Fraud and Corruption Control

Tabled: 29 March 2018

1 Audit context

The community entrusts public sector employees to make decisions that affect the lives and interests of all Victorians. They handle personal information, provide services and support, and manage, spend and account for public funds. The community expects—and the law requires—that they do this with integrity, accountability, impartiality, fairness, equity and consistency, and in the public interest.

Citizens need to have a level of trust and respect for their public institutions and the rule of law for society to function cohesively. The financial value of reported fraud and corruption in the Victorian public sector, including corruption exposed by IBAC, is minor relative to overall agency budgets. However, fraud and corruption can undermine trust in government and damage the reputation of the public sector. If left unchecked, it can affect the quality of services provided and can waste resources.

1.1 What are fraud and corruption?

Fraud is dishonest activity involving deception that causes actual or potential financial loss. Examples of fraud include:

  • theft of money or property
  • falsely claiming to hold qualifications
  • false invoicing for goods or services not delivered or inflating the value of goods and services
  • theft of intellectual property or confidential information
  • falsifying an entity's financial statements to obtain an improper or financial benefit
  • misuse of position to gain financial advantage.

Corruption is dishonest activity in which employees act against the interests of their employer and abuse their position to achieve personal gain or advantage for themselves or for others. Examples of corruption include:

  • payment or receipt of bribes
  • a serious conflict of interest that is not managed and may influence a decision
  • nepotism, where a person is appointed to a role because of their existing relationships rather than merit
  • manipulation of procurement processes to favour one tenderer over others
  • gifts or entertainment intended to achieve a specific outcome in breach of an agency's policies.

1.2 Losses resulting from fraud and corruption

It is difficult to measure total losses due to fraud and corruption. As well as financial losses, there are also indirect losses, including damage to the community's trust in government and losses to productivity. There are no precise figures, but in 2005 the Australian Institute of Criminology estimated that fraud cost the Australian economy $8.5 billion across the private and public sectors.

Under the Standing Directions, public sector agencies in Victoria are required to report to VAGO instances of fraud, corruption and other losses above $5 000 in cash and $50 000 in property. Reports made to VAGO for 2015–16 record about $19 million lost to fraud and corruption. However, these figures do not capture indirect losses, and any loss due to poor integrity is significant for public sector agencies and the communities they serve.

Figure 1A shows that IBAC investigations published between 2014 and 2017 revealed procurement and tendering processes totalling up to $275 million had been impacted by corruption. IBAC uncovered a further $2 million in improperly obtained personal benefits.

Many of the cases of fraud and corruption exposed by IBAC had gone undetected for some years.

Figure 1A
IBAC investigations: Approximate financial values of corruption


Investigation name

Agency subject to investigation

Impact of corruption

April 2017

Operation Nepean

Department of Justice and Regulation

Impacted $1.6 million worth of payments

March 2017

Operation Liverpool

Department of Health and Human Services

Resulted in $101 000 of personal benefits being obtained

January 2017

Operation Dunham

Department of Education and Training

Impacted a project worth $127−240 million

October 2016

Operation Exmouth

Places Victoria

Impacted $8 million worth of payments

April 2016

Operation Ord

Department of Education and Training

Resulted in $1.9 million of personal benefits being obtained

October 2014

Operation Fitzroy

Former Department of Transport and PTV

Impacted $25 million worth of contracts

Source: VAGO based on information from IBAC.

1.3 Legislation and guidance

In Victoria, legislation and guidance material support public sector agencies to develop and implement fraud and corruption control frameworks, as Figure 1B outlines.

Figure 1B
Legislation and guidance for fraud and corruption control frameworks



Public Administration Act 2004

Mandatory compliance

Details Victorian public sector values and employment principles. Its purpose is to provide a framework for good governance and outline the responsibilities of departmental heads.

Code of Conduct for Victorian Public Sector Employees

Mandatory compliance

VPSC issues the Code of Conduct, which is binding for employees. It prescribes standards of required behaviour and includes provisions on:

  • complying with legislation, policies and lawful instructions
  • conflicts of interest
  • gifts and benefits
  • reporting unethical behaviour.

Standing Directions of the Minister for Finance 2016

Mandatory compliance

Sets the standards for financial management by Victorian Government agencies, and requires the responsible body to:

  • take all reasonable steps to minimise and manage the risk of fraud, corruption and other losses
  • establish a Fraud, Corruption and Other Losses Policy that is implemented across the agency
  • notify the responsible minister, the audit and risk committee, the portfolio department and VAGO of incidents of significant or systemic fraud and corruption
  • conduct internal audits of business processes or units likely to be vulnerable to fraud, corruption and other losses
  • safeguard resources and assets.

Instructions supporting the Standing Directions require agencies to develop policies and procedures that apply the minimum accountabilities set out in the VPSC Gifts, Benefits and Hospitality Policy Framework.

Protected Disclosure Act 2012 and Independent Broad-based Anti-corruption Commission Act 2011

Mandatory compliance

The purpose of the Protected Disclosure Act 2012 is to encourage and facilitate disclosures of improper conduct by public officers, public bodies and others, and to provide protections for people who make disclosures.

If a body can receive protected disclosures, it must have effective procedures to facilitate the making of disclosures, including notifications to IBAC.

Changes to the Independent Broad-based Anti-corruption Commission Act 2011 require that from 1 December 2016, all relevant principal officers of public sector bodies must notify IBAC of any matter they suspect on reasonable grounds involves corrupt conduct.

Australian Standard 8001—2008 Fraud and Corruption Control

Better practice guidance

Provides general guidance on controlling fraud and corruption by Standards Australia, a peak not-for-profit organisation, independent of government, which develops standards in Australia. This includes the development of a Fraud and Corruption Control Plan.

The Standing Directions and guidance issued by IBAC use the definitions outlined in the Australian Standard.

Source: VAGO.

Departmental Secretaries must ensure that their department's 'relevant public entities' meet legislative responsibilities. Under the Public Administration Act 2004, Secretaries are responsible for:

  • the general conduct and management of the functions and activities of the department and any administrative offices existing in relation to the department
  • working with and providing guidance to each relevant public entity on matters of public administration and governance.

1.4 Why this audit is important

IBAC's Operation Fitzroy investigation into the conduct of two officers of the former Department of Transport and PTV found that these officers and their associates corrupted $25 million worth of public contracts to benefit themselves. To minimise the waste of public funds and reassure the Victorian public of the public sector's integrity, it is important that public sector entities appropriately address weaknesses that increase the risk of fraud and corruption, including those identified by Operation Fitzroy.

1.5 Audited agencies and their responsibilities


Government established DEDJTR in January 2015, and its responsibilities include transport and ports, investment attraction and facilitation, trade, innovation, regional development, small business, and key services to sectors including agriculture, the creative industries, resources and tourism. It employs over 3 000 people and operates from 96 sites across Melbourne and regional Victoria, and 22 international offices.

DEDJTR is the portfolio department for PTV. The Secretary of DEDJTR has responsibilities under the Public Administration Act 2004 for its portfolio agencies.

DEDJTR established an Integrity Services Unit in October 2015 to build its integrity capability, with specialist external resources providing supplementary skills when required. The unit is responsible for implementing the DEDJTR Integrity Framework, which applies to all DEDJTR employees in administrative areas, and to agencies for whom the Secretary is the employer. The unit is also responsible for developing and maintaining policies and systems that directly support integrity. Staff from the unit also sit on panels that act as an escalation point for certain integrity policies, and report to the Secretary and the audit, risk and integrity committee on systems that support integrity. Responsibilities of the Integrity Services Unit include:

  • managing gifts, benefits and hospitality processes
  • managing protected disclosures
  • managing a declarations of private interest process
  • drafting the Fraud and Corruption Control Plan
  • implementing the Integrity Framework
  • developing data analytics capability.

The Australian Standard recommends that entities complete data mining and real-time computer system analysis to detect potential instances of fraud and corruption. DEDJTR's Integrity Framework states that the DEDJTR Integrity Services Unit will develop and maintain a data analytics program.


MPV was the Victorian Government's in-house project delivery agency, and was a business unit in DEDJTR. It provided project delivery services and advice to Victorian Government departments. MPV ceased operating on 1 April 2017 following a merger with Places Victoria to form Development Victoria, which is a statutory authority within the DEDJTR portfolio.


MMRA's objective is to deliver the $10.9 billion Metro Tunnel by 2026. MMRA is responsible for all aspects of the project, including planning and development, site investigations, stakeholder engagement, planning approvals and procurement, construction and project commissioning. MMRA is an administrative office within DEDJTR. The Coordinator-General sits within DEDJTR and has responsibility for overseeing the Major Transport Infrastructure Program (MTIP), of which MMRA is part.


Government established PTV in 2012 to plan, coordinate, operate and maintain Victoria's public transport system. PTV is a statutory authority in the DEDJTR portfolio. Following changes to the Transport Integration Act 2010, government disbanded the PTV board in April 2017 and transferred management powers to the PTV chief executive officer.

1.6 What this audit examined and how

This audit examined whether MMRA and PTV have, and MPV did have, well‑designed fraud and corruption controls that operate as intended.

We considered the role of the DEDJTR Integrity Services Unit in overseeing and supporting the practices outlined in DEDJTR's Integrity Framework, while testing the practices in MPV, MMRA and PTV. We also considered DEDJTR's role when performing certain functions, such as internal audit for MPV, reporting actual or suspected fraud, corruption or other losses, and safeguarding resources and assets under the Standing Directions.

MMRA and MPV were included in this audit because their work involves high‑risk factors for fraud and corruption, including:

  • high levels of procurement
  • use of contractors
  • partnerships with the private sector.

PTV was included so we could assess whether it has taken sufficient, appropriate and timely action to address the issues identified by IBAC's Operation Fitzroy.

The Standing Directions and guidance issued by IBAC use definitions outlined in the Australian Standard. The Australian Standard outlines a suggested approach for entities to control for the risk of fraud and corruption. It describes key risk areas for fraud and corruption, and includes guidance for the development and implementation of a Fraud and Corruption Control Plan. The Australian Standard includes minimum acceptable standards for entities seeking to fully comply.

The Australian Standard divides activities into three main elements—prevent, detect and respond—as detailed in Figure 1C.

Figure 1C
Fraud and corruption control activities

Diagram showing the overlapping fraud and corruption control activities - prevention, detection and response

Source: VAGO.

We assessed the effectiveness of the controls at the audited agencies across these three elements, with a focus on two high-risk areas—procurement and human resources.

Our areas of focus considered legislative obligations, better practice outlined in the Australian Standard, and guidance from VPSC.

We conducted our audit in accordance with section 15 of the Audit Act 1994 and ASAE 3500 Performance Engagements. We complied with the independence and other relevant ethical requirements related to assurance engagements. The cost of this audit was $740 000.

1.7 Report structure

Figure 1D
Structure of this report and areas of focus in this audit


Audit focus

Activities and controls examined

Part 2

Fraud and corruption control framework

Risk assessment to inform Fraud and Corruption Control Plan

Fraud and Corruption Control Policies and Plans

Staff training in fraud and corruption risks

Staff awareness, including protected disclosures

Internal audits focus on areas vulnerable to fraud and corruption

Data analytics

Part 3

Fraud and corruption prevention and detection in human resources practices

Employment screening

Declarations of private interests

Recruitment panel members declare conflicts of interest

Management of gifts, benefits and hospitality

Part 4

Fraud and corruption prevention and detection in procurement practices

Procurement framework design

Supplier vetting

Conflict of interest processes in procurement

Monitoring fraud and corruption indicators in procurement

Part 5

Response to fraud and corruption

Fraud and corruption incident register and response teams



Recovery efforts following fraud and corruption

Source: VAGO.

Appendix B looks at whether PTV has taken sufficient, appropriate and timely action to address the issues identified by IBAC's Operation Fitzroy.

Back to Top