Section 1 - Audience
(1) This Framework applies to the University of Newcastle (University) and its controlled entities.
Top of PageSection 2 - Executive Summary
(2) This Framework supports the:
- prevention of internally and externally instigated fraud and corruption against the University;
- timely detection and disruption of fraud and corruption against the University in the event that preventative strategies fail;
- recovery of property misappropriated, or obtaining secure compensation equivalent to any loss suffered, as a result of fraudulent or corrupt conduct; and
- suppression of fraud and corruption by the University against other entities.
Top of PageSection 3 - Scope
(3) This Framework outlines the University's Fraud and Corruption Control System which includes:
- Planning and resources;
- Fraud and corruption prevention;
- Fraud and corruption detection;
- Responding to actual or suspected fraud and corruption incidents.
(4) This Framework addresses fraud and corruption against and by the University.
(5) Fraudulent and corrupt conduct against the University is where the University is the victim or intended victim and will suffer, in most cases, a relatively minor impact to its reputation (depending on the quantum) should a fraud or corrupt incident occur, in addition to any economic loss suffered.
(6) Fraud and corruption by the University is where the University will usually be a beneficiary of fraud or corruption until the conduct is discovered and exposed, in which case the reputational impact is likely to be substantial.
(7) This Framework covers the following three significant categories of fraud and corruption:
- fraud involving the misappropriation of assets;
- fraud involving the manipulation of financial reporting (either internal or external to the University); and
- corruption involving the abuse of a position for personal gain.
(8) This framework was prepared in line with AS 8001-2021 Fraud and Corruption Control, and where practical, aligns with good practice advice issued by the NSW Independent Commission Against Corruption (ICAC), the NSW Ombudsman and Audit Office of NSW (AONSW).
Top of PageSection 4 - Definitions
(9) In the context of this document:
- Control, or internal control means an existing process, policy, device, practice, or other action that acts to minimise negative risks or enhance positive opportunities;
- Corruption means a dishonest activity in which an employee, conjoint, volunteer or contractor of an entity acts contrary to the interests of the entity and abuses their position of trust in order to achieve some personal gain or advantage for themselves or for another person or entity. The concept of corruption can also involve corrupt conduct by the entity, or a person purporting to act on behalf of and in the interests of the entity, in order to secure some form of improper advantage for the entity either directly or indirectly;
- Entity means a corporation, government agency, not-for-profit organisation or other entity engaged in business activity or transacting with other entities in a business-like setting;
- Fraud (and fraudulent) means an activity where deception is used to cause gain or loss (actual or potential) to a person or organisation. Fraud against the University can include theft of University property by people within University and the deliberate falsification, concealment, destruction or improper use of University documentation or systems for personal benefit. The concept of fraud within this Framework can involve conduct by internal or external entities targeting the University, or by the University targeting external entities;
- Fraud and Corruption Risk Assessment means the application of risk management principles and techniques in the assessment of the risk of fraud and corruption within an entity;
- Investigation means a search for evidence connecting or tending to connect a person (either a natural person or a body corporate) with conduct that infringes the criminal law, or the policies and standards set by the affected entity; and
- Serious (in the context of a risk or event) means likely to have more than an immaterial impact on the University, if it occurred, with the potential to threaten the University's economic viability in the short, medium or long term or to have a noticeable impact on the University's reputation.
Top of PageSection 5 - Introduction
(10) Fraud and corruption present risks to the University and if not detected or prevented can impact on the University in terms of financial loss, reputational damage, diversion of management energy, reduction in organisational morale, operational disruption, loss of employment, reduced performance, and diminished safety.
(11) The University deals with risk on a daily basis and manages enterprise risk by a targeted and strategic process as outlined in the Risk Management Framework. This approach is applied to manage the risk of fraud and corruption within its business operations.
(12) The University has a zero tolerance for fraud and corruption. This is supported by the values and principles of the Ethical Framework.
(13) The University Council and the Executive Leadership Team are committed to an ethical culture that is driven by the University's values, and supported by strong governance practices that promote resistance to fraudulent and corrupt conduct. These governance practices are embodied in the decisions, actions and behaviours of leaders. University leaders, including members of the University Council and the Executive Leadership Team are responsible for setting the ‘tone at the top’ by acting with integrity in all aspects of their interactions and decisions.
Top of PageSection 6 - Planning and Resources
(14) The University will implement, monitor, communicate and review this Framework, which will be co-ordinated by Legal and Compliance.
Resources
(15) The General Counsel has responsibility for management of this framework. In performing this role may engage legal, finance or other advisers, consultants or experts as considered necessary from time to time to fulfil the duties of the role. The General Counsel may also engage internal resources, as appropriate.
Internal Audit Activity in Fraud and Corruption Control
(16) Internal Audit performs a vital role in assisting to identify indicators of fraud and corruption. The functions and responsibilities of Internal Audit are documented in the Internal Audit Charter.
Top of PageSection 7 - Fraud and Corruption Prevention
(17) The University's senior staff are accountable for managing the prevention of fraud and corruption within their business unit and for ensuring compliance with University legislation, rules, policies and procedures.
(18) The review of rules, policies and procedures, and subsequent approval by delegated authorities must be undertaken in consideration of risks of fraud and corruption, where applicable.
(19) The University's internal control structure in relation to corruption and fraud control includes:
- leadership and governance from the Council, the Risk Committee, the Vice-Chancellor and senior staff;
- policies and procedures in key areas of governance, finance, human resources, facilities, information technology, teaching and learning, and research;
- dedicated resources with accountabilities / responsibilities for the control of fraud and corruption within the organisational structure including the Risk Committee, Executive Leadership Team, Legal and Compliance, Research Integrity Unit, Research Peer Reviewers, Human Research Ethics Committee and Animal Care and Ethics Committee;
- Codes of Conduct (see Student Code of Conduct and Staff Code of Conduct) that encourage the reporting of corrupt conduct, maladministration and fraudulent activities;
- an awareness program provided to staff via induction and regular compliance training;
- investigation procedures to deal with suspected fraudulent or corrupt activity, as outlined in this Framework;
- Legal and Compliance who provide advice on fraud and corruption prevention and management;
- Internal Audit who conduct internal audits that determine the effectiveness of governance, risk management and fraud control processes;
- An expectation for high risk areas to test and assess the operating effectiveness of internal controls (pressure testing) to identify and rectify vulnerabilities; and
- external audits conducted by the AONSW.
Fraud and Corruption Risk Assessment
(20) Periodic and comprehensive fraud and corruption risk assessments are conducted throughout the University in accordance with the University's Risk Management Framework.
Communication and Awareness of Fraud and Corruption
(21) The University will implement and maintain a range of awareness strategies, including but not limited to:
- staff induction and training programs;
- the University's Conflict of Interest Policy;
- promotion of key internal controls used to manage the risk of fraudulent activities;
- seminars and presentations on relevant topics; and
- awareness initiatives associated with the implementation of relevant policies, such as the Student Code of Conduct and Staff Code of Conduct.
Employment Screening
(22) Successful candidates for employment at the University undergo checks in accordance with the University's recruitment procedures.
Supplier Vetting
(23) The University's Procurement Policy establishes the requirements for procurement activities.
Top of PageSection 8 - Fraud and Corruption Detection
Fraud and Corruption Detection Program
(24) Early detection of fraud is a core element of fraud control, particularly in areas of identified high risk. The University recognises that regardless of how comprehensive a prevention regime is, it is not fool proof against fraud. A fraud detection regime is an essential component of a rigorous anti-fraud program as both a deterrent and a fraud identification mechanism. The University's fraud detection regime includes:
- Internal Audit – fraud risk assessments are used to inform the development of the University's annual internal audit work plan. Specific fraud-focused internal audits are directed at areas where significant vulnerabilities are identified;
- External Audit – University management and the Risk Committee discuss with the AONSW the audit procedures for the University's annual financial audit. The University supports the AONSW to assist in fraud detection and response;
- continuous monitoring program / data analytics – the University's information systems are an important source of information on fraudulent and corrupt conduct. With the use of software applications and computer assisted audit techniques, a series of suspect transactions can be identified and investigated. Investigations are conducted by personnel external to the business unit in which the transactions occur; and
- internal and external reporting channels and Public Interest Disclosures – there are various ways in which a person may report suspected or actual fraud at the University. Staff may make a report to their supervisor, senior line manager, or the General Counsel.
External Auditor’s Role in the Detection of Fraud
(25) The external audit process provides assurances to NSW Parliament on the stewardship of the University. The AONSW, as NSW Parliament’s external auditor, discharges the responsibility of external audit principally through the certification of the University's financial statements. The Risk Committee hold annual discussions with the AONSW in relation to the likelihood of fraud, error arising from fraudulent reporting, or misappropriation of assets.
Public Interest Disclosure (Whistle-blower) Program
(26) The University's corporate values, including honesty and accountability, are set out in the Student Code of Conduct and Staff Code of Conduct and these underpin the prevention of fraud and corruption. University staff are considered public officials; this means if staff suspect or become aware of any fraud or corruption in relation to any aspect of the University's operations, this is a matter of public interest and therefore, staff have a responsibility to report it. Reporting fraudulent or corrupt practice is also known as ‘whistleblowing’ or making a public interest disclosure (PID).
(27) The University Public Interest Disclosures Policy outlines how to make a PID. The Public Interest Disclosures Act 2022 provides formal legal protection against any reprisals for disclosures reported.
Reporting of Actual or Suspected Fraud and Corruption Incidents
(28) If a staff member suspects another member of staff or the entity of acting corruptly or engaging in fraudulent conduct, then it is the responsibility of that staff member to report the actual or suspected conduct. Reports should generally be made to the reporting staff member’s immediate manager or another manager in their area.
(29) Staff who are reporting actual or suspected fraudulent or corrupt conduct are encouraged to provide a written summary of the matter.
(30) Managers and Public Interest Disclosure Officers who have received a report of actual or suspected fraudulent or corrupt conduct are to report the matter to the General Counsel in a timely manner.
(31) Staff may have legitimate concerns about reporting to an immediate manager or another manager In these cases, reports may be made to the General Counsel (who is also the designated Public Interest Disclosures Coordinator). Alternatively, reports can be made directly to:
- the designated Public Interest Disclosures Officers (see Public Interest Disclosure Policy);
- Vice-Chancellor;
- NSW Audit Office;
- Independent Commission Against Corruption;
- Police; or
- NSW Ombudsman.
(32) Contact details for external agencies are below:
Agency |
Contact Details |
NSW Audit Office |
GPO Box 12
Sydney NSW 2001
Telephone (02) 9275 7100
Email: mail@audit.nsw.gov.au
|
Independent Commission Against Corruption |
GPO Box 500
Sydney NSW 2001
Telephone (02) 8281 5999
Facsimile (02) 9264 5364
Email: icac@icac.nsw.gov.au
|
NSW Police |
Telephone 131 444 |
NSW Ombudsman |
Level 24
580 George Street
Sydney NSW 2000
Telephone (02) 9286 1000
Facsimile (02) 9283 2911
Email: nswombo@ombo.nsw.gov.au
|
Top of PageSection 9 - Responding to Actual or Suspected Fraud and Corruption Incidents
Investigation of Actual or Suspected Fraud and Corruption Incidents
(33) Upon being informed of an actual or suspected incident:
- the General Counsel may:
- Undertake a preliminary fact-finding enquiry to ascertain whether or not a complaint or suspected fraud has any merits to be referred to a full investigation. The General Counsel has complete discretion as to this process and who undertakes the fact-finding investigation.
- Consult with the Vice-Chancellor; or in the case of conduct concerning the Vice-Chancellor, with the Chair of the Risk Committee and/or the Chancellor.
- if a complaint or suspected fraudulent activity is progressed to a formal investigation the following requirements for investigations must be met:
- investigator(s) or an investigation team will be formed by the General Counsel;
- investigator(s) must be appropriately skilled and experienced, and be independent of the business unit in which the actual or suspected incident of fraud or corruption has occurred;
- investigators may include (but is not limited to):
- Senior Compliance Manager;
- the Chief Financial Officer if the matter involves fraud;
- the Deputy Vice-Chancellor (Academic) and Vice President if the matter involves students; or
- the Deputy Vice-Chancellor (Research and Innovation), where the matter involves research or research conduct.
- the General Counsel may determine if it is necessary to engage external investigation resources;
- persons subject to an investigation must be afforded procedural fairness;
- investigative proceedings must be conducted transparently;
- the principles of independence and objectivity must be upheld by all investigators;
- investigations must comply with all relevant legislation;
- adequate records of the investigative process must be made and stored in accordance with the University's Privacy Management Plan and Records Governance Policy;
- confidentiality of all information obtained and produced during the investigative process must be maintained, and the release of information must occur only at the directive of the General Counsel;
- an investigation must result in the production of an Investigation Report;
- all investigations involving an allegation of misconduct against a staff member will also consider any procedural requirements under the relevant Enterprise Agreement or related policy.
(34) The General Counsel must:
- report substantiated cases of fraud or corruption to the Vice-Chancellor;
- provide an annual report to the Vice-Chancellor, summarising all incidents; and
- maintain a database containing all reports of fraud and corruption, actions taken, and outcomes.
(35) The Vice-Chancellor must report to the Risk Committee regularly, and as appropriate in respect of any material incidents.
Disciplinary Procedures
(36) Where a report of actual or suspected fraud or corrupt conduct is found to be substantiated against a staff member, disciplinary procedures may be implemented in accordance with the relevant Enterprise Agreement, the staff member’s employment contract, University policies, or procedures.
(37) The implementation of disciplinary procedures may be informed by the findings of the investigation.
External Reporting
(38) The General Counsel is responsible for determining if an actual or suspected incident of fraud or corruption is required to be reported to an appropriate external body, such as the Independent Commission Against Corruption, NSW Police, NSW Ombudsman or the NSW Audit Office.
(39) Reporting to an external body must take place as soon as there are reasonable grounds to suspect fraud or corruption has occurred, or is about to occur.
(40) Under Section 11 (2) of the Independent Commission Against Corruption Act 1988, the Vice-Chancellor must report to ICAC any matters that, on reasonable grounds, concern or may concern corrupt conduct.
(41) The General Counsel or the Vice-Chancellor may report to NSW Police any matters that, on reasonable grounds, concern or may concern a criminal offence. This includes fraud.
Civil Proceedings to Recover the Proceeds of Fraud or Corruption
(42) The University will seek to recover any money or assets lost, and seek criminal or civil restitution when it is in the best interests of the University to do so.
(43) If recovery does not occur, the amount of money or assets lost may be borne by the business unit, College or School where the incident occurred.
Internal Control Review Following Discovery of Fraud
(44) The University, in conjunction with the business unit, College or School's management team, will conduct a review of the internal controls in the relevant area where fraud or corruption is detected, with a view to recommending continuous improvement initiatives for the enhancement and improved rigour of internal controls to prevent a recurrence of the same nature. This review will be coordinated by the General Counsel.
Maintaining and Monitoring Adequacy of Fidelity Guarantee Insurance and Other Insurance Relative Policies Dealing with Fraudulent or Improper Conduct
(45) The University will, as part of the regular review of its insurance cover, review the appropriate level of Fidelity Insurance Cover.