ANU's approach to managing its fraud risks is predicated on the basis that the associated risk analysis should focus on understanding the potential methods of fraud applicable to each role and relationship; and evaluate the likelihood of a perpetrator succeeding, given the current controls. Generic or inherent fraud risks provide only limited value in understanding where frauds are possible or in preventing them. By raising fraud and corruption awareness at every level in the organisation, ANU will maintain its resistance to fraud.

What Is Fraud?

The University has adopted the following definition of fraud as given by the Commonwealth Fraud Control Guidelines 2002:

"Dishonestly obtaining a benefit by deception or other means"

The ANU is exposed to fraud perpetrated by individuals both internal and external to the University.  Fraud can involve attempts to secure financial or non-financial benefits and for the purposes of this procedure includes corruption (such as collusive tendering and the payment of secret commissions or bribes.  Fraudulent activity may include but is not limited to:

Importantly Fraud against the ANU constitutes an offence against the Australian Government and can be prosecuted under the Crimes Act 1914.

ANU's Attitude to Fraud

ANU will always seek to prosecute those who perpetrate frauds against it. However any investigation commenced following the reporting of suspected fraud will be undertaken on the assumption of innocence of the implicated individual(s).

The ANU will also endeavour to protect those who provide information concerning suspected frauds.  This protection, under the ANU Protected Disclosure Policy, is extended to all persons having an involvement in the activities of the University including Council members, staff, students, academic visitors and contractors.

ACCOUNTABILITIES

Vice-Chancellor:

• Foster an environment that makes active fraud control the responsibility of all staff.
• Approve the Fraud Control Procedure.
• Determine the course of action following reported incidents of fraud (including referral to Australian Federal Police)
• Receive and review the ANU Fraud Risk Profile, every 2 years.
• Report on the adequacy of ANU's fraud control arrangements via the ANU's annual report.

University Executive:

• Foster an environment that makes active fraud control the responsibility of all staff.
• Receive and review the ANU Fraud Risk Profile, every 2 years

ANU Deans, Directors & Heads for Colleges, Administrative Divisions and Budget Units:

• Foster an environment that makes active fraud control the responsibility of all staff.
• Develop a fraud risk profile in compliance with the Risk Management Policy and the Fraud Control Procedure
• Ensure that a Fraud Risk Profile for the area of responsibility is prepared and updated no later than every 2 years. In addition this fraud risk profile should be updated whenever significant organisational change is implemented (e.g. change in administrative control systems or new activities are introduced).
• Develop and implement mitigation measures to ensure that fraud risks are managed in accordance with ANU's Fraud Control Tolerance Levels (defined in this procedure)

Director Policy & Planning:

• Ensure that appropriate security measures and personnel clearances are in place with regard to fraud detection and prevention.
• Issue guidelines to managers and staff on the reporting of incidents of suspected fraud.
• Receive and review progress reports from areas on the implementation of fraud control strategies.
• Ensure appropriate resourcing within the Risk Management & Audit Office to lead fraud control at the ANU.

Chief Financial Officer:

• Assist the Dean/Directors of Colleges and Administrative Divisions with the development and implementation of mitigation strategies for significant fraud risks.

Audit & Risk Management Committee:

• Receive and review the ANU Fraud Risk Profile every 2 years.
• Receive and review progress reports from all areas on the implementation of fraud control strategies.
• Monitor fraud risks and incidents of suspected fraud identified through the internal audit program

Risk Management Advisory Committee:

• Develop and validate procedures and associated guidance material that encourage the minimisation and deterrence of fraud.

Risk Management and Audit Office:

• Director RMAO is the primary point of contact for all reported incidence of suspected fraud and advice on the appropriate course of action.
• Review and report on incidents of fraud in accordance with current legislation/policy.
• Every two years review each College and Administrative Divisions Fraud Control Profile and associated mitigation strategies.
• Develop and maintain the ANU Fraud Risk Profile and Associated Fraud Control Plan.
• Facilitate fraud awareness training for staff as requested by Colleges and Administrative Divisions.
• Monitor compliance with the Australian Government's Fraud Control Guidelines.
• Monitor fraud risks identified through the internal audit program.

APPROACH

Resistance to fraud within the ANU is enhanced through the following fraud control strategies:

• Profiling: Identify and evaluate the current fraud risks associated with specific job functions and relationships, based on weakness in the current control environment. Develop mitigation strategies to address the weaknesses associated with significant fraud risks.
• Detection: Fraud awareness training and system reviews aimed at the identification of red flags indicative of fraudulent activity.

Fraud Profiling

As outlined in the accountabilities above, there are two types of fraud profiles envisaged at the ANU:

• The ANU Fraud Risk Profile, incorporating risks across the entire University and developed by RMAO.
• College and Administrative Division Fraud Risk Profiles developed by relevant Deans and Directors.

College and Administrative Division Fraud Risk Profiles should align with the following criteria:

1.  Nominated Fraud Control Champion within each College or Administrative Division.
A focal point as well as a local contact is required to direct the fraud control efforts in the local area. This individual should be trained in line with Commonwealth Requirements and should facilitate fraud profiling with support from ANU's RMAO.

2.  Prioritise Risks based on the agreed College or Administrative Division Fraud Risk Tolerance levels.
The College/Division  will not accept any residual risk associated with fraud that has more than a "unlikely chance" (less than one per  year or 5% probability) of a financial loss greater than A$50,000, or more than a "possible" chance (less than once per month or 25% probability) of a financial loss greater than $10,000.

Where:

• Class A: Risks that significantly exceed the risk acceptance threshold and need urgent and immediate attention.
• Class B: Risks that exceed the risk acceptance threshold and require proactive management.
• Class C: Risks that lie on the risk acceptance threshold and require active monitoring.
• Class D: Risks that are below the risk acceptance threshold and do not require active management.

All identified Class A and Class B risks must be reported to the Director RMAO and ANU's Chief Financial Officer (CFO) as soon as they have been identified and evaluated.

3.  Identification of current fraud risks specific to identified job functions and relationships and assessed in light of current controls.

Example:

Role/Relationship	Method	Risk Rankings	Mitigation Strategies
F&S Minor Works Technical Officer	Technical Officer arranges meeting with lowest bidder to confirm scope and obtains a kickback for revealing the next lowest bid. Bid is inflated accordingly based on this information, justified on the basis of additional scope.

Fraud Profiling may be conducted by adopting the following process:

• One-on-one interviews with selected staff, identifying fraud risks specific to their role and relationships.
• Workshop with these staff to validate identified risks and propose risk rankings.
• Second workshop or review by senior managers to validate profile and associated risk rankings. Development of mitigation strategies for significant (Class A and Class B risks).
• Sign-off by Dean/Director.
• Submission of profile to Director RMAO.
• Monitoring of mitigation strategies and reassessment of associated risks by Dean/Director and Director RMAO.

4.  Development of mitigation strategies for all unacceptable risks (Class A & B)
For all Class A & Class B fraud risks, mitigation strategies should be developed in consultation with the CFO including implementation milestones.

5.  College or Administrative Division Fraud Profiles should be formally authorised by the relevant Dean/Director and reviewed at least every 2 years or whenever significant organisational and or process changes occur.

 Fraud Detection

• Fraud Awareness
  
  In addition to understanding what and how frauds may be perpetrated against the ANU by fraud profiling the areas in which they work, staff should also be familiar with:
  
•  Code of Conduct Policy
• Risk Management Policy
• Protected Disclosures Policy
• Fraud Control Procedure (this document)
• ANU's Protecting Ourselves from Fraud Staff Booklet
  

Fraud awareness sessions should also be incorporated in regular staff meetings, facilitated by the nominated Fraud Control Champion for the College or Division, highlighting related case studies from within the ANU and from other organisations. Additional fraud awareness training may be provided by RMAO (either internally or utilising external providers) upon request from College & Administrative Division Deans/Directors.

• Internal Audit Program
  
  The ANU Fraud Risk Profile and the College & Administrative Division Risk Fraud Profiles will be taken into account in developing the ANU Strategic Internal Audit Plan. On this basis specific fraud-focused internal audits will be undertaken each year directed at areas where significant vulnerabilities are identified. All internal audits will consider fraud in accordance with internal auditing standards.

• Management Initiated Fraud Reviews
  
  Independent of the Internal Audit Program, end to end process reviews, system reviews and data mining for indicators of fraud will also be undertaken by RMAO (utilising in-house as well as external specialist resources).

Fraud Investigation

• Reporting Suspected Acts of Fraud
  
  Matters of suspected fraud should, in the first instance, be reported to the Director RMAO (+61(0)2 6125 6054) except in cases where University legislation or policy dictates otherwise, for example, research falsification.  In these particular instances, the Director RMAO should be notified in conjunction with the key person nominated in the policy.
  
  
• Protected Disclosures
  
  Where a member of the University community provides information concerning a suspected fraud in accordance with the University's Protected Disclosure policy, the University will take all reasonable steps to ensure that:
  
  
• The identity of the person(s) making a disclosure is protected.
• The person is protected from unfair treatment, harassment or retaliatory action by persons named or implicated by the disclosure. This same protection is extended to any person implicated by a disclosure during the course of any investigation.
• Confidentiality is maintained with respect to any information disclosed and the identity of persons disclosing it.
• (NB: The University will take every effort to protect the identity of the discloser but in the event of criminal prosecution or other civil proceedings this may not be possible.)
  
  
• External Reporting
  
  Unless policy dictates otherwise, the Director RMAO will undertake a preliminary assessment to establish whether reported behaviour is fraudulent in nature.  If fraud is confirmed, the matter will be referred to the Vice-Chancellor who in consultation with the Legal Office will determine matters that require further internal investigation and/or referral to an accredited external Fraud Investigation service provider or the Australian Federal Police for investigation.

• Annual Fraud Reporting Obligations
  
  The ANU will certify in the Commonwealth Fraud Control Annual Report, that they are satisfied that:
  

• Fraud risk assessments and fraud control plans have been prepared that comply with the Australian Government's Fraud Control Guidelines;
• Appropriate fraud prevention, detection, investigation and reporting procedures and processes are in place; and
• Annual fraud data has been collected and reported that complies with the Australian Government's Fraud Control Guidelines.

COMMON LANGUAGE