Procedure: Fraud control
This procedure is made under the Fraud and corruption control policy and sets out the processes and mechanisms for preventing, controlling and investigating incidents of fraudulent activity in and against the University. Consideration will be given to the development of a procedure relating to prevention and control of corruption in the future.
AFP is the Australian Federal Police
ANAO is the Australian National Audit Office and includes any auditor contracted by the ANAO to conduct an external audit at the University
ARMC is the Audit and Risk Management Committee
CGRO is the Corporate Governance and Risk Office
Fraud is defined in the Commonwealth Fraud Control Framework to mean dishonestly obtaining a benefit, or causing a loss, by deception or other means. Benefits may be financial, such as misappropriating property and false invoicing, or non-financial, such as falsification of research results and disclosure of information for a dishonest purpose. Intent to defraud is necessary for an offence to have been committed. Offences include the fraudulent conduct offences that apply to Commonwealth entities under Chapter 7 of the Criminal Code 1995.
- The University faces a wide range of potential fraudulent conduct by both internal and external parties, and has put in place various mechanisms to address the risks arising from any incident of fraud.
- Operational fraud includes, but is not limited to:
- obtaining property, a financial advantage or any other benefit by deception;
- causing a loss, or avoiding or creating a liability by deception;
- providing false or misleading information to the University, or failing to provide information where there is an obligation to do so;
- making, using or possessing forged or falsified documents;
- bribery, corruption or abuse of position;
- unlawful use of University assets including computers, vehicles, telephones and other property or services;
- divulging confidential information to outside sources;
- subverting, or interfering with, University computer systems and devices; and
- any offences of a similar nature.
- Examples of research and academic fraud include, but are not limited to:
- falsification of research results;
- falsification of qualifications;
- fabrication of research articles;
- identity theft; and
- theft or leaking of examination papers.
- Instances of suspected research and academic fraud should be reported and will be dealt with in accordance with the Research misconduct and serious research misconduct procedure. Instances of suspected operational fraud will be handled as set out below.
Fraud prevention and control strategies
- The University has the following fraud prevention and control strategies in place:
- a University fraud control framework and fraud control plan which are reviewed every two years, or more frequently as required
- awareness and training activities to ensure that staff are aware of what constitutes fraud and that the risk of fraud is taken into account in planning and conducting University activities
- fraud risk assessments (as part of the University fraud control plan) reviewed every two years by each College, Research School and Division
- internal and external audits of University activities
- various mechanisms for confidential reporting of suspected fraud
- procedures for investigation of suspected fraud
- processes for recording and reporting incidents of fraud and suspected fraud.
- Details on each of these strategies is below. The University’s fraud control framework, guidance and templates are available on the Fraud risk management website.
Fraud control framework and fraud control plan
- The Director CGRO ensures that a University fraud control framework and fraud control plan are in place and are reviewed every two years. The framework and fraud control plan are submitted to the Audit and Risk Management Committee (ARMC) for endorsement and to the Council for approval.
Fraud awareness and training
- Deans of Colleges and Directors of Research Schools and Service Divisions will ensure that measures are in place to raise awareness amongst staff in their area of fraud risks and controls, including by disseminating information about fraud prevention and mechanisms for reporting suspected fraud.
- Staff and other individuals who enter into a range of relationships with the University (including contractors, visiting fellows and volunteers) have a responsibility to act honestly, responsibly and impartially in accordance with the Code of Conduct. Induction training for new staff includes training on the Code of Conduct. CGRO also offers specific fraud-related training for relevant staff annually and on request by line areas.
Fraud risk assessment
- Deans of Colleges, Research School Directors and Service Division Directors undertake fraud risk assessments to assess fraud risks and control strategies in their areas every two years. A fraud risk assessment template that should be used is available on the Fraud risk management website. CGRO internal audit staff will assist organisational areas to meet their responsibilities.
- A risk that has been assessed as low is an acceptable risk that can be managed by routine procedures. A risk that has been assessed as moderate requires the responsible area to develop and implement a risk action plan with specific monitoring or response procedures.
- All extreme and high risks require immediate action by senior management. Line areas should consult CGRO as soon as possible for advice on developing a risk action plan. CGRO will report extreme and high fraud risks and the resultant risk action plans to the ARMC.
Internal audit program
- Fraud risk assessments are used to inform the development of the University’s annual internal audit program which is endorsed by the ARMC and approved by Council. Specific fraud-focused internal audits will be directed at areas where significant vulnerabilities are identified.
External audit program
- The ARMC and senior management will discuss with the Australian National Audit Office (ANAO) the audit procedures for the University’s annual financial audit. The University will cooperate with the ANAO, including any external auditors appointed by the ANAO, and assist as required in fraud detection and response.
Reporting suspected fraud
- There are various ways in which a person may report suspected or actual fraud at the University.
- Staff may make a report to their supervisor, senior line manager, or the Director, Corporate Governance and Risk Office (CGRO). What may raise a suspicion of fraudulent activity may be the result of a mistake or negligent conduct. However, if a supervisor or line manager receives a report that suggests criminal conduct, they have a duty under section 60A of the Public Interest Disclosure Act 2013 to report the matter to an Authorised Officer for Public Interest Disclosures.
- Staff, former staff and contracted service providers may also report instances or suspected instances of fraud directly to an Authorised Officer for Public Interest Disclosures.
- Any person (including a student or visitor to the University) may also report suspected fraud directly to CGRO.
- Suspected instances of fraud related to research misconduct should be reported in accordance with the Research misconduct and serious research misconduct procedure.
- A person who reports suspected fraud should provide as much information as possible, including details of any person they believe to be involved and the actions or activities they believe to be fraudulent, including how, when and where those actions or activities occurred. However, they should not investigate the matter themselves, as this may compromise a subsequent investigation.
- The Director CGRO can provide confidential and independent advice to staff and managers in relation to suspected fraud.
Investigation of suspected incidents of fraud
- On the basis of the initial information supplied, the Director CGRO will assess whether the allegation of fraud:
- appears to be without foundation or to be not made in good faith; or
- warrants further investigation and/or other appropriate action, including seeking further advice, action under the Research misconduct procedure, referral to the Director, Human Resources in relation to a Code of Conduct matter, or referral to the Chief Operating Officer in relation to matters of a more complex or serious nature including possible referral to the Australian Federal Police.
- In deciding the appropriate action to take, the Director CGRO will take into account such factors as:
- the nature of the alleged fraud;
- the cost or value of the alleged fraud;
- the potential damage to the integrity or reputation of the University;
- the likely cost of taking action, including the cost of recovering financial losses or property;
- the likely benefit of taking action, including the deterrent value;
- whether it is likely that the fraud is systemic or targeted, rather than an isolated or opportunistic incident;
- the likelihood that the fraud was committed by an external party with internal assistance; and
- any possible ongoing risks arising from the fraudulent conduct, including any security implications.
- Investigations will be carried out by appropriately qualified and experienced personnel within the University. If external investigators are engaged, the University will ensure that they are also appropriately qualified.
- Where suspected fraud has been reported as a public interest disclosure, an investigation will be managed in accordance with the Public Interest Disclosure Procedure and any rules relating to fraud made under the Public Governance, Performance and Accountability Act 2013. This investigative process may include referral to internal or external auditors.
Referral to police
- The Chief Operating Officer on advice from the Legal Office will refer instances of potential serious or complex fraud offences to the Australian Federal Police (AFP) in accordance with the Australian Government Investigation Standards and the AFP’s Case Categorisation and Prioritisation Model (see www.afp.gov.au). Minor or routine instances of fraud, that is, fraud that would be unlikely to be investigated by the AFP, will be investigated internally or by an external investigator appointed by the University.
- In determining whether a particular matter is of sufficient seriousness that it should be referred to the AFP for investigation, the following issues will be considered:
- the findings of the preliminary assessment and any investigation of the alleged fraud;
- whether there is sufficient evidence to indicate that an offence may have been committed, or attempted to be committed; and
- indicators of seriousness that the AFP may consider warrant acceptance of the matter for investigation. These indicators include significant monetary or property loss; damage to the security or integrity of the University or the Commonwealth; evidence of the use of sophisticated techniques or technology to avoid detection; evidence of a criminal conspiracy; bribery or corruption of a Commonwealth official; criminal activity against more than one entity; and activities that could affect wider aspects of Commonwealth law enforcement, such as immigration irregularities and money laundering.
- When a matter has been referred to the AFP, the University will provide assistance as requested in the investigation process, including by giving access to official records.
Recovery of monies
- Following an investigation, the University may take action to recover money or property lost as a result of fraudulent conduct in accordance with the relevant delegation.
- If an internal or external investigation suggests that disciplinary action against a staff member may be warranted, the Director CGRO will refer the matter to the Director Human Resources.
Review of internal controls
- If fraud is found to have occurred, line management in conjunction with internal audit is responsible for reviewing the internal controls in the relevant area and implementing enhanced controls where appropriate to prevent a recurrence.
Record keeping and reporting
- Incidents of suspected fraud reported to CGRO will be recorded and tracked by CGRO.
- Disclosures made to an authorised officer under the Public Interest Disclosure procedure will be recorded and tracked in accordance with that procedure.
- Records of reports made under the research misconduct and serious research misconduct procedure will be handled in accordance with that procedure.
- Records of fraud-related matters arising in a Code of Conduct investigation by the Human Resources Division will be handled by that Division.
- The University will report de-identified information about incidents of fraud as part of the Australian Institute of Criminology’s annual report on fraud against the Commonwealth. CGRO will also report to the ARMC on each fraud incident following the completion of an investigation. The ARMC will advise Council of any significant fraudulent activities and the remedial actions taken.
Fidelity guarantee insurance
- ANU will maintain appropriate insurance cover against losses emanating from fraudulent activity.
- The following responsibilities apply:
· Approve the University’s fraud control framework and fraud control plan every 2 years;
· Receive reports of significant instances of fraud and remedial actions taken.
Audit and Risk Management Committee
· Review and endorse the University’s fraud control framework and fraud control plan every 2 years;
· Monitor the management of fraud risks, as part of risk management planning within the University;
· Receive reports on instances of ‘high’ and ‘extreme’ risks reported in Service Divisions’, Colleges’ and Research Schools’ Fraud Risk Assessments and review the remedial actions taken;
· Inform Council of any significant fraudulent activities reported and any remedial actions taken.
· Foster an environment that makes active fraud control the responsibility of all staff.
· Ensure that appropriate measures are in place in relation to fraud prevention and detection;
· Ensure appropriate resourcing within CGRO to lead fraud control at the University.
· Foster an environment that makes active fraud control the responsibility of all staff;
· Ensure that appropriate measures are in place with regard to fraud prevention and detection.
Chief Operating Officer
· With advice from the Legal Office, refer instances of potential serious or complex fraud offences to the AFP;
· Ensure appropriate resourcing within CGRO to lead fraud control at the University.
· Develop and review the University’s fraud control framework and fraud control plan;
· Coordinate fraud risk assessment activity across the University;
· Use fraud risk assessments to inform the development of the University’s annual internal audit program for endorsement by the ARMC and approval by Council;
· Direct internal audit activity so it is planned and conducted in accordance with relevant standards;
· Receive reports of suspected fraud and take appropriate action, including advice to managers;
· Arrange fraud awareness training for relevant staff.
Chief Financial Officer
· Review, on an ongoing basis, the financial fraud controls to ensure they are effective in minimising financial fraud risks;
· Provide assurance on the adequacy of the University’s financial fraud control arrangements to the external auditors annually, through management representation letters.
College Deans. Research School Directors, General Managers and Service Division Directors
· Foster an environment that makes fraud control the responsibility of all staff;
· Ensure that a fraud risk assessment for their area is in place and is reviewed at least every two years and whenever there is significant organisational change,
· Ensure that appropriate internal controls are in place and operating effectively to minimise fraud risks (including by ensuring appropriate record keeping practices are in place);
· Ensure that staff participate in fraud awareness education and training;
· Ensure that agreed recommendations relating to fraud in internal and external audit reports are implemented promptly.
· Act in accordance with the University’s Code of Conduct when undertaking their duties and representing the University;
· Disclose to their supervisor any material personal interest that relates to the affairs of the University;
· Actively participate in the implementation of fraud risk control strategies;
· Undertake appropriate record keeping;
· Report any suspicions of, or information relating to any instance of, fraudulent conduct to their supervisor, an authorised officer for Public Interest Disclosures or the Director, CGRO;
· Encourage others to make such reports;
· Deal with all reports of suspected fraud professionally and promptly.
Delegations relevant to this procedure
- 000334: Litigation
|Printable version (PDF)|
|Purpose||To outline the procedures for preventing, controlling and investigating incidents of fraudulent activity in and against the University.|
|Topic/ SubTopic||Risk Management - Fraud|
|Effective Date||1 Jul 2009|
|Review Date||27 Jul 2020|
|Responsible Officer||Director, Corporate Governance and Risk Office|
|Approved By:||ANU Council|
|Contact Area||Corporate Governance and Risk Office|
Public Governance, Performance and Accountability Act 2013
Public Governance, Performance and Accountability Rule 2014