Fraud Corruption and Control Management Policy and Procedure

Policy overview

1 Purpose

To provide a framework for Employees in the prevention, detection, reporting and management of fraud and corruption in the workplace, including within the University, its partners and agents and its controlled and affiliated entities.

2 Scope

This policy applies to:

  1. All professional and academic Employees of the University whether full-time, fractional, continuing, fixed-term or casual.
  2. Members of Council and other University committees, contractors.
  3. Visiting fellows and adjunct appointees.
  4. Individuals who are engaged in providing services to the University or receiving services from the University, such as Students, contractors or consultants.

The policy does not address all possible situations that may arise within the wide range of activities carried out by and through the University, but provides a process that can be applied in most situations.

3 Policy Statement

The University recognises that the management of fraud and corruption is an integral part of good governance and management practice, and adopts the standards contained in the Standard AS8001-2008: Fraud and Corruption Control and the Crime and Corruption Act 2001.

The University shall develop and maintain a culture of honesty and integrity within the organisation, and put in place processes that ensure the effective prevention, detection and management of fraud and corruption. To that end, the University has adopted a zero-tolerance approach on fraud and corruption in all University activities, which is consistent with the Code of Conduct and the law.

4 Principles

In support of the above obligations and the Standard on Fraud and Corruption Management, this policy is based on the following principles:

  1. A sound ethical culture

    The University will ensure that it has a sound and sustainable ethical culture through a process of awareness training, benchmarking and monitoring.
  2. Senior management commitment

    Senior management will demonstrate a high level of commitment to controlling the risk of fraud and corruption within and by the University.
  3. Management and staff awareness

    Every Employee and officer of the University should have a general awareness of fraud and corruption and how they should respond if this type of activity is detected or suspected.
  4. Fraud and corruption control planning

    The University must have an appropriate Fraud and Corruption control strategy, which is to be reviewed and amended as necessary. Accountability for the implementation and monitoring of the strategy should be specifically allocated.
  5. Internal controls

    The University must have in place effective internal controls to protect it against the risk of fraud and corruption.
  6. Fraud and corruption detection

    The University will implement systems aimed at quickly identifying instances of fraud and corruption in the event that prevention strategies fail.
  7. Reporting mechanisms

    The University will ensure that there are adequate means for reporting suspicious or known illegal/unethical conduct, and that these means are widely known and available.
  8. Protection of persons making reports of fraud and corruption

    The University will ensure active protection of those reporting suspected instances of fraud and corruption and will ensure that this policy is well understood by the University community.
  9. Dealing with detected or suspected fraud and corruption

    In the event that fraud or corruption is detected or suspected, the University will adopt a comprehensive approach to the subsequent investigation, disciplinary proceedings, prosecution or recovery action.

5 Procedures

5.1 Fraud and Corruption Management Responsibility

The Vice-Chancellor and the executive management team are responsible for the implementation of this policy through an appropriate fraud and corruption management system and effective internal control structure. In accordance with the provisions of the Crime and Corruption Commission's (CCC's) 10 element model for Fraud and Corruption Control, the University's framework will consist of:

  1. University-wide policy;
  2. Risk assessment;
  3. Internal controls;
  4. Internal reporting;
  5. External reporting;
  6. Public interest disclosures;
  7. Investigation;
  8. Code of Conduct;
  9. Staff training and education; and
  10. Client and community awareness.

5.2 Risk Assessment

The application of risk management principles and techniques in the assessment of the risk of fraud and corruption must be carried out within the framework as adopted by the University and contained in the USQ Risk Management Policy and Procedure. The University shall use the risk assessment model outlined in SharePoint and is briefly described below.

Diagram 1 - CCC Risk Management Overview.

Diagram 1 - CMC Risk Management Overview

Source: AS/NZS 4360:2004, p. 9.

5.3 Internal Controls

The Vice-Chancellor is responsible for ensuring that appropriate and effective internal control systems are in place for the prevention and detection of fraud and corruption. The Vice-Chancellor is supported by the senior executive team in ensuring appropriate and effective control systems are operating.

These systems will include requirements for fraud and corruption prevention in all aspects of University activity, including financial, administration, information communication technology, and academic areas. An internal control system consists of the policies, structure, procedures, processes, tasks and other tangible and intangible factors that enable the University to respond appropriately to operational, financial, compliance or any other type of risk.

Managers and supervisors are responsible for daily operations and for maintaining cost effective internal controls within their individual areas of responsibility. All managers and supervisors must share responsibility for the prevention and detection of fraud.

Equally, all Employees and officers of the University must share the responsibility for the prevention and detection of fraudulent and corrupt activities, which includes the reporting of suspected instances of such activity.

The internal control environment will be periodically reviewed by the Planning and Quality Unit, the Internal Audit Office and the external auditors. The review will also include the Compliance Register and other internal controls.

5.4 Internal Reporting

Reporting plays a crucial role in controlling fraud and corruption. Accordingly, all Employees are encouraged to report suspected or known instances of fraud and corruption.

Where an individual has an honest and reasonable belief that a University Member may have engaged in, is engaging in or will engage in any of the conduct outlined in the definitions of Public Interest Disclosures, information concerning that conduct should be reported to the University. A report made to a person other than an appropriate entity and not made in accordance with this policy may not be afforded the protection of the legislation.

Reports of Public Interest Disclosures should be made verbally, in writing via the form below or by email to:

  1. the Vice-Chancellor
  2. any member of the USQ Council
  3. the University Internal Auditor
  4. directly to the Fraud and Corruption Reporting Hotline (see Section11 below).

If a report is made to any of the individuals or entities indicated in (i) to (iv) above, the report is to be referred, in writing, to the Director (Integrity and Professional Conduct) as soon as is practicable, to ensure that the whistleblower process is adhered to thereafter. If the report concerns the Director (Integrity and Professional Conduct), the report must be referred to the Vice-Chancellor.

5.5 External Reporting

The University must have a mechanism (SharePoint) in place for assessing fraud and corruption matters and determining its obligations for reporting them to relevant external agencies.

External agencies to which reports on fraud and corruption are made will be determined by legislative requirements, and may include such agencies as the CCC, the Queensland Police Service, and the Queensland Audit Office.

The Vice-Chancellor or his nominee will be responsible for determining any referral of fraud and corruption allegations or associated matters to the CCC and/or other appropriate external agencies.

5.6 Public Interest Disclosures

  • The University must have a Whistleblowers' Policy which observes the provisions of the Whistleblowers Protection Act 1994;
  • The University will provide protection for individuals making a disclosure and natural justice for those who are the subject of disclosures;
  • All public interest disclosures made by University staff will be managed in accordance with the University's Whistleblowers' Policy.

5.7 Investigations

An initial assessment of fraud and corruption allegations and determination that an investigation will be carried out will be managed on a case by case basis by an independent Investigations Officer. The Investigations Officer may consult with other appropriate University officers or external experts as necessary, whilst maintaining the confidentiality of the individual making the report. The CCC Facing the facts describes the various steps involved in conducting a formal investigation as follows:

  1. determining the scope and nature of any investigation
  2. confirming the responsibilities and powers of the investigator
  3. conducting the investigation
  4. gathering the evidence
  5. concluding the investigation

The Investigations Officer will provide an initial report and recommendation to the Director (Integrity and Professional Conduct). If the initial recommendation is to proceed with a detailed investigation, the Investigations Officer will provide interim and final reports to the Director (Integrity and Professional Conduct). The Director (Integrity and Professional Conduct) will review the outcomes and recommendations made by the Investigations Officer and commence appropriate action.

Where the reported conduct concerns the Director (Integrity and Professional Conduct), the above processes shall be conducted and managed by the Vice-Chancellor.

Instances of fraud and corruption on the part of individuals other than Employees will be managed in accordance with contractual conditions specified in their association with the University, following an investigation process conducted by the University as outlined in the investigations section of the Disciplinary Action for Misconduct or Serious Misconduct Procedure.

5.8 Code of Conduct

A code of conduct can help develop the expectations and standards of ethical behavior within the University. Fraud and corruption can result from departures from the expected standards of behavior, and the University code provisions underpin many of the operational practices designed to minimize these integrity risks. Staff should refer to the Code of Conduct Policy for further information.

5.9 Staff education and awareness

All Employees will be made aware of the University's approach on fraud and corruption, how to recognise corrupt practices, the mechanisms available for reporting corrupt activity.

Employees should be made aware of the importance of reporting fraud, corruption and illegal practices, and actively encouraged to do so. This should be done as part of new Employee induction as well as be included on the ongoing training programme. The undesirability of malicious or vexatious reporting, and the result of false reporting will also be emphasised.

5.10 Client and Community Awareness

The University will make accessible to its stakeholders and the wider community its Code of Conduct, its Vision, Mission and Values Statements, and other policies and procedures concerning the quality assurance procedures the University has adopted to ensure that its officers act ethically and honestly, and are socially responsible.

6 References

  1. The Australian National University - Code of Conduct
  2. Financial Management Standard 1997
  3. Murdoch University, Office of Internal Audit and Risk Management, “Anti-Fraud Policy”
  4. Queensland University of Technology, Manual of Policies and Procedures, “Corruption and Fraud Control Policy”
  5. University of Queensland, Handbook of University Policies and Procedures, “Fraud and Corruption Management
  6. CCC - 'Fraud and Corruption Control Guidelines for Best Practice'
  7. The University may further reference AS8001-2008: Fraud and Corruption Control as an additional resource when the need is determined by the seriousness and level of difficulty an applicable case.

7 Attachment A - Accountabilities Checklist

University Areas of Responsibility

Assessment Elements

VC

ARC

CRT

CMS

Finance

HR

Internal Audit

Delegated Managers

Controls to prevent fraud

A

C

I

R

Incident reporting

Investigation of fraud

Referral to CCC

Referral to Police

Recovery of monies due to fraud

Recommendations to prevent fraud

Internal control reviews

Handle cases of a sensitive nature

Press releases

Litigation

Corrective action/recommendations to prevent recurrence

Monitor recoveries of monies / assets

Fraud auditing

C

A

Fraud awareness / training

R

Fraud risk analysis

I

I

C

R

Case / incident analysis

Whistleblower / Fraud hotline

R

Ethics

Responsible:

Those who do the tasks

R

Accountable:

Accountable for correctness & thoroughness of the task

A

Consulted:

Opinions sought

C

Informed:

Kept up to date

I

Managers should:

  1. Copy the table above into a blank word document and clear the sample script;
  2. Review assessment elements (left menu) for your area and modify where required;
  3. Complete the checklist for your area by assigning the appropriate R A C I responsibility and enter the correct letter in the appropriate field;
  4. Note - only one R should appear in each line;
  5. When completed, create appropriate documentation and an action list / list of tasks as required
  6. Send your completed RACI table to the Director (Internal Audit and Risk) for review.
  7. Review regularly your area regularly;

8 Attachment B - Sample Flow Charts

Sample Flow Chart A