Please refer to the University’s Glossary of Terms for policies and procedures. Terms and definitions identified below are specific to these procedures and are critical to its effectiveness:
Fraud refers to dishonest activity causing actual or potential financial loss to any person or entity including theft of monies or other property by employees or persons external to the entity and where deception is used at the time, immediately before or immediately following the activity. This also includes the deliberate falsification, concealment, destruction or use of falsified documentation used or intended for use for a normal business purpose or the improper use of information or position for personal financial benefit. The theft of property belonging to an entity by a person or persons internal to the entity but where deception is not used is also considered ‘fraud’.
Corruption is dishonest activity in which a director, executive, manager, employee or contractor of an entity acts contrary to the interests of the entity and abuses his/her position of trust in order to achieve some personal gain or advantage for him or herself or for another person or entity. The concept of ‘corruption’ can also involve corrupt conduct by the entity or a person purporting to act on behalf of and in the interests of the entity, in order to secure some form of improper advantage for the entity either directly or indirectly.
Corrupt conduct, as defined in detail under section 15 of the Crime and Corruption Act 2001 (Qld), means conduct by anyone that adversely affects a public agency or public official so that the performance of their functions or the exercise of their powers:
- is not honest or impartial, or
- knowingly or recklessly breaches public trust or impairs public confidence in public administration, or
- involves the misuse of agency-related information or material.
Common examples of corrupt conduct include fraud and theft, extortion, unauthorised release of information, obtaining or offering a secret commission and nepotism.
1. Purpose of the procedures
The procedures that follow must be read in association with the Fraud and Corruption Control – Governing Policy, The Fraud and Corruption Control Plan and other related procedures.
2. Planning and Resourcing
The University considers that its fraud and corruption control program is an integral component of its overall risk management framework and will plan for and resource activities accordingly.
Governance and Risk Management manages the Fraud and Corruption Control Plan, which is reviewed and amended at least biennially. The Fraud and Corruption Control Plan outlines the key strategies, actions and accountability for the planning and resourcing measures that address fraud and corruption control.
The University has a sound and sustainable ethical culture through a process of awareness training, benchmarking and monitoring.
Senior management demonstrate a high level of commitment to controlling the risk of fraud and corruption within and by the University.
Every employee and officer of the University has a general awareness of fraud and corruption and how they should respond if this type of activity is detected or suspected.
As fraud and corruption can occur at various levels, appropriate preventive techniques - such as policies, procedures, training, and communication that stop fraud from occurring - are established and maintained.
Categories of fraud and corruption risks are identified in the Fraud and Corruption Control Plan and are managed and updated as required by the Director of Governance and Risk Management
Additional fraud and corruption risks are identified, evaluated and managed by Organisational Unit Managers and maintained in Organisational Unit Risk Registers, which are updated quarterly with appropriate review of control strategies and actions required.
USC has implemented systems aimed at assisting with the detection of fraud and corrupt conduct as soon as possible after it has occurred, in the event that the University’s preventative systems fail.
The source of the activity may be:
- internal (perpetrated by an employee or contractor);
- external (perpetrated by a customer or an external service provider); or
- complex (for example, involve collaboration between employees, contractors, and external service providers).
Detection controls are managed by each Organisational Unit and recorded in the University’s Fraud and Corruption Control Plan. Refer to the Audit Assurance Framework – Governing Policy for the role of auditor’s in detection.
4.1 Mechanisms for reporting suspected fraud and corruption incidents
All staff are expected to report instances of suspected fraudulent and/or corrupt behaviour by the University’s Staff Code of Conduct (refer to section 4.1.1).
Suspected fraud or corrupt conduct can be reported either verbally or in writing to various internal personnel. External personnel/bodies are also listed as an alternative mechanism to promote reporting. While there is a preference for reports where the discloser is known, due to the increased likelihood of successful investigations, anonymous disclosures are permitted.
Suspected fraud and corruption incidents may be reported to:
- the Director, Human Resources;
- the PVC (Students);
- the staff member’s manager, supervisor or other senior University officer;
- the Chief Operating Officer; or
- external bodies as applicable (see https://www.ombudsman.qld.gov.au/how-to-complain/what-we-can-help-with/other-complaint-handling-organisations/other-complaint-handling-organisations)
All notification of suspected fraud and corruption incidents must have regard to whether the conduct amounts to corrupt conduct as defined in the CC Act and therefore the notification is classified as a public interest disclosure. The mechanism for these disclosures is a formalised system of reporting outlined in the Public Interest Disclosures –Procedures. The Director, Human Resources is responsible for the Public Interest Disclosures Management Program.
USC needs to be responsive and vigilant in undertaking preliminary investigations to determine whether allegations have sufficient grounds to be taken further.
In some situations, this may be straightforward (i.e. in the instance of theft of property or money in which case, the matter would be referred to the Police Service). Other possible fraudulent behaviour may not be as clear to identify and some preliminary work will need to be undertaken to form an opinion by senior management that referral to the Police is warranted.
Fraudulent behaviour can also be closely connected to corrupt conduct which are particularly dealt with under the provisions of the Crime and Corruption Act 2001. This legislation has a clear process for reporting and investigating and will override the processes in this Plan.
Any response action taken must consider whether the breach should be referred to the PID Coordinator for assessment as a public interest disclosure.
5.1 Procedures for investigating detected or suspected incidents
The University’s response to fraud and corruption allegations or matters will vary according to the nature and seriousness of the alleged conduct. The response to instances of Academic Misconduct are managed through the Student Academic Misconduct – Procedures, while instances of Research Misconduct are managed in accordance with the Managing and Investigating Breaches of Responsible Research Conduct – Procedures.
The Director of Human Resources is responsible for the management of the initial complaint. If the suspected incident involves the Director of Human Resources, the Chief Operating Officer will assume this responsibility.
The Appointing Officer (Vice-Chancellor and President or Chief Operating Officer (as appropriate)) will appoint an Investigations Officer, who may be internal audit or an external party to the University in the following instances:
- where the allegations are serious, yet do not constitute corrupt conduct;
- where the allegation is not handled through the Public Interest Disclosure - Procedures; or
- where a matter has been referred back to the University by an external authority.
The Queensland Crime and Corruption Commission’s “Corruption in Focus: A guide to dealing with corrupt conduct in the Queensland Public Sector” will be used as a guide to the conduct of the formal investigation. It describes the various steps involved as follows:
- determining the scope and nature of any investigation
- confirming the responsibilities and powers of the investigator
- conducting the investigation
- gathering the evidence
- concluding the investigation
The Investigations Officer will provide an initial report and recommendation to the Appointing Officer. If the initial recommendation is to proceed with a detailed investigation, the Investigations Officer will provide interim and final reports to the Appointing Officer. The Appointing Officer will review the outcomes and recommendations made by the Investigations Officer and commence appropriate action.
5.2 Internal reporting and escalation
Significant instances of fraud and corruption are maintained in a register within the Office of the Chief Operating Officer. All records will be captured in an approved management system in accordance with the University’s Information Management Framework – Governing Policy. Records are classified as restricted in accordance with section 7 of the Information and Records Management – Procedures. All incidents of these types will be reported to the University Executive and the Audit and Risk Management Committee. As part of the investigation into the incident, a review of the control environment is undertaken to continually improve risk management practices in relation to the management of fraud and corruption risk.
5.3 Disciplinary procedures
In accordance with the Guidelines for the Resolution of Complaints – Staff, where disciplinary action is required, a Human Resources representative will consult with the Vice-Chancellor and President.
For staff covered by the Enterprise Agreement, any disciplinary action will be dealt with in accordance with the Agreement, specifically provision 5.7 regarding misconduct and serious misconduct. Disciplinary action relating to staff not covered by the Enterprise Agreement will be in accordance with the provisions of their Contract of Employment.
Disciplinary action relating to academic misconduct will be managed in accordance with the Student Academic Misconduct – Procedures and the Student Academic Integrity – Governing Policy.
Disciplinary action relating to research misconduct will be managed in accordance with the Managing and Investigating Breaches of Responsible Research Conduct – Procedures and the Student Academic Integrity – Governing Policy.
5.4 External reporting
Various legislation sets out the requirements for agencies such as the University to report matters of fraud and corrupt conduct to the Queensland Crime and Corruption Commission, Queensland Police Service, the Queensland Ombudsman and Queensland Audit Office. The Vice-Chancellor and President, or nominee, will, if appropriate, refer any fraud and corruption allegations or matters to the appropriate external body.
5.5 Civil proceedings to recover the proceeds of fraud or corruption
In the event of an instance of fraud or corruption that has resulted in monetary loss to the University, USC will take action to recover any lost funds. The recovery process will be initiated in instances where the likely benefits of recovery are expected to exceed the funds and resources invested in the recovery action.
5.5 Review of Internal Controls
Following the detection of fraud, the Organisational Unit Manager, in consultation with the Director of Governance and Risk Management, will reassess the adequacy of the internal control environment and identify actions to strengthen the controls.