Universities: 2016 Audit Snapshot

Tabled: 7 June 2017

Appendix E. Fraud control framework

As discussed in Part 3 of this report, our review of fraud risk assessment and control monitoring at the eight universities has, in part, been based on the Controlling fraud and corruption: a prevention checklist, issued by the Independent Broad-based Anti‑corruption Commission (IBAC) in November 2013.

The key components of a good fraud control framework are detailed in Figure E1, and are from the IBAC document.

Figure E1
Fraud risk and control monitoring checklist

Element of framework

Assessing fraud risk

  • A risk assessment uses methodology consistent with the Australian/New Zealand Standard AS/NZ ISO 31000:2009 Risk Management Principles and Guidelines and thorough, periodic fraud risk assessments are conducted to ensure they identify and effectively manage all fraud risk exposures.
  • In identifying fraud risks, consideration is given to the organisation's size and function, any change in structure or function, external and internal fraud risks, new and emerging fraud risks, and the broader organisational operating environment risks to develop a fraud risk profile.

Implement and maintain an integrity framework

  • Corruption prevention principles form an integral part of corporate, strategic and operational planning processes and objectives, both annually and long term.
  • Corruption prevention principles are applied as part of all project planning, agency restructure, business processes and service review processes.
  • Arrangements are in place that ensure effective ongoing scrutiny by executive management, internal audit and audit committees, of the effectiveness of the framework.
  • Independent reviews are undertaken of the operation and effectiveness of all internal control systems to ensure they adequately prevent, deter and detect major frauds.

Fraud control governance arrangements

  • A member of the executive management is the central point of contact for fraud control policies within the organisation.
  • A fraud and corruption control policy communicates the organisation's commitment to fraud and corruption control, setting out the executive management's approach to preventing, detecting and responding to fraud and corruption.
  • A fraud control plan has been developed for minimising the impact and likelihood of identified fraud risks.

Management commitment to controlling risks of fraud

  • Ethics, compliance and fraud prevention goals are included in the performance measures against which managers are evaluated and are used to determine performance-related progression.

Ethical framework

  • A code of conduct or ethical framework states the standards employees are expected to uphold.

Line management accountability

  • People in high-risk positions, such as procurement, revenue receipt, providing exemptions or who have discretionary decision-making roles are appropriately trained, supervised and supported.
  • Supervisors are alert to signs of stress experienced by staff or of other unexplained changes in behaviour or attitude, particularly holders of high-risk roles.

Internal controls

  • The organisation uses internal audit to actively review its risk management systems and controls, and aligns these with its own risk profile.
  • The organisation systematically monitors and reports on the effectiveness of its fraud control strategies at least annually, and there are clearly documented procedures for conducting high-risk activities such as tendering, accounts payable or purchasing and managing assets.
  • A clearly articulated stance on the acceptance of gifts or benefits is known and understood by all employees.

Employee awareness

  • Employees are provided with fraud and corruption awareness training during induction so they are in a better position to take appropriate action when faced with unethical behaviour.
  • Ongoing fraud and corruption awareness activities and training are conducted for all staff, including suppliers, volunteers and contractors to foster awareness of the significance of fraud and corruption and their potential impacts on the organisation.
  • Specialist training is provided for key positions performing identified higher-risk functions.
  • Employees know and understand the need to declare and manage conflicts of interest.

Client and community awareness

  • Customers and the community are aware the organisation will not tolerate fraudulent or corrupt behaviour and are given a channel for reporting any concerns.

Pre-employment screening

  • There is an established pre-employment screening policy, including employment, qualifications, credit, criminal history and reference checks, which can help identify potential issues and factors that may be indicative of fraud risk, such as prior criminal convictions for dishonesty.

Supplier and client vetting

  • The credentials of new suppliers and customers are checked and periodically confirmed.
  • The organisation's fraud control policy is provided to external service providers.

Avenues for reporting suspected incidents

  • A range of internal and external reporting mechanisms is in place to report suspected unethical behaviour, including fraud and corruption.
  • The reporting mechanisms, including what needs to be reported and to whom, are well known by employees and the broader community, and are easily accessible.

Protections for disclosers

  • Mechanisms, policies and procedures for supporting and protecting disclosers are established as required by the Protected Disclosures Act 2012 (Vic)
  • Strict confidentiality is maintained from the outset in the receipt and processing of reports of fraud and corruption.

Source: VAGO, based on Controlling fraud and corruption: a prevention checklist, Independent Broad-based Anti-corruption Commission, 2013.

Back to Top