Fraud Control Plan
1.1 Commitment to fraud control
University of Adelaide ("the University") recognises that it has a responsibility to develop, encourage and implement sound financial, legal and ethical decision-making and organisational practices.
This Fraud Control Plan represents the University's commitment to effective fraud risk management and prevention. The desired outcome of this commitment is to minimise the potential for fraud against the University whether by staff or persons external to the University.
This Fraud Control Plan represents the University's commitment to the management and prevention of fraud. It aims to draw together its fraud prevention and detection initiatives into one document. It forms part of the University's Risk Management Framework that has three major components:
* Prevention - initiatives to deter and minimise the opportunities for fraud;
* Detection - initiatives to detect fraud as soon as possible after it occurs; and
* Response - initiatives to deal with detected or suspected fraud.
For the purpose of this document the term "staff" refers to all employees, titleholders, consultants and contractors. The term "University" includes teaching, learning, research, enabling and support activities. It also applies to all Controlled Entities. The desired outcome of this commitment is the elimination of fraud against the University involving employees and other persons external to the University. While the elimination of all instances of fraud may not realistically be achievable, it remains the University's ultimate fraud prevention objective.
The University has adopted the following definition of fraud:
"Dishonestly obtaining or attempting to obtain a benefit or advantage for any person or dishonestly causing or attempting to cause a detriment to the University of Adelaide or its Controlled Entities"
Fraud can be perpetrated by employees (internal fraud) or by persons external to the University (external fraud), or by a combination of both. It can involve financial and non-financial incidents that have an impact upon the operations and the reputation of the University.
Fraud against the University is an offence under various provisions of State and Commonwealth legislation. Internal fraud also constitutes serious misconduct under the University of Adelaide Collective Agreement.
The following list, whilst not exhaustive, provides examples of the types of conduct that might amount to fraud:
* Theft of property eg. inventory, cash and equipment.
* Unlawful or unauthorised release of confidential information that is dishonest.
* Dishonestly obtaining or using property that belongs to the University.
* Dishonest use of intellectual property.
* Causing a loss to the University that is dishonest, or avoiding or creating a liability for the University by deception.
* Knowingly making or using forged or falsified documents that is dishonest.
* Dishonestly using the University's computers, vehicles, telephones, credit cards, cab vouchers and other property or services.
* Fabrication, falsification or plagiarism of research or scholarly work.
* Dishonestly falsifying invoices for goods or services.
* Dishonestly using purchase or order forms to gain a personal benefit.
* Receiving or giving kickbacks or secret commissions to or from third parties.
* Dishonestly assisting or enabling the unlawful or unauthorised transfer, use or allocation of University property and assets including moneys and/or funds held by or on trust for the University.
* Dishonestly using grant or research funds or sponsorships.
Fraud has the potential to damage the reputation of the University and have a detrimental effect on the resources available to promote the University's objectives. Accordingly, the University has adopted a zero tolerance to fraud and is committed to minimising the incidence of fraud through the development, implementation and regular review of fraud prevention, detection and response strategies. Each strategy contributes to an environment where risk is managed, through sound internal controls, and ethical practices. The University's fraud responsibilities are summarised at Appendix B.
To achieve its fraud prevention objectives the University will:
* identify fraud risks and review and update the Fraud Control Plan every two years;
* provide fraud awareness training to those staff who are considered to be in positions that require fraud awareness training;
* ensure all staff are aware of the University's Fraud Control Policy;
* encourage and promote professional and ethical business practice;
* aim to identify fraud through regular review of the University's operations;
* clearly communicate how suspected instances of fraud may be reported;
* through the channels authorised in this policy, investigate alleged or suspected instances of fraud using qualified personnel and professionals with experience in investigation techniques;
* take appropriate action to deal with instances of actual, suspected or alleged fraud, including by recommending prosecution of persons and/or organisations for fraud offences where and when appropriate; and
* use all available avenues to recover money or property lost through fraudulent activity.
1.6 Relationship with other University of Adelaide policies
The University has a number of policies which should be read in conjunction with this Fraud Control Plan. These policies include:
* University of Adelaide Collective Agreement 2006 - 2008
* University of Adelaide Code of Conduct;
* Conflict of Interest Policy and associated guidelines;
* IT Acceptable Use and Security Policy;
* Policies relating to external activities; and
* Policies on University owned entities.
A fundamental strategy in controlling the risk of fraud is the development and maintenance of a sound ethical culture, underpinned by effective and continuous communication and example-setting by management.
The University's attitude to ethical conduct is outlined in the Code of Conduct which describes the value statement of fairness, integrity and responsibility as the obligation for staff to:
* Comply with standards of equity and justice;
* Behave with integrity;
* Act in a responsible manner in dealing with every member of the University Community; and
* Ensure that bias or prejudice on unlawful grounds do not influence or override their objectivity in academic, research, administrative, business or management matters
To maintain better practice in its fraud risk management practices, the University is committed to the following:
* A consistent approach across all Faculties, Divisions and relevant line managers within Controlled Entities - the plan is to be applied uniformly. All Executive Managers, Heads of School or Branches, Managers, Supervisors, Managing Directors or equivalent are to have an understanding of the Fraud Control Plan content and the responsibilities allocated under the Plan;
* Communication of senior management's strong commitment - to ensure there is regular communication to all staff promoting compliance with the Fraud Control Plan and adherence to the Fraud Control Policy;
* Accessibility to the Fraud Control Plan - the Fraud Control Plan will be made accessible to all staff and will be available through the University's intranet;
* Application of the Fraud Control Plan - the Fraud Prevention Plan will be formally adopted by the University. Controlled Entities will be required to adopt it as part of the policy pack for University owned entities;
* Regular review of the Fraud Control Plan - the University is committed to reviewing its Fraud Control Plan every two years to ensure that it remains up-to-date and relevant. Each review will entail:
- consideration of the findings of the most recent Fraud Risk Assessments;
- reviewing changes in the University's operations and environment since the last review; and
- developing a further two year program for fraud control that will identify residual shortcomings in existing procedures.
The responsibilities allocated within the University for fraud-related matters are summarised at Appendix B. The Vice President (Services and Resources) is responsible for overseeing the development of fraud control strategies. The General Counsel is the appointed Fraud Control Officer and is responsible for overseeing investigations of fraud related allegations. The General Counsel is also the central point of contact for reporting alleged fraud.
Generally, a significant proportion of fraud goes undetected because of the inability to recognise the early warning signs of fraudulent activity or because they are unsure how and when to whom they should report their suspicions. Accordingly, the University has incorporated fraud awareness training to assist in raising the general level of awareness amongst staff.
An awareness of the risk of fraud and fraud control techniques will be fostered by:
* ensuring all staff receive notification of the Fraud Control Plan at the time of induction;
* ensuring all staff that are considered to be in positions requiring training attend fraud awareness training;
* ensuring updates and changes to fraud related policies and procedures and other ethical pronouncements are effectively communicated to all staff;
* ensuring staff are aware of the ways in which they can report allegations or concerns regarding alleged fraud or alleged unethical conduct; and
* encouraging staff to report any suspected incidents of fraud.
The Vice President (Services and Resources) will be responsible for monitoring the implementation of the fraud risk assessment programs and reporting progress to the Audit Risk and Compliance Committee ("ACRC") to ensure that all timetabled strategies are implemented accordingly.
To maximise the effectiveness of the fraud risk assessment process, the assessment should:
* be completed by a prioritised sample (with notations of Low, Moderate, High and Very High risk areas) of the functional areas on a rotational basis;
* include assessment at local levels by agreed self assessment criteria;
* be relevant and comprehensive covering as far as possible, all potential risks;
* comply with AS 8001:2008- Fraud and Corruption Prevention;
* separately consider inherent risk and internal control risk; and
* achieve a prioritisation of fraud risks identified through a risk register.
All Faculties and Divisions will ensure that the strategies developed during the course of the most recent Fraud Risk Assessment are reviewed for effectiveness and amended where necessary. The frequency of such reviews is to be determined by the Vice President (Services and Resources).
It is the responsibility of the Vice President (Services and Resources) in consultation with the relevant Executive Managers to ensure that the proposed actions are implemented.
Refer to Appendix C for the proposed timetable for Fraud Risk Assessments.
Internal controls are often the first line of defence against fraud. The University will ensure the maintenance of a strong internal control system and the promotion and monitoring of a robust internal control culture. The University will continue to review internal controls and ensure all key internal controls are documented in a standardised format every two years.
The University will promote an internal control culture through a process of:
* Example-setting by management;
* Regular communication of the importance of internals controls; and
* Including adherence to internal controls as part of the performance management framework.
Pre-employment screening is an effective means of preventing fraud, such as falsifying qualifications or employment history. It can also identify previous criminal convictions for offences of dishonesty. Executive managers, Heads of School or Branches, Managers and General Managers or equivalent should consider all appropriate checks to conduct having regard for the proposed appointment and the work area.
The University recognises that, despite a comprehensive fraud control program, it is possible that fraud may occur. Accordingly the University has adopted a program aimed at detecting fraud as soon as possible after it has occurred. The key elements of this program may include:
* Data analysis programs;
* Management accounting report review;
* Post transaction review; and
* Identification of early warning signs.
The fraud detection principles set out in this section apply to the University and all Controlled Entities.
Data analysis is a powerful means of detecting fraud and other improper behaviours. It is a process of uncovering patterns and relationships in datasets that on face value appear unrelated, highlighting activity of fraud and irregular behaviour, or to explain what lies behind previously identified discrepancies. For example, this might include such tests as searching accounts payable data for repeated invoice numbers to identify duplicate payments, or analysing payroll data for duplicate bank account numbers to uncover a 'ghost employee' payroll fraud.
The Chief Financial Officer is responsible for an annual review of the possible need for a data analysis program. A data analysis program is aimed at strategic use of computer systems in the identification of fraud indicators. Attached at Appendix D is a timetable of proposed data analysis programs to be conducted during the period 2008 - 2010.
Using relatively straightforward techniques in analysing the University's management accounting reports, trends can be examined and investigated which may be indicative of fraudulent conduct. Some examples of the types of management accounting reports that can be utilised on a compare and contrast basis are:
* budget reports for each faculty and/or division;
* reports comparing expenditure against industry benchmarks; and
* reports highlighting unusual trends in bad or doubtful debts;
The University currently adopts appropriate management accounting reporting reviews.
A review of transactions after they have been processed can be effective in identifying fraudulent activity. Such a review may uncover altered or missing documentation, falsified or altered authorisation or inadequate documentary support. In addition to the possibility of detecting fraudulent transactions, such a strategy can also have a significant fraud prevention effect as the threat of detection may be enough to deter a person who might otherwise be motivated to engage in fraud.
In light of this, the University has implemented a program of post-transaction reviews. This strategy will identify a targeted sample of transactions for review with a particular focus on authorisation, adherence to guidelines on expenditure receipting, and missing documentation. This process will be conducted with direct reference to the findings of past internal control reviews and fraud risk assessments.
Identification and acting on early warning signs of fraudulent activity is an important part of early fraud detection. The key to achieving an early warning capability is awareness. The fraud awareness training program, referred to at Section 2.4 will therefore include the identification of early warning signs or "red flags" for suspected fraud and how to respond if they are identified.
All staff and all Managers in particular, should be aware of their responsibility to remain vigilant to identify and report any suspected fraudulent activity.
Responsibility for developing systems to detect fraud will rest with the Vice President (Services and Resources). The Vice President (Services and Resources) will also consider the findings from the most recent Fraud Risk Assessment to formulate effective fraud detection systems.
A summary of all responsibilities contained within this Fraud Control Plan are outlined in Appendix B.
3.6.1 By employees
Staff who become aware of suspected fraudulent conduct are required to report the matter in accordance with this procedure. Staff are also required to maintain strict confidentiality on any suspected fraud matter of which they have knowledge.
* In the first instance, report the matter to their Branch Head or Head of School or relevant line manager.
* If, for any reason, the staff member feels that reporting the incident through this channel would be inappropriate, he or she may report the matter directly to the General Counsel (contact details below) who is the University appointed Fraud Control Officer. Such reports may be made confidentially, if desired.
* In the event of the allegation involving any of the following positions the matter should be referred directly to the Vice Chancellor and President:
- General Counsel;
- Vice President (Services and Resources);
- Deputy Vice-Chancellor and Vice-President (Academic);
- Deputy Vice-Chancellor and Vice President (Research).
* Any Branch Head or Head of School or other relevant line manager receiving a report of alleged fraud must advise the relevant Executive Dean (if applicable) and immediately advise the General Counsel.
The contact details for the General Counsel are as follows:
Phone -(08) 8303 4539
The University will ensure all staff are aware of the fraud reporting procedures and actively encourage all staff to report suspected cases of fraud through the appropriate channels.
Attached at Appendix E is a flowchart that diagrammatically represents the appropriate reporting channels that should be adopted in the event of a person wanting to report any alleged fraud.
Members of the public are to report any suspicions of fraud direct to the General Counsel at the above contact details.
The University strives to meet or exceed best practice standards on whistleblower protection (including the relevant Australian Standard) and will do the following:
* Require staff to act in good faith and reasonably in making reports under Whistleblower protection;
* Recognise and respect the confidentiality of the identity of a bona fide informant;
The University recognises that the external audit function has a role to play in the detection of fraud given the responsibilities of auditors under ASA240 'The Auditors' Responsibility to Consider Fraud in an Audit of a Financial Report'.
All instances of alleged fraud must be reported to the General Counsel, whether by the person making the allegation or by the Head of School or Branch Head or relevant line manager receiving the initial complaint. The General Counsel will then be responsible for overseeing and managing the investigation process, in consultation with other members of an investigation task force which shall comprise, not less than the following positions:
* General Counsel;
* Director of Human Resources;
* Chief Financial Officer; and
* Other relevant senior executive managers (e.g. Deputy Vice Chancellor, Research for research related matters)
The task force will consider the application of the Collective Agreement and other legislative or regulatory requirements in assessing, investigating, managing and reporting all matters of alleged fraud.
In each instance where fraud is detected, the University will reassess the adequacy of the internal control environment (particularly those controls directly impacting on the fraud incident and potentially allowing it to occur) and actively plan and implement improvements where required. Where improvements are required, they will be implemented as soon as practicable.
The University will actively pursue the recovery of any money or property lost through fraud after considering all relevant issues.
Procedures for the collection and recording of fraud information are in place to ensure that external agencies, such as the Auditor General's Department are informed annually of both University of Adelaide's initiatives in fraud control (such as training and other fraud prevention and detection activities), any fraud risks identified during the fraud risk assessment, and any action taken by the University in relation to fraud committed during the year (such as information in relation to fraud incidents, fraud losses, offenders and University responses and corrective actions). Information will be collected, classified and handled appropriately, having regard to privacy, confidentiality, legal professional privilege and the requirements of natural justice.
Should fraud against the University be detected the following protocols must be applied -
The Vice Chancellor and President will make all decisions on the appropriate communications protocol to be adopted.
* The Vice Chancellor and President will nominate one person to be the authorised spokesperson for any matter.
* Any communication by a person other than the Vice Chancellor and President or authorised spokesperson will be unauthorised.
This document is a component of Fraud Control Policy and Plan
Policy Control Information
|RMO File No.||2006/4980|
|Policy custodian||Vice-Chancellor and President|
|Responsible policy officer||General Counsel|
|Approved by||University Council|
|Procedures approved by||University Council|
|Related Policies||Code of Conduct
Conflict of Interest Policy and Guidelines http://www.adelaide.edu.au/policies/1243/
University of Adelaide Collective Agreement http://www.adelaide.edu.au/hr/conditions/eb/
Policy on Plagiarism
Policy on Cheating in Examinations and Related Forms of Assessment http://www.adelaide.edu.au/policies/1963
Rules for Student Conduct
|Effective from||13 October 2008|
|Review Date||30 June 2011|
|Contact for queries about the policy||General Counsel, tel: 36080|
Hardcopies of this document are considered uncontrolled. Please refer to the University Policy and Procedures website for the latest version.