Development of Policies and Processes to Reduce Potential for Fraud
This paper has been written following the exposure of fraud at Ashley Commerce College (ACC) by the BBC and seeks to explain the nature of the fraud, to identify the weaknesses in the current system which exposes awarding organisations to fraud, and the policy and process developments being deployed by IQ to reduce this risk.
Nature of the Fraud
The fraud perpetuated by Ashley Commerce College was specifically targeted at weaknesses in the traditional awarding organisation quality model. As such, all awarding organisations are susceptible to the same type of fraud.
ACC operated a well organised training centre with a number of trainers who were experienced and well known to many in the sector. Assessment activity was undertaken legitimately and in accordance with current requirements for the majority (some 96%) of candidates registering with the centre.
In addition to the legitimate activity, ACC operated a “back door” route for a minority of students, registering for the ACC “fast track” programme with ACC directly, or through third party trainers or training companies. The characteristics of the scheme were:-
- The completion of examination papers for students that had not attended a training programme or examination by centre staff
- The manufacture of portfolios of evidence for fast track students (with their involvement).
- Examination and assessment paperwork fraudulently being generated or amended after the completion of legitimate programmes to include assessment paperwork and records for fraudulent candidates. These were then entered into the processing chain.
- Fraudulent examination papers had a statistical spread of marks which was not out of the ordinary.
- The fraud did not necessarily require the compliance of the trainer, and could be exercised by an administrator adding details and assessment documentation post course.
- Assessment paperwork was added to the legitimate supply line slowly, and held back during periods when the centre was the subject of external verification. In the case of ACC, less than 4% of candidate submissions were fraudulent.
- Legitimate candidates were unaware of the fraudulent candidates or indeed the fraud.
- During both unannounced and announced external verification visits, the absence of those students for whom assessment paperwork was being created fraudulently was explained as non-attendance. The non-attendance rates did not raise concerns as they were within statistical norms. The paperwork was not added to the supply chain and held back to a later date.
- A number of training companies and individuals, not recognised by IQ and of whom IQ was not aware, fed students into the fraudulent ACC system.
Weaknesses with Current Arrangements for Quality Assurance
IQ currently undertakes detailed centre approval with all centres receiving at least one visit prior to certification. External verification visits are conducted annually, or more frequently if there are concerns about risk or quality, or if the centre is registering high volumes of candidates. External verification can be planned or unannounced.
In addition to visits to the centre, IQ monitors centre performance in relation to results distribution and spread of responses. Visual checks are also undertaken on all examination papers.
External verification in the traditional model:-
- Focuses on the centre, and those students that are visible within the centre. It is not designed to, and will rarely identify fraudulent sub-contract relationships and relationships used to introduce fraudulent students.
- There is a strong emphasis on policies and assessment process with perhaps insufficient or misdirected focus on risk.
- The economics of awarding provides very limited opportunity for speculative penetration testing.
Ashley Commerce College
3 external verification visits were made to Ashley College in the twelve months leading up to exposure by the BBC. Two were unannounced and one was a planned annual visit. The company played an active role in IQ sector development events and was responsive to requests from IQ. Examination papers were monitored and fell within statistical norms.
IQ received a letter from a single anonymous whistle blower in 2014, alleging that cash was being taken for questions. The nature of the fraud was not explained and further information was not divulged. IQ believed that it was investigating malpractice during examinations. This was investigated with unannounced visits during examinations and training, combined with thorough statistical analysis and student interviews. The information provided did not lead IQ to the fraud, however, as we now know this would not be detected through the deployment of standard external verification techniques.
The subsequent internal review IQ has launched identified that whilst fraud of this nature would be difficult to eradicate entirely when a centre or individual was determined to commit fraud, a number of actions could be taken to increase resilience.
Areas for improvement in the Control of Qualifications in the Security Industry at National/Regulatory Level
IQ believes that the following needs to be addressed to make the quality assurance system more robust:-
- A national record of trainers who have been identified as indulging in malpractice or fraud should be created. Currently, those trainers are free to move between companies and continue to engage in malpractice.
- A national record of training companies that are de-recognised by an awarding organisation should be created, providing awarding organisations with an historical database of fraud and malpractice. This would reduce the risk of offending companies move to new awarding organisations, without those awarding organisations being aware of their previous history, and being wholly accountable for their decisions.
- No record exists of directors and shareholders of companies, de-recognised by an awarding organisation, allowing those individuals to start new companies under new names and continue to engage in malpractice. This should be addressed.
- There is no informed and identifiable contact point within the police service where awarding organisations can report fraud in security training and qualifications. This should be addressed.
Aspects of each of these concerns were evident in the investigation of ACC and its supply chain.
IQ: Policy and Process Changes
In addition to the proposals for changes at regulatory level, IQ recognises that enhancements and changes can be made to processes and procedures, which if undertaken with regulatory changes, should increase resilience.
Over the coming months, IQ will implement a series of changes to policy and process, designed to reduce the risk of fraud.
With immediate effect, IQ will strengthen procedures around declarations:
- The candidate declaration on the examination paper has been strengthened to make it clear that fraudulent completion of the paper will result in the candidate being reported to the police.
- The examination attendance sheet must be signed by the trainer and invigilator, and the number of candidates specified by each.
- IQ will issue standardised course attendance registers, which must be submitted to IQ with the examination paperwork.
- Each trainer will be required to sign a declaration, stating that they have not been involved in fraud or faced sanction from another awarding organisation.
The purpose of these changes are to reduce the risk that course and examination paperwork can be altered after the course or examination, and to communicate to learners, trainers and administrators that IQ will report fraudulent activity to the police and reserves the right to initiate civil action.
Recognition of Trainers/Assessors
IQ will establish a list of approved trainers/assessors. The list will be compiled from completion of the trainer declaration form, which will grant authority for IQ to pass details of the trainer to other awarding organisations should IQ identify malpractice or fraud in which the trainer is complicit. All trainers will be required to be registered before 1st August.
The purpose of this change is to allow IQ to check that trainers currently working in IQ centres have not been previously involved in malpractice, and provide authority to pass trainer details to others should malpractice be identified. The intention is to reduce the risk of dishonest trainers moving between training companies.
IQ has made representations to regulatory bodies in relation to licensing or registering trainers and will comply with any industry scheme should it emerge.
With immediate effect, IQ will analyse examination attendance data for all courses, with comparisons made between courses conducted by the centre, and comparatively with industry norms.
Video and Photographic Evidence
IQ will require that all security centres provide a dated digital photograph for each day of the course, and examination, to be sent with examination paperwork to IQ. This will become a requirement from the 1st August 2015.
In addition, for those centres registered for license to practice qualifications and willing to take and retain video evidence of physical intervention training and the examination process, and retain it for a period of 12 months for inspection, a favourable Risk Assessment regime will apply. From September 2015, those centres will be eligible for a Centre Risk Rating of 1, the lowest rating. These centres will receive a 10% discount on the appropriate examination/assessment fee in the form of a credit note issued on a quarterly basis. The intention is to incentivise and reward those centres that demonstrate the firmest commitment to quality assurance.
With immediate effect, IQ will use anti-plagiarism software and sample portfolio evidence to increase the probability of identifying manufactured portfolio evidence on typed portfolios, and will consider how digital production can be encouraged.
Criminal and Civil Action
With immediate effect, it is the policy of IQ to report all trainers, students and directors involved in malpractice to the police and regulatory authorities, without exception. IQ reserves the right to initiate civil action against individuals and organisations.
With immediate effect, where centres have increased risk ratings, their directors will be required to provide a formal Director’s Guarantee that no malpractice is taking place within their centre, with any costs to IQ arising from malpractice guaranteed by the directors.
IQ External Verifiers will increasingly be trained as auditors, with specialist training in the risk management standard, ISO31000. Work is underway to adjust the external verification visits to a model with a greater emphasis on risk management and assessment.
Actions to be taken by centres
The actions that will be required of centres over the coming months are as follows:-
- The adoption of new course paperwork on publication. The course registers will be provided during May. The register should be submitted with examination documentation to IQ.
- The trainer declaration form, signed by the trainer and confirming that he/she has not been involved in malpractice of fraudulent activity, will need to be signed and returned to IQ. It also provides authority to share information with other awarding organisations and regulators. This will be provided in May and should be returned at the latest by the 30th June.
- Centres delivering licence to practice qualifications are required to photograph all cohorts of trainees on each day of the course and at the examination. This is also to be submitted with examination documentation.
Operational details for those centres wishing to retain video evidence will be defined before the end of May and circulated to centres.
IQ produced a white paper in advance of the BBC broadcast, detailing the changes that it believed to be necessary to strengthen qualification provision in the security industry. IQ will continue to argue for the licensing of trainers and directors of training companies, and improvements to the availability of historical data across the awarding organisation network on trainer and centre malpractice.
IQ reserves the right to deploy additional measures designed to safeguard the integrity of the assessment process and the interests of the majority of learners, trainers, centres, employers and end users, for whom a reliable and valued system of qualifications is critical.
15th May 2015