Fraud Control Plan
Fraud Control Plan - Diagrammatic representation (see Appendix A)
1. Introduction
1.1 Commitment to fraud control
The University of Adelaide ("the University") has a responsibility to develop, encourage and implement sound financial, legal and ethical decision-making and organisational practices.
This Fraud Control Plan represents the University's commitment to effective fraud risk management and prevention. The desired outcome of this commitment is to minimise the potential for fraud against the University whether by University personnel or persons external to the University.
1.2 Application of Fraud Control Plan
The Plan aims to draw together its fraud prevention and detection initiatives into one document. It forms part of the University's Risk Management Framework that has three major components:
* Prevention - initiatives to deter and minimise the opportunities for fraud;
* Detection - initiatives to detect fraud as soon as possible after it occurs; and
* Response - initiatives to deal with detected or suspected fraud.
For the purpose of this document the term "staff" refers to all employees, titleholders, consultants and contractors. The term "University" includes teaching, learning, research, enabling and support activities and all Controlled Entities.
The desired outcome of this commitment is the elimination of fraud against the University involving employees and other persons external to the University. While the elimination of all instances of fraud may not realistically be achievable, it remains the University's ultimate fraud prevention objective.
1.3 Definition of fraud
The University has adopted the following definition of fraud:
"Dishonestly obtaining or attempting to obtain a benefit or advantage for any person or dishonestly causing or attempting to cause a detriment to the University of Adelaide or its Controlled Entities"
Fraud can be perpetrated by employees (internal fraud) or by persons external to the University (external fraud), or by a combination of both. It can involve financial and non-financial incidents that have an impact upon the operations and reputation of the University.
Fraud against the University is an offence under State and Commonwealth legislation. Internal fraud also constitutes serious misconduct under the University of Adelaide Enterprise Agreement (as amended).
1.4 Examples of fraud
The following list, whilst not exhaustive, provides examples of the types of conduct that might amount to fraud:
a) Theft of property e.g. inventory, cash and equipment.
b) Unlawful or unauthorised release of confidential information that is dishonest.
c) Dishonestly obtaining or using property that belongs to the University.
d) Dishonest use of intellectual property.
e) Causing a loss to the University that is dishonest, or avoiding or creating a liability for the University by deception.
f) Knowingly making or using forged or falsified documents that is dishonest.
g) Dishonestly using the University's computers, vehicles, telephones, credit cards, cab vouchers and other property or services.
h) Fabrication, falsification or plagiarism of research or scholarly work.
i) Dishonestly falsifying invoices for goods or services.
j) Dishonestly using purchase or order forms to gain a personal benefit.
k) Receiving or giving kickbacks or secret commissions to or from third parties.
l) Providing a reward or benefit to persons in public office or private employment in order to influence conduct that would result in that person violating an official duty of office such that the act may constitute bribery under either Australian or extra-territorial laws.
m) Dishonestly assisting or enabling the unlawful or unauthorised transfer, use or allocation of University property and assets including moneys and/or funds held by or on trust for the University.
n) Dishonestly using grant or research funds or sponsorships.
1.5 Statement of attitude to fraud
Fraud has the potential to damage the reputation of the University and have a detrimental effect on the resources available to promote the University's objectives. Accordingly, the University has adopted a zero tolerance to fraud and is committed to minimising the incidence of fraud through the development, implementation and regular review of fraud prevention, detection and control strategies. Each strategy contributes to an environment where risk is managed, through sound internal controls, and ethical practices.
The University's fraud responsibilities are summarised at Appendix B.
To achieve its fraud prevention objectives the University will:
a) identify fraud risks and review and update the Fraud Control Plan every two years;
b) provide fraud awareness training to those personnel who are considered to be in positions that require fraud awareness training;
c) ensure all personnel are aware of the University's Fraud Control Policy;
d) encourage and promote professional and ethical business practice;
e) aim to identify fraud through regular review of the University's operations;
f) clearly communicate how suspected instances of fraud may be reported;
g) through the channels authorised in this policy, investigate alleged or suspected instances of fraud using qualified personnel and professionals with experience in investigation techniques;
h) take appropriate action to deal with actual, suspected or alleged fraud, including by referral to legal and regulatory authorities; and
i) use available avenues to recover money or property lost through fraudulent activity.
1.6 Relationship with other University policies
The University has a number of documents that should be read in conjunction with this Fraud Control Plan. These policies include:
* University of Adelaide Enterprise Agreement;
* University of Adelaide Code of Conduct;
* Conflict of Interest Policy and associated guidelines;
* IT Acceptable Use and Security Policy;
* Policies relating to external activities; and
* Policies on University owned entities.
2. Prevention
2.1 Integrity framework
A fundamental strategy in controlling the risk of fraud is the development and maintenance of a sound ethical culture, underpinned by effective and continuous communication and example-setting by management.
The University's attitude to ethical conduct is outlined in the Code of Conduct which describes fairness, integrity and responsibility as the obligation for personnel to:
* Comply with standards of equity and justice;
* Behave with integrity;
* Act in a responsible manner in dealing with every member of the University community; and
* Ensure that bias or prejudice on unlawful grounds do not influence or override their objectivity in academic, research, administrative, business or management decisions and judgement.
2.2 Fraud control planning
To maintain better practice in its fraud risk management practices, the University is committed to the following:
a) A consistent approach across all Faculties, Divisions and relevant line managers within Controlled Entities - the plan is to be applied uniformly. All Executive Managers, Heads of School or Branches, Managers, Supervisors, Managing Directors or equivalent are to have an understanding of the Fraud Control Plan content and the responsibilities allocated under the Plan;
b) Communication of senior management's strong commitment - to ensure there is regular communication to all personnel promoting compliance with the Fraud Control Plan and adherence to the Fraud Control Policy;
c) Accessibility to the Fraud Control Plan - the Fraud Control Plan will be made accessible to all personnel and will be available through the University's intranet;
d) Application of the Fraud Control Plan - the Fraud Control Plan is formally adopted by the University's policy framework. Controlled Entities will be required to adopt it as part of the policies suite for University owned entities;
e) Regular review of the Fraud Control Plan - the University is committed to reviewing its Fraud Control Plan every two years to ensure that it remains up-to-date and relevant. Each review will entail:
* consideration of the findings of the most recent Fraud Risk Assessments;
* reviewing changes in the University's operations and environment since the last review; and
* developing a further two year program for fraud control that will identify and address residual shortcomings in existing procedures.
2.3 Fraud control responsibilities
The responsibilities allocated within the University for fraud-related matters are summarised at Appendix B.
The Vice-President (Services and Resources) is responsible for overseeing the development of fraud control strategies. The General Counsel is the appointed Fraud Control Officer and is responsible for overseeing investigations of alleged fraud. The General Counsel is also the central point of contact for reporting alleged fraud.
2.4 Fraud awareness training
Generally, a significant proportion of fraud goes undetected because personnel do not recognise the early warning signs of fraudulent activity or because they are unsure how, when and to whom they should report their suspicions. Accordingly, the University has incorporated fraud awareness training to assist in raising the general level of awareness amongst its personnel.
An awareness of the risk of fraud and fraud control techniques will be fostered by:
a) ensuring the Fraud Control Plan and Fraud Control Training are a mandatory part of induction;
b) ensuring all personnel that are considered to be in positions requiring training attend fraud awareness training;
c) ensuring updates and changes to fraud related policies and procedures and other ethical pronouncements are effectively communicated across the University and its entities;
d) ensuring staff are aware of the ways in which they can report allegations or concerns regarding suspected fraud or unethical conduct; and
e) encouraging reports of suspected incidents of fraud.
2.5 Fraud risk assessment
The Vice President (Services and Resources) is responsible for monitoring the implementation of the fraud risk assessment programs and reporting progress to the Audit Compliance and Risk Committee ("ACRC") to ensure that all timetabled strategies are implemented in the time and manner prescribed.
To maximise the effectiveness of the fraud risk assessment process, the assessment should:
a) be completed by a prioritised sample (with notations of Low, Moderate, High and Very High risk areas) of the functional areas on a rotational basis;
b) include assessment at local levels by agreed self assessment criteria;
c) be relevant and comprehensive covering as far as possible, all potential fraud risks;
d) comply with AS 8001:2008- Fraud and Corruption Prevention;
e) separately consider inherent risk and internal control risk; and
f) achieve a prioritisation of fraud risks identified through a risk register.
All Faculties and Divisions must ensure that the strategies developed during the course of the most recent Fraud Risk Assessment are reviewed for effectiveness and amended where necessary. The frequency of such reviews is to be determined by the Vice-President (Services and Resources).
It is the responsibility of the Vice-President (Services and Resources) in consultation with the relevant Executive Managers to ensure that the proposed actions are implemented.
2.6 Internal control
Internal controls are often the first line of defence against fraud. The University will ensure the maintenance of a strong internal control system and the promotion and monitoring of a robust internal control culture. The University will continue to review internal controls and ensure all key internal controls are documented in a standardised format every two years.
The University will promote an internal control culture through a process of:
a) Example-setting by management;
b) Regular communication of the importance of internals controls; and
c) Including adherence to internal controls as part of the performance management framework.
2.7 Pre-employment screening
Pre-employment screening is an effective means of preventing fraud, such as falsifying qualifications or employment history. It can also identify previous criminal convictions for offences of dishonesty. Executive Managers, Heads of School or Branches, Managers and General Managers or equivalent should consider all appropriate checks having regard for any proposed appointment and the work area.
3. Detection
The University recognises that, despite a comprehensive fraud control program, it is possible that fraud may occur. Accordingly the University has adopted a program aimed at detecting fraud as soon as possible after it has occurred.
The key elements of this program may include:
a) Data analysis programs;
b) Management accounting report reviews;
c) Post transaction reviews; and
d) Identification of early warning signs.
These fraud detection principles apply to the University and its Controlled Entities.
3.1 Data analysis program
Data analysis is a powerful means of detecting fraud and other improper behaviours. It is a process of uncovering patterns and relationships in datasets that on face value appear unrelated, highlighting activity of fraud and irregular behaviour, or to explain what lies behind previously identified discrepancies. For example, this might include such tests as searching accounts payable data for repeated invoice numbers to identify duplicate payments, or analysing payroll data for duplicate bank account numbers to uncover a 'ghost employee' payroll fraud.
The Chief Financial Officer is responsible for an annual review of the possible need for a data analysis program. A data analysis program is aimed at strategic use of systems and processes in the identification of fraud indicators.
3.2 Management accounting reporting review
Using relatively straightforward techniques in analysing the University's management accounting reports, trends can be examined and investigated which may be indicative of fraudulent conduct.
Some examples of the types of management accounting reports that can be utilised on a compare and contrast basis are:
a) budget reports for each faculty and/or division;
b) reports comparing expenditure against appropriate benchmarks; and
c) reports highlighting unusual trends in bad or doubtful debts;
3.3 Post transaction review
A review of transactions after they have been processed can be effective in identifying fraudulent activity. Such a review may uncover altered or missing documentation, falsified or altered authorisation or inadequate documentary support. In addition to the possibility of detecting fraudulent transactions, such a strategy can also have a significant fraud prevention effect as the threat of detection may be enough to deter a person who might otherwise be motivated to engage in fraud.
The University's program of post-transaction reviews will identify a targeted sample of transactions for review with a particular focus on authorisation, adherence to guidelines on expenditure receipting, and missing documentation. This process will be conducted with direct reference to the findings of internal control reviews and fraud risk assessments.
3.4 Identification of early warning signs
Identification and acting on early warning signs of fraudulent activity is an important part of early fraud detection. The key to achieving an early warning capability is awareness. The fraud awareness training program, referred to at Section 2.4 will therefore include the identification of early warning signs or "red flags" for suspected fraud and how to respond if they are identified.
All personnel should be aware of their responsibility and are required to remain vigilant to identify and report any suspected fraudulent activity.
3.5 Responsibilities
The Vice-President (Services and Resources) is responsible for developing systems to detect fraud. The Vice-President (Services and Resources) will also consider the findings of any Fraud Risk Assessment to formulate effective responses and make improvements to fraud detection systems.
A summary of all responsibilities contained within this Fraud Control Plan are outlined in Appendix B.
3.6 Reporting instances of fraud
3.6.1 By University personnel
University personnel who become aware of suspected fraudulent conduct are required to report the matter in accordance with this Plan.
Personnel are also required to maintain strict confidentiality on any suspected fraud matter of which they have knowledge.
a) In the first instance, report the matter to a Head of School or Branch or relevant line manager.
b) If, for any reason, the staff member feels that reporting the incident through this channel would be inappropriate, he or she may report the matter directly to the General Counsel (contact details below) who is the University appointed Fraud Control Officer. Such reports may be made confidentially, if desired.
c) In the event of the allegation involving any of the following positions the matter should be referred directly to the Vice Chancellor and President:
* General Counsel;
* Vice President (Services and Resources);
* Deputy Vice-Chancellor and Vice-President (Academic);
* Deputy Vice-Chancellor and Vice President (Research).
d) Any Head of School or Branch or other relevant line manager receiving a report of alleged fraud must advise the relevant Executive Dean (if applicable) and immediately advise the General Counsel.
The contact details for the General Counsel are as follows:
Email: celine.mcinerney@adelaide.edu.au
The University will ensure all personnel are aware of the fraud reporting procedures and actively encourage all personnel to report suspected cases of fraud through the appropriate channels.
Appendix C is a flowchart that shows the appropriate reporting channels.
Members of the public are encouraged to report any suspicions of fraud direct to the General Counsel at the above contact details.
3.7 Whistleblower protection
Whistleblower protection is available in accordance with that legislation.
3.8 External audit
The University recognises that the external audit function has a role to play in the detection of fraud given the responsibilities of auditors under ASA240 'The Auditors' Responsibility to Consider Fraud in an Audit of a Financial Report'.
4. Response
4.1 Investigation procedures
a) General Counsel;
b) Director Human Resources;
c) Chief Financial Officer; and
d) Other relevant senior executive managers (e.g. Deputy Vice-Chancellor and Vice-President, Research or their nominees for research related matters)
The task force will consider the application of the Enterprise Agreement and other legislative or regulatory requirements in assessing, investigating, managing and reporting any alleged fraud.
4.2 Reporting to Law Enforcement Agencies
The University must act with exemplary standards. The standards of propriety that ought to be observed require it to act and to be seen to act in the public interest by reporting known or suspected acts of fraud. Therefore, all known or suspected acts of fraud will be reported to law enforcement agencies (such as SAPOL) and other relevant bodies (such as the Independent Commissioner Against Corruption and the Office of Public Integrity). Reports will be made notwithstanding any investigation by the University under the Enterprise Agreement or otherwise.
4.3 Reviewing systems and procedures (post fraud)
In each instance where fraud is detected, the University will reassess the adequacy of the internal control environment (particularly those controls directly impacting on the fraud incident and potentially allowing it to occur) and actively plan and implement improvements as soon as practicable.
4.4 Recovery of money or property lost through fraud
The University will actively pursue the recovery of any money or property lost through fraud after considering all relevant issues.
4.5 Provision of information to external agencies
Procedures for the collection and recording of fraud information are in place to ensure that external agencies, such as the Auditor General's Department, are informed annually of both the University of Adelaide's initiatives in fraud control (such as training and other fraud prevention and detection activities), any fraud risks identified during the fraud risk assessment, and any action taken by the University in response to fraud committed during the year (such as information in relation to fraud incidents, fraud losses, offenders and University responses and corrective actions). Information will be collected, classified and handled appropriately, having regard to privacy, confidentiality, legal professional privilege and the requirements of natural justice and procedural fairness.
4.6 Communication protocol
If fraud against the University is detected, the Vice-Chancellor and President will make all decisions on the appropriate communications protocol to be adopted.
a) The Vice-Chancellor and President will nominate one person to be the authorised spokesperson for any matter.
b) Any communication by a person other than the Vice-Chancellor and President or authorised spokesperson will be unauthorised.
This document is a component of Fraud and Corruption Prevention and Control Policy
https://www.adelaide.edu.au/policies/2803
Policy Control Information
| RMO File No. | 2023/3377 |
|---|---|
| Policy custodian | Vice-Chancellor and President |
| Responsible policy officer | Chief Risk Officer |
| Approved by | University Council |
| Related Policies | Academic Integrity Policy Authorship Policy Code of Conduct Behaviour and Conduct Policy Conflict of Interest Procedure Enterprise Agreement Financial Management Policy Giving Policy HR Handbook Intellectual Property Policy IT Acceptable Use and Security Policy Practice of a Discipline Outside the University by Academic Staff Risk Management Policy Remuneration and Employment Benefits Policy Responsible Conduct of Research Policy Student Misconduct Policy Travel and Entertainment Policy and Procedures University of Adelaide Enterprise Agreement Public Interest Disclosure Policy Risk Policy Contracts and Agreements Policy Copyright Compliance Policy University Records Policy Giving Policy Financial Management Policy and Procedures Purchasing Procedures Travel & Entertainment Policy Staff Development, Performance and Promotions Policy |
| Related legislation | University of Adelaide Act 1971 (SA) Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) Australian Code for the Responsible Conduct of Research 2018 Corporations Act 1990 (SA) Corporations Act 2001 (Cth) Crimes Act 1914 (Cth) Independent Commission Against Corruption Act 2012 Criminal Code Act 1995 (Cth) Criminal Law Consolidation Act 1935 (SA) Foreign Corrupt Practices Act of 1977 (USA) Bribery Act 2010 (UK) Public Interest Disclosure Act 2018 (SA) Public Finance & Audit Act 1987 (SA) Surveillance Devices Act 2016 (SA) Tertiary Education Quality Standards Agency Act 2011 (Cth) National Security Legislation Amendment (Espionage and Foreign Interference) Act 2018 National Anti-Corruption Commission Act 2022 (Cth) |
| Superceded Policies | Fraud and Corruption Control Policy |
| Effective from | 16 October 2023 |
| Review Date | 15 October 2026 |
| Contact for queries about the policy | Chief Risk Officer, Risk Services, risk@adelaide.edu.au |
Please refer to the Policy Directory for the latest version.