Fraud and Corruption Prevention

Fraud and Corruption Prevention

SUMMARY

The Fraud and Corruption Prevention Policy establishes the principles that underpin Macquarie University's approach to protecting its reputation from fraudulent and   corrupt activities. The Procedure and Guideline document the strategies and activities undertaken to prevent and respond to fraud   and corruption.

POLICY

Purpose

To protect the University’s assets and reputation from fraudulent and corrupt activities by:
  • reinforcing   management’s commitment to, and responsibility for,  identifying risk exposures to   fraudulent and corrupt activities
  • requiring   staff and others to act with honesty and integrity
  • establishing   controls, policies and procedures to prevent and detect fraudulent and corrupt   activities
  • encouraging   the reporting of any fraud or corrupt conduct
  • ensuring   that all suspected corruption or fraud  is dealt with appropriately.

Overview

Macquarie University has a broad range of stakeholders who expect the   University to act in an accountable manner. If fraud or corruption is   committed against the University, the impact on the University may be   significant, including damage to the University’s reputation, image and   standing in the community.

Effective fraud and corruption control requires the commitment and   involvement of all staff, students, contractors, customers, subsidiaries and   external service providers. The University wants to increase awareness of   what is at risk and eliminate the types of fraud and corrupt behaviour that   can occur.
Any fraud or corrupt act   committed against the University is a major concern to the University.   Consequently, any case will be thoroughly investigated and appropriate   disciplinary action will be taken against the person who is found guilty of   corrupt conduct.  This may   include referral to the Police or to the Independent Commission Against   Corruption.

DEFINITIONS

The University uses the   definitions stated in the Australian   Standard on Fraud and Corruption Control AS8001-2003 which are:
Fraud: dishonest activity causing actual or potential financial loss to   any person or entity including theft of moneys or other property by employees   or persons external to the entity and whether or not deception is used at the   time, immediately before or immediately following the activity. This also   includes the deliberate falsification, concealment, destruction or use of   falsified documentation used or intended for use for a normal business   purpose or the improper use of information or position.

Corruption: dishonest activity in which a director, executive, manager, employee or contractor of an entity acts contrary to the interests of the entity and abuses his/her position of trust in order to achieve some personal gain or advantage for him or herself or for another person or entity.
Investigation: a search or collation of evidence connecting or tending to connect a person (either a natural person or a body corporate) with conduct that infringes the criminal law or the policies and standards set by the affected entity.

Scope

This policy applies to all staff, students, customers, contractors, external service providers and Controlled Entities of Macquarie University.

Policy

Macquarie University is committed to protecting its reputation, and its revenue, expenditure and assets from any attempt to gain illegal financial or other benefit, and will not tolerate any act of fraudulent or corrupt conduct.
All staff are required to:
  • perform their duties with honesty and integrity in   accordance with the Staff Code   of Conduct and Ethics   Statement
  • safeguard the resources for which they are responsible,   including revenue, expenditure and assets.
The University will:
  • communicate   its policy on fraud and corruption
  • provide fraud   and corruption awareness and education so that staff know how to respond if fraud   is suspected or detected
  • implement and   operate internal controls to prevent/reduce the occurrence of fraud and   corruption
  • investigate suspected   fraud or corruption and take appropriate disciplinary action, which may   include referral to the Police, against any staff member found guilty of   corrupt conduct
  • report   suspected corruption, whether or not it involves a staff member of the   University, to the Independent Commission Against Corruption
  • in the   absence of criminal prosecution, apply appropriate civil, administrative or   disciplinary penalties against individuals who have been party to fraud or   corruption
  • take any   necessary legal action to recover losses that result from fraudulent or   corrupt conduct
  • integrate fraud risk management into its   philosophy, practices and business plans
  • create an annual Strategic Audit Plan to outline   audit, risk management and risk assessment, activities for the following year
  • review for   effectiveness the results of risk assessments and resulting strategies.
COMPLIANCE AND BREACHESThe University may commence applicable disciplinary procedures if a person to whom this policy applies breaches this policy (or any of its related procedures).

Policy Information

Contact Officer

Vice-President, Finance and Group Chief Financial Officer

Date Approved17 June 2011
Approval AuthorityAudit and Risk Committee of Council
Date of Commencement17 June 2011
Amendment Dates

10 July 2019 - Amendment to position title: ‘Chief, Financial Officer’ updated to ‘Vice-President, Finance and Group Chief Financial Officer’ with effect from 6 June 2019.

November 2011 – updated with compliance and breaches statement
March 2011 – alignment with University Policy Framework

Date for Next ReviewJune 2014
Related Documents

Australian   Standard on Fraud and Corruption Control AS8001-2003
Ethics   Statement
Fraud and Corruption Prevention Procedure / Guideline (see tabs above)
Gifts and Benefits Policy / Procedure
Reporting Wrongdoing:  Public Interest Disclosures Policy / Procedure
Staff Code   of Conduct

Legislation
Policies / Rules Superseded by this PolicyFraud and Corruption Prevention Policy (December 2006)
KeywordsFraud, Corruption, Disclosure, Prevention, Internal Audit, ICAC, Conflict of Interest,

PROCEDURE

PurposeTo outline the activities undertaken to prevent and respond to fraud and corruption. 

Procedure

This procedure requires actions by the following: This procedure includes the following activities:
  • Develop and Implement Plans and Policies
  • Comply with Controls, Policies and Procedures
  • Establish Internal Controls
  • Review Internal Controls
  • Review Effectiveness of Risk Assessment Strategies
  • Report Suspected Fraud and Corruption
  • Determine Whether to Investigate
  • Select a Fraud Investigation Officer
  • Investigate Allegations
  • Report  to Relevant External Agencies
  • Take Annual Leave
  • Screen Candidates

Vice-Chancellor

Ensure that appropriate and cost-effective internal control systems   are in place to prevent/reduce/detect fraudulent and corrupt activities.

Delegate to the Vice-President, Finance and Group Chief Financial Officer the role of Fraud Control Officer.

top

Staff member

COMPLY WITH CONTROLS,   POLICIES AND PROCEDURES
You are required to:
  • comply with all controls, policies,   procedures, the Staff Code   of Conduct and the Ethics   Statement
  • identify items at risk in your area and devise   and implement controls to minimise fraud and corruption
  • assist with any enquiries and   investigations of fraudulent or corrupt activity.
REPORT SUSPECTED FRAUD AND CORRUPTION
If you become aware of fraudulent or corrupt behavior, you have a duty under legislation to immediately report such activity.  Discuss the activity with your supervisor.  Any such allegations will be treated in strict confidence and investigated as appropriate.
If you do not consider it appropriate to disclose an allegation of suspected corrupt conduct to your supervisor, you should make disclosure to one of the following:
  • Executive   Dean
  • Head of   Office
  • Fraud Control   Officer
  • Protected   Disclosures Co-ordinator
  • Deputy   Vice-Chancellor
  • Deputy   Vice-Chancellor and Chief Operating Officer
  • Vice-Chancellor

You may report by telephone, in writing or in person.  The Protected   Disclosures Act 1994 offers protection for public officials who make   disclosures concerning corrupt conduct, maladministration or serious or   substantial waste of public money.
If you are concerned   about publicly approaching any of the above people, you can request a meeting   with the relevant officer in a discreet location away from the workplace.
Anonymous Disclosure
If you wish to remain anonymous, you may make anonymous disclosure. However,   you are encouraged not to make anonymous complaints as they may be difficult   to pursue if further information is required. Anonymity will prevent the   University reporting back to any complainant. Although the University does   not encourage anonymous reporting, it recognises that there may be useful   information in the University community that can assist in preventing and/or   detecting fraud and corruption.

TAKE ANNUAL LEAVE

One of the indicators in an organisation that fraud or corruption may   be occurring is a reluctance to take regular and uninterrupted annual   leave.  The Annual Leave Policy takes this into   account and encourages staff to take regular annual leave.

The Risk and Audit Committee, as an audit precaution, requires staff involved in financial management to:
  • take one   period of annual leave of at least 2 weeks’ duration each year
  • take a period   of 2 weeks’ annual leave in each year    and take no more than 10 single annual leave days each year, if staff   are involved in the handling of money.

top

Fraud Control Officer

DEVELOP AND IMPLEMENT PLANS AND POLICIES
Develop and maintain   the Fraud and Corruption Prevention Policy and Procedure.
Prepare and   implement a Fraud and Corruption Prevention and Response Strategy.
Co-ordinate   compliance with the annual review of fraud mitigation strategies.
Examine   results from Internal Control Reviews and make recommendations for their   improvement.

DETERMINE WHETHER TO   INVESTIGATE
When a suspected fraudulent or corrupt activity is reported to you, determine who should be responsible for overseeing an investigation according to the nature and scope of the allegation. Depending upon the area of responsibility within the University, determine which one of the following will make the decision to investigate:
  • Vice-Chancellor
  • Deputy Vice-Chancellor (Academic)
  • Deputy Vice-Chancellor and Chief Operating Officer
  • Deputy Vice-Chancellor (Research)
Determine whether to investigate anonymous disclosures of serious allegations on the basis of if they are supported by sufficient evidence to justify an investigation. In making a determination, give regard to the:
  • seriousness   of the issue raised
  • credibility   of the complaint
  • evidence   provided
  • prospects   for further investigation
  • fairness   to the person being investigated.
SELECT A FRAUD   INVESTIGATION OFFICER
Decide, according to the nature of the suspected fraud, whether the investigation will be done internally or by an external investigator, and determine the required resources to assist with the investigation.
  • Internal   InvestigationsDetermine the   responsibility for the investigation according to the nature and scope of the   allegations of fraud or corruption.    Assign an internal Fraud Investigation Officer.
  • External   InvestigationsThere may be   occasions when you require the use of external investigators to investigate   matters arising from allegations of fraud and corruption.  If selecting an external investigative   service as the Fraud Investigation Officer, give due consideration to the   following issues:
REPORT   TO RELEVANT EXTERNAL AGENCIES Refer to, or notify, any relevant external agencies of any allegations of fraudulent or corrupt behavior that have been identified by the University.
  • Report to Another University
    Where an   investigation discloses fraud or corruption involving another University's   activities or programs, report the matter to that University.
  • Report to the Police Criminal prosecutions are   vital in deterring future instances of fraud and corruption and for educating   staff about the seriousness of fraud and corruption. You must refer   information to the Police if the preliminary investigation of a matter   indicates that a criminal offence may have been committed by an individual.  Where a matter involves offences   under NSW State law, refer the matter to the NSW Police for investigation and   possible prosecution, in accordance with Section 316 of the Crimes Act, 1900 (NSW).
    When you   refer a matter to the NSW Police, you should provide as a minimum:
    • a summary of the allegations(s)
    • a list of suspected offender(s) (where   known)
    • a chronological account of the facts giving   rise to the allegation(s)
    • details of witnesses or potential   witnesses
    • copies of relevant documents
    • copies of all records of interviews,   statements, depositions or affidavits obtained including any written   statement made by the subject of the investigation
    • a nominated contact officer.
  • Report to the Independent Commission Against Corruption (ICAC)
    Perform the role of compliance officer in accordance   with Section 11(2) of the Independent Commission Against Corruption   Act 1988 (NSW).
    Report to ICAC any matter that you ‘suspect on   reasonable grounds concerns, or may concern, corrupt conduct’.  The words ‘suspect on reasonable   grounds’ mean there is a real possibility that corrupt conduct is, or may be,   involved.
    You must report corrupt conduct even if the corrupt   conduct did not involve a staff member of the University.
    You must   provide the following information when making a report of alleged corrupt   conduct:
    • a complete description of the allegations
    • the name and position of any public   official/s alleged to be involved
    • the name and role of any other person/s   relevant to the matter
    • the dates and/or time frames in which the   alleged conduct occurred
    • an indication as to whether the conduct   appears to be a one-off event or part of a wider pattern or scheme
    • the date the allegation was made or the   date you became aware of the conduct
    • what the University has done about the   suspected conduct, including notification to any other agency (for example,   the Police or the Ombudsman)
    • what further action is proposed by the   University
    • approximate amount of money (if any)   involved
    • any other indicators of seriousness
    • any other information deemed relevant to   the matter.

top

Fraud Investigation Officer

INVESTIGATE ALLEGATIONS
When directed by the Fraud Control Officer, investigate allegations of fraud or corruption as follows:
  • define the   subject matter of the investigation
  • develop an   investigation plan
  • determine   what questions need to be answered, what information is required to answer   those questions and the best way to obtain that information
  • structure the   investigation to allow the gathering of sufficient reliable information to   enable the issue to be properly addressed by proving or disproving matters   relevant to the allegation.
Investigative activities can include, but are not limited to:
  • interviewing   relevant witnesses, both internal and external to the University, including   obtaining statements
  • reviewing   and collating documentary evidence
  • forensic   examination of computer systems
  • examining   telephone records
  • enquiring   with banks and other financial institutions, subject to obtaining appropriate   court orders
  • enquiring   with other third parties
  • searching   and seizing data
  • tracing   funds/assets and goods
  • preparing   a brief of evidence
  • liaising   with the Police or other law enforcement body
  • interviewing   persons suspected of fraud or corruption
  • preparing   reports.

top

The Executive/ Executive Dean/
Dean/
Director/ Head of Office/
Head of Department/ Manager

ESTABLISH INTERNAL   CONTROLS
You are   responsible for the prevention and detection of fraud and corruption within   your area of responsibility and for the implementation and operation of   controls that minimise fraudulent and corrupt activities.
Note that there is a strong link between the incidence of fraud and   corruption and internal control systems that either allow an incident to   occur or fail to detect it after it occurred.

Establish and maintain adequate internal controls for the security and accountability of University resources and to prevent/reduce the opportunity for fraud and corruption to occur. These include:
  • use   of suitable recruitment procedures
  • segregating   duties
  • identifying   and declaring conflict of interest or stated interests
  • security   of physical and information systems
  • supervision   and internal checks
  • approvals   within delegated authority
  • reconciliations
  • budget   control
  • regular   review of management reports
  • clear   reporting lines
Implement mechanisms to:
  • promote   staff awareness of the Staff Code   of Conduct, Ethics Statement and the Fraud and Corruption Prevention Policy and Procedure
  • educate   staff about fraud prevention and detection
  • promote   a positive and appropriate attitude towards compliance with laws, rules,   policies and regulations
  • assess   the risk of fraudulent and corrupt behaviour through awareness of the risks   and exposures inherent in your area of responsibility
  • respond   promptly to all allegations or indications of fraudulent or corrupt acts
  • perform initial enquiries of any complaints of   fraudulent and corrupt activity and assist with any further investigations.

REVIEW INTERNAL CONTROLS
Evaluate internal controls, requesting support from either the   Internal Auditor or the Fraud Control Officer as needed.
Refer reports and recommendations regarding internal control   weaknesses to the Fraud Control Officer.
Where the Fraud Control Officer recommends   improvements, implement these as soon as possible.

REVIEW   EFFECTIVENESS OF RISK ASSESSMENT STRATEGIES
Review the results of fraud risk assessments at   least annually to ensure that strategies developed during the course of the   most recent fraud risk assessment are reviewed for effectiveness and amended   where necessary.

top

Human Resources Officer

SCREEN CANDIDATES
Many employees who commit fraud against their employer are found subsequently to have had a history of dishonesty with previous employers.
During recruitment procedures, include any or all of the following strategies, depending on the requirements and responsibility of the position:
  • avoid   recruitment that could potentially lead to, or be perceived as involving,   conflict of interest
  • verify   identity from a birth certificate or driver’s licence
  • contact   referees
  • reference   check with the most recent employers
  • consider   gaps in employment and the reasons for those gaps
  • verify   transcripts, qualifications, publications and other certification or   documentation
  • perform   criminal background checks  where   the position warrants it.

You will need   the express permission of the candidate to carry out this pre-employment   screening.

top

Procedure Information

Contact Officer

Vice-President, Finance and Group Chief Financial Officer

Date Approved17 June 2011
Approval AuthorityAudit and Risk Committee
Date of Commencement17 June 2011
Amendment History

10 July 2019 - Amendment to position title: ‘Chief, Financial Officer’ updated to ‘Vice-President, Finance and Group Chief Financial Officer’ with effect from 6 June 2019.

17 Nov 2017 - updated Fraud Control Officer section from DVC(Provost) to DVC(Academic)
March 2011 – alignment with University Policy Framework

Date for Next ReviewJune 2012
Related Documents

Annual Leave Policy
Ethics Statement
Fraud and Corruption Prevention Policy / Guideline (see tabs above)
Gifts and Benefits Policy / Procedure
Protected Disclosures Policy / Procedure - See Reporting Wrongdoing: Public Interest Disclosures Policy
Staff Code of Conduct

Legislation
KeywordsFraud, Corruption, Disclosure, Prevention, Internal Audit, ICAC, Conflict of Interest, Police

GUIDELINE

Purpose

To state the University’s strategy for the prevention of Fraud and   Corruption.

Guidance is provided on the following topics:

Guideline

The risk of fraud and corruption is ever present. The following are some of the factors that add to, or at least change, the University’s risk:
  • changes in government funding, leading to an   increasing reliance on non-government funding
  • ventures into new markets and areas of operations
  • the development of commercial strategies to   capitalise on the development of intellectual property and marketable   products and services
  • convergence of the university sector and the   private sector through the increase in cooperative and/or strategic   partnerships
  • greater competition in the allocation of scarce   resources
  • greater competition in the university sector for   domestic and overseas students, staff, research funds, industry support and   status
  • increased regulatory requirements
  • increased availability and extensive use of   technology
  • tighter timeframes and deadlines

Fraud and corruption prevention strategies demonstrate sound   management practice and governance and assist the University in deterring   unethical behaviour.

DEFINITION OF CORRUPTION
The Australian   Standard on Fraud and Corruption Control defines   corruption as:
“Dishonest activity in   which a director, executive, manager, employee or contractor of an entity   acts contrary to the interests of the entity and abuses his/her position of   trust in order to achieve some personal gain or advantage for him or herself   or for another person or entity.”
The Independent   Commission Against Corruption (ICAC) defines corrupt conduct, as it affects a   public authority, as:
“ Corrupt conduct is   also any conduct of any person (whether or not a public official) that   adversely affects, or that could adversely affect, either directly or   indirectly, the exercise of official functions by any public official, any   group or body of public officials or any public authority and which could   involve any of the following matters:
(a) official misconduct   (including breach of trust, fraud in office, nonfeasance, misfeasance,   malfeasance, oppression, extortion or imposition)
(b) bribery
(c) blackmail
(d) obtaining or offering secret commissions
(e) fraud
(f)  theft
(g) perverting the course of justice
(h) embezzlement
(i) election bribery
(j) election funding offences
(k) election fraud
(l) treating
(m) tax evasion
(n) revenue evasion
(o) currency violations
(p) illegal drug dealings
(q) illegal   gambling
(r) obtaining financial benefit by vice engaged   in by others
(s) bankruptcy and company violations
(t) harbouring criminals
(u) forgery
(v) treason or other offences against the   Sovereign
(w) homicide or violence
(x) matters of the same or a similar nature to   any listed above
(y) any conspiracy or   attempt in relation to any of the above.”

Examples of corrupt conduct to which the University may be subject include:
  • payment of   secret commissions (bribes) paid in money, or some other value, to a   University staff member that is related to a specific action or decision of   the University staff member
  • release of   confidential information, for other than a proper business purpose, sometimes   in exchange for either a financial or non-financial advantage
  • collusive   tendering (the act of multiple tenderers for a particular contract colluding   in preparation of their bids)
  • a University   staff member manipulating a tendering process to achieve a desired outcome
  • conflict of   interest involving a University staff member acting in his or her own   self-interest rather than the interests of the University
  • nepotism and   cronyism where the appointee to a University position is inadequately   qualified to perform the role to which he or she has been appointed, or not   selected on merit
  • receiving   personal benefits in exchange for assisting a consultant to gain work at the   University.

DEFINITION OF FRAUD
Fraud is   recognised as a subset of corruption.
Australian   Standard on Fraud and Corruption Control AS8001-2003 defines fraud as:
“Dishonest   activity causing actual or potential financial loss to any person or entity   including theft of moneys or other property by employees or persons external   to the entity and whether or not deception is used at the time, immediately   before or immediately following the activity. This also includes the   deliberate falsification, concealment, destruction or use of falsified   documentation used or intended for use for a normal business purpose or the   improper use of information or position.”

Examples of fraud on the University include, but are not limited to:
  • misappropriating   University assets, including use of the University’s assets for private purposes
  • abuse of   University property
  • abuse of   University time
  • causing a loss   to the University, or avoiding or creating a liability for the University by   deception
  • claiming for   travel entitlement to attend a course and then not attending the course and   not reimbursing travel monies
  • evasion of   fees due to the University
  • fabrication,   falsification or plagiarism of research
  • false   invoicing for goods or services never rendered
  • falsely   misrepresenting the author of essays, assignments or research to the   University
  • making cheques   out to false persons
  • making, using   or possessing forged or falsified documents such as Degrees or Academic   Records
  • misapplying   government grant monies
  • misappropriating   official order forms to gain a personal benefit
  • obtaining an   unjust advantage by misusing information gained during the course of   employment with the University
  • providing   false or misleading information to the University, or failing to provide   information, where there is an obligation to do so
  • receiving   ‘kickbacks’ or ‘secret commissions’ from a contractor
  • submission   of exaggerated or wholly fictitious accident, harassment or injury claims
  • misuse   of personal or sick leave
  • theft of cash   or petty cash
  • theft of   intellectual property
  • theft of   plant, equipment or inventory
  • unauthorised transferral   of University income
  • unlawful use   of University computers, vehicles, internet, telephones and other property or   services including operation of a private business   using University facilities and time
  • using a   University credit card for personal expenses and claiming them as   University-related
  • using taxi   vouchers for private purposes.
ASSETS OF THE UNIVERSITY VULNERABLE TO FRAUD AND   CORRUPTION
The outcomes of committing fraud referred to above can be either tangible or intangible and can involve misuse of:
  • academic   records or qualifications
  • admittance to   a program or course
  • consulting   fees
  • curriculum material
  • examination   results
  • funding
  • grants
  • insurance   claims
  • internet time
  • motor vehicles
  • payroll
  • personal information
  • petty cash
  • property, plant   and equipment
  • research   information
  • rights and ownership of new inventions
  • supplies
  • telephone   calls
  • time
PERPETRATORS   OF FRAUD AND CORRUPTION
It is possible for anyone to commit fraud or corruption.  It can be done alone or in collusion with others within or outside the University. Fraud or corruption could be perpetrated against the University by:
  • a full-time, part-time or casual staff member
  • temporary or agency employee
  • a student
  • an agent
  • an external individual
  • a contractor or service provider
FRAUD AND CORRUPTION   AWARENESS
You need to be kept informed about the University’s Fraud and Corruption Prevention and Response Strategy and what part you are expected to play in it. The University will achieve this in a number of ways, including:
  • giving every   employee a copy of the Staff Code of Conduct as part of their contract of   employment
  • informing new staff   during induction training
  • delivering   fraud awareness training across as much of the University as possible
  • making the Staff   Code of Conduct and key attributes of the Fraud and Corruption Prevention and   Response Strategy available to all staff via the University’s website
  • incorporating   reminders to staff and students of their obligations to ethical conduct and   public duties into policies, procedures, appointment letters, guidelines,   training, and student and/or staff communications.
FRAUD AND CORRUPTION   DETECTION
The early detection of fraud and corruption is an essential element of the University’s prevention strategy.
Surveys of fraud conducted in Australia regularly demonstrate that employees are the most likely to discover fraud. As a member of staff, you are therefore the key factor in detecting fraudulent or corrupt behaviour.
It should be your aim to detect fraud or corruption as soon as possible after it occurs. There are a number of ways in which fraud may be detected. These may include:
  • monitoring   high risk jobs or areas
  • when   internal controls are breached
  • during   monthly reviews of strategic management reports such as telephone usage   reports
  • targeted   post transactional review that may indicate altered or missing documentation,   falsified or altered authorisation or inadequate documentary support
  • departmental   reviews or internal audits
  • when   you notice changes in behaviour patterns such as unusual behaviour or   expensive lifestyles of other staff members.

FIDELITY GUARANTEE INSURANCE
The   University is covered by Industrial Special Risks insurance. The insurance is   renewed on an annual basis (currently 31 October each year). This insurance   covers physical loss, destruction or damage to all real and personal property   of every kind and description belonging to the University or for which the   University is responsible or has assumed responsibility to insure prior to   the loss. There are no geographical limits on this cover.

The two components relevant to this strategy include:
  • Fidelity
  • Burglary   and theft

There is currently an excess on each claim.
The policy covers any person acting as an agent of the University in   carrying out their duties at the University.
The Industrial Special Risks insurance policy is   maintained by the Office of Financial Services.

FRAUD AND CORRUPTION   RISK MANAGEMENTStrategic Audit Plan
A Strategic Audit Plan is   prepared each year by an external audit firm and signed off by the Audit and   Risk Committee. This Plan outlines audit and risk management activities for   the ensuing year.
The Strategic Audit Plan also incorporates a   University-wide risk assessment that provides the basis for refining the   scope and objectives of each of the audit and risk management activities to   be undertaken.

Internal Audit Plan

An Internal Audit Plan   is prepared by Deloittes and plays a crucial role in the prevention of fraud   and corruption within the University.
The University outsources its Internal Audit on a three-year cycle. The   Internal Audit function is conducted by Deloittes, which reports to the   University’s Audit and Risk Committee.

In relation to fraud and corruption control, the University’s internal audit includes ongoing reviews of controls within the University, including:
  • reviewing the   effectiveness of controls - how they are implemented in practice - via   observation, interview of key personnel, review of records and sample testing
  • systems type   testing - detailed walkthrough of significant processes
  • special audits   where particular areas of concern have been identified.
Fraud and Corruption   Prevention and Response Strategy

The Fraud and Corruption Prevention and Response Strategy is a best   practice of the Independent Commission Against Corruption. It is a framework   for how the University prevents and responds to fraud.

Fraud and corruption control requires continuous discussion. This may include:
  • keeping track   of what other universities are doing regarding policies and procedures
  • ensuring reports   or reviews of fraud and corruption at Australian universities are assessed   for their likely impact on the University’s strategy
  • encouraging   innovation in fraud and corruption control development, procedures and   processes by staff.

The fraud and corruption control and response strategy is prepared, reviewed   and amended as required by the Fraud Control Officer.

Risk Assessment
The University aims to conduct fraud risk assessments at least every three years. Where appropriate, the University may introduce a rolling program of risk assessments.
When the University undergoes a substantial change in structure or function, or where there is a significant transfer in function (for example, as a result of outsourcing), the University may undertake further fraud risk assessment in relation to the changed functions. This fraud risk assessment may form part of a general business risk assessment exercise.
Staff at all levels in the University should be involved in the fraud and corruption risk assessment process, particularly those with detailed knowledge of the University’s practices and procedures, because they understand system weaknesses and whether internal controls are being adhered to. The University recognises that it is important to ensure that the staff involved have relevant training, access to all necessary information and an understanding of the areas to be examined.
The University’s risk assessment must consider fraud risks from both within the University and from external factors. Risk assessments must also consider fraud risks that may emerge in the future. For example, the University needs to be aware of the changing nature of fraud arising from the greater use of external service providers and developments in information technology.
Core areas that a fraud risk assessment should consider include:
  • information   technology and information security
  • electronic   commerce, electronic service delivery and the Internet
  • outsourced   functions
  • grants and   other payments or benefits programs
  • tendering   processes, purchasing and contract management
  • intellectual   property development and commercialisation
  • revenue   collection
  • use of   University credit cards
  • travel allowances   and other common allowances
  • payments,   including salaries
  • property and   other physical assets, including physical security.
Fraud and corruption risk assessments should be conducted in accordance with the Australian/New Zealand Standard (AS/NZS 4360:1999) - Risk Management. The University documents the risk assessment process in order to:
  • reflect the risks across the range of functions   performed by the University
  • measure risks in a comparable way
  • provide a supportable rating of the risks of   fraud including both likelihood of a risk occurring and consequences for the   University if the risk did occur
  • fine tune the   process, as appropriate
  • replicate the   process.

Fraud risk assessments   provide details of the University’s risk profile and vulnerability.   Unauthorised access could substantially undermine the viability and effective   management of the University. Therefore fraud risk assessments may be   restricted in circulation, consistent with the sensitivity of the material or   subject matter.

Integrating   Fraud and Corruption Risk Assessment with Overall Risk Assessment
It is   important that fraud and corruption risks are considered in the broader   context of overall business risk so that fraud risk assessment takes into   account University-wide strategic planning. Fraud risk should not be looked   at in isolation from the general business of the University. There is considerable   overlap between enterprise risk, business risk, audit risk, security risk and   fraud risk. Other risk management approaches may have already highlighted   changes in strategic directions that will impact on future fraud risk   profiles and control frameworks.

Implementation   of Proposed Actions
All fraud and corruption risks rated as having a High or Very High level of residual seriousness require one or more proposed actions aimed at achieving one or more of the following:
  • alteration of   existing internal control procedures
  • new internal   control procedures
  • procedures   aimed at detecting fraud
  • fraud prevention strategies

The University may also develop proposed actions for risks assessed as   being a lower residual risk.To ensure comprehensive implementation and   provide a periodic check on progress, the risk assessment teams should, where   possible, allocate personal responsibility for the implementation of each   action item.

Review of Effectiveness   of Strategies

It is   expected that Faculties and Offices will review the results of the fraud risk   assessments at least annually to ensure that strategies developed during the   course of the most recent fraud risk assessment are reviewed for   effectiveness and amended where necessary.

The Fraud Control Officer coordinates the compliance with the annual review of fraud mitigation strategies.

Guideline Information

Contact Officer

Vice-President, Finance and Group Chief Financial Officer

Date Approved17 June 2011
Approval Authority

Vice-President, Finance and Group Chief Financial Officer

Date of Commencement17 June 2011
Amendment History

10 July 2019 - Amendment to position title: ‘Chief, Financial Officer’ updated to ‘Vice-President, Finance and Group Chief Financial Officer’ with effect from 6 June 2019.

Date for Next ReviewJune 2014
Related Documents

Fraud and Corruption Prevention Policy / Procedure (see tabs above)
Gifts and Benefits Policy / Procedure
Protected Disclosures Policy / Procedure - See Reporting Wrongdoing: Public Interest Disclosures Policy

Australian/New Zealand Standard (AS/NZS 4360:1999) – Risk Management.

Australian Standard on Fraud and Corruption Control AS8001-2003
KeywordsFraud, Corruption, Disclosure, Prevention, Internal Audit, ICAC, Conflict of Interest
Back to the top of this page