Procedure: Fraud and Corruption Control

Purpose

The purpose of this procedure is to:

• ensure the University’s reputation, assets, revenue, expenditure and facilities are safe-guarded against fraudulent or corrupt behaviour; and
• outline the processes and mechanisms for preventing, reporting and investigating incidents of fraudulent activity in and against the University.

Definitions

AFP is the Australian Federal Police

ANAO is the Australian National Audit Office and includes any auditor contracted by the ANAO to conduct an external audit at the University

ARMC is the Audit and Risk Management Committee

Corruption is abuse of a position of trust in order to achieve personal gain for oneself or another person, and includes bribery, receiving or soliciting secret commissions, collusive tendering, and serious conflicts of interest.

CGRO is the Corporate Governance and Risk Office

Business Area is a subsection of any portfolio within the University where there is a focus on defined subject matter (e.g HR, Finance and Business Services, Facilities and Services)

Fraud is defined in the Commonwealth Fraud Control Framework to mean dishonestly obtaining a benefit, or causing a loss, by deception or other means. Benefits may be financial, such as misappropriating property and false invoicing, or non-financial, such as falsification of research results and disclosure of information for a dishonest purpose. Intent to defraud is necessary for an offence to have been committed. Offences include the fraudulent conduct offences that apply to Commonwealth entities under Chapter 7 of the Criminal Code 1995.

Principles

1. The principles that underpin this procedure are as follows:

• The Code of Conduct policy sets the standards of ethical behaviour expected of staff and students. Staff should abide by the principles set out in the Code of Conduct policy and students should abide by principles set out in the Student Code of Conduct policy . Staff and other individuals who enter into a range of relationships with the University (including contractors, visiting fellows and volunteers) have a responsibility to act honestly, responsibly and impartially in accordance with the Code of Conduct.
• Fraud and corruption prevention, control and reporting is the responsibility of all staff.

Relevant Information

2. The University faces a wide range of potential fraudulent conduct by both internal and external parties, and has put in place various mechanisms to address the risks arising from any incident of fraud.
3. Fraud includes, but is not limited to:

• theft;
• obtaining property, a financial advantage or any other benefit by deception;
• causing a loss, or avoiding or creating a liability by deception;
• providing false or misleading information to the University, or failing to provide information where there is an obligation to do so;
• making, using or possessing forged or falsified documents;
• bribery, corruption or abuse of position;
• unlawful use of University assets including computers, vehicles, telephones and other property or services;
• divulging confidential information to outside sources;
• subverting, or interfering with, University computer systems and devices;
• falsification of research results;
• falsification of qualifications;
• fabrication of research articles;
• identity theft; and
• theft or leaking of examination papers.

4. Instances of suspected research and academic fraud should be reported and will be dealt with in accordance with the Research misconduct and serious research misconduct procedure. Instances of suspected operational fraud will be handled as set out below.

Fraud prevention and control strategies

The University has the following fraud prevention and control strategies in place:

5. The Director CGRO ensures that a University fraud and corruption control framework and fraud control plan are in place and are reviewed every three years. The framework and fraud control plan are submitted to the Audit and Risk Management Committee (ARMC) for endorsement and to Council for approval.
6. Deans of Colleges, Directors of Research Schools and Service Divisions will ensure that measures are in place to raise awareness amongst staff in their area of fraud risks and controls, including by disseminating information about fraud prevention and mechanisms for reporting suspected fraud.
7. Online and customised training is provided to ensure that the risk of fraud is taken into account in planning and conducting activities across the University.
8. Deans of Colleges, Research School Directors and Service Division Directors undertake fraud risk assessments to assess fraud risks and control strategies in their areas every two years. A fraud risk assessment template that should be used is available on the Fraud risk management website.
9. A fraud risk that has been assessed as low is an acceptable risk that can be managed by routine procedures. A risk that has been assessed as moderate, high or extreme requires the responsible area to develop and implement a risk action plan with specific monitoring or response procedures.
10. Business areas should consult with CGRO to develop robust risk action plans whenever a fraud risk is identified. CGRO will report extreme and high fraud risks and the resultant risk action plans to the ARMC.
11. Fraud risk assessments are used to inform the development of the University’s annual internal audit program which is endorsed by the ARMC and approved by Council. Specific fraud-focused internal audits will be directed at areas where significant vulnerabilities are identified.
12. The University will cooperate with the ANAO, including any external auditors appointed by the ANAO, and assist as required in fraud detection and response.

Reporting suspected fraud

13. Staff or students who become aware of suspected fraud or corruption should report such suspicion to one of the following:

• Supervisor, Line Manager, Service Division Director, College General Manager or Member of the Executive;
• Director Corporate Governance and Risk Office (CGRO);
• The University’s Public Interest Disclosure (PID) authorised officer email (pid@anu.edu.au). For further information on PID refer to the PID policy; or
• In the instance of any suspected financial fraud, the matter must also be directly reported to the Chief Financial Officer.

14. Suspected instances of fraud related to research misconduct should be reported in accordance with the Research Misconduct and Serious Research Misconduct procedure.
15. Any reports of suspected fraud or corruption that are made to the University (Supervisor, Line Manager, Service Division Director, College General Manager, Member of the Executive or Authorised PID Officer) must be referred to the Director, Corporate Governance and Risk Office (CGRO). The Director CGRO will also ensure that the Chief Financial Officer has been informed of any reports of suspected financial fraud.
16. A person who reports suspected fraud should provide as much information as possible, including details of any person they believe to be involved and the actions or activities they believe to be fraudulent, including how, when and where those actions or activities occurred. However, they should not investigate the matter themselves, as this may compromise a subsequent investigation.
17. The Director CGRO will provide confidential and independent advice to staff and managers in relation to processes for the management and administration of instances where fraud is suspected.
18. The University does not tolerate vexatious and frivolous reports and may initiate disciplinary proceedings where reports of this nature are found.
19. The University may have an obligation to report an incident to another external body where there is obligation under an agreement or other legislative instrument.

Investigation of suspected incidents of fraud

20. On the basis of the initial information supplied, the Director CGRO will assess whether the allegation of fraud:

• appears to be without foundation or to be not made in good faith; or
• warrants further investigation and/or other appropriate action, including action under the Research Misconduct procedure, referral to the Chief People Officer in relation to a Code of Conduct matter, referral to the Chief Operating Officer or referral the University’s General Counsel in relation to matters of a more complex or serious nature including possible referral to the Australian Federal Police.

21. In deciding the appropriate action to take, the Director CGRO will take into account such factors as:

• the nature of the alleged fraud;
• the cost or value of the alleged fraud;
• the potential damage to the integrity or reputation of the University;
• the likely cost of taking action, including the cost of recovering financial losses or property;
• the likely benefit of taking action, including the deterrent value;
• whether it is likely that the fraud is systemic or targeted, rather than an isolated or opportunistic incident;
• the likelihood that the fraud was committed by an external party with internal assistance; and
• any possible ongoing risks arising from the fraudulent conduct, including any security implications.

22. Investigations will be carried out by appointed persons within or external to the University.
23. Where suspected fraud has been reported as a public interest disclosure, an investigation will be managed in accordance with the Public Interest Disclosure Procedure and any rules relating to fraud made under the Public Governance, Performance and Accountability Act 2013.
24. All suspected incidents of fraud and corruption will be recorded in University records to identify any trends and measures to mitigate risks of recurrence.

Referral to police

25. The Chief Operating Officer on advice from the Legal Office will refer instances of potential serious or complex fraud offences to the Australian Federal Police (AFP) in accordance with the Australian Government Investigation Standards and the AFP’s Case Categorisation and Prioritisation Model (see www.afp.gov.au). Minor or routine instances of fraud, that is, fraud that would be unlikely to be investigated by the AFP, will be investigated internally or by an external investigator appointed by the University.
26. In determining whether a particular matter is of sufficient seriousness that it should be referred to the AFP for investigation, the following issues will be considered:

• the findings of the preliminary assessment and any investigation of the alleged fraud;
• whether there is sufficient evidence to indicate that an offence may have been committed, or attempted to be committed; and
• indicators of seriousness that the AFP may consider warrant acceptance of the matter for investigation. These indicators include significant monetary or property loss; damage to the security or integrity of the University or the Commonwealth; evidence of the use of sophisticated techniques or technology to avoid detection; evidence of a criminal conspiracy; bribery or corruption of a Commonwealth official; criminal activity against more than one entity; and activities that could affect wider aspects of Commonwealth law enforcement, such as cyber-crime, immigration irregularities and money laundering.

27. When a matter has been referred to the AFP, the University will provide assistance as requested in the investigation process, including by giving access to official records.

Recovery of monies

28. Following an investigation, the University may, at its absolute discretion, take action to recover money or property lost as a result of fraudulent conduct in accordance with the relevant delegation.

Disciplinary action

29. If an internal or external investigation suggests that disciplinary action against a staff member may be warranted, the Director CGRO will refer the matter to the Chief People Officer.
30. All disciplinary or misconduct investigations relating to an internal staff member will be conducted in accordance with relevant legislation, the University’s Enterprise Agreement and relevant University policy.

Review of internal controls

31. If fraud is found to have occurred, line management in conjunction with internal audit is responsible for reviewing the internal controls in the relevant area and implementing enhanced controls where appropriate to prevent a recurrence.

Record keeping and reporting

32. Incidents of suspected fraud reported to CGRO will be recorded and tracked by CGRO.
33. Disclosures made to an authorised officer under the Public Interest Disclosure policy will be recorded and tracked in accordance with that procedure.
34. Records of reports made under the Research Misconduct and Serious Research Misconduct procedure will be handled in accordance with that procedure.
35. Records of fraud-related matters arising in a Code of Conduct investigation by the Human Resources Division will be handled by that Division.
36. The University will report de-identified information about incidents of fraud as part of the Australian Institute of Criminology’s annual report on fraud against the Commonwealth.
37. Final investigation reports, including any further actions recommended by the Director CGRO, will be provided to the Chief Operating Officer and the Vice-Chancellor, the head of the relevant business area, and any other relevant parties.
38. Director CGRO will also report to the ARMC on each fraud incident during or following the completion of an investigation. The ARMC will advise Council of any significant fraudulent activities and remedial actions taken.

Fidelity guarantee insurance

39. ANU will maintain appropriate insurance cover against losses emanating from fraudulent activity.

Responsibilities

40. The following table outlines responsibilities associated with this procedure:

Delegations relevant to this procedure

• 000334: Litigation