Governance and Fraud Control within Selected Adult
Education Agencies
1.1 Introduction
Robust governance is necessary to manage fraud risk, and
therefore effective fraud control. Fraud management and governance
are therefore inextricably linked.
The Public Administration Act 2004 (PAA), at Part 5,
Division 2, sets out governance principles for public entities.
However, some agencies, including the Centre for Adult Education
(CAE) and the Adult Multicultural Education Services (AMES) are
excluded from this section of the Act, as they existed prior to the
legislation coming into force. These agencies are bound by the
Public Service Standards Commissioner’s Directors’ Code of Conduct,
which came into force in
July 2006.
The Standing Directions of the Minister for Finance under the
Financial Management Act 1994 require boards to establish
robust financial governance arrangements.
There is also ample guidance material on governance available
from the State Services Authority, the Ombudsman and central
agencies.
It is estimated that fraud costs the Australian economy more
than $6 billion a year, and that Australian organisations may
experience a higher rate of fraud than the global average.
An agency’s governing body is ultimately responsible for fraud
risk management, and is a critical part of any agency’s internal
control environment. In addition to directing the policy framework,
board members should model high standards of ethical behaviour for
all staff. The actions and behaviour of the board sets the ‘tone at
the top’, which can significantly influence employees.
While boards and Chief Executive Officers (CEOs) are primarily
responsible for fraud management, all staff play a role in
preventing and reporting fraud.
The audit examined whether the systems, policies and procedures
in the following agencies are sufficiently robust to defer
fraud:
- Adult Multicultural Education Service
(AMES)
- Centre for Adult Education
(CAE)
- Driver Education Centre of Australia
Limited (DECA)
- William Angliss Institute of TAFE
(WAI).
These organisations are public entities under the Public
Administration Act 2004. Public entities are bodies
established to exercise a public function on behalf of the state,
or are wholly owned by the state.
Objectives
During the audit, instances of boards and management not
complying with agency policies and procedures were encountered.
Consequently, while the audit was originally examining whether
agencies’ systems, policies and procedures were robust and deterred
fraud, it was broadened to include agencies’ governance
arrangements.
1.2 Overall conclusion
Agency governance
Effective fraud management depends on agencies developing sound
governance and financial management arrangements.
The audit found that governance in some agencies was inadequate,
and the actions of some CEOs and board members resulted in
unnecessary costs, foregone revenue and public assets being put at
risk. A pattern emerged in these agencies, of implementing
short-term solutions rather than consolidating the agency’s
long-term interests, and failing to comply with agency and state
government policy.
Good governance promotes accountability and transparency, both
of which are fundamental to fraud control. Despite changes to their
membership, organisations’ boards operate in perpetuity. As
accurate recordkeeping is essential for good governance,
significant decisions, including the rationale, should be
adequately documented. The recordkeeping associated with
significant decisions was inadequate in AMES and CAE.
Fraud management
Agencies have not adopted a strategic, systematic approach to
the management of fraud, based on agency-specific risk assessments.
Instead, they are relying on business operating procedures that
include management controls to assist in preventing and detecting
fraud and other inappropriate behaviour.
Although they have well developed procedures to report,
investigate and respond to the suspicion of fraud, in the absence
of a strategic and systematic approach to fraud detection and
management, agencies cannot be assured that fraud risks have been
adequately mitigated.
Each of the agencies reviewed had recognised the importance of
organisational culture to fraud control.
Sector oversight
The arrangements for overseeing adult education agencies were
established when agencies were relatively modest businesses that
represented a low risk for the state. The arrangements are still in
operation today, and are no longer appropriate for the scale and
complexity of current agencies’ business.
While service delivery is monitored through various performance
agreements, there is inadequate monitoring of board operations.
1.3 Findings
Agency governance
The governance processes and oversight of the audited agencies’
operations was largely sound. However, governance standards in two
agencies have been poor.
The audit identified examples of board decisions that have been
detrimental to their agencies. These decisions were preceded by the
board failing to comply with relevant legislation and policy. The
rationale and documentation for most of these decisions is absent
or inadequate.
Audit committees in two agencies have not been effective in
identifying and managing issues with governance, fraud control,
inappropriate behaviour and non-compliance with agency policies and
procedures.
While agencies planned for fraud awareness training it was often
not delivered.
Agencies did not effectively promote a culture of fraud
awareness.
Fraud management
Although the agencies examined established processes for
investigating and reporting suspected frauds and other
inappropriate behaviour, they:
- have not identified fraud risks specific
to their business or assessed the extent to which internal controls
and procedures mitigate these risks
- have not developed appropriate fraud
management plans
- were not adequately monitoring staff
compliance with their policies and procedures
- were not consistently complying with the
reporting requirements in the Financial Management Act
1994.
Sector oversight
The adult education sector is overseen by two bodies, Skills
Victoria and the Adult, Community and Further Education Board
(ACFE).
ACFE and Skills Victoria, through performance agreements, grant
funding to agencies to provide adult education services. While ACFE
and Skills Victoria receive reports on service provision as part of
the performance agreement, they do not review the governance
arrangements and operation of the boards in these agencies, and
were not established for this purpose.
The adult education sector has experienced considerable change
over time, and service providers are able to derive significant
income from business opportunities, such as revenue from
international and other students, and tendered services such as
AMES’ provision of settlement services.
As the adult education sector has grown and changed and many
adult education institutions have become substantial businesses,
they represent a greater risk for the state.
1.4 Recommendations
Governance
AMES and CAE be bound by all of the requirements of the
Public Administration Act 2004 (Recommendation
4.1).
Board members should be inducted to the requirements of, and
comply with, relevant legislation and agency policies and
procedures (Recommendation 4.2).
Agency boards should establish sufficient mechanisms so they are
aware of material transactions and events, and can effectively
monitor and assess the performance of the CEO
(Recommendation 4.3).
Agencies should review the operations of their audit committees
(Recommendation 4.4).
The State Services Authority should review the governance and
accountability arrangements of adult education agencies
(Recommendation 4.5).
Fraud prevention and detection
The Department of Treasury and Finance’s risk framework should
specifically require agencies to identify and address fraud risks
(Recommendation 5.1).
Agencies should benchmark their management of fraud against the
Australian Standard AS 8001:2008 (Recommendation
5.2).
Agencies should:
- develop and regularly review fraud
management plans that address agency‑specific risks, and include
adequate prevention and detection processes
- capture data and report the incidence of
fraud
- periodically evaluate the effectiveness of
their fraud management strategy
(Recommendation 5.3).
Operating systems
Agencies should regularly review and update their operating
policies and procedures and monitor staff compliance
(Recommendation 6.1).
Audit committees should periodically review governance and fraud
prevention activities (Recommendation 6.2).