aspects of strategy and governance within the States of Jersey:

• policy and strategy documents

• leadership and culture

• training

• guidance; and

• monitoring and reporting arrangements.

Policy and strategy documents

25. At a corporate level, the States of Jersey have the following policy and strategy documents in place that are relevant to tackling fraud and claimant error:

• an Anti-Fraud and Corruption Policy

• an Anti-Fraud and Corruption Strategy; and

• an Anti-Money Laundering Policy.

26. A revised Anti-Fraud and Corruption Policy and Anti-Fraud and Corruption Strategy were adopted by the Executive Leadership Team (ELT) in November 2022. Some revisions were made to both documents in July 2024 including a series of 13 actions with target dates as part of the Strategy.
27. A Fraud and Corruption Response Plan to support implementation of the Anti- Fraud and Corruption Policy and Strategy was being drafted at the time of my audit and is now awaiting approval from the Anti-Fraud and Corruption Management Group.
28. The Anti-Fraud and Corruption Policy is clear on expectations of all stakeholders in relation to managing the risk of fraud and corruption including an emphasis on high standards and zero tolerance. It sets six objectives:

• Awareness  Risk Management

• Prevention  Teamwork

• Investigation  Enforcement

29. These objectives represent a positive approach to building and embedding a control framework across the States.
30. At the current time however there are no objectives in the Policy that reference measurement and reporting of levels of fraud and error. Some fraud and error exposure is inevitable, but the States have not determined a level of risk of fraud and error that will be tolerated.
31. The Strategy to implement the Policy identifies 13 specific activities for the period of the strategy which include target dates up to the end of 2025.
32. In my previous review of Anti-Corruption Arrangements (January 2021), I assessed the progress in implementing the (then) new Anti-Corruption Policy and Strategy. At the time, the Government's approach was to manage the risk of corruption separately from fraud and error. While my view is that separation of fraud and corruption reflects best practice, I note that, in the interests of proportionality, corruption risks are now included within an overall approach alongside fraud in a single policy and strategy.
33. The revised Anti-Fraud and Corruption Policy and Strategy (July 2024) include only one reference to error. Officers recognise that error is a separate consideration. There is an opportunity to reflect a greater emphasis within both documents on error and within the controls testing by addressing actions previously identified including:

• implementing an error reporting mechanism

• conducting sample testing; and

• conducting post-error reviews.

34. Without an appropriate emphasis on error, there is a danger that the focus on implementing the Strategy in some areas could be dominated by the risk of external and intentional acts without recognising that effective controls are also necessary to manage the risk of unintentional internal or external error.
35. At departmental level, the prevention and detection of fraud and error form part of documented strategic priorities in each of the three departments I reviewed:

• Revenue Jersey has a published Revenue Compliance Strategy, which it reviews annually, and publishes an annual Compliance Programme

• for Customs and Immigration, an internal Delivery Plan for 2024-2025 has been produced which includes collecting and accounting for import duties and taxes' as a strategic priority; and

• CLS has produced a Benefit Fraud Strategy 2024-26 which was signed off in January 2024. This reflects the departmental mission to protect the public purse by preventing, detecting and deterring benefit fraud' as part of its vision to be the exemplar enforcement team across the Government of Jersey in protecting the public purse, following the Government of Jersey values'.

Leadership and culture

36. Embedding the Anti-Fraud and Corruption Policy and implementing the Strategy require effective leadership (including an effective tone from the top') to ensure that the appropriate culture develops. The process starts with approval of the documentation but the challenging aspect for many organisations is the cultural change to ensure that fraud and corruption risks are managed as part of business as usual'.
37. Good progress has been made on this aspect in the last 18 months, including:

• recognition of limitations in the previous Anti-Fraud and Corruption arrangements

• agreement of a revised Policy and Strategy by the ELT in November 2022 (updated and approved by the States Treasurer as the Accountable Officer in July 2024)

• allocation of responsibilities to the Head of Financial Governance with support from a full-time secondee as Counter-Fraud and Corruption Manager to lead the corporate development

• the establishment of a new requirement in the Public Finances Manual (PFM) for Accountable Officers to designate an officer to lead on anti-fraud, corruption and money laundering issues with clear responsibilities described

• the establishment of an Anti-Fraud and Corruption Management Group from January 2024 to provide a focus on:

• communication strategies
• incident reporting
• training initiatives

• departmental reporting requirements on
• risk assessment methodologies
• reviewing the effectiveness of controls
• oversight of investigations; and
• policy and strategy.

fraud and error

• resetting the wider Anti-Fraud and Corruption Working Group to be a network of enthusiasts to share and promote good practice and support development of corporate resources

• the introduction of and ongoing development of an awareness raising training programme

• preparation of a first annual report summarising the corporate approach to managing the risk of fraud, corruption and money laundering; and

• commencement of risk assessment and detailed controls testing to provide assurance in the 20 highest risk areas.

38. The implementation of an Anti-Fraud and Corruption Management Group from January 2024 provides the opportunity for a group of senior managers to focus on fraud and corruption matters outside of ELT. The Management Group is accountable to the States Treasurer who holds the remit for managing the corporate risk on behalf on ELT. The Group includes representation from Treasury and Exchequer, Commercial Services, CLS and Revenue Jersey as well as other departments. At the time of my review, the Group had met twice, initially in order to agree Terms of Reference and appoint a Chair followed by a second meeting to approve the revised Policy, Strategy and the annual report and to receive the results of the initial detailed review into staff expenses. The Management Group has delegated responsibility to approve the annual report and changes to the Policy and Strategy. However, governance arrangements and inter-relationships between the Management Group and the Anti-Fraud and Corruption Working Group, and accountabilities and reporting arrangements to other groups such as ELT and the Risk and Audit Committee, were not documented at the time of my review.
39. Within Revenue Jersey, Customs and Immigration and CLS, where compliance and management of the risk of fraud and error are high priority, promotion of an anti- fraud and error culture is evident from documentation and ongoing activities such as training. Each of the three departments provides extensive detail on the Government website to guide users in completing tax returns, import

documentation and benefit claims and changes. These all include an emphasis on the need for compliance.

40. However, while one of the actions in the CLS Benefit Fraud Strategy is to publish the strategy, this is still under consideration due to concerns about revealing too much of the department's operational approach. Evidence from other jurisdictions, for example UK local authorities, Northern Ireland and Australia indicates that publication of strategies to address benefit fraud is common practice. Revenue Jersey has also published its Revenue Compliance Strategy. I would encourage the publication of the strategy as alerting claimants to the Government's control and review processes would be informative and may act as a deterrent to potential fraudsters.
41. An important aspect of supporting the right culture is establishing effective whistleblowing policies and procedures for employees to raise concerns relating to fraud and corruption.
42. The People Strategy agreed by the States Employment Board in 2021 includes a Code of Practice on Employee Rights at Work and a Whistleblowing Policy. The Whistleblowing Policy provides the opportunity for employees to highlight concerns related to fraud and corruption by contacting identified managers or an independent speak-up line'.
43. In 2023, there were 32 whistleblowing referrals including five classified as relating to fraud.

Training

44. Online training material has been developed for basic fraud, corruption and money-laundering awareness raising alongside face to face training material which provides the opportunity for more in-depth discussion. The face to face courses are run two or three times each quarter.
45. During 2023, 430 staff completed the optional basic online awareness training module. Additional training in 2024 has increased the numbers to over 670. No target has been set for the numbers of employees who should undertake the training. Out of a total workforce of 9,000, the current training take up is low.
46. Officers from departments such as Revenue Jersey, Customs and Immigration and CLS who are dealing with management of fraud risk on a routine daily basis have participated in the relevant corporate training sessions.
47. It was agreed in December 2023 that the e-learning course will be mandated in future as part of the corporate training. In order to manage the volume of stand - alone mandatory sessions, a compromise was subsequently agreed so that the

fraud section will instead be added to the mandatory financial governance training for all managers in 2025.

48. As well as the specific training, fraud and corruption issues are also now included in a section as part of the Governance for Managers training. Regular training on the risk of cyber fraud is a separate corporate initiative managed by the Digital Services team.
49. Within those departments reviewed where there is a higher risk of fraud and error and significant compliance activity, additional training and briefings are carried out on specific areas in response to policy changes or emerging risks.
50. While the tangible impact of the significant training initiative is difficult to quantify, officers report positive feedback from courses. There is also anecdotal evidence of greater discussion on the subject and relevant risks within the Anti-Fraud and Corruption Working Group and wider organisation.
51. Training for States Members in being aware of and managing the risk of fraud and corruption has not started. The Anti-Fraud and Corruption Policy is clear that States Members have an important role in establishing an effective counter fraud and corruption culture. Until training initiatives include States Members, it is difficult to conclude that there is an effective corporate culture to manage the risk of fraud, error and corruption.
52. At the time of my review, the Counter-Fraud and Corruption Manager was engaging with States Owned Entities (SOEs) to discuss risks within those organisations. As an outcome from this, SOEs will have the opportunity to participate in future training sessions. There are also plans to extend this offer to Arm's Length Organisations (ALOs).

Guidance

53. In addition to the Anti-Fraud and Corruption Policy and the Strategy, other resources are available to support operational staff and raise awareness of the subject. Notably, the relevant section of the PFM has been redrafted to emphasise the need to adhere to the single approach to managing the risk of fraud and corruption across all States Bodies defined in the Public Finances (Jersey) Law 2019. The revised text also makes the responsibilities of Accountable Officers clear in respect of departmental areas and associated ALOs. There is a new requirement for Accountable Officers to designate a lead officer for counter-fraud, corruption and money laundering.
54. During 2023, 12 articles on fraud and corruption topics were placed on the staff intranet OurGov' site to help raise awareness and stimulate interest in specific areas.

55. All tools and guidance will be available on a dedicated SharePoint site which is currently being finalised for release in November 2024.

Monitoring and reporting arrangements

56. The risk of fraud and corruption is captured in the Enterprise Risk Management (ERM) System as a corporate risk. The description, mitigating controls and actions are, in my view, appropriate and reflect the activities that are in hand at a corporate level. If the actions in the Anti-Fraud and Corruption Strategy are implemented, and understanding of risks and controls develops, the residual risk level should reduce.
57. My review of the ERM risk registers identified that fraud and error risks are included in some departmental registers. In relation to the three departments considered in this report, CLS demonstrates active management of the risk of fraud at three levels: by claimants; failure to recover debt; and through internal activity. There are no entries in the ERM registers which reflect the risks in  Customs and Immigration. Risks in Revenue Jersey are managed separately as part of the statutory responsibility of the Comptroller of Revenue.
58. In April 2024, the Treasurer of the States prepared the first Fraud, Corruption and Money Laundering Annual Report, for 2023. The report outlines the relevant policies and strategies and the overall control environment, as well as highlighting the activity in 2023.
59. As the processes for tackling fraud and corruption within the States continue to develop, there is the opportunity to enhance the Annual Report in line with good practice. I have identified the following areas for enhanced information to be included in future reports:

• how understanding of risks and potential risks is improving

• data on fraud and error events and losses in each area including those identified as part of the programme of detailed risk reviews

• any improvements in capability to take action in response; and

• outcome of activities to manage the risk of fraud, error and corruption including:

• investigations and audits; and
• relevant whistleblowing reviews.

60. The report for 2023 is limited on outcomes. This is understandable as processes are at an early stage. While outcome data is available in some areas, such as

Revenue Jersey, it is acknowledged by officers that significant development is required to enable the production and collection of data from across the States.

61. For future years there should be greater clarity in the timetable for the production of the Annual Report and in the groups that should receive and review the report. These groups should include the Anti-Fraud and Corruption Management Group, ELT and the Risk and Audit Committee.

Recommendations

R1 Include objectives related to measurement and reporting of fraud and error within

the Anti-Fraud and Corruption Policy and the Anti-Fraud and Corruption Strategy.

R2 Document the detailed governance arrangements for the Anti-Fraud and

Corruption Management Group including the relationships with the Anti-Fraud and Corruption Working Group and the Risk and Audit Committee.

R3 Develop the Fraud, Corruption and Money Laundering Annual Report further with

a focus on outcomes.

R4 Prepare a high level calculation on the basis of risk to estimate the potential fraud

and error risk exposure across the States.

Work planned that should be prioritised

P1 Include a greater emphasis on tackling error in future iterations of the Anti-Fraud

and Corruption Policy and the Anti-Fraud and Corruption Strategy.

P2 Extend basic training in awareness of and managing the risk of fraud and

corruption to States Members as soon as possible.

P3 Extend basic training in managing the risk of fraud and corruption to States

Owned Entities and Arm's Length Organisations.

Areas for consideration

A1 Consider setting a tolerance for fraud and error loss at the corporate level.

A2 Consider publishing the detailed Benefit Fraud Strategy to provide information to

the public and act a deterrent to potential fraudsters.

A3 Review resources available for whistleblowing investigations to ensure there is

sufficient capacity to respond to any future increases in concerns being raised.

Strategy and governance

Evaluate Design Design

62. In order to design an effective control framework for fraud and

error an organisation should have a clear understanding of:  Measure Implement

• the potential exposure to fraud and error to help inform risk tolerance; and

• its specific fraud and error risks – both at corporate and departmental level.

Potential exposure to fraud and error

63. While organisations aspire to minimise the levels of fraud and error, there is always likely to be some leakage in systems and it is known that some fraud goes

undetected. There is inherent uncertainty over the extent of fraud and error and

limited evidence of assessment of potential fraud and error outside of the

significant areas considered in this report. The Government has not calculated its potential exposure to fraud and error. In the absence of a calculation to determine

the potential exposure, the Government has not identified a level of fraud and

error which will be tolerated. The identification of a tolerance level can help

inform analyses of the costs and benefits of implementing potential new controls.

64. Loss due to fraud, error and corruption is difficult to measure because of its very nature and the fact that much is undetected. International data from the Commonwealth Fraud Prevention Centre in Australia suggests that governments lose between 0.5% and 5% of expenditure each year. This range of exposure is also quoted in the UK by the Public Sector Fraud Authority (PSFA).
65. In a report from the UK's National Audit Office (NAO) on Tackling Fraud and Error in Government dated March 2023, reliable estimates of fraud and error incidence totalling £30.3 billion in 2020/21 were quoted using data from the PSFA. However, the PSFA also estimated that the fraud and error exposure in areas with limited data could be anywhere between 0.5% to 5% of expenditure. On the basis of this range, the potential exposure to fraud and error in Jersey could be upwards of £5 million (0.5% of net revenue expenditure).

Corporate level fraud and error risk assessment

66. The level of understanding of fraud and error risks throughout the States is variable. The control framework for managing the risk of fraud and error is well established in some departmental areas where business as usual' includes ensuring compliance and managing the risk of fraud and error. In particular, this is the case in Revenue Jersey, Customs and Immigration and CLS (pensions and benefits). However, the control environment is not yet understood consistently and is not fully documented within the 20 areas identified by the Government as being

at highest risk of fraud and corruption. Steps are in place to address this as part of the Strategy implementation.

67. An initial risk assessment has been completed for the 20 service areas or processes considered to represent the biggest fraud and corruption risks. The risk assessment considers five key dimensions as shown in Exhibit 2.

Exhibit 2: Approach to initial risk assessment in key systems and processes

Risk dimension Maturity of capability

Value of transactions Reputational risk Inherent vulnerabilities Known instances

Source: Extracted from initial risk assessment document from Treasury and Exchequer Department

68. The initial risk assessments represent positive progress. The methodology is clear, it has been applied consistently and the output is an effective tool which provides a basis for the next stage of detailed risk assessments.
69. Having completed the initial risk assessments, a detailed process is now planned for the Counter-Fraud and Corruption Manager to liaise with departments to document and evaluate the controls in each area, quantify the potential exposure to fraud and error and agree a residual risk rating. While some departments are at a more advanced level of maturity in relation to control documentation and management of risk, the corporate process is designed to help all departments to get to a baseline level with a consistent approach that fills gaps in control documentation in areas where management of fraud, corruption and error risk is less well developed.
70. The proposed approach comprises five stages as shown in Exhibit 3.

Exhibit 3: Detailed risk assessment process

Source: Extracted from detailed risk assessment document from Treasury and Exchequer Department

71. The process does not however include an assessment of the cost and impact of existing controls.
72. The initial action plan suggested that the detailed risk assessments would be completed by 31 December 2025. At the time of my review in July 2024, the first review of staff expenses had just been completed.
73. The Counter-Fraud and Corruption Manager is supported by colleagues within Treasury and Exchequer who will work in conjunction with departments on the

assessments. In those departments where managing the risk of fraud and error is a priority, documenting and evaluating all controls using the detailed risk assessment process will be a significant task. Added to this, there may be some departments where arrangements are not well documented which will take time to arrive at a baseline. Given the range and depth of the potential risk areas, and the experience from the first review, officers have advised that the above deadline will be revised as the full programme is likely to take a number of years.

74. There is merit in preparing a detailed and resourced plan to address the remaining 19 areas (which will vary significantly in depth), on a prioritised basis.

Corporate arrangements for managing the risk of corruption

75. My Report Anti-Corruption Arrangements (January 2021) concluded that a robust statutory framework is in place in Jersey to combat bribery and corruption but that detailed work was required to implement the anti-corruption policy and counter fraud and corruption strategy.
76. I made a series of recommendations for improvement which I have followed up as part of this review. Of the 25 recommendations made, four remain in progress at the time of my review, as shown in the Exhibit 4.

Exhibit 4: Outstanding recommendations in respect of anti-corruption arrangements

Recommendation Current status

R10 Review the specific risk of corruption at  Ongoing as part of the risk assessment departmental and corporate levels and,  described above

where appropriate, include specific

corruption risks in departmental and

corporate risk registers.

R12 Ensure that the planned update of the  Target date 31 December 2024

States of Jersey Procurement Best Practice  Commercial and procurement

Procedures (User Guide and Toolkit)  procedures will be rolled out end of Q includes additional guidance on the  2024  4

identification of the potential risks of

corruption as well as specific corruption risk

examples.

R14 Include in the updated States of Jersey  Target date 31 December 2024 Procurement Best Practice Procedures (User

Guide and Toolkit) rigorous requirements  Iwhoravkine bge toen i indefontifrmy redeq thuatireme o fficents anrs ard e  for managing conflicts of interest covering:  develop a plan

identification of conflicts, declaration of

interests and the circumstances in which an

individual should be excluded from

involvement in the procurement process.

Recommendation Current status

R15 Review due diligence procedures to  Target date 31 December 2024 promote consistency by providing  Work is underway to provide updated enhanced guidance on how to undertake  policies and procedures

due diligence, including specifying all

relevant data to be provided by suppliers

and other intelligence sources.

Source: JAO analysis of outstanding recommendations based on feedback from officers

77. My review in 2021 included these recommendations as there is an inherent risk of corruption related to procurement activities. Delays in implementing actions to improve processes and tighten controls mean that the States continue to be exposed to risk. Given the time since I issued my report, it is important that the outstanding recommendations in relation to procurement are completed in accordance with the revised timetable.

Risk assessments within specific departments

78. The corporate arrangements to manage the risk of fraud and corruption described above should apply consistently to all areas of Government. However, in some departments, the risk is higher and compliance activities are already high priority with detailed controls evident in each area. I have considered the key aspects of the control framework in three departments: Revenue Jersey, Customs and Immigration and CLS.

Revenue Jersey

79. Revenue Jersey is responsible for administering and collecting Personal Income Tax, Corporate Income Tax, Goods and Services Tax (GST) and Land Transaction Tax. It is also responsible for collecting Social Security and Long-Term Care contributions. The total collected from the two main sources of Income Tax and GST in 2023 was £879 million which is anticipated to grow to £964 million in 2024.
80. The approach to managing the risk of fraud and error within Revenue Jersey has developed positively in the last five years. The emphasis has shifted from review of tax returns to a proactive focus on compliance which has yielded significant financial benefits.

81. The tax system is acknowledged risk of loss through:

• error due to the complexities

• careless or reckless behaviour

by officers to be complex and there is an inherent

; or

• deliberate evasion.

82. Since 2020 an annual compliance programme has been further developed by Revenue Jersey to manage this risk. This has been approved by the Risk and Compliance Committee (comprised largely of senior managers from within Revenue Jersey). The compliance programme is risk based with reference to specific sectors, tax types and data from other agencies and jurisdictions. The process is transparent with the draft programme shared with external stakeholders before it is placed on the website to demonstrate to all taxpayers where the focus will be in a particular year.
83. The compliance programme is designed around three elements of:

• Promote – helping taxpayers to get it right first time

• Prevent – tools such as online filing (launched in 2020) to make it easier, and building in checks to test that data matches expectations; and

• Respond – intervention with individual taxpayers and focus on getting it right in future.

84. Individual aspects of the programme are not costed. Elements within promote' and prevent' would be difficult to quantify as they are ongoing mainstream activities, for example encouragement for individuals to switch to online filing'. Individual elements within respond' are also not yet quantified to demonstrate the cost and benefit of specific interventions.

Customs and Immigration

85. Customs and Immigration oversaw the collection of £71.4 million of revenue from Customs and Excise Duties in 2023 as well as GST on imported goods and services within the overall GST total of £116 million. The main revenue sources related to goods and services are:

• GST – charged at 5% on the majority of goods and services

• United Kingdom Global Tariff (UKGT) – import duties collected in respect of imports from areas outside of the Customs Union; and

• Excise Duty – charged on alcohol, tobacco, fuel and vehicle emissions (VED) which is charged on the basis of the manufacturer's CO2 emissions data.

86. In 2023, Customs and Excise Duties generated the following income:

• Alcohol: £23 million

• Tobacco: £18.6 million

• Fuel: £26 million

• VED: £3.1 million; and

• UKGT: £0.7 million.

87. GST represents the greatest risk of fraud and error due to the scale of the revenue (£116 million in 2023) and the number of users.
88. All retailers with turnover in excess, or expected to be in excess, of £300,000 each year are required to register for GST. From July 2023, under provisions in the Finance (Budget 2022) (Jersey) Law, overseas retailers or online marketplaces who sell to Jersey residents must also be registered for GST if sales to Jersey exceed £300,000 in a rolling 12 month period. Suppliers under this threshold may also opt-in voluntarily. More than 30 overseas retailers were registered at the time of my review. Furthermore, where goods are imported from a non-registered seller and untaxed, the buyer must pay GST on import where the value exceeds £60.
89. The legislation is expected to make a significant difference in control and efficiency. Duty on purchases from registered overseas businesses is remitted quarterly and no longer collected on importation which reduces the volume of consignments held by carriers pending duty payment.
90. All imports to Jersey come through the freight handling system, the Customs and Excise System for Administration of Revenue (CAESAR). The system handles over 8,000 consignments each day and is used to manage the collection of all import duties including excise duty, CCT, import GST and VED.
91. Outside of CAESAR, activity is monitored at the border to manage the risk of revenue leakage in respect of small quantities of goods imported by individuals. Risk profiling is used to focus this activity in particular areas.
92. There have been some developments during 2024 to enhance the risk and audit framework within Customs and Immigration by adding additional intervention and control to the existing focus through CAESAR. A small number of compliance audits have been completed on importers, a small distiller and duty-free franchises. One of these reviews identified a discrepancy between stock held and declared which resulted in recovery of £36,000 of unpaid excise duties.
93. In November 2024, Customs Officers are planning a more complex compliance audit with Revenue Jersey. Once this initial exercise is completed, further joint compliance reviews are proposed. No detailed plans are in place at this stage but the ambition to undertake one joint review each quarter is being discussed. The audits to be undertaken within the new framework will reflect user profiling and risk assessment of existing suppliers or class of suppliers. The ongoing liaison with Revenue Jersey to replicate principles and methodologies and sharing of training materials across the two departments is good practice.

Customer and Local Services

94. CLS managed over £514 million of social benefit payments in 2023. The risks and controls associated with each benefit type are documented by CLS and adjusted as new risks emerge through policy changes. While pension payments represent the largest cost to the Government (£240 million in 2023), Income Support (£79 million in 2023) is considered to be the highest risk.
95. Income Support is paid in advance and therefore brings an inherent risk of overpayment which may require clawback. Within Income Support, the biggest risk relates to change of circumstances which claimants can advise using the online notification system or alternative methods.
96. A significant risk with pensions is the potential to continue payment to overseas claimants once a recipient has deceased. This risk is managed in a variety of ways using agencies and resources in other jurisdictions.
97. The operational plan for CLS is summarised in the Benefit Fraud Strategy.

Recommendation

R5 Prepare a prioritised plan to undertake the detailed fraud and corruption risk

assessments for the 20 highest risk areas identified.

Work planned that should be prioritised

P4 Complete the work planned on procurement guidance to address the risk of

corruption.  

governance

Evaluate Design

Implement

Corporate processes Measure Implement

98. It is too early to assess whether controls in all of the 20

highest risk areas are being implemented as designed. Officers are planning to

test controls on a sample basis using a recognised methodology.

99. The first detailed risk assessment and testing on staff expenses has recently concluded. The work by the Counter-Fraud and Corruption Manager found that there are significant vulnerabilities in the system, with the approval process in particular being highlighted as ineffective. A total of 18 risks were identified with 13 mitigating controls of which eight were ineffective and four partially effective. Of the sample of 340 claims reviewed, 22% had no evidence or had non-compliant evidence. Other errors and deviations from policy were also identified. All controls tested were designed to prevent rather than to detect or respond to the risk of fraud or error. A list of 19 recommendations for improvement has been accepted by management.

Revenue Jersey

100.  Implementing controls to manage the risk of fraud and error within Revenue

Jersey has improved in recent years as evidenced by the significant increase in revenue yield. The compliance programme described earlier is determined annually based on risk with flexibility to provide for reallocation if resourcing priorities change.

101.  Interventions by Revenue Jersey range in depth. For example, GST reviews are

undertaken where an alert is triggered, these can be desk-top reviews but visits to businesses are more common. Detailed deep-dive' reviews on businesses and individuals are carried out into all aspects of tax compliance where specific risks are identified.

102.  In October 2023, in response to a Freedom of Information (FoI) request, Revenue

Jersey confirmed that in 2022, routine processing activity and quality control processes of 60,000 tax returns had contributed to identifying 3,400 taxpayer errors and 450 errors by officers.

103.  In 2023, once the additional yield estimate had been achieved, a decision was

taken by management to redeploy staff to prioritise improving customer service and reducing backlogs. As a consequence, the additional yield was lower than the previous year by £8.4 million.

104.  The Government's target cost for collecting £1 of tax revenue is 1p. Performance

reported at the end of 2023 was just above this.

105.  Online filing is an inherent control to reduce the risk of fraud and error. The

promotion of online filing has had an impact – the baseline in 2022 of 30% had increased to 51% by the end of 2023. However, the data shows that progress has been gradual. The Treasury and Exchequer Business Plan for 2024 notes an aspiration for online filing of over 50%. As this had already been achieved by the end of 2023, to maintain progress a more ambitious aspiration should be considered for future years.

Customs and Immigration

106.  Within Customs and Immigration, the primary focus for controls implementation is

the range of controls on consignments built into the CAESAR system which are reviewed and quality checked by officers. Alongside this, detailed investigations can be commissioned. These are major exercises which can take between 12 and 18 months to complete. Three major reviews have been carried out in the last six years.

107.  The new framework being developed in Customs and Immigration does not at this

stage provide for any additional resources to undertake audits. However, it is proposed to designate a team member with responsibility for audit, risk and compliance. Resourcing options will also include consideration of the potential for joint working with Revenue Jersey.

Customer and Local Services

108.  Implementation of controls to manage the risk of fraud and error in CLS includes

routine processing controls and checks on areas such as change of circumstances reported online, and reactive casework. More recently, proactive reviews have been introduced which can account for up to 20% of the case reviews.

109.  Processing controls within each benefit type are documented, classified by control

type and reviewed within the department according to a schedule. The scheduled reviews are based on a detailed risk assessment of the specific control and sampling a number of transactions. The outcomes from these risk-based reviews are reported on a quarterly basis and allow the Departmental Management Team to assess high risk controls which may not be effective. This risk assessment includes peer review of all of the work of new starters until they demonstrate a high level of accuracy. Internal error levels reported by the department are low. A sample of claims in April and May 2024 returned an error rate of 1% of claims.

110.  Case reviews are identified from internal and external referrals for follow-up by an

Investigating Officer. The number of referrals in 2022 and 2023 was similar at just under 500 per year. The figure to the end of June in 2024 was 279. As shown in Exhibit 5, the majority of referrals for alleged benefit fraud come from external sources, most notably the Government website.

Exhibit 5: Benefit fraud referrals each year since 2021

450 400 350 300 250 200 150 100 50 0

2021 2022 2023 2024

External Internal

Source: Data received from CLS

Work planned that should be prioritised

P5  Implement all recommendations from the review of staff expenses.

P6  Complete development of the new compliance framework within Customs and

Immigration including resource considerations.

governance

Evaluate Design

Measure

Corporate level  Measure Implement

111.  There is no formal data available across all areas of

Government which summarises:

• estimated levels of fraud and error

• actual incidences of fraud and error; or

• cost effectiveness of controls.

112.  This is recognised by officers as a crucial area for development as part of the future

strategy.

113.  An exercise was initiated by way of the Anti-Fraud and Corruption Working Group

in 2023 to collect data from all departments including:

• number of staff engaged on fraud prevention, detection, investigation and recovery

• annual expenditure on fraud prevention, detection, investigation and recovery

• number of routine fraud checks

• number of fraud cases investigated

• number and value of fraud prosecutions

• number of cases and value of fraud recoveries

• estimated value of fraud loss

• number of staff engaged on error checking and correction

• annual expenditure on error checking and correction

• number and value of claimant or payer errors prevented/corrected

• number and value of departmental errors prevented/corrected; and

• estimated error cases and value of losses.

114.  The quality of the data collected was inconsistent or, in some cases, poor or non -

existent. As a result, the output was of limited value from a corporate perspective.

115.  The output from the first detailed review of staff expenses is a brief report which

sets out very clearly the key points and findings in terms of:

• potential risks identified

• controls identified

• effectiveness of controls

• residual risk rating

• control types

• policy deficiencies; and

• estimated risk.

116.  For this example, the risk of fraud and error identified from the sample has been

quantified as up to £115,000 from a total expense of £428,000 in 2023 (27%). By implementing the changes recommended to improve procedures, the report concluded that reducing risk and improving the integrity of the system could reduce erroneous expense payments.

117.  My assessment of the first detailed risk and control review undertaken as part of

the Anti-Fraud and Corruption Strategy is that the process and output demonstrate characteristics of good practice. However, the programme of planned reviews is ambitious and faces resource constraints. Only one review had been completed at the time of my fieldwork. On the basis of the findings from this first review, there is a clear risk that the States may be exposed to fraud and error in the areas yet to be reviewed.

Revenue Jersey

118.  The yield from the annual compliance programme within Revenue Jersey includes

Additional Revenue Assessed from previous years arising from taxpayers' errors and omissions discovered during proactive compliance work. The baseline of Additional Revenue Assessed identified in 2017 was £2 million. Since 2021, the estimated additional yield published in the Government Plan has increased significantly each year. For each year between 2021 and 2023 this estimate has been assessed by Revenue Jersey as having been exceeded as shown in Exhibit 6.

Exhibit 6: Additional Revenue Assessed from Revenue Jersey Compliance Programme since 2021

35 30 25 20

£m 15 10 5

0

2021 2022 2023 2024 2025

Estimate Actual

Source: Government Plans since 2021, Annual Report and Accounts 2021and Revenue Jersey –

2023 Performance Report (Operations)

119.  The results above indicate that after two years where outcomes exceeded the

estimated yield by between £11 million and £12 million, the outcome in 2023 was also above the estimate. As noted above, in the last quarter of 2023 once expectations had been exceeded, a decision was taken to redeploy resources to improve customer service and manage backlogs.

120.  The estimate in the Government Plan 2024 – 2027 has more than doubled from

2023 to £31.5 million each year. This is a challenging and ambitious estimate which is regarded as deliverable by Revenue Jersey. In order to help achieve the additional yield of £16 million per year from 2024, as well as improving customer service, a business case was approved for additional resources with a full year cost of £2.2 million from 2025.

121.  The Additional Revenue Assessed has not been reported as a Service Performance

Measure (SPM) since 2022, and the additional revenue actual and estimate for 2023 were not published in the Annual Report and Accounts or the Treasury and Exchequer Delivery Plan. This followed a review of SPMs by the Chief Statistician in liaison with departments with a view to reporting indicators on data which is more relevant to users and Islanders. I consider however that it would be good practice to publish performance against estimate in respect of Additional Revenue Assessed either as a SPM or within the departmental annual report.

122.  The Additional Revenue Assessed represents additional revenue from the

compliance programme in respect of tax years prior to the most recent year of assessment. In addition to this, the Comptroller of Revenue also reports annually to the Minister for Treasury and Resources on additional benefits accruing from the compliance programme and routine activity. These include:

• Additional Revenue Assessed from adjustments during routine processing and compliance related to the most recent tax assessment cycle

• revenue loss prevented in relation to repayments refused during compliance activities

• future revenue benefit where taxes are likely to increase in future years following adjustment of historic errors; and

• penalties and surcharges.

123.  Estimates arising from these areas are not in the public domain.

124.  In June 2023, Revenue Jersey received an independent report which had been

commissioned by the Comptroller of Revenue to review the approach and methodology used to determine and report the compliance yield. The report concluded that the Additional Revenue Assessed figure was prudent and under - reported as it does not include compliance yield from the current year or penalties and surcharges.

Customs and Immigration

125.  The Customs and Immigration Service does not routinely report data on incidence

of fraud and error and has not determined or quantified a level fraud and error that will be tolerated.

126.  The SPMs reported quarterly by the department as one part of the Jersey

Performance Framework are as follows:

• value of duties collected

• number of goods consignments processed; and

• number of goods declarations processed.

127.  These SPMs were selected as they are easily understood by the public. However,

there may be more meaningful data that Customs and Immigration could include within the SPMs.

128.  In addition to these outward facing SPMs, the department collects a range of other

data related to fraud and error. As part of my review, I have been provided with routine data including:

• seized goods auctioned or destroyed

• passenger declarations resulting in duties

• additional duty from corrected declarations; and

• duty recovered from premises operators for unauthorised releases of consignments or goods.

129.  The Jersey Customs and Immigration Delivery Plan 2024–2025 also identifies a

range of routine data to be collected. This includes:

• fraud/risk/audit activity - casework and goods

• value and quantity of revenue goods seized and duty collected

• assets confiscated

• cash seized; and

• prosecutions and outcomes.

130.  With the exception of the SPMs, the above data is not currently reported as a

management tool or in the public domain. Work is however in hand to determine how this can be improved to demonstrate outcomes from the new Delivery Plan. Officers are currently considering development of an internal performance dashboard to measure performance as well as some public facing data.

131.  No additional revenue yield figure has been identified for the new risk and audit

framework and there is no expectation that this will include additional resources. The experience in Revenue Jersey demonstrates that additional revenue yield is forthcoming from focussed compliance activity and the business case outlining this resulted in additional resources. The cost of initial Customs audits should therefore be captured so that the benefit in terms of additional revenue yield can be monitored.

Customer and Local Services

132.  CLS collects and prepares a summary report on a range of data and outcomes for

management each quarter. As well as referral data, other information collected and reported by CLS includes the number and value of prosecutions and the number and value of overpayments recovered.

133.  Since records started to be kept in 2012, there have been 32 prosecutions with a

total value of £1.6 million. The average value related to each prosecution over that period is £49,717. Since 2021, the total is £845,336 with an average value of £93,926 (Exhibit 7).

Exhibit 7: Prosecutions for benefit fraud since 2021 and summary since 2012

Prosecutions  Number  £ 2021  2  293,429 2022  3  260,159 2023  2  122,843 2024 (up to August 2024)  2  168,905 Total  9  845,336 Average for each prosecution 93,926

Total since 2012  32  1,590,943 Average for each prosecution 49,717

Source: CLS data

134.  CLS quantifies fraud events by reference to overpayments which are identified and

recovered. This is common in other jurisdictions. The average total value of overpayments recovered since 2021 is fairly consistent at around £800,000 each year. The exception was 2020 when CLS enforcement officers were redeployed into other areas to support the Government response to the COVID-19 pandemic. The value recovered since 2019 is shown in Exhibit 8.

Exhibit 8: Benefit overpayments recovered since 2019 (£m)

1.00 0.80 0.60 0.40 0.20 0.00

2019 2020 2021 2022 2023 2024 Source: CLS data up to Quarter Two of 2024

135.  The majority of the issues which resulted in overpayments in 2023 related to

Income Support as shown in Exhibit 9.

Exhibit 9: Overpayment values by benefit type 2023 (£m)

0.01

0.08

0.68

Income Support S/T incapacity allowance L/T incapacity allowance Source: CLS data

136.  The value of overpayments identified for recovery by the end of quarter two in

2024 is around £300,000 in respect of 47 cases of the total of 285 closed this year. The majority of the closed cases (85%) were following investigation with no further action. The overpayment value of the 51 cases which remain open is currently identified at £315,000 including four cases from 2019 and 2022 which are with Law Officers.

137.  As well as the referrals to the Enforcement Team which are categorised as

potential fraud cases, the overpayments figure which is reported also includes internal and claimant errors which are identified during investigations.

138.  In July 2024 the Standard Operating Procedures used by CLS were updated

following a decision by the Social Security Minister. This update was to set limits on the recovery of income support overpayments.

139.  The total average overpayment recovery figure represents around 0.3% of the total

expenditure on Income Support and other benefits (excluding pensions). When compared to the published level of benefit fraud and error of 6.6% in the UK (excluding pensions and pension credit), the incidence in Jersey is low. However, figures in other jurisdictions demonstrate that the incidence is lower than the UK figure (Exhibit 10).

Exhibit 10: Benefit fraud and error levels in Jersey and other jurisdictions

Benefit fraud  % UK (DWP data for 2023/24) (Fraud = 5.1%, error = 1.5%)  6.6 Republic of Ireland  0.48 Northern Ireland (fraud only)  1

Isle of Man (Reported 2021/22) 0.19 Jersey  0.3

 Source: JAO research of published data

Recommendation

R6  Require all departments to work with the Counter-Fraud and Corruption Manager

to identify relevant data on fraud and error incidence and how this can be collected in the most efficient way.

Work planned that should be prioritised

P7  The Customs and Immigration Service should identify key data that can be

reported on managing the risk of fraud and error for internal management purposes as well as external facing Service Performance Measures.

Area for consideration

A4 Consider publishing the Revenue Jersey annual Additional Revenue Assessed

figure including the value of penalties and surcharges.

Strategy and governance

Evaluate Design

Evaluate

140.  There is evidence within the departments considered as part  Measure Implement

of my review that emerging risks are incorporated into the

control framework. In Revenue Jersey and Customs and Immigration, intelligence is gathered on an ongoing basis to ensure that emerging risks are identified and risk assessments are updated. Controls in CLS are responsive to policy changes.

141.  It is also evident from my review that resources in these departments are allocated

on the basis of risk assessment with some flexibility to redeploy to different areas depending on priorities at specific points in the year.

142.  In the absence of detailed costing data for individual controls and interventions,

there is limited evidence across the States to demonstrate that controls are evaluated to assess the cost effectiveness of different methods for tackling fraud and error. The ongoing risk-based review of controls in CLS does allow consideration of effectiveness related to risk but not to cost-effectiveness. The growth in Additional Revenue Assessed from Revenue Jersey since 2019 does represent a positive cost to benefit ratio and data demonstrates that the overall cost to collect £1 of tax revenue is 1p. Over time, it would be helpful to develop a more detailed analysis of additional income yield from compliance activities in key departments, for example:

• fraud by specific revenue source

• error by specific revenue source

• identification of cases and sums categorised into fraud (internal and external), officer error and claimant/user error; and

• category of internal error.

143.  I note that from May 2024, CLS has started to collect data on claimant and officer

error.

144.  As processes mature in all areas over time, the Government should take steps to

cost individual control areas, where this can be done in a proportionate way, in order to support decision making for different types of intervention.

145.  It is too early at this stage to evaluate the effectiveness of the new corporate

assessment processes but a six-monthly review is included within the framework to monitor the implementation of recommendations and the delivery of the benefits.

Recommendations

R7 Develop a detailed analysis of fraud and error incidence, particularly in those departments where the management of fraud and error risk is a core activity.

R8 Review options for costing individual controls and interventions designed to

manage the risk of fraud and error, so that cost effectiveness can be evaluated and demonstrated.

Follow up of previous recommendations

146.  During the COVID-19 pandemic, jurisdictions experienced increased exposure to

fraud and error. These included fraud in respect of procurement of personal protective equipment and medical supplies, and fraudulent and erroneous claims for financial assistance from schemes put in place to provide support to businesses and individuals.

147.  In 2021, I reported the results of two reviews which I had carried out on business

support schemes related to the COVID-19 pandemic. These two reports included issues related to the potential risk of fraud and error. I have looked at how Government has responded to my reports as part of this review. My conclusion is that work was completed as recommended in my reports and that where overpayments were identified, the Government continues to take steps to recover the debt. Exhibit 11 summarises my findings.

Exhibit 11: Progress on relevant recommendations from C&AG reviews of Covid-19 Business Support Schemes

Covid-19 Business Support – Co-Funded Payroll Scheme (CFPS) November 2021 Relevant findings related to potential for fraud and error

• Inherent risks in the scheme, but these were well managed.

• Limited testing of claims at the time of the audit.

• Post payment checks still to be carried out.

• Error rate identified at the time of audit was 6.6% by value or £5.32m in respect of claims to August 2020. £3.74m was recovered by 25 July 2021.

• Subsequent internal reviews following my audit identified total sum for recovery of £10.9m.

Recommendations Date  Outcome

R4 Prioritise the  31  Reconciliations to other records held by completion of the  March  Government were completed for the first two reconciliation of CFPS  2022  phases. Variances were insignificant so no further claims made to other  action undertaken for subsequent phases.

records held in respect of

the employers making the

claims. These

reconciliations should be

carried out as soon as

possible.

Recommendations Date  Outcome

R5 Prioritise the  31  All audits were completed in 2022. A report completion of post  March  prepared by the Corporate Services Scrutiny payment audit testing of  2022  Panel indicates that from 15,000 people and claims and ensure that final  4,100 businesses supported, by April 2022, 543 audit reports are issued  cases had been identified for repayment with 172 promptly relative to the  further cases providing further evidence to month of the claims tested. support the claim.

Source: JAO summary of relevant recommendations from Covid-19 business support schemes with update on actions  

Source: JAO summary of relevant recommendations from Covid-19 business support schemes with feedback from summary reports produced by BDO limited on behalf of the Government of Jersey (January 2022)

148.  The sample reviews referred to above were carried out with support from an

independent organisation. Reports were produced confirming that the sampling sizes were appropriate for the population and also setting out the results. The main reason for failure of claims in respect of the VASS was that the hotels in the sample were in receipt of insurance to mitigate losses. Where cases were identified for repayment, many have repaid in full already, others are on a repayment plan. At the end of September 2024, I am advised that the sums shown in Exhibit 12 were still outstanding and there have been no write-offs.

Exhibit 12: COVID-19 support schemes: outstanding debt recoveries 30 Sept 2024

Total  Debt to be  O/S End Sept Scheme  payments (£)  recovered (£)  2024 (£)

Co-Funded payroll scheme 140 m  10.9 m  4,787,271 Fixed Cost Support Scheme (FCSS)  3,272,581  146,891  11,000

Visitor Accommodation Support

Scheme (VASS)   8,945,310  1,569,556  177,296 Total  152,217,891 12,616,447 4,975,567

Source: Data from Department for the Economy and CLS (September 2024)

Appendix One Audit Approach

The review included the following key elements:

• review of relevant documentation provided by the States of Jersey

• interviews with relevant officers

Key documents reviewed included:

• Anti-Fraud and Corruption action plan 2024

• Anti-Fraud and Corruption Policy 2023

• Anti-Fraud and Corruption Strategy 2023

• Anti-Fraud and Corruption Working Group and Management Group Terms of Reference, agendas and minutes

• Employee Code of Conduct

• Enterprise Risk Management system extract

• Fraud, corruption and money laundering – Workplan 2023

• Fraud, corruption and money laundering annual report 2023

• Initial and detailed risk assessment methodologies

• Public Finances Manual

• Various fraud and corruption articles published internally

• Various training materials

Jersey Customs and Immigration

• Delivery Plan 2024-2025

• Various duty collection statistics 2022 – 2023

• Website content

Revenue Jersey

• Performance Report (Operations) 2022 and 2023

• Review of compliance programme – Evelyn Partners June 2023

• Website content

Customer and Local Services

• CLS Delivery Plan 2023

• CLS Fraud Strategy 2024-2027

• CLS Risk Strategy and Controls Document

The following people contributed information through interviews or correspondence:

• Deputy Head of Service, Customs and Immigration

• Comptroller of Revenue and Competent Authority

• Counter-Fraud and Corruption Manager (Treasury and Exchequer)

• Head of Compliance, Revenue Jersey

• Head of Financial Governance (Treasury and Exchequer)

• Head of Governance, Revenue Jersey

• Head of Pensions and Care Hub, Customer and Local Services

• Head of Risk

• Head of Service, Customs and Immigration

• Senior Manager (Goods Control), Customs and Immigration

• Technical Support Officer, Customs and Immigration

The fieldwork was carried out by an affiliate working for the Comptroller and Auditor General.

Appendix Two

Summary of Recommendations, Work planned that should be prioritised and Areas for consideration

Recommendations

R1 Include objectives related to measurement and reporting of fraud and error within

the Anti-Fraud and Corruption Policy and the Anti-Fraud and Corruption Strategy.

R2 Document the detailed governance arrangements for the Anti-Fraud and

Corruption Management Group including the relationships with the Anti-Fraud and Corruption Working Group and the Risk and Audit Committee.

R3 Develop the Fraud, Corruption and Money Laundering Annual Report further with

a focus on outcomes.

R4 Prepare a high level calculation on the basis of risk to estimate the potential fraud

and error risk exposure across the States.

R5 Prepare a prioritised plan to undertake the detailed fraud and corruption risk

assessments for the 20 highest risk areas identified.

R6 Require all departments to work with the Counter-Fraud and Corruption Manager

to identify relevant data on fraud and error incidence and how this can be collected in the most efficient way.

R7 Develop a detailed analysis of fraud and error incidence, particularly in those

departments where the management of fraud and error risk is a core activity.

R8 Review options for costing individual controls and interventions designed to

manage the risk of fraud and error, so that cost effectiveness can be evaluated and demonstrated.

Work planned that should be prioritised

P1 Include a greater emphasis on tackling error in future iterations of the Anti-Fraud

and Corruption Policy and the Anti-Fraud and Corruption Strategy.

P2 Extend basic training in awareness of and managing the risk of fraud and

corruption to States Members as soon as possible.

P3 Extend basic training in managing the risk of fraud and corruption to States

Owned Entities and Arm's Length Organisations.

P4 Complete the work planned on procurement guidance to address the risk of

corruption.

P5 Implement all recommendations from the review of staff expenses.

P6 Complete development of the new compliance framework within Customs and

Immigration including resource considerations.

P7 The Customs and Immigration Service should identify key data that can be

reported on managing the risk of fraud and error for internal management purposes as well as external facing Service Performance Measures.

Areas for consideration

A1 Consider setting a tolerance for fraud and error loss at the corporate level.

A2 Consider publishing the detailed Benefit Fraud Strategy to provide information to

the public and act a deterrent to potential fraudsters.

A3 Review resources available for whistleblowing investigations to ensure there is

sufficient capacity to respond to any future increases in concerns being raised.

A4 Consider publishing the Revenue Jersey annual Additional Revenue Assessed

figure including the value of penalties and surcharges.

LYNN PAMMENT CBE Comptroller and Auditor General

Jersey Audit Office, De Carteret House, 7 Castle Street, St Helier, Jersey JE2 3BT T: +44 1534 716800 E: enquiries@jerseyauditoffice.je W: www.jerseyauditoffice.je