• Section 1 - Purpose / Objectives
• Section 2 - Scope / Application
• Section 3 - Definitions
• Section 4 - Policy Statement
• Section 5 - Procedures
• Fraud Prevention Framework
• Structural Elements
• Operational Elements
• Maintenance Elements
• Section 6 - Guidelines

Section 1 - Purpose / Objectives

(1) This policy establishes a framework in which fraud or corrupt conduct is not tolerated and encourages the on-going development of a culture espousing the highest ethical and professional standards.

(2) This policy encourages all staff to be vigilant in ensuring those standards are met and provides guidance for action if it is suspected that those standards are being breached.

(3) Victoria University is required to comply with certain legislation that deals with upon fraud and corruption control including the Whistleblowers Protection Act. In addition, fraud and corruption control is an essential element of the University's corporate governance.

(4) The University has suffered from incidents of fraud in the past that has adversely affected the organisation from both operational and reputation points of view.

(5) This policy will ensure compliance with relevant legislation and ministerial directions and will assist in promoting an ethical and honest workplace for the benefit of all stakeholders including employees and students.

Section 2 - Scope / Application

(6) Nil

Section 3 - Definitions

(7) Fraud means a deliberate act of deception, misrepresentation or omission committed with the intention of gaining an unjust advantage or to cause an unjust loss or disadvantage. This includes fraudulent or corrupt conduct by any person including theft of tangible or intangible assets.

(8) Such behaviour includes, but is not limited to:

1. Breaches and attempted breaches of the law;
2. Unauthorised use of facilities or equipment;
3. Misappropriation of tangible and intangible assets through:
   1. Inappropriate reimbursement of expenses;
   2. Payments to third parties not in accordance with the University's Purchasing Policy;
   3. Theft, including theft or misuse of intellectual property; or
   4. Inappropriate exertion of influence or coercion to act in a manner that is not in the University's best interests

(9) The Protected Disclosure Coordinator means the Director, Portfolio of the Vice Chancellor. Refer to the Victoria University Protected Disclosures Policy.

(10) The Protected Disclosure Officer means the operator of the Victoria University Whistleblower Hotline (Telephone:1800 288 186). The Protected Disclosure Officer provides general advice on reporting of improper conduct or detrimental action, and for reporting of improper conduct not falling within the application of the Act.

(11) Executive Managers means the Vice Chancellor and President, Deputy Vice-Chancellors, Pro-Vice Chancellors, Executive Directors, Directors, Deans, Deputy Director-TAFE and Associate Directors - TAFE.

(12) Operational Managers means Heads of School, Departments, Centres, Institutes, and other organisational units.

Whistleblowers Protection Procedures

(13) These procedures establish a system for reporting disclosures of improper conduct or detrimental action by Victoria University or its officers, staff, students or other members. http://wcf.vu.edu.au/GovernancePolicy/PDF/POH040809005.PDF

(14) Corrupt conduct means:

1. Conduct of any person (whether or not an employee) that adversely affects the honest performance of an employee or of the University's functions;
2. The performance of an employee's duties in a dishonest manner or with inappropriate partiality;
3. Conduct of an employee or former employee that amounts to a breach of public trust;
4. Conduct by an employee or former employee that amounts to the misuse of information or material acquired in the course of the performance of their official functions; or
5. A conspiracy or attempt to engage in the above conduct.

(15) Improper conduct means conduct that is corrupt, a substantial mismanagement of public resources, or conduct involving substantial risk to public health or safety or to the environment. The conduct must be serious enough to constitute, if proved, a criminal offence or reasonable grounds for dismissal.

Section 4 - Policy Statement

(16) Victoria University considers fraud and corrupt conduct seriously and does not tolerate such behaviour. The University recognises the value and importance of its employees in enhancing its practices and believes that all employees have a strong obligation to support its efforts in fraud prevention.

(17) This policy supports Victoria University's commitment to good governance, strong ethical practices and compliance with relevant legislation.

(18) The objectives of the fraud prevention policy are to:

1. Ensure that employees and management are aware of their responsibilities for identifying fraudulent activities and establishing controls and procedures for preventing such fraudulent activities and/or detecting such fraudulent activities when they occur;
2. Provide guidance to employees as to what is required when suspicion is aroused of activities that may be fraudulent or corrupt;
3. Provide a clear statement to employees that fraudulent, corrupt or improper conduct is not acceptable and will not be tolerated;
4. Build a culture that supports employees to report conduct they suspect may be fraudulent, corrupt or improper;
5. Reduce opportunities for fraudulent, corrupt or improper conduct;
6. Ensure that appropriate action is taken if fraud, corruption or improper conduct is detected;
7. Establish an effective fraud reporting system;
8. Provide clear guidance to ensure that adequate investigation standards are followed; and
9. Provide safety, protection and guidance to employees in circumstances where they are/could be victimised as a result of reporting, investigating or being a witness to fraudulent activities.

Section 5 - Procedures

Fraud Prevention Framework

(19) This policy is founded on three core structural elements that will make up the necessary infrastructure to underpin the University's efforts in fraud and corruption prevention, detection and investigation. (See Figure 1 )

Structural Elements

Culture

(20) The Victoria University Code of Conduct sets the standards of ethical behaviour expected of its staff. All staff members should read and understand the Code of Conduct and apply its principles in all their business dealings.

(21) All levels of Victoria University carry the responsibility for the prevention and detection of fraud and corrupt conduct. In particular, line managers are accountable for fraud prevention and detection within their area of responsibility.

(22) Other policies dealing with ethical and fraud control matters are issued when considered appropriate.

Management Commitment

(23) Senior management commitment to fraud prevention is an important aspect of Victoria University's fraud prevention strategies. The University ensures its senior management has a high level of commitment to controlling the risks of fraud and corruption.

Risk Assessment

(24) Periodic and comprehensive fraud and corruption risk assessments will be conducted throughout the University in accordance with the University's Risk Management Policy.

Awareness: Staff, Clients and Stakeholders

(25) Management will ensure the University policy on fraud is communicated to all parties and the highest possible level of awareness is maintained amongst staff, clients and other stakeholders. The Fraud Prevention policy will be promoted through:

1. Staff training programs;
2. Internal communications; and

Fraud and Corruption Control Planning

(26) Fraud prevention projects will be identified on a yearly basis to assist in preventing or minimising the likelihood of fraudulent, corrupt and improper conduct within the University.

(27) The Manager, Risk Management and Internal Audit (MgrRisk)will conduct independent reviews to assess the adequacy of strategic and operational risk controls and the extent of compliance with those controls.

Operational Elements

Internal Controls

(28) Systems of internal control provide sound practices that ensure policy compliance and consistency of practice amongst staff.

(29) At Victoria University internal controls are established through the following mechanisms:

1. Comprehensive policy and procedure frameworks;
2. Development of comprehensive business rules;
3. Management reviews of organisational processes and structures; and
4. Strategic planning.

(30) Controls are routinely reviewed through the Maintenance Elements, being the monitoring, review and improvement mechanisms.

(31) Controls should prevent fraud and corruption insofar as practicable, or if these events occur they should ensure the fraud is detected as early as possible. Following detection, the controls should assist in identifying the perpetrators and assist the investigation by providing proof of the fraud or corruption.

Detection

(32) Victoria University has implemented a robust program of fraud and corruption detection. The program includes regular data analysis utilising sophisticated data mining techniques and analysis of management accounting and other reports. In addition periodical post-transaction reviews are undertaken to identify those transactions that appear suspicious.

Reporting

Internal Reporting

(33) Victoria University has implemented a formal internal reporting system through which employees can report suspected fraud and other improper conduct.

(34) The reporting system is aligned to the University's Whistleblowers Protection procedures and establishes the arrangements for dealing with disclosures received.

(35) The reporting system ensures that no person can take detrimental action against, or victimise in any way, those making disclosures. It will also ensure that any person named will be treated fairly and not disadvantaged if the results of the internal review show they were not implicated in improper behaviour.

(36) Attached at Appendix 2 are guidelines to assist staff to recognise those incidents that amount to fraudulent, corrupt or improper conduct, and the subsequent reporting lines, and those incidents that do not amount to fraudulent, corrupt or improper conduct, and the appropriate reporting lines.

(37) When suspected incidents of fraud or corruption are detected it is important to ensure evidence is identified and preserved and appropriate initial action undertaken. Attached at Appendix 3 are guidelines to assist staff undertake appropriate initial action.

(38) General advice on reporting alleged incidents of fraudulent, corrupt or improper conduct can be obtained by contacting the Protected Disclosure Officer via the Victoria University Whistleblowers Hotline (Ph: 1800 288 186). Disclosures falling under the application of the Whistleblowers Protection Act (the "Act") are to be reported directly to the Protected Disclosure Coordinator. Alternatively, a person may also contact the Vice-Chancellor or the Ombudsman with respect to suspected incidents of fraudulent, corrupt or improper conduct as set out in the University Whistleblowers Protection Procedures.

(39) If an employee wishes to make a report of a suspected incident of fraud or corrupt conduct he or she may make that report via:

1. His or her supervisor;
2. The Protected Disclosure Co-ordinator;
3. The Vice-Chancellor; or
4. Website: http://wcf.vu.edu.au/whistleblower (can be accessed through the intranet site home page under the Information Resources section-Whistleblower or the internet home page under the Browse home section-Whistleblower)

(40) If a report is made to a supervisor or the Vice-Chancellor, that person must notify the Protected Disclosure Coordinator to ensure the incident is recorded and reported in compliance with the Whistleblowers Protection Act. A Decision Pathway Flowchart is attached at Appendix 4A — "Seeking Protection under the Whistleblowers Protection Act Decision Pathway Flowchart" .

(41) There will be occasions when a person making a disclosure does not make reference to the Whistleblowers Protection Act. In these circumstances the person receiving the disclosure will advise that person that he or she may wish to make a disclosure under the Act due to the protections it provides. If the person declines to make the disclosure under the Act the matter will be reported to the Protected Disclosure Coordinator for assessment as to the appropriate course of action, however it will not be deemed to be a whistleblower disclosure and there will be no requirement to report the matter to the Ombudsman. Requirements for confidentiality will still apply because the reporting person may invoke the protections of the Act at a later stage.

(42) There may be occasions when an employee reports a suspected incident of improper or corrupt conduct as a result of his or her duties, for example an auditor discovering evidence of a fraud during the conduct of an audit. In these circumstances the person can still make the disclosure under the Whistleblowers Protection Act and take advantage of its protections. In such circumstances the report will be treated in the same manner as any other disclosure. If the employee chooses not to seek protection under the Whistleblowers Protection Act, the process outlined in the above paragraph will apply. A Decision Pathway Flowchart is attached at Appendix 4B — "Not Seeking Protection under the Whistleblowers Protection Act Decision Pathway Flowchart" .

(43) All disclosures will ultimately be forwarded to the Protected Disclosure Coordinator as that position has the sole responsibility to assess the disclosure and determine the appropriate course of action.

External Reporting

(44) Victoria University will, after consideration of all relevant matters, report all actual incidents or suspected incidents of fraud or corruption to relevant law enforcement authorities. The decision to take a matter to an authority will be determined after considering the total circumstances including, but not limited to, value of loss or potential loss, level of culpability and seniority of the suspected perpetrator. In all cases the Protected Disclosure Coordinator will be responsible for making the report.

(45) In addition, the University is required to report certain matters to the Minister for Finance and the Auditor-General pursuant to Direction 4.5.4 (a) of the Standing Ministerial Directions.

(46) Section 4.5.4 (a) of the Standing Directions of the Minister for Finance under the Financial Management Act 1994 requires all cases of suspected or actual theft, arson, irregularity or fraud in connection with the receipt or disposal of money, stores or other property of any kind under the control of the University to be notified to the Minister for Finance and the Auditor General.

(47) Immediate notifications are required in each instance where the amount of money involved is more than $1,000 or the amount of property involved is more than $20,000. All cases will be reported to the Protected Disclosure Coordinator who will be responsible for making such external notifications.

(48) The Protected Disclosure Coordinator will also be responsible for advising the Audit and Risk Committee in a timely manner of such notifications.

(49) An annual return is required for each instance where the amount of money involved is less than $1,000 or the amount of property involved is less than $20,000. In these cases, the Manager-Risk and Compliance will collate such information and forward to the Protected Disclosure Co-ordinator who will be responsible for reporting in accordance with the Standing Directions.

Disciplinary Proceedings

(50) Irrespective of any decision to report matters externally, the University will pursue disciplinary proceedings with respect to any person against whom fraud or corrupt or improper conduct has been proved. These proceedings will be undertaken pursuant to the University's discipline procedures.

Investigation

(51) All instances of suspected fraud, corruption or improper conduct will be promptly investigated to establish whether a basis exists for further action.

Investigation Standards

(52) All investigations will be undertaken skilfully. Confidentiality will be maintained to the extent possible to ensure all persons are treated fairly and without bias.

(53) Immediately on becoming aware of a suspected incident of fraud or corrupt conduct the (responsible staff member) will ensure appropriate initial action is taken to ensure available evidence is secured as detailed in Appendix 3 . This includes an assessment as to whether the matter falls within the provisions of the Whistleblowers Protection Act.

(54) After these steps are taken the incident will be assessed to determine the appropriate manner of investigation. Although every suspected incident will be different, consideration will be given to, among other things, the complexity, seniority of staff member suspected to be involved, and value of the loss or potential loss. In some cases the matter may be appropriately handled internally within the organisational unit, some cases may be referred to a law enforcement agency and in other cases, where the specialist skills do not exist within Victoria University, appropriately skilled and qualified consultants may be engaged to undertake an investigation. In cases where any doubt exists as to the appropriate course of action advice is to be sought from the Protected Disclosure Coordinator.

(55) The primary consideration when determining how an incident will be investigated will be to ensure the matter is handled in a professional manner commensurate with the seriousness of the allegation.

(56) In cases where the matter is handled internally, an appropriately senior and independent staff member will be responsible for conducting the investigation and ensuring the matter is dealt with comprehensively and fairly to all parties involved. The investigator will be assisted with advice on an as needs basis from the Protected Disclosure Coordinator.

(57) The Whistleblowers Protection Procedures provide general guidance on the manner in which investigations will be undertaken, in particular Section 6.5 of those procedures. In all cases that fall within the provisions of the Whistleblowers Protection Act, regardless of how the matter is investigated, are to be forwarded to the Protected Disclosure Coordinator for appropriate action.

Internal Audit

(58) Internal Audit activity is an integral aspect of the fraud and corruption control program. Victoria University has focussed its internal audit function to provide a value added service based on the following elements:

1. Enterprise-wide focus on risk;
2. Risk based internal audit plan;
3. Appropriate mix of core compliance and risk based operational reviews; and
4. The integration of the Internal Audit plan with the Risk Management plan

Whistleblower Protection

(59) Victoria University is committed to the aims of the Whistleblowers Protection Act 2001 and has implemented a robust policy on whistleblower protection and encourages staff to report suspected incidents of improper conduct. The University is committed to ensuring the protection from detrimental action of those reporting suspected incidents of fraud, corruption or improper conduct. The University's Whistleblower Protection procedures provide comprehensive guidance on how to make whistleblower disclosures.

Resources

(60) Victoria University is committed to providing adequate resources to ensure the success of its fraud prevention projects. Overall responsibility for implementing and overseeing the projects rests with the Director-Finance. Where appropriate those with specialist expertise, internal or external to the University will be called upon to assist with the implementation of the projects.

Pre-Employment Screening

(61) Victoria University undertakes pre-employment screening on potential employees. The degree of screening is dependent on the seniority of position and sensitivity of the work to be undertaken. Pre-employment screening may include the following:

1. Verification of identity;
2. Police criminal history;
3. Direct contact with referees; and
4. Verification of qualifications.

Maintenance Elements

Review and Adjustment of Fraud Prevention Policy

(62) The overall fraud prevention policy framework will be periodically reviewed to ensure it remains relevant, effective and in line with industry best practice. The Director-Finance is responsible for supervising the review of the fraud prevention policy framework.

Section 6 - Guidelines

(63) Nil