1. Purpose of procedures
The procedures that follow must be read in association with the Fraud and Corruption Control – Governing Policy and other related procedures.
2. Intent and objectives
The intent of these procedures is to give effect to the University’s policy commitment to prevent and control fraud and corruption by:
- providing further detail on the University’s Fraud and Corruption Control Framework,
- outlining the activities in place to prevent, detect and respond to fraud and corruption, and
- assigning specific responsibilities for components of the University’s Fraud and Corruption Control – Governing Policy.
3.1 Planning and resourcing
3.1.1 The University considers that its fraud and corruption control program is an integral component of its overall risk management framework and will plan for and resource activities accordingly.
3.1.2 The University will have an appropriate fraud and corruption control plan, which is to be reviewed and amended as necessary. The fraud and corruption control plan outlines the key strategies, actions and accountability for the planning and resourcing measures that address fraud and corruption control.
3.2.1 The University will ensure it has a sound and sustainable ethical culture through a process of awareness training, benchmarking and monitoring.
3.2.2 Senior management will demonstrate a high level of commitment to controlling the risk of fraud and corruption within and by the University.
3.2.3 Every employee and officer of the University should have a general awareness of fraud and corruption and how they should respond if this type of activity is detected or suspected.
3.2.4 As fraud and corruption can occur at various levels, appropriate preventive techniques - such as policies, procedures, training, and communication that stop fraud from occurring - will be established. Among the University's many elements in fraud and corruption prevention are Human Resource procedures, authority limits, and transaction level procedures.
3.3.1 The University will implement systems aimed at quickly identifying instances of fraud and corruption in the event that prevention strategies fail.
3.3.2 Detection controls serve as the strongest deterrents to fraudulent or corrupt behaviour. Detection methods include but are not limited to anonymous reporting mechanisms (whistle blowing) and proactive fraud detection procedures specifically designed to identify fraudulent activity.
3.3.3 Whistle blowers can approach University management or internal audit without fear of reprisals and in the full knowledge that their interests will be protected. Any claim of fraud or corruption will be handled with confidentiality as allegations of fraud and corruption, even if not proven, can cause damage to individual reputations and expose the University to legal claims for damages. Further guidance can be found in the Public Interest Disclosure - Governing Policy.
3.3.4 The University uses proactive fraud detection procedures – such as data analysis, continuous auditing techniques, and other technology tools - to detect fraudulent and corrupt activities as part of internal audit and external audit reviews. These are established as part of the audit plans on an annual basis.
3.4.1 In the event that fraud or corruption is detected or suspected, the University will advise the Crime and Corruption Commission prior to commencing any investigation to ensure that where the Commission is already undertaking investigations all evidence is preserved and protected.
3.4.2 In the case of suspected corrupt conduct not requiring notification, or in circumstances where the Crime and Corruption Commission has referred the matter back to the University, the University will adopt a comprehensive approach to the subsequent investigation, disciplinary proceedings, prosecution or recovery action.
3.4.3 The University will ensure protection of those reporting suspected instances of fraud and corruption and will ensure that this policy is well understood by the University community.
3.4.4 The University will ensure that there are adequate means for reporting suspicious or known illegal/unethical conduct, and that these means are widely known and available.
Successful achievement of the policy will require recognition and incorporation of the following elements:
4.1 Integrated policy and good corporate governance
4.1.1 The University has developed an organisation-wide and integrated Fraud and Corruption Control Policy, which sets out the objectives and responsibilities for controlling fraud and corruption within the University. It communicates the University's zero-tolerance stance and creates a framework that reduces risks of fraud and establishes an effective internal control structure.
4.1.2 Fraud and corruption control and management is an integral component of the University’s Governance Framework Governing Policy which builds upon the requirement for transparent and accountable processes consistent with sound business practices and organisational standards of compliance. Embedding these requirements into the day-to-day operations of the University will enhance the University’s profile as a good corporate citizen, and reduce the likelihood that it will suffer financial loss or damage to its reputation as a result of misconduct by staff and others.
4.1.3 The Council, Vice-Chancellor and President, internal audit and management at all levels of the University need to be committed to the proactive prevention of fraudulent or corrupt activities in a systematic way in order to enhance the operation and reputation of the University (refer to section 5 below - Roles and responsibilities).
4.1.4 The University will develop and maintain a Fraud and Corruption Control Plan, which will regularly be reviewed and approved by the Audit and Risk Management Committee.
4.2 Risk assessment
4.2.1 The application of risk management principles and techniques in the assessment of the risk of fraud and corruption must be carried out within the University’s Risk Management Framework Governing Policy and related procedures.
4.2.2 Fraud and corruption risks will normally be identified, evaluated and managed by Cost Centre Managers and reported in accordance with the University's decision-making processes. The University's fraud and corruption risks will be maintained in Cost Centres Risk Registers and will be updated annually with appropriate review of control strategies and actions required. Relevant mitigating actions will subsequently be included in Cost Centre Action Plans to ensure that the risks are being effectively reduced or eliminated.
4.3 Internal controls
4.3.1 The Vice-Chancellor and President is ultimately responsible for the establishment of a cost-effective internal control structure and risk management processes for the University (Financial Accountability Act 2009), including maintenance of an internal audit function to monitor the effectiveness of the internal control structure. Individual managers are responsible for daily operations and for maintaining cost-effective internal control structures within their organisational responsibility.
4.3.2 The University has established internal financial, information systems and management controls, which require staff to follow standard practices when conducting University business, to act in accordance with best practice, and to adhere to agreed internal control systems. Applicable internal controls include:
- suitable recruitment procedures (e.g. contacting referees, and verifying transcripts, publications and other certification documentation)
- suitable staff separation practices such as exit interviews
- reporting and management of conflicts of interest
- suitable procurement practices
- segregation of duties
- security of records and information systems
- consideration of risk and risk management strategies
- supervision and internal checks
- approvals within delegated authority
- budget control
- regular review of management reports
- clear reporting lines
- performance management, and
- internal audit
4.3.3 The University's internal audit program is to include both systematic and random audits to test compliance, and effectiveness of internal controls. The findings of these audits are reported to the Audit and Risk Management Committee, and then to Council, so that any identified adverse trends or deficiencies are acted upon.
4.4 Internal reporting
4.4.1 All instances of suspected fraudulent and/or corrupt behaviour should be reported as stated in the University’s Staff Code of Conduct for appropriate action, while also providing for the protection of those individuals making the complaint, and natural justice to those individuals being subject of such complaint. (Also refer to section 4.6 below - Public interest disclosure.)
4.4.2 The University will assess all allegations of fraud or corruption, and where there is a reasonable suspicion that corrupt conduct may have occurred, the Crime and Corruption Commission will be notified prior to any investigation commencing (refer to section 4.5 below – External reporting).
4.4.3 All University staff who are involved in or become aware of an investigation into possible fraud or corrupt conduct must keep the details and results of any investigation confidential.
4.5 External reporting
4.5.1 Various legislation sets out the requirements for agencies such as the University to report matters of fraud and corrupt conduct to the Crime and Corruption Commission, Queensland Police Service, the Ombudsman and Queensland Audit Office.
4.5.2 The Vice-Chancellor and President, or nominee, is responsible for determining any referral of fraud and corruption allegations or matters to the Crime and Corruption Commission and other external bodies.
4.6 Public interest disclosures
4.6.1 The University has a Public Interest Disclosures Governing Policy in accordance with the provisions of the Public Interest Disclosure Act 2010.
4.6.2 The Public Interest Disclosures Governing Policy establishes a disclosure process and provides protection for individuals making a disclosure and natural justice for those who are the subject of disclosures.
4.6.3 All public interest disclosures made by University staff and students are to be managed in accordance with that policy.
4.7.1 The University’s response to fraud and corruption allegations or matters will vary, according to the nature and seriousness of the alleged conduct. A full investigative response will be undertaken where the conduct, if proved, could result in dismissal or demotion. At the other end of the spectrum are complaints best dealt with by prompt managerial action.
4.7.2 The University will manage the initial receipt of a complaint, determine if the matter requires notification to the Crime and Corruption Commission and establish, based on the substance of the complaint the most appropriate action to take.
4.7.3 Where investigation is required, the Appointing Officer - Chief Operating Officer or Vice-Chancellor and President (as appropriate) - will appoint an Investigations Officer, who may be internal audit or an external party to the University. The Crime and Corruption Commission’s “Corruption in Focus: A guide to dealing with corrupt conduct in the Queensland Public Sector” will be used as a guide to the conduct of the formal investigation, it describes the various steps involved as follows:
- determining the scope and nature of any investigation
- confirming the responsibilities and powers of the investigator
- conducting the investigation
- gathering the evidence
- concluding the investigation
4.7.4 The Investigations Officer will provide an initial report and recommendation to the Appointing Officer. If the initial recommendation is to proceed with a detailed investigation, the Investigations Officer will provide interim and final reports to the Appointing Officer. The Appointing Officer will review the outcomes and recommendations made by the Investigations Officer and commence appropriate action.
4.7.5 Instances of fraud and corrupt conduct on the part of individuals other than staff will be managed in accordance with contractual conditions specified in their association with the University.
4.8 Staff Code of Conduct
4.8.1 The University’s Staff Code of Conduct, which applies to all officers, and staff of the University, is a reflection of the University’s commitment to create an environment and culture in which ethical conduct is expected, encouraged, supported and achieved.
4.8.2 As stated in the Code of Conduct, all staff must report suspected fraudulent and/or corrupt activity. Any staff member who suspects such activity must immediately notify his/her supervisor or those responsible for investigations such as the internal audit function. In situations where the supervisor is suspected of involvement in fraudulent and corrupt activity, the matter should be notified to the next highest level of supervision, internal audit or the Vice-Chancellor and President.
4.9 Staff awareness, recruitment and education
4.9.1 Recruitment policy and practices underpin fraud and corruption prevention. All staff must support the University’s recruitment strategies, which include:
- criminal background checks on staff where the position warrants it and as guided by Human Resources;
- contacting referees;
- verifying transcripts, qualifications, publications and other certification or documentation; and
- avoiding entering into recruitment of individuals that could potentially lead to conflicts of interest.
4.9.2 Staff development and training is key to combating fraudulent and corrupt behaviour. To that end:
- induction procedures will include making new staff aware of this policy, and
- the Chief Operating Officer will work with Human Resources to improve awareness of issues in fraud and corruption, risk management and internal controls, and to develop prevention training for management and staff.
4.10 Community awareness
4.10.1 The University’s Staff Code of Conduct provides that under the ethical principle of acting with integrity and impartiality, the University, its officers and staff are placed in a position of trust. They manage University resources, have access to University information and make decisions that affect the interest of others. By conducting themselves with the highest standards of honesty, fairness and propriety, officers and staff enhance public confidence in the integrity of the University. To maintain public confidence and trust, the community must be confident that the University and its officers behave ethically and honestly.
4.10.2 The University will make accessible to its stakeholders and the wider community its Code of Conduct, its Vision and Values, and other policies and procedures concerning the assurance procedures the University has adopted to ensure that its officers act ethically and honestly, and are socially responsible.
4.10.3 The University recognises not only the legitimate right of the media to follow up matters, which may be in the public interest, but also the importance of keeping the community informed of significant matters affecting the University and its operation. The University will take a proactive approach to communicating with the media and the community on all matters of suspected fraud and corruption.
5. Roles and responsibilities
Refer to section 8, Authorities and Responsibilities, of the Fraud and Corruption Control – Governing Policy for detailed information on roles and responsibilities.5
The University of the Sunshine Coast acknowledges fraud and corruption policies from the following universities’ in the development of its policy and related procedures:
Central Queensland University
Queensland University of Technology
University of Queensland
University of Southern Queensland