Finance & Procurement

1. Financial Policy
2. Procurement & Ethical Purchasing Policy
3. Fraud Response Plan

Approved by: National Board

Updated: 2026-03-01

Review cycle: Annual (or earlier if legislation or practice changes)

Chapter 1. Financial Policy

Related policies: Code of Conduct; Conflict of Interest (COI) Policy; Anti‑Fraud & Corruption; Procurement Policy; Child Protection & Safeguarding; SEA Prevention & Response; Data Protection/Privacy; Whistleblowing & Complaints; Document Retention & Records Management.

1) Policy Statement & Purpose

This Policy sets the standards and procedures for transparent, lawful, and efficient financial management across the Organization. It ensures that all funds are used prudently and for intended purposes, that accounting is accurate and timely, and that decisions are free from conflicts of interest and undue influence.

Financial year: calendar year (1 January–31 December).

Currency: EUR.

Basis: accrual accounting in line with applicable Lithuanian non‑profit/public‑institution requirements and Lithuanian Business Accounting Standards (as applicable).

Objectives: safeguard assets; ensure donor and legal compliance; support program delivery through robust budgeting, controls, reporting, and audits.

2) Scope & Applicability

Applies to all personnel and associated parties handling or influencing financial matters:

employees, volunteers, interns, National Board members, project managers/budget holders, consultants, contractors, suppliers, and implementing partners.

3) Governance, Roles & Responsibilities

• National Board: Approves annual budget and this Policy; oversees external audit; reviews quarterly financials and risk; approves major contracts above thresholds; receives audit/management letters and corrective action plans.

• Executive Director (ED): Accountable for implementation; ensures resources, staffing, and internal controls; authorizes payments within delegation; escalates material risks to the Board.

• Finance Manager/Chief Accountant (FM/CA): Leads accounting, compliance, and reporting; maintains chart of accounts; supervises monthly close; prepares management accounts, donor reports, and annual financial statements; maintains asset, grants, and COI/Gifts registers (finance lens).

• Procurement Lead: Ensures competitive procurement, vendor due diligence, and documentation; maintains tender files.

• Project/Budget Holders: Plan and manage budgets; approve program expenses per matrix; ensure donor eligibility and documentation.

• Cashier/Treasury Officer: Manages bank/petty cash operations, cash counts, and reconciliations.

• Ethics & Compliance Officer (ECO): Oversees COI/Gifts disclosures, whistleblowing intake (finance‑related), and non‑retaliation.

• All staff/partners: Comply with this Policy and related procedures; submit timely, accurate documents; report concerns in good faith.

Designated Contacts (to fill):

• Finance Manager/Chief Accountant: Name, phone, email
• Procurement Lead: Name, phone, email
• ECO: Name, phone, email
• Bank signatories (A/B levels): Names, roles

4) Accounting Framework & Period Close

• Chart of Accounts aligned to programs, donors, and cost centres.

• Monthly close within 10 business days: accruals, prepayments, bank/petty cash reconciliations, review of AR/AP aging, grant balances, FX revaluation (if applicable).

• Documentation: invoices, contracts, POs, GRNs, timesheets, travel claims, and approvals retained in secure, auditable files (digital preferred).

• Segregation of duties: request → approval → payment → recording must involve different persons wherever feasible.

5) Budgeting & Forecasting

• Annual budget prepared by FM/CA with budget holders; approved by the National Board before year‑start.
• Revisions/forecasts at least quarterly; material variances (>±10% or threshold set by Board) analysed and reported.
• Grant/project budgets mapped to the chart of accounts; co‑financing tracked; indirect cost rates applied as per donor rules.

6) Banking, Treasury & Cash Management

• Bank accounts in reputable institutions; dual authorisation for online payments (A/B signatory levels).
• Bank reconciliations monthly, reviewed by FM/CA and countersigned by ED.
• Payment runs scheduled (e.g., weekly); emergency payments require written justification.
• Petty cash: imprest limit €[insert]; single payment cap €[insert]; two‑person cash counts weekly and at month‑end; locked safe; cash count sheet (Annex E).
• Cash receipts/donations: issued receipts; deposited promptly; no cash kept overnight beyond petty‑cash limit.
• Organization payment cards: issued by exception; monthly statement reconciliation; no personal expenses.

7) Income Recognition & Receivables

• Recognise income per accrual rules and donor agreements (restricted vs unrestricted).
• Grant agreements logged with budgets, eligible cost rules, and reporting calendar.
• Donations documented with donor intent; large/conditional gifts evaluated for restrictions.
• Receivables tracked with aging; follow‑up procedures; write‑offs require ED/Board approval per thresholds.

8) Expenditure, Payables & Invoice Approval

• 3‑way match (PO/contract ↔ GRN/service acceptance ↔ invoice) before payment.
• Invoice approval matrix (Annex B) specifies signatory levels by amount and role.
• Payment terms: standard 30 days unless contractually different.
• Prohibited payments: to unvetted vendors, to personal accounts (unless reimbursement), or without original supporting documentation.
• Related‑party transactions only with full disclosure and prior approval (see COI Policy).

9) Procurement & Contracting (see Procurement Policy)

• Thresholds (examples—adapt as approved):
  • < €500: direct purchase with one quote; document reasonableness.
  • €500–€5,000: min. 3 written quotes (RFQ); evaluation grid (Annex C).
  • > €5,000: formal tender or framework; committee evaluation; contract.
• Exceptions: single‑source justification (Annex C) approved by FM/CA + ED (and Board if > €[insert]).
• Due diligence: vendor registration, sanctions/PEP screening where relevant, tax/VAT status, bank verification.
• Contracts: signed by authorised signatories; filed with key terms (deliverables, price, payment schedule, penalties, IP, data protection).

10) Payroll, Stipends & Volunteers

• Employment contracts and HR files complete and current; payroll prepared from approved timesheets and contracts; statutory taxes and social contributions paid on time.

• Consultants engaged via contracts with deliverables and rates; invoices matched to outputs.

• Volunteer reimbursements (travel/meal/phone) per approved rates including fees & salaries; receipts required unless per‑diem policy applies.

• Per diems & travel per Annex G or donor rules (whichever stricter).

11) Grants & Restricted Funds Management

• Separate tracking of restricted funds by project/donor; avoid cross‑subsidisation.
• Eligibility & allocation rules documented (timewriting, cost allocation keys).
• Reporting calendar maintained; submissions reviewed by FM/CA and approved by ED before dispatch.
• Exchange rates: use donor‑specified or monthly average; disclose differences; manage interest per grant terms.
• Retention of grant files per donor/legal requirements (see Annex J).

12) Fixed Assets & Inventory

• Capitalisation threshold: €[insert]; below threshold expensed.
• Depreciation: straight‑line over useful life (e.g., IT 3 yrs; furniture 5 yrs; vehicles 5 yrs) unless donor/law requires otherwise.
• Tagging & register maintained; physical count annually; disposals require approval and record of proceeds.
• Inventory (if applicable): FIFO; periodic stock counts; differences investigated.

13) Travel, Expenses & Reimbursements

• Pre‑approval via Travel/Expense Authorisation; economy travel; cost‑effective choices.
• Receipts (original/digital) required for all expenses > €[insert]; submit within 10 business days after travel.
• Non‑reimbursable: personal fines, alcohol, luxury upgrades, unapproved travel companions, expenses without program purpose.
• Expense Claims (Annex G) reviewed by line manager and FM/CA; paid via payroll or bank transfer.

14) Reporting & Audit

• Monthly management accounts to ED and budget holders; quarterly summary to National Board (P&L by project, Balance Sheet, Cash Flow, KPIs).

• Annual financial statements prepared and approved; independent external audit conducted; management letter tracked to closure.

• Donor audits/monitoring facilitated; samples and files provided promptly.

15) Anti‑Fraud, Anti‑Corruption & AML

• Zero tolerance to fraud, bribery, embezzlement, kickbacks, facilitation payments.

• Controls: segregation of duties; approval matrix; vendor due diligence; spot checks; surprise cash counts.

• Reporting: suspected misconduct reported to ECO/ED/Board or via whistleblowing channels; good‑faith reporters protected (see Whistleblowing Policy).

• Sanctions: disciplinary measures up to dismissal; contract termination; referral to authorities.

• Statement: no confirmed cases to date; any future cases will be handled per this Policy.

16) Taxes, Regulatory & Donor Compliance

• Comply with Lithuanian laws for non‑profits/public institutions and applicable tax/VAT (PVM) rules; seek professional advice as needed.

• Maintain statutory filings and submissions on time; keep donor‑mandated records and asset logs.

17) Data Protection & Confidentiality (Finance)

• Protect personal and financial data per Privacy Policy/GDPR; limit access (role‑based); encrypt backups; restrict sharing to need‑to‑know.

• Report data breaches immediately to the DPO/FM/ED per internal protocol.

18) Delegation of Authority & Approval Matrix

• Annex B defines monetary thresholds and roles (request/approve/pay/post).

• Emergency delegation rules documented (acting signatories when ED absent).
• No person may both approve and pay the same transaction; system controls enforced.

19) Records Management & Retention

• Retention: keep accounting, contracts, and supporting documents 10 years (or longer if required by donor/law); secure storage; controlled access; audit trail.

• Destruction: secure disposal after retention period with record of destruction.

20) Risk Management & Business Continuity

• Backups of accounting systems/files at least daily; tested restoration quarterly.
• Continuity plan: critical roles cover; signatory succession; cashflow forecasting; contact lists for banks/auditors/donors.
• Insurance: review adequacy annually (property, liability, D&O, cyber as applicable).

21) Training, Communication & Review

• Finance induction for new staff; refresher every 24 months; targeted sessions for budget holders and procurement.
• Publish this Policy internally; communicate key changes; include in partner onboarding where relevant.
• Annual review by FM/CA and ED; Board approval of revisions.

Annexes (Templates)

Annex A — Budget Holder Delegation Matrix (RACI)

Define who is Responsible, Accountable, Consulted, Informed for budgeting, approvals, payments, procurement, reporting.

Annex B — Approval & Signatory Thresholds (example — customise)

Levels A/B to be assigned to named roles in bank mandate.

Annex C — Procurement Forms

• PR (Purchase Requisition)
• RFQ (Request for Quotation) + Bid Comparison/Evaluation Grid
• Single‑Source Justification
• Goods Receipt Note / Service Acceptance Certificate

Annex D — Payment & Voucher Pack

• Payment Checklist; Invoice; Contract/PO; GRN/Acceptance; Approvals; COI check; Donor eligibility check.

Annex E — Petty Cash Count Sheet & Log

• Opening balance; receipts; payments; closing balance; variance; signatures (Cashier + Reviewer).

Annex F — Fixed Asset Register

• Asset ID; Category; Location; Custodian; Cost; Depreciation method/life; Accumulated depreciation; Net book value; Condition; Disposal.

Annex G — Travel & Expense Claim

• Trip purpose; dates; route; per diems; transport; lodging; other expenses; receipts; approvals; payment details.

Annex H — Bank Reconciliation Template

• Bank balance; outstanding cheques; deposits in transit; bank fees/interest; GL balance; reconciling items; approvals.

Annex I — Grant Reporting Checklist

• Contract; budget; reporting deadlines; FX method; cost eligibility; supporting docs; narrative linkage; submission approvals.

Annex J — Document Retention Schedule (Finance)

• Accounting vouchers, ledgers, bank statements: 10 years.
• Payroll files/timesheets: 10 years.
• Contracts/grants: 10 years after closure (longer if donor requires).
• Asset registers: life of asset + 10 years.

Chapter 2. Procurement & Ethical Purchasing Policy

Related policies: Financial Policy; Anti‑Fraud & Corruption; Conflict of Interest (COI) Policy; Code of Conduct; Whistleblowing & Complaints Procedure; Data Protection/Privacy (GDPR); Child Protection & Safeguarding; SEA Prevention & Response; Environmental & Sustainability Policy; Records Management.

1) Policy Statement & Purpose

This Policy establishes transparent, fair, and ethical procurement standards for the acquisition of goods, works, and services, ensuring value for money, compliance with donor and legal requirements, and alignment with human rights, labour, and environmental principles. It applies to all procurement activities undertaken by, or on behalf of, the Organization.

2) Scope & Applicability

Covers all staff and associated personnel involved in planning, requisitioning, sourcing, evaluation, contracting, receiving, and paying for goods/services: employees, volunteers, interns, National Board members, consultants, contractors, suppliers, and implementing partners.

Compliance with this Policy is a condition of engagement. Breaches may lead to disciplinary action, contract remedies, and/or referral to authorities.

3) Roles & Responsibilities

• National Board: Approves this Policy; endorses annual Procurement Plan; reviews tenders/contracts above thresholds; oversees audit findings and corrective actions.
• Executive Director (ED): Accountable for implementation; approves exceptions beyond delegated limits; appoints Procurement Committee for high‑value tenders; ensures resources and segregation of duties.
• Procurement Lead (PL): Maintains procedures/templates; runs sourcing processes; manages supplier due diligence; maintains vendor master data; keeps tender files; trains staff.
• Finance Manager/Chief Accountant (FM/CA): Confirms budget availability; ensures alignment with Financial Policy; performs payment controls; supports audits; maintains the Gifts & Hospitality Register (finance lens).
• Ethics & Compliance Officer (ECO): Manages COI declarations; whistleblowing; non‑retaliation; maintains Debarment List; oversees sanctions/PEP screening where relevant.
• Project/Budget Holders: Prepare requisitions and technical specifications; evaluate technical quality; confirm delivery/acceptance.
• Procurement Committee: Evaluates bids against published criteria; signs evaluation reports; recommends award.
• All personnel & partners: Follow this Policy and declare COIs before participating in procurement.

Designated Contacts (to fill):

• Procurement Lead: Name, phone, email
• FM/CA: Name, phone, email
• ECO (COI & whistleblowing): Name, phone, email
• Tender email inbox: info@ndbelarus.com

4) Principles & Standards

• Value for Money (VfM): optimal balance of price, quality, delivery, service, sustainability, and risk.

• Fairness & Competition: open and competitive processes; equal information to all bidders; objective evaluation.

• Transparency & Accountability: documented decisions; clear audit trail; timely publication of opportunities where appropriate.

• Integrity & COI: strict prohibition of bribery, kickbacks, and undisclosed conflicts; mandatory COI declarations for panels.

• Human Rights & Labour: suppliers expected to comply with ILO core conventions; no forced, child, or trafficked labour; safe and non‑discriminatory workplaces.

• Environmental Responsibility: preference for lower‑impact goods/services; energy efficiency; recycled/recyclable materials; reduced packaging; lifecycle costing.

• Safeguarding: suppliers in contact with children/beneficiaries must uphold our Child Protection and SEA standards (contractual clauses; vetting where applicable).

• Data Protection: vendors handling personal data must meet GDPR requirements and sign data‑processing clauses.

5) Thresholds & Methods of Procurement (customise to Organization)

Default methods (amounts exclude VAT):

• < €500 — Direct Purchase: one written quote (email/screenshot) and confirmation of reasonableness.
• €500–€5,000 — RFQ (min. 3 quotes): use standard RFQ template; compare at least three written quotations; evaluation grid (Annex C).
• > €5,000 — Formal Tender: public or invited tender; Terms of Reference/Technical Specs; advertised period; sealed bids; committee evaluation; contract award.

Exceptions: single‑source or emergency procurement must use Single‑Source Justification (Annex D) approved by PL + FM/CA + ED (and National Board if > €[insert]).

Splitting: artificial division of procurement to circumvent thresholds is prohibited.

6) Procurement Process

6.1 Requisition & Planning

• Annual Procurement Plan linked to budgets/projects; updated quarterly.
• Purchase Requisition (PR) approved by Budget Holder and FM/CA to confirm need and funds.

6.2 Specification & Sourcing

• Clear, non‑restrictive technical specs; no brand lock‑in unless justified; include delivery terms and warranty.
• Supplier market scan; apply ethical and sustainability criteria where relevant.

6.3 Solicitation

• Use RFQ/ITT templates; provide equal information and timelines to all bidders; questions/answers shared to all.
• Maintain tender file: ToR/specs, RFQ/ITT, communications, bids, opening minutes.

6.4 Evaluation & Award

• Publish evaluation criteria and weights in the solicitation. Typical weights: Price 40–60%, Technical Quality 30–50%, Ethics/Sustainability 10–20% (customise per category).

• Committee scores independently, then consolidates; record reasons in Bid Evaluation Report (Annex C).

• Conduct due diligence on the recommended supplier (sanctions, COI, references, site check where relevant).

• Prepare Award Recommendation for approval per Annex B thresholds.

6.5 Contracting

• Use standard Purchase Order (PO) or Service Contract with clauses on delivery, acceptance, payment, IP, confidentiality, data protection, safeguarding, PSEA, anti‑fraud/corruption, right to audit, termination for breach, and applicable law.

• Signatures per Approval & Signatory Matrix (Annex B).

• Keep a Contract Register.

6.6 Delivery & Acceptance

• Goods Receipt Note (GRN) / Service Acceptance signed by technical lead; discrepancies recorded and resolved before payment.
• For assets, ensure tagging and register update.

6.7 Payment & Close‑Out

• 3‑way match (PO/contract ↔ GRN/Acceptance ↔ invoice).

• Process payment within agreed terms; close file with all documentation; update Vendor Performance record.

7) Ethical & Sustainable Purchasing

• Supplier Code of Conduct: vendors must sign Annex H acknowledging standards on human rights, labour, environment, and integrity.

• Environmental preferences: energy‑efficient equipment (e.g., rating labels), recycled paper, reduced plastics, repairability, and take‑back schemes.

• Local sourcing: where cost‑effective and compliant, prioritise local SMEs and social enterprises to support community development.

• Animal welfare: avoid unnecessary animal testing or products from inhumane practices.

• Modern slavery & trafficking: zero tolerance; immediate escalation if suspected.

8) Conflicts of Interest, Gifts & Hospitality

• All participants in procurement (requisitioners, evaluators, approvers) must sign COI Declarations before involvement (Annex E).

• Staff must follow the Gifts & Hospitality thresholds: > €50 per item or €100/year per source requires pre‑approval and entry in the Register; cash/cash equivalents prohibited.

• Any attempt to influence decisions via gifts/favours must be reported to ECO immediately.

9) Supplier Due Diligence & Sanctions Screening

• Before award, verify legal status, tax/VAT (PVM) registration, banking details (verifiable), ownership, and references; conduct sanctions/PEP screening where relevant.

• For higher‑risk categories (IT, data processing, security, transport, child‑facing services), apply enhanced checks (site visits, policy reviews, certifications).

• Maintain a Debarment/Watch List; non‑compliant vendors may be suspended or debarred.

10) Complaints, Protests & Debriefing

• Bidders may submit complaints or protests using Annex I within 5 working days of award notice.
• The Organization will acknowledge within 2 working days and respond within 10 working days after review.
• Unsuccessful bidders may request a debrief to improve future submissions.

11) Records, Transparency & Audit

• Maintain complete tender files (digital preferred) for 10 years: PR, specs, RFQ/ITT, communications, bids, opening minutes, evaluation, approvals, contracts/POs, GRN/acceptance, invoices, payments.

• Provide access to internal/external auditors and donors as required.

• Publish selected opportunities and award summaries where appropriate.

12) Non‑Compliance, Sanctions & Remedies

• Breaches may result in disciplinary action for staff (up to termination) and contract remedies for suppliers (withholding, penalties, termination for cause, recovery, debarment).

• Suspected fraud/corruption triggers the Fraud Response Plan and donor/authority notifications per thresholds.

13) Training, Communication & Review

• Induction and refresher training (every 24 months) for all staff involved in procurement; targeted modules for evaluators and committee members.

• Annual communications of key changes; poster with reporting channels (ECO/whistleblowing) at offices.

• Annual review of this Policy or earlier following incidents, audits, or legal/donor changes.

Annexes (Templates)

Annex A — Procurement Plan Template

• Project; item description; estimated value; method; quarter; responsible person; status; notes.

Annex B — Approval & Signatory Matrix (Procurement)

Annex C — RFQ & Bid Evaluation Pack

• RFQ Template; Bid Receipt Log; Evaluation Grid (criteria/weights); Clarification Log; Bid Evaluation Report.

Annex D — Single‑Source / Emergency Justification

• Description; reason (compatibility/sole provider/urgency); market scan; risk; approvals.

Annex E — COI Declarations (Panel/Staff)

• Name/role; relationship to vendors; financial interests; mitigation/recusal; signature/date.

Annex F — Vendor Registration & Due Diligence Checklist

• Legal name; registration; VAT; beneficial ownership; bank verification; references; policies (safeguarding, PSEA, H&S, privacy); sanctions/PEP check; site visit notes.

Annex G — Purchase Order (PO) Template

• Vendor; delivery address; items/quantities; price; Incoterms; delivery schedule; payment terms; references to contract/ToR; standard clauses.

Annex H — Supplier Code of Conduct (Acknowledgement)

• Human rights; labour; environment; integrity; data protection; safeguarding & PSEA; audit & cooperation; termination for breach.

Annex I — Procurement Complaint/Protest Form

• Bidder details; tender reference; grounds; evidence; requested remedy; signature/date.

Annex J — Vendor Performance Evaluation

• Quality; timeliness; service; compliance; H&S; ethics; overall rating; corrective actions; next review

Chapter 3. Fraud Response Plan

Related policies: Financial Policy; Code of Conduct; Conflict of Interest (COI) Policy; Anti‑Fraud & Corruption; Procurement Policy; Whistleblowing & Complaints; Data Protection/Privacy (GDPR); Records Management; IT Security; Child Protection & SEA Policies.

1) Purpose & Scope

This Plan establishes clear, rapid, and coordinated steps for detecting, reporting, containing, investigating, and resolving fraud, corruption, theft, bribery, embezzlement, facilitation payments, false claims, collusion, and other financial misconduct affecting the Organization, its donors, partners, or beneficiaries. It applies to all personnel and associated parties (employees, volunteers, interns, National Board members, consultants, contractors, suppliers, and implementing partners).

2) Principles

• Zero tolerance for fraud and corruption; Do No Harm to people and programmes.

• Speed + Evidence integrity: act quickly while preserving evidence and due process.

• Independence & fairness: conflict‑free investigators; decisions based on facts.

• Confidentiality & GDPR: limit access to need‑to‑know; protect personal data.

• Non‑retaliation: protect whistleblowers and witnesses acting in good faith.

• Transparency & accountability: appropriate disclosure to National Board, donors, authorities, and public as required.

3) Roles & Responsibilities

• National Board: oversees major cases; approves sanctions for senior roles; receives incident summaries and lessons learned; approves revisions to this Plan.
• Executive Director (ED): overall accountability; appoints Case Lead; authorizes containment (e.g., access suspension, payment freeze); reports to Board and donors as required.
• Ethics & Compliance Officer (ECO): primary intake; manages Fraud Register; coordinates triage, legal holds, and non‑retaliation; ensures COI checks; liaises with authorities with ED/legal.
• Finance Manager/Chief Accountant (FM/CA): leads financial analysis; secures financial records; runs bank liaison (freezes/recalls); prepares quantification of loss; supports recovery.
• Procurement Lead: secures tender files; vendor due diligence; assists with vendor debarment.
• IT & Security Lead / DPO: preserves digital evidence (forensic images, logs); issues Litigation Hold; manages access revocation; ensures data‑protection compliance.
• Case Investigator(s) (internal/external): conduct investigation under approved ToR; gather and analyse evidence; interview parties; produce findings report.
• Managers/Budget Holders: cooperate, facilitate access to records and staff; implement corrective actions.
• All personnel & partners: report suspicions immediately; preserve evidence; do not tip off suspects.

4) What to Report (Red Flags & Examples)

• Financial: unexplained cash shortages; duplicate payments; altered invoices; round‑sum payments; frequent write‑offs; fake vendors; kickbacks.
• Procurement: single‑source without justification; repeating winners; bid similarities; conflicts not disclosed.
• Payroll/HR: ghost staff; falsified timesheets; improper allowances.
• Assets/Inventory: missing equipment; tampered logs; abnormal shrinkage.
• Behavioural: lavish lifestyle inconsistent with income; reluctance to share records; overriding controls.
• Digital: suspicious access after hours; deleted logs; policy‑violating USB/cloud transfers.

5) Response Workflow & Timelines (SLA)

T0 – Intake & Preservation (within 24 hours)

1. Log in Fraud Register (ECO); assign Case ID; notify ED.
2. Preserve evidence: issue Legal/Litigation Hold; IT to secure email/files/logs; Finance to secure vouchers, bank statements, contracts, tender files.
3. Containment (as warranted): suspend suspect access; freeze payments/accounts; hold shipments; pause vendor; secure premises/assets; inform banks to flag/recall suspicious payments (SEPA recall if within bank window).
4. Risk check: safety, programme continuity, data protection, donor exposure; prepare initial risk rating (low/med/high).

T+2 working days – Triage & Plan
5) Appoint Case Lead & Investigator(s); draft Terms of Reference (ToR) incl. scope, sources, timeline, confidentiality.
6) Notify Board Chair for high‑risk cases; consider legal counsel; determine if authority notification is required.
7) Initial Brief to donor(s) if thresholds met (see §10).

T+30–45 days – Investigation & Findings
8) Evidence review; interviews (with support person/translator if needed); maintain Chain of Custody; adhere to GDPR.
9) Findings report (facts, analysis, quantified loss, control gaps, COI, recommendations).
10) Management decision (sanctions, recovery, vendor actions, HR measures) and Corrective Action Plan with owners & deadlines.

Closure
11) Case Closure Report to ED/Board; notify donor(s)/authorities as required; update Sanctions & Debarment list; record Lessons Learned.

Target timelines may be extended by ED with documented reasons; urgent containment remains immediate.

6) Evidence Handling & Data Protection

• Do not tip off suspects; avoid altering systems/files; no “testing” transactions.
• Use original documents where possible; create certified copies; store in secured, access‑controlled repositories.
• Maintain Evidence Log & Chain of Custody (Annex B).
• For digital evidence, use IT forensic imaging; preserve metadata; avoid personal device searches without legal basis.
• Process personal data under lawful bases (legal obligation, legitimate interests); consult DPO on cross‑border transfers; follow retention schedules.

7) Containment Measures (Examples)

• Financial: payment stop; vendor suspension; reverse/recall transfers; freeze cards; change banking credentials; additional approvals.
• Access: disable user accounts; revoke keys/badges; restrict shared drives; segregate duties.
• Operational: halt affected procurements; quarantine inventory; re‑count cash; emergency stocktake.
• Communications: appoint spokesperson; internal memo to staff on need‑to‑know basis; no external statements without ED/legal approval.

8) Sanctions, Recovery & Remediation

• HR: warning, suspension, termination; report to authorities/professional bodies.
• Partners/Vendors: corrective action plans; suspension/termination; debarment.
• Recovery: restitution agreements; payroll deductions where lawful; insurance claims; legal action; donor funds repayment as last resort.
• Control improvements: fix segregation‑of‑duties gaps; revise approval thresholds; enhance vendor due diligence; additional training; system controls.

9) Notification & Escalation Thresholds

• Internal: ED notifies National Board of all medium/high cases within 5 working days of triage.
• Donors: notify within [insert] days if suspected or confirmed loss ≥ €[insert] or reputational/regulatory risk; follow donor‑specific rules.
• Authorities: report to Police/FNTT when criminality suspected, as advised by legal counsel.
• Insurer: notify within policy time limits [insert] days.

10) Coordination with Law Enforcement & Auditors

• Preserve privilege where applicable; channel communications via ED/legal.
• Cooperate with lawful requests; provide documented evidence trail.
• Manage parallel internal/official investigations to avoid prejudice.

11) Training, Communication & Testing

• Annual anti‑fraud awareness for all staff; specialised training for Finance/Procurement/Managers.
• Table‑top exercises of this Plan at least annually; update based on lessons and audits.
• Post poster text (Annex G) with reporting channels; ensure anonymous options are functional.

12) Records, Retention & Reporting

• Maintain Fraud Register (case ID, dates, parties, loss, actions, outcomes).
• Retain case files for 10 years (or as legally/donor required).
• Provide an annual anonymised fraud report to the National Board.

Annexes (Templates)

Annex A — Fraud/Suspected Corruption Intake Form

• Date/time reported; reporter (name/anonymous code); channel used.
• Description of concern; when/how discovered; individuals/entities involved.
• Documents/systems potentially affected; immediate risks.
• Initial actions taken (if any).
• Logged by (ECO) & Case ID.

Annex B — Evidence Log & Chain of Custody

• Item ID; description; source; date/time collected; by whom; storage location; transfers (from/to/date/time/signatures).

Annex C — Investigation Terms of Reference (ToR)

• Scope/questions; roles; timelines; confidentiality; methodology; reporting lines; conflicts declarations.

Annex D — Interview Guide & Rights Notice

• Ground rules; support person; privacy notice; consent to notes/recording; non‑retaliation reminder; signature.

Annex E — Legal/Litigation Hold Notice

• Case ID; custodians; systems/records to preserve; suspension of deletion; contact for questions; acknowledgement.

Annex F — Case Closure Report Template

• Summary; methodology; findings; quantified loss; sanctions; recovery; control improvements; lessons learned; approvals.

About The Author

nd_admin

See author's posts