Fraud and Corruption Prevention

Fraud and Corruption Prevention

SUMMARY

The Fraud and Corruption Prevention Policy establishes the principles that underpin Macquarie University's approach to protecting its reputation from fraudulent and corrupt activities. The Procedure and Guideline document the strategies and activities undertaken to prevent and respond to fraud and corruption.

POLICY

Purpose

To protect the University’s assets and reputation from fraudulent and corrupt activities by:
  • reinforcing management’s commitment to, and responsibility for,  identifying risk exposures to fraudulent and corrupt activities
  • requiring staff and others to act with honesty and integrity
  • establishing controls, policies and procedures to prevent and detect fraudulent and corrupt activities
  • encouraging the reporting of any fraud or corrupt conduct
  • ensuring that all suspected corruption or fraud  is dealt with appropriately.

Overview

Macquarie University has a broad range of stakeholders who expect the University to act in an accountable manner. If fraud or corruption is committed against the University, the impact on the University may be significant, including damage to the University’s reputation, image and standing in the community.

Effective fraud and corruption control requires the commitment and involvement of all staff, students, contractors, customers, subsidiaries and external service providers. The University wants to increase awareness of what is at risk and eliminate the types of fraud and corrupt behaviour that can occur.
Any fraud or corrupt act committed against the University is a major concern to the University. Consequently, any case will be thoroughly investigated and appropriate disciplinary action will be taken against the person who is found guilty of corrupt conduct.  This may include referral to the Police or to the Independent Commission Against Corruption.

DEFINITIONS

The University uses the definitions stated in the Australian Standard on Fraud and Corruption Control AS8001-2003  which are:
Fraud: dishonest activity causing actual or potential financial loss to any person or entity including theft of moneys or other property by employees or persons external to the entity and whether or not deception is used at the time, immediately before or immediately following the activity. This also includes the deliberate falsification, concealment, destruction or use of falsified documentation used or intended for use for a normal business purpose or the improper use of information or position.

Corruption: dishonest activity in which a director, executive, manager, employee or contractor of an entity acts contrary to the interests of the entity and abuses his/her position of trust in order to achieve some personal gain or advantage for him or herself or for another person or entity.
Investigation: a search or collation of evidence connecting or tending to connect a person (either a natural person or a body corporate) with conduct that infringes the criminal law or the policies and standards set by the affected entity.

Scope

This policy applies to all staff, students, customers, contractors, external service providers and Controlled Entities of Macquarie University.

Policy

Macquarie University is committed to protecting its reputation, and its revenue, expenditure and assets from any attempt to gain illegal financial or other benefit, and will not tolerate any act of fraudulent or corrupt conduct.
All staff are required to:
  • perform their duties with honesty and integrity in accordance with the Staff Code of Conduct and Ethics Statement
  • safeguard the resources for which they are responsible, including revenue, expenditure and assets.
The University will:
  • communicate its policy on fraud and corruption
  • provide fraud and corruption awareness and education so that staff know how to respond if fraud is suspected or detected
  • implement and operate internal controls to prevent/reduce the occurrence of fraud and corruption
  • investigate suspected fraud or corruption and take appropriate disciplinary action, which may include referral to the Police, against any staff member found guilty of corrupt conduct
  • report suspected corruption, whether or not it involves a staff member of the University, to the Independent Commission Against Corruption
  • in the absence of criminal prosecution, apply appropriate civil, administrative or disciplinary penalties against individuals who have been party to fraud or corruption
  • take any necessary legal action to recover losses that result from fraudulent or corrupt conduct
  • integrate fraud risk management into its philosophy, practices and business plans
  • create an annual Strategic Audit Plan to outline audit, risk management and risk assessment, activities for the following year
  • review for effectiveness the results of risk assessments and resulting strategies.
COMPLIANCE AND BREACHESThe University may commence applicable disciplinary procedures if a person to whom this policy applies breaches this policy (or any of its related procedures).

Policy Information

Contact Officer Chief Financial Officer
Date Approved17 June 2011
Approval AuthorityAudit and Risk Committee of Council
Date of Commencement17 June 2011
Amendment DatesNovember 2011 – updated with compliance and breaches statement
March 2011 – alignment with University Policy Framework
Date for Next ReviewJune 2014
Related Documents

Australian Standard on Fraud and Corruption Control AS8001-2003
Ethics Statement
Fraud and Corruption Prevention Procedure / Guideline (see tabs above)
Gifts and Benefits Policy / Procedure
Reporting Wrongdoing: Public Interest Disclosures Policy / Procedure
Staff Code of Conduct

Legislation
Policies / Rules Superseded by this PolicyFraud and Corruption Prevention Policy (December 2006)
KeywordsFraud, Corruption, Disclosure, Prevention, Internal Audit, ICAC, Conflict of Interest,

PROCEDURE

PurposeTo outline the activities undertaken to prevent and respond to fraud and corruption. 

Procedure

This procedure requires actions by the following: This procedure includes the following activities:
  • Develop and Implement Plans and Policies
  • Comply with Controls, Policies and Procedures
  • Establish Internal Controls
  • Review Internal Controls
  • Review Effectiveness of Risk Assessment Strategies
  • Report Suspected Fraud and Corruption
  • Determine Whether to Investigate
  • Select a Fraud Investigation Officer
  • Investigate Allegations
  • Report  to Relevant External Agencies
  • Take Annual Leave
  • Screen Candidates

Vice-Chancellor

Ensure that appropriate and cost-effective internal control systems are in place to prevent/reduce/detect fraudulent and corrupt activities.

Delegate to the Chief Financial Officer the role of Fraud Control Officer.

top

Staff member

COMPLY WITH CONTROLS, POLICIES AND PROCEDURES
You are required to:
  • comply with all controls, policies, procedures, the Staff Code of Conduct and the Ethics Statement
  • identify items at risk in your area and devise and implement controls to minimise fraud and corruption
  • assist with any enquiries and investigations of fraudulent or corrupt activity.
REPORT SUSPECTED FRAUD AND CORRUPTION
If you become aware of fraudulent or corrupt behavior, you have a duty under legislation to immediately report such activity.  Discuss the activity with your supervisor.  Any such allegations will be treated in strict confidence and investigated as appropriate.
If you do not consider it appropriate to disclose an allegation of suspected corrupt conduct to your supervisor, you should make disclosure to one of the following:
  • Executive Dean
  • Head of Office
  • Fraud Control Officer
  • Protected Disclosures Co-ordinator
  • Deputy Vice-Chancellor
  • Deputy Vice-Chancellor and Chief Operating Officer
  • Vice-Chancellor

You may report by telephone, in writing or in person.  The Protected Disclosures Act 1994 offers protection for public officials who make disclosures concerning corrupt conduct, maladministration or serious or substantial waste of public money.
If you are concerned about publicly approaching any of the above people, you can request a meeting with the relevant officer in a discreet location away from the workplace.
Anonymous Disclosure
If you wish to remain anonymous, you may make anonymous disclosure. However, you are encouraged not to make anonymous complaints as they may be difficult to pursue if further information is required. Anonymity will prevent the University reporting back to any complainant. Although the University does not encourage anonymous reporting, it recognises that there may be useful information in the University community that can assist in preventing and/or detecting fraud and corruption.

TAKE ANNUAL LEAVE

One of the indicators in an organisation that fraud or corruption may be occurring is a reluctance to take regular and uninterrupted annual leave.  The Annual Leave Policy takes this into account and encourages staff to take regular annual leave. 

The Risk and Audit Committee, as an audit precaution, requires staff involved in financial management to:
  • take one period of annual leave of at least 2 weeks’ duration each year
  • take a period of 2 weeks’ annual leave in each year  and take no more than 10 single annual leave days each year, if staff are involved in the handling of money.

top

Fraud Control Officer

DEVELOP AND IMPLEMENT PLANS AND POLICIES
Develop and maintain the Fraud and Corruption Prevention Policy and Procedure.
Prepare and implement a Fraud and Corruption Prevention and Response Strategy.
Co-ordinate compliance with the annual review of fraud mitigation strategies.
Examine results from Internal Control Reviews and make recommendations for their improvement.

DETERMINE WHETHER TO INVESTIGATE
When a suspected fraudulent or corrupt activity is reported to you, determine who should be responsible for overseeing an investigation according to the nature and scope of the allegation. Depending upon the area of responsibility within the University, determine which one of the following will make the decision to investigate:
  • Vice-Chancellor
  • Deputy Vice-Chancellor (Academic)
  • Deputy Vice-Chancellor and Chief Operating Officer
  • Deputy Vice-Chancellor (Research)
Determine whether to investigate anonymous disclosures of serious allegations on the basis of if they are supported by sufficient evidence to justify an investigation. In making a determination, give regard to the:
  • seriousness of the issue raised
  • credibility of the complaint
  • evidence provided
  • prospects for further investigation
  • fairness to the person being investigated.
SELECT A FRAUD INVESTIGATION OFFICER
Decide, according to the nature of the suspected fraud, whether the investigation will be done internally or by an external investigator, and determine the required resources to assist with the investigation.
  • Internal InvestigationsDetermine the responsibility for the investigation according to the nature and scope of the allegations of fraud or corruption.  Assign an internal Fraud Investigation Officer.
  • External InvestigationsThere may be occasions when you require the use of external investigators to investigate matters arising from allegations of fraud and corruption.  If selecting an external investigative service as the Fraud Investigation Officer, give due consideration to the following issues:
REPORT TO RELEVANT EXTERNAL AGENCIES Refer to, or notify, any relevant external agencies of any allegations of fraudulent or corrupt behavior that have been identified by the University.
  • Report to Another University
    Where an investigation discloses fraud or corruption involving another University's activities or programs, report the matter to that University.
  • Report to the Police Criminal prosecutions are vital in deterring future instances of fraud and corruption and for educating staff about the seriousness of fraud and corruption. You must refer information to the Police if the preliminary investigation of a matter indicates that a criminal offence may have been committed by an individual.  Where a matter involves offences under NSW State law, refer the matter to the NSW Police for investigation and possible prosecution, in accordance with Section 316 of the Crimes Act, 1900 (NSW).
    When you refer a matter to the NSW Police, you should provide as a minimum:
    • a summary of the allegations(s)
    • a list of suspected offender(s) (where known)
    • a chronological account of the facts giving rise to the allegation(s)
    • details of witnesses or potential witnesses
    • copies of relevant documents
    • copies of all records of interviews, statements, depositions or affidavits obtained including any written statement made by the subject of the investigation
    • a nominated contact officer.
  • Report to the Independent Commission Against Corruption (ICAC)
    Perform the role of compliance officer in accordance with Section 11(2) of the Independent Commission Against Corruption Act 1988 (NSW).
    Report to ICAC any matter that you ‘suspect on reasonable grounds concerns, or may concern, corrupt conduct’.  The words ‘suspect on reasonable grounds’ mean there is a real possibility that corrupt conduct is, or may be, involved.
    You must report corrupt conduct even if the corrupt conduct did not involve a staff member of the University.
    You must provide the following information when making a report of alleged corrupt conduct:
    • a complete description of the allegations
    • the name and position of any public official/s alleged to be involved
    • the name and role of any other person/s relevant to the matter
    • the dates and/or time frames in which the alleged conduct occurred
    • an indication as to whether the conduct appears to be a one-off event or part of a wider pattern or scheme
    • the date the allegation was made or the date you became aware of the conduct
    • what the University has done about the suspected conduct, including notification to any other agency (for example, the Police or the Ombudsman)
    • what further action is proposed by the University
    • approximate amount of money (if any) involved
    • any other indicators of seriousness
    • any other information deemed relevant to the matter.

top

Fraud Investigation Officer

INVESTIGATE ALLEGATIONS
When directed by the Fraud Control Officer, investigate allegations of fraud or corruption as follows:
  • define the subject matter of the investigation
  • develop an investigation plan
  • determine what questions need to be answered, what information is required to answer those questions and the best way to obtain that information
  • structure the investigation to allow the gathering of sufficient reliable information to enable the issue to be properly addressed by proving or disproving matters relevant to the allegation.
Investigative activities can include, but are not limited to:
  • interviewing relevant witnesses, both internal and external to the University, including obtaining statements
  • reviewing and collating documentary evidence
  • forensic examination of computer systems
  • examining telephone records
  • enquiring with banks and other financial institutions, subject to obtaining appropriate court orders
  • enquiring with other third parties
  • searching and seizing data
  • tracing funds/assets and goods
  • preparing a brief of evidence
  • liaising with the Police or other law enforcement body
  • interviewing persons suspected of fraud or corruption
  • preparing reports.

top

The Executive/ Executive Dean/
Dean/
Director/ Head of Office/
Head of Department/ Manager

ESTABLISH INTERNAL CONTROLS
You are responsible for the prevention and detection of fraud and corruption within your area of responsibility and for the implementation and operation of controls that minimise fraudulent and corrupt activities.
Note that there is a strong link between the incidence of fraud and corruption and internal control systems that either allow an incident to occur or fail to detect it after it occurred.

Establish and maintain adequate internal controls for the security and accountability of University resources and to prevent/reduce the opportunity for fraud and corruption to occur. These include:
  • use of suitable recruitment procedures
  • segregating duties
  • identifying and declaring conflict of interest or stated interests
  • security of physical and information systems
  • supervision and internal checks
  • approvals within delegated authority
  • reconciliations
  • budget control
  • regular review of management reports
  • clear reporting lines
Implement mechanisms to:
  • promote staff awareness of the Staff Code of Conduct, Ethics Statement and the Fraud and Corruption Prevention Policy and Procedure
  • educate staff about fraud prevention and detection
  • promote a positive and appropriate attitude towards compliance with laws, rules, policies and regulations
  • assess the risk of fraudulent and corrupt behaviour through awareness of the risks and exposures inherent in your area of responsibility 
  • respond promptly to all allegations or indications of fraudulent or corrupt acts
  • perform initial enquiries of any complaints of fraudulent and corrupt activity and assist with any further investigations.

REVIEW INTERNAL CONTROLS
Evaluate internal controls, requesting support from either the Internal Auditor or the Fraud Control Officer as needed.
Refer reports and recommendations regarding internal control weaknesses to the Fraud Control Officer.
Where the Fraud Control Officer recommends improvements, implement these as soon as possible.

REVIEW EFFECTIVENESS OF RISK ASSESSMENT STRATEGIES
Review the results of fraud risk assessments at least annually to ensure that strategies developed during the course of the most recent fraud risk assessment are reviewed for effectiveness and amended where necessary.

top

Human Resources Officer

SCREEN CANDIDATES
Many employees who commit fraud against their employer are found subsequently to have had a history of dishonesty with previous employers.
During recruitment procedures, include any or all of the following strategies, depending on the requirements and responsibility of the position:
  • avoid recruitment that could potentially lead to, or be perceived as involving, conflict of interest
  • verify identity from a birth certificate or driver’s licence
  • contact referees
  • reference check with the most recent employers
  • consider gaps in employment and the reasons for those gaps
  • verify transcripts, qualifications, publications and other certification or documentation
  • perform criminal background checks  where the position warrants it.

You will need the express permission of the candidate to carry out this pre-employment screening.

top

Procedure Information

Contact OfficerChief Financial Officer
Date Approved17 June 2011
Approval AuthorityAudit and Risk Committee
Date of Commencement17 June 2011
Amendment History17 Nov 2017 - updated Fraud Control Officer section from DVC(Provost) to DVC(Academic)
March 2011 – alignment with University Policy Framework
Date for Next ReviewJune 2012
Related Documents

Annual Leave Policy
Ethics Statement
Fraud and Corruption Prevention Policy / Guideline (see tabs above)
Gifts and Benefits Policy / Procedure
Protected Disclosures Policy / Procedure - See Reporting Wrongdoing: Public Interest Disclosures Policy
Staff Code of Conduct

Legislation
KeywordsFraud, Corruption, Disclosure, Prevention, Internal Audit, ICAC, Conflict of Interest, Police

GUIDELINE

Purpose

To state the University’s strategy for the prevention of Fraud and Corruption.

Guidance is provided on the following topics:

Guideline

The risk of fraud and corruption is ever present. The following are some of the factors that add to, or at least change, the University’s risk:
  • changes in government funding, leading to an increasing reliance on non-government funding
  • ventures into new markets and areas of operations
  • the development of commercial strategies to capitalise on the development of intellectual property and marketable products and services
  • convergence of the university sector and the private sector through the increase in cooperative and/or strategic partnerships
  • greater competition in the allocation of scarce resources
  • greater competition in the university sector for domestic and overseas students, staff, research funds, industry support and status
  • increased regulatory requirements
  • increased availability and extensive use of technology
  • tighter timeframes and deadlines

Fraud and corruption prevention strategies demonstrate sound management practice and governance and assist the University in deterring unethical behaviour.

DEFINITION OF CORRUPTION
The Australian Standard on Fraud and Corruption Control defines corruption as:
“Dishonest activity in which a director, executive, manager, employee or contractor of an entity acts contrary to the interests of the entity and abuses his/her position of trust in order to achieve some personal gain or advantage for him or herself or for another person or entity.”
The Independent Commission Against Corruption (ICAC) defines corrupt conduct, as it affects a public authority, as:
“ Corrupt conduct is also any conduct of any person (whether or not a public official) that adversely affects, or that could adversely affect, either directly or indirectly, the exercise of official functions by any public official, any group or body of public officials or any public authority and which could involve any of the following matters:
(a) official misconduct (including breach of trust, fraud in office, nonfeasance, misfeasance, malfeasance, oppression, extortion or imposition)
(b) bribery
(c) blackmail
(d) obtaining or offering secret commissions
(e) fraud
(f)  theft
(g) perverting the course of justice
(h) embezzlement
(i) election bribery
(j) election funding offences
(k) election fraud
(l) treating
(m) tax evasion
(n) revenue evasion
(o) currency violations
(p) illegal drug dealings
(q) illegal gambling
(r) obtaining financial benefit by vice engaged in by others
(s) bankruptcy and company violations
(t) harbouring criminals
(u) forgery
(v) treason or other offences against the Sovereign
(w) homicide or violence
(x) matters of the same or a similar nature to any listed above
(y) any conspiracy or attempt in relation to any of the above.”

Examples of corrupt conduct to which the University may be subject include:
  • payment of secret commissions (bribes) paid in money, or some other value, to a University staff member that is related to a specific action or decision of the University staff member
  • release of confidential information, for other than a proper business purpose, sometimes in exchange for either a financial or non-financial advantage
  • collusive tendering (the act of multiple tenderers for a particular contract colluding in preparation of their bids)
  • a University staff member manipulating a tendering process to achieve a desired outcome
  • conflict of interest involving a University staff member acting in his or her own self-interest rather than the interests of the University
  • nepotism and cronyism where the appointee to a University position is inadequately qualified to perform the role to which he or she has been appointed, or not selected on merit
  • receiving personal benefits in exchange for assisting a consultant to gain work at the University.

DEFINITION OF FRAUD
Fraud is recognised as a subset of corruption.
Australian Standard on Fraud and Corruption Control AS8001-2003 defines fraud as:
“Dishonest activity causing actual or potential financial loss to any person or entity including theft of moneys or other property by employees or persons external to the entity and whether or not deception is used at the time, immediately before or immediately following the activity. This also includes the deliberate falsification, concealment, destruction or use of falsified documentation used or intended for use for a normal business purpose or the improper use of information or position.”

Examples of fraud on the University include, but are not limited to:
  • misappropriating University assets, including use of the University’s assets for private purposes
  • abuse of University property
  • abuse of University time
  • causing a loss to the University, or avoiding or creating a liability for the University by deception
  • claiming for travel entitlement to attend a course and then not attending the course and not reimbursing travel monies
  • evasion of fees due to the University
  • fabrication, falsification or plagiarism of research
  • false invoicing for goods or services never rendered
  • falsely misrepresenting the author of essays, assignments or research to the University
  • making cheques out to false persons
  • making, using or possessing forged or falsified documents such as Degrees or Academic Records
  • misapplying government grant monies
  • misappropriating official order forms to gain a personal benefit
  • obtaining an unjust advantage by misusing information gained during the course of employment with the University
  • providing false or misleading information to the University, or failing to provide information, where there is an obligation to do so
  • receiving ‘kickbacks’ or ‘secret commissions’ from a contractor
  • submission of exaggerated or wholly fictitious accident, harassment or injury claims
  • misuse of personal or sick leave
  • theft of cash or petty cash
  • theft of intellectual property
  • theft of plant, equipment or inventory
  • unauthorised transferral of University income
  • unlawful use of University computers, vehicles, internet, telephones and other property or services including operation of a private business using University facilities and time
  • using a University credit card for personal expenses and claiming them as University-related
  • using taxi vouchers for private purposes.
ASSETS OF THE UNIVERSITY VULNERABLE TO FRAUD AND CORRUPTION
The outcomes of committing fraud referred to above can be either tangible or intangible and can involve misuse of:
  • academic records or qualifications
  • admittance to a program or course
  • consulting fees
  • curriculum material
  • examination results
  • funding
  • grants
  • insurance claims
  • internet time
  • motor vehicles
  • payroll
  • personal information
  • petty cash
  • property, plant and equipment
  • research information
  • rights and ownership of new inventions
  • supplies
  • telephone calls
  • time
PERPETRATORS OF FRAUD AND CORRUPTION
It is possible for anyone to commit fraud or corruption.  It can be done alone or in collusion with others within or outside the University. Fraud or corruption could be perpetrated against the University by:
  • a full-time, part-time or casual staff member
  • temporary or agency employee
  • a student
  • an agent
  • an external individual
  • a contractor or service provider
FRAUD AND CORRUPTION AWARENESS
You need to be kept informed about the University’s Fraud and Corruption Prevention and Response Strategy and what part you are expected to play in it. The University will achieve this in a number of ways, including:
  • giving every employee a copy of the Staff Code of Conduct as part of their contract of employment
  • informing new staff during induction training
  • delivering fraud awareness training across as much of the University as possible
  • making the Staff Code of Conduct and key attributes of the Fraud and Corruption Prevention and Response Strategy available to all staff via the University’s website
  • incorporating reminders to staff and students of their obligations to ethical conduct and public duties into policies, procedures, appointment letters, guidelines, training, and student and/or staff communications.
FRAUD AND CORRUPTION DETECTION
The early detection of fraud and corruption is an essential element of the University’s prevention strategy.
Surveys of fraud conducted in Australia regularly demonstrate that employees are the most likely to discover fraud. As a member of staff, you are therefore the key factor in detecting fraudulent or corrupt behaviour.
It should be your aim to detect fraud or corruption as soon as possible after it occurs. There are a number of ways in which fraud may be detected. These may include:
  • monitoring high risk jobs or areas
  • when internal controls are breached
  • during monthly reviews of strategic management reports such as telephone usage reports
  • targeted post transactional review that may indicate altered or missing documentation, falsified or altered authorisation or inadequate documentary support
  • departmental reviews or internal audits
  • when you notice changes in behaviour patterns such as unusual behaviour or expensive lifestyles of other staff members.

FIDELITY GUARANTEE INSURANCE
The University is covered by Industrial Special Risks insurance. The insurance is renewed on an annual basis (currently 31 October each year). This insurance covers physical loss, destruction or damage to all real and personal property of every kind and description belonging to the University or for which the University is responsible or has assumed responsibility to insure prior to the loss. There are no geographical limits on this cover.

The two components relevant to this strategy include:
  • Fidelity
  • Burglary and theft

There is currently an excess on each claim.
The policy covers any person acting as an agent of the University in carrying out their duties at the University.
The Industrial Special Risks insurance policy is maintained by the Office of Financial Services.

FRAUD AND CORRUPTION RISK MANAGEMENTStrategic Audit Plan
A Strategic Audit Plan is prepared each year by an external audit firm and signed off by the Audit and Risk Committee. This Plan outlines audit and risk management activities for the ensuing year.
The Strategic Audit Plan also incorporates a University-wide risk assessment that provides the basis for refining the scope and objectives of each of the audit and risk management activities to be undertaken.

Internal Audit Plan

An Internal Audit Plan is prepared by Deloittes and plays a crucial role in the prevention of fraud and corruption within the University.
The University outsources its Internal Audit on a three-year cycle. The Internal Audit function is conducted by Deloittes, which reports to the University’s Audit and Risk Committee.

In relation to fraud and corruption control, the University’s internal audit includes ongoing reviews of controls within the University, including:
  • reviewing the effectiveness of controls - how they are implemented in practice - via observation, interview of key personnel, review of records and sample testing
  • systems type testing - detailed walkthrough of significant processes
  • special audits where particular areas of concern have been identified.
Fraud and Corruption Prevention and Response Strategy

The Fraud and Corruption Prevention and Response Strategy is a best practice of the Independent Commission Against Corruption. It is a framework for how the University prevents and responds to fraud.

Fraud and corruption control requires continuous discussion. This may include:
  • keeping track of what other universities are doing regarding policies and procedures
  • ensuring reports or reviews of fraud and corruption at Australian universities are assessed for their likely impact on the University’s strategy
  • encouraging innovation in fraud and corruption control development, procedures and processes by staff.

The fraud and corruption control and response strategy is prepared, reviewed and amended as required by the Fraud Control Officer.

Risk Assessment
The University aims to conduct fraud risk assessments at least every three years. Where appropriate, the University may introduce a rolling program of risk assessments.
When the University undergoes a substantial change in structure or function, or where there is a significant transfer in function (for example, as a result of outsourcing), the University may undertake further fraud risk assessment in relation to the changed functions. This fraud risk assessment may form part of a general business risk assessment exercise.
Staff at all levels in the University should be involved in the fraud and corruption risk assessment process, particularly those with detailed knowledge of the University’s practices and procedures, because they understand system weaknesses and whether internal controls are being adhered to. The University recognises that it is important to ensure that the staff involved have relevant training, access to all necessary information and an understanding of the areas to be examined.
The University’s risk assessment must consider fraud risks from both within the University and from external factors. Risk assessments must also consider fraud risks that may emerge in the future. For example, the University needs to be aware of the changing nature of fraud arising from the greater use of external service providers and developments in information technology.
Core areas that a fraud risk assessment should consider include:
  • information technology and information security
  • electronic commerce, electronic service delivery and the Internet
  • outsourced functions
  • grants and other payments or benefits programs
  • tendering processes, purchasing and contract management
  • intellectual property development and commercialisation
  • revenue collection
  • use of University credit cards
  • travel allowances and other common allowances
  • payments, including salaries
  • property and other physical assets, including physical security.
Fraud and corruption risk assessments should be conducted in accordance with the Australian/New Zealand Standard (AS/NZS 4360:1999) - Risk Management. The University documents the risk assessment process in order to:
  • reflect the risks across the range of functions performed by the University
  • measure risks in a comparable way
  • provide a supportable rating of the risks of fraud including both likelihood of a risk occurring and consequences for the University if the risk did occur
  • fine tune the process, as appropriate
  • replicate the process.

Fraud risk assessments provide details of the University’s risk profile and vulnerability. Unauthorised access could substantially undermine the viability and effective management of the University. Therefore fraud risk assessments may be restricted in circulation, consistent with the sensitivity of the material or subject matter.

Integrating Fraud and Corruption Risk Assessment with Overall Risk Assessment
It is important that fraud and corruption risks are considered in the broader context of overall business risk so that fraud risk assessment takes into account University-wide strategic planning. Fraud risk should not be looked at in isolation from the general business of the University. There is considerable overlap between enterprise risk, business risk, audit risk, security risk and fraud risk. Other risk management approaches may have already highlighted changes in strategic directions that will impact on future fraud risk profiles and control frameworks.

Implementation of Proposed Actions
All fraud and corruption risks rated as having a High or Very High level of residual seriousness require one or more proposed actions aimed at achieving one or more of the following:
  • alteration of existing internal control procedures
  • new internal control procedures
  • procedures aimed at detecting fraud
  • fraud prevention strategies

The University may also develop proposed actions for risks assessed as being a lower residual risk.To ensure comprehensive implementation and provide a periodic check on progress, the risk assessment teams should, where possible, allocate personal responsibility for the implementation of each action item.

Review of Effectiveness of Strategies

It is expected that Faculties and Offices will review the results of the fraud risk assessments at least annually to ensure that strategies developed during the course of the most recent fraud risk assessment are reviewed for effectiveness and amended where necessary.

The Fraud Control Officer coordinates the compliance with the annual review of fraud mitigation strategies.

Guideline Information

Contact OfficerChief Financial Officer
Date Approved17 June 2011
Approval AuthorityChief Financial Officer
Date of Commencement17 June 2011
Amendment Historyn/a
Date for Next ReviewJune 2014
Related Documents

Fraud and Corruption Prevention Policy / Procedure (see tabs above)
Gifts and Benefits Policy / Procedure
Protected Disclosures Policy / Procedure - See Reporting Wrongdoing: Public Interest Disclosures Policy

Australian/New Zealand Standard (AS/NZS 4360:1999) – Risk Management.

Australian Standard on Fraud and Corruption Control AS8001-2003
KeywordsFraud, Corruption, Disclosure, Prevention, Internal Audit, ICAC, Conflict of Interest
Back to the top of this page