• Section 1 - Audience
• Section 2 - Executive Summary
• Section 3 - Purpose
• Section 4 - Scope
• Section 5 - Definitions
• Section 6 - Introduction
• Section 7 - Planning and Resources
• Resources
• Internal Audit Activity in Fraud and Corruption Control
• Section 8 - Fraud and Corruption Prevention
• Fraud and Corruption Risk Assessment
• Communication and Awareness of Fraud and Corruption
• Employment Screening
• Supplier Vetting
• Section 9 - Fraud and Corruption Detection
• Fraud and Corruption Detection Program
• External Auditor’s Role in the Detection of Fraud
• Public Interest Disclosure (Whistle-blower) Program
• Reporting of Actual or Suspected Fraud and Corruption Incidents
• Section 10 - Responding to Actual or Suspected Fraud and Corruption Incidents
• Framework for the Investigation of Actual or Suspected Fraud and Corruption Incidents
• Disciplinary Procedures
• External Reporting
• Civil Proceedings to Recover the Proceeds of Fraud or Corruption
• Internal Control Review Following Discovery of Fraud
• Maintaining and Monitoring Adequacy of Fidelity Guarantee Insurance and Other Insurance Relative Policies Dealing with Fraudulent or Improper Conduct

Section 1 - Audience

(1) This Framework applies to the University of Newcastle (University) in the entirety.

Section 2 - Executive Summary

(2) This Framework establishes how the University:

1. plans and resources the identification and control of fraud and corruption; and
2. prevents, detects and responds to fraud and corruption.

(3) This Framework is prepared in line with AS 8001-2008 Fraud and Corruption Control, and incorporates the ten attributes of fraud control contained in the NSW Auditor-Generals Office (AONSW) 2015 Fraud Control Improvement Kit.

Section 3 - Purpose

(4) This Framework supports the:

1. prevention of internally and externally instigated fraud and corruption against the University;
2. timely detection of fraud and corruption against the University in the event that preventative strategies fail;
3. recovery of property misappropriated, or obtaining secure compensation equivalent to any loss suffered, as a result of fraudulent or corrupt conduct; and
4. suppression of fraud and corruption by the University against other entities.

Section 4 - Scope

(5) This Framework addresses fraud and corruption against and by the University. Fraudulent and corrupt conduct against the University is where the University is the victim or intended victim and will suffer, in most cases, a relatively minor impact to its reputation (depending on the quantum) should a fraud or corrupt incident occur, in addition to any economic loss suffered. Fraud and corruption by the University is where the University will usually be a beneficiary of fraud or corruption until the conduct is discovered and exposed, in which case the reputational impact is likely to be substantial. 

(6) This Framework deals with the following three main categories of fraud and corruption:

1. fraud involving the misappropriation of assets;
2. fraud involving the manipulation of financial reporting (either internal or external to the University); and
3. corruption involving the abuse of a position for personal gain.

Section 5 - Definitions

(7) In the context of this document:

1. control, or internal control means an existing process, policy, device, practice, or other action that acts to minimise negative risks or enhance positive opportunities;
2. corruption means a dishonest activity in which an employee, conjoint, volunteer or contractor of an entity acts contrary to the interests of the entity and abuses their position of trust in order to achieve some personal gain or advantage for themselves or for another person or entity. The concept of corruption can also involve corrupt conduct by the entity, or a person purporting to act on behalf of and in the interests of the entity, in order to secure some form of improper advantage for the entity either directly or indirectly;
3. entity means a corporation, government agency, not-for-profit organisation or other entity engaged in business activity or transacting with other entities in a business-like setting;
4. fraud (including fraudulent) means dishonest activity causing actual or potential financial loss to any person or entity including theft of moneys or other property by employees or persons external to the entity and where deception is used at the time, immediately before, or immediately following the activity. This also includes the deliberate falsification, concealment, destruction or use of falsified documentation used or intended for use for a normal business purpose or the improper use of information or position for personal financial benefit. The theft  of property belonging to an entity by a person or persons internal to the entity but where deception is not used is also considered ‘fraud’. The concept of fraud within this Framework can involve fraudulent or corrupt conduct by internal or external parties targeting the University, or fraudulent or corrupt conduct by the University itself targeting external parties;
5. Fraud and Corruption Risk Assessment means the application of risk management principles and techniques in the assessment of the risk of fraud and corruption within an entity;
6. investigation means a search for evidence connecting or tending to connect a person (either a natural person or a body corporate) with conduct that infringes the criminal law, or the policies and standards set by the affected entity; and
7. serious (in the context of a risk or event) means likely to have more than an immaterial impact on the University, if it occurred, with the potential to threaten the University's economic viability in the short, medium or long term or to have a noticeable impact on the University's reputation.

Section 6 - Introduction

(8) Fraud and corruption present risks to the University and if not detected or prevented can impact on the University in terms of financial loss, reputational damage, diversion of management energy, reduction in organisational morale, operational disruption, loss of employment, reduced performance, and diminished safety.

(9) The University deals with risk on a daily basis and manages enterprise risk by a targeted and strategic process as outlined in the Risk Management Framework. This approach is applied to manage the risk  of fraud and corruption within its business operations.

(10) The University has a zero tolerance for fraud and corruption. This is supported by the values and principles of the Ethical Framework.

(11) The University Council and the Executive Committee are committed to an ethical culture that is driven by the University's values, and supported by strong governance practices that promote resistance to fraudulent and corrupt conduct. These governance practices are embodied in the decisions, actions and behaviours of leaders. University leaders, including members of the University Council and the Executive Committee are responsible for setting the ‘tone at the top’ by acting with integrity in all aspects of their interactions and decisions.

Section 7 - Planning and Resources

(12) The University will implement, monitor, communicate and review this Framework, which will be co-ordinated by Legal & Compliance. Implementation will include the development of a monitoring plan, outlining key milestones, resources and objectives to be achieved.

Resources

(13) The General Counsel, Legal & Compliance is the Disclosure Coordinator, and in performing this role may engage legal, finance or other advisers, consultants or experts as considered necessary from time to time to fulfil the duties of the role. The Disclosure Coordinator may also engage internal resources, including a Fraud and Corruption Officer, as appropriate.

Internal Audit Activity in Fraud and Corruption Control

(14) Internal Audit performs a vital role in assisting to identify indicators of fraud and corruption. The functions and responsibilities of Internal Audit are documented in the Internal Audit Charter.

Section 8 - Fraud and Corruption Prevention

(15) The University's senior staff are accountable for managing the prevention of fraud and corruption within their business unit and for ensuring compliance with University legislation, rules, policies and procedures.

(16) The review of rules, policies and procedures, and subsequent approval by delegated authorities must be undertaken in consideration of risks of fraud and corruption, where applicable.

(17) The University's internal control structure in relation to corruption and fraud control includes:

1. leadership and governance from the Council, the Risk Committee, the Vice-Chancellor and senior staff;
2. policies and procedures in key areas of governance, finance, human resources, facilities, information technology, teaching and learning, and research;
3. dedicated resources with accountabilities / responsibilities for the control of fraud and corruption within the organisational structure including the Risk Committee, Executive Committee, Disclosure Coordinator and staff, Legal & Compliance, Research Ethics and Integrity Unit, Research Peer Reviewers, Human Research Ethics Committee and Animal Care and Ethics Committee;
4. a Code of Conduct that encourages the reporting of corrupt conduct, maladministration and fraudulent activities;
5. an awareness program provided to staff via induction and regular compliance training;
6. investigation procedures to deal with suspected fraudulent or corrupt activity, as outlined in this Framework;
7. Legal & Compliance who provide advice on fraud and corruption prevention and management;
8. Internal Audit who conduct internal audits that determine the effectiveness of governance, risk management and fraud control processes; and
9. external audits conducted by the AONSW.

Fraud and Corruption Risk Assessment

(18) Periodic and comprehensive fraud and corruption risk assessments are conducted throughout the University in accordance with the University's Risk Management Framework.

Communication and Awareness of Fraud and Corruption

(19) The University will implement and maintain a range of awareness strategies, including but not limited to:

1. staff induction programs;
2. the University's Conflict of Interest Policy;
3. communication of data on fraud trends from reports and the media;
4. promotion of key internal controls used to manage the risk of fraudulent activities;
5. seminars and presentations on relevant topics;
6. staff compliance training programs; and
7. awareness initiatives associated with the implementation of relevant policies, such as the Code of Conduct.

Employment Screening

(20) Successful candidates for employment at the University undergo checks in accordance with the University's recruitment procedures.

Supplier Vetting

(21) The University's Procurement Policy establishes the requirements for procurement activities.

Section 9 - Fraud and Corruption Detection

Fraud and Corruption Detection Program

(22) Early detection of fraud is a core element of fraud control, particularly in areas of identified high risk. The University recognises that regardless of how comprehensive a prevention regime is, it is not fool proof against fraud. A fraud detection regime is an essential component of a rigorous anti-fraud program as both a deterrent and a fraud identification mechanism. The University's fraud detection regime includes:

1. Internal Audit – fraud risk assessments are used to inform the development of the University's annual internal audit work plan. Specific fraud-focused internal audits are directed at areas where significant vulnerabilities are identified;
2. External Audit – University management and the Risk Committee discuss with the AONSW the audit procedures for the University's annual financial audit. The University supports the AONSW to assist in fraud detection and response;
3. continuous monitoring program / data analytics – the University's information systems are an important source of information on fraudulent and corrupt conduct. With the use of software applications and computer assisted audit techniques, a series of suspect transactions can be identified and investigated. Investigations are conducted by personnel external to the business unit in which the transactions occur; and
4. internal and external reporting channels and Public Interest Disclosures – there are various ways in which a person may report suspected or actual fraud at the University. Staff may make a report to their supervisor, senior line manager, or the General Counsel, Legal & Compliance.

External Auditor’s Role in the Detection of Fraud

(23) The external audit process provides assurances to NSW Parliament on the stewardship of the University. The AONSW, as NSW Parliament’s external auditor, discharges the responsibility of external audit principally through the certification of the University's financial statements. The Risk Committee hold annual discussions with the AONSW in relation to the likelihood of fraud, error arising from fraudulent reporting, or misappropriation of assets.

Public Interest Disclosure (Whistle-blower) Program

(24) The University's corporate values, including honesty and accountability, are set out in the Code of Conduct and these underpin the prevention of fraud and corruption. University staff are considered public officials; this means if staff suspect, or become aware of any fraud or corruption in relation to any aspect of the University's operations, this is a matter of public interest and therefore, staff have a responsibility to report it. Reporting fraudulent or corrupt practice is also known as ‘whistleblowing’ or making a public interest disclosure (PID). 

(25) The University Public Interest Disclosures Policy outlines how to make a PID. The Public Interest Disclosure Act provides formal legal protection against any reprisals for correctly reported disclosures.

Reporting of Actual or Suspected Fraud and Corruption Incidents

(26) If a staff member suspects another member of staff or the entity of acting corruptly or engaging in fraudulent conduct, then it is the responsibility of that staff member to report the actual or suspected conduct. Reports should generally be made to the reporting staff member’s immediate manager or another manager in their area.

(27) Staff who are reporting actual or suspected fraudulent or corrupt conduct are encouraged to provide a written summary of the matter.

(28) Managers who have received a report of actual or suspected fraudulent or corrupt conduct must report the matter to Legal & Compliance in a timely manner.

(29) Staff may have legitimate concerns about reporting to an immediate manager or another manager, even where the matter does not involve the manager. In these cases, reports may be made to the General Counsel, Legal & Compliance (who is also the designated Public Interest Disclosures Coordinator). Alternatively, reports can be made directly to:

1. the designated Public Interest Disclosures Officers (see Public Interest Disclosure Policy);
2. Vice-Chancellor;
3. NSW Audit Office;
4. Independent Commission Against Corruption;
5. Police; or
6. NSW Ombudsman.

(30) Contact details include:

(31) Legal & Compliance will receive, record and investigate reports of actual or suspected fraud and corruption.

Section 10 - Responding to Actual or Suspected Fraud and Corruption Incidents

Framework for the Investigation of Actual or Suspected Fraud and Corruption Incidents

(32) This Framework sets out the required reporting, assessment and investigation procedures for actual or suspected incidents of fraud and corruption, and is supported by operational procedures.

(33) Upon being informed of an actual or suspected incident:

1. the General Counsel, Legal & Compliance may consult with the Vice-Chancellor; or in the case of conduct concerning the Vice-Chancellor, with the Chair of the Risk Committee and/or the Chancellor, in relation to a preliminary assessment. This consultation will assist to decide how to initially respond, if relevant, and how to proceed with an investigation and the appointment of investigators;
2. an investigation must occur for all actual or suspected incidents of fraud and corruption. The following requirements for investigations must be met:
   1. investigator(s) or an investigation team will be formed by the General Counsel, Legal & Compliance;
   2. investigator(s) must be appropriately skilled and experienced, and be independent of the business unit in which the actual or suspected incident of fraud or corruption has occurred;
   3. investigators may include:
      1. the Chief Financial Officer if the matter involves fraud;
      2. the Deputy Vice-Chancellor (Academic) and Vice President if the matter involves students; or
      3. the Deputy Vice-Chancellor (Research and Innovation), where the matter involves research or research conduct; and
      4. the Internal Audit Fraud and Corruption Officer.
3. the General Counsel, Legal & Compliance may determine if it is necessary to engage external investigation resources. External investigation resources must be required to enter into a binding agreement in relation to the release of confidential information coming into their possession during the investigation process;
4. suspects must be afforded procedural fairness and propriety so that their rights are not impinged upon;
5. investigative proceedings must be conducted transparently;
6. the principles of independence and objectivity must be upheld by all investigators;
7. investigations must comply with all relevant legislation;
8. adequate records of the investigative process must be made and stored in accordance with the University's Privacy Management Plan and Records and Information Management Policy;
9. confidentiality of all information obtained and produced during the investigative process must be maintained, and release of information must occur only at the directive of the General Counsel, Legal & Compliance;
10. an investigation must result in the production of an Investigation Report; and
11. investigations into improper conduct within the University may be subject to supervision by a Council Sub-Committee, at the direction of the Council, dependent upon the seriousness of the matter under investigation.

(34) The General Counsel, Legal & Compliance must:

1. report substantiated cases of fraud or corruption to the Vice-Chancellor; 
2. provide an annual report to the Vice-Chancellor, summarising all incidents; and
3. maintain a database containing all reports of fraud and corruption, actions taken, and outcomes.

(35) The Vice-Chancellor must report to the Risk Committee regularly, and as appropriate in respect of any material incidents.

Disciplinary Procedures

(36) Where a report of actual or suspected fraud or corrupt conduct is found to be substantiated against a staff member, disciplinary procedures may be implemented in accordance with the relevant Enterprise Agreement, the staff member’s employment contract, University policies, or procedures.

(37) The implementation of disciplinary procedures may be informed by the findings of the investigation.

External Reporting

(38) The General Counsel, Legal & Compliance is responsible for determining if an actual or suspected incident of fraud or corruption is required to be reported to an appropriate external body, such as the Independent Commission Against Corruption, NSW Police, NSW Ombudsman or the NSW Audit Office.

(39) Reporting to an external body must take place as soon as there are reasonable grounds to suspect fraud or corruption has occurred, or is about to occur.

(40) Under Section 11 (2) of the Independent Commission Against Corruption Act 1988, the Vice-Chancellor must report to ICAC any matters that, on reasonable grounds, concern or may concern corrupt conduct.

(41) The Vice-Chancellor must report to NSW Police any matters that, on reasonable grounds, concern or may concern a criminal offence. This includes fraud.

Civil Proceedings to Recover the Proceeds of Fraud or Corruption

(42) The University will seek to recover any money or assets lost, and seek criminal or civil restitution when it is in the best interests of the University to do so.

(43) If recovery does not occur, the amount of money or assets lost may be borne by the business unit, college or school where the incident occurred.

Internal Control Review Following Discovery of Fraud

(44) The University, in conjunction with the business unit, college or school’s management team, will conduct a review of the internal controls in the relevant area where fraud or corruption is detected, with a view to recommending continuous improvement initiatives for the enhancement and improved rigour of internal controls to prevent a recurrence of the same nature. This review will be coordinated by the General Counsel, Legal & Compliance.

Maintaining and Monitoring Adequacy of Fidelity Guarantee Insurance and Other Insurance Relative Policies Dealing with Fraudulent or Improper Conduct

(45) The University will, as part of the regular review of its insurance cover, review the appropriate level of Fidelity Insurance Cover.