(1) This Procedure supports the Fraud and Corruption Control Policy of Victoria University (“the University”) by providing the core structural, operational and maintenance elements that make up the necessary infrastructure to underpin fraud and corruption prevention, detection and response. (2) HESF: 6 Governance and Accountability: 7.1 Representation; 7.3 Information Management (3) Standards for RTOs: Standard 6, Standard 7, Standard 8 (4) This Procedure applies across the University, to all people who are part of the University community, including: (5) Any research and academic misconduct by staff and students will be dealt with under the Research Integrity - Guide to the Management of Potential Breaches of the Australian Code Procedure, Research Integrity Policy and Procedures, and the Student Misconduct Procedure. Special procedures and protections apply to any person making a public interest disclosure under the Public Interest Disclosures Act 2012 (Vic), as detailed in the Public Interest Disclosures Policy. (6) (7) (8) (9) (10) Fraud and Corruption Control Policy (11) The Fraud and Corruption Control Procedure comprises a number of strategies under the following best practice elements: (12) The Fraud and Corruption Control Officer will be responsible for monitoring the operation of the Fraud and Corruption Control Procedure and ensuring it is appropriately communicated. The Fraud and Corruption Control Officer will review the Fraud and Corruption Control Procedure every three years, or more often as required in response to specific incidents of fraud and corruption or changes in risk profile. (13) Appendix A - Fraud and Corruption Control Plan outlines the actions the University will undertake to prevent, detect and respond to the risk of fraud and corruption. (14) The Fraud and Corruption Control Officer has responsibility for the University’s Fraud and Corruption Control Procedure and Fraud and Corruption Control Policy. This includes all the prevention, detection and response to fraud and corruption including coordinating the fraud and corruption risk assessment, recording all fraud and corruption reports and overseeing investigations into allegations of fraud and corruption. The Fraud and Corruption Control Officer may delegate responsibility for performing some or all of these tasks but maintains overall responsibility for ensuring that they are performed. (15) The Fraud and Corruption Control Officer will report on the effectiveness of the Fraud and Corruption Control Procedure to the ARC and to the University Council. (16) Internal Audit is an integral aspect of the control of fraud and corruption. Victoria University has focused its Internal Audit function to provide a value added service based on the following elements: (17) Internal Audit activity is planned with reference to fraud and corruption risks (i.e. business processes or units likely to be vulnerable to fraud, corruption and other losses). Internal Audit will liaise with the Fraud and Corruption Control Officer on suspected fraud or corruption detected as part of the internal audit program. (18) Prevention strategies are proactive measures designed to prevent fraud and corruption insofar as practicable, and reduce the risk of incidents occurring. These include a robust culture in which fraud and corruption awareness are promoted, as are ethical values of integrity and honesty. This culture is instilled through management commitment from the top down, and reinforced through regular, role-specific training and communication in relation to fraud and corruption issues. Every employee, student and volunteer of the University should be aware of fraud and corruption risks, and know how to respond if they suspect an incident has occurred. (19) The University Council, Vice-Chancellor and management are responsible to instil the values of integrity, honesty, and fraud and corruption awareness. Ethical behaviour is modelled in all circumstances. (20) The desired culture at Victoria University is one where people are aware of fraud and corruption risks, comfortable to ask for guidance, and report reasonable suspicions of misconduct. The culture reinforces that all individuals associated with the University must act in the best interests of the University and embody a positive risk culture, where risk informs all operational activities. (21) The desired culture is one of transparency and accountability, where sound corporate governance practices are followed, and decisions/approvals/payments are accurately recorded. (22) The Appropriate Workplace Behaviour Policy sets out the minimum standards for the behaviour and conduct for all staff, establishes the core professional and behavioural expectations and outlines the consequences of engaging in behaviour that is not acceptable. The Appropriate Workplace Behaviour Policy states that where conduct or behaviour falls below the standards outlined, disciplinary action may be commenced under the relevant industrial/employment agreement. Sanctions may also be applied in accordance with appropriate University policy. (23) The University, through the Fraud and Corruption Control Policy and Procedure and associated relevant policies such as the Appropriate Workplace Behaviour Policy; Financial Code of Conduct Policy; Gifts, Benefits and Hospitality Policy; Research Integrity Policy and Purchasing Policy will ensure the risk of fraud and corruption is minimised, and the University community is aware of their responsibilities. (24) Senior management commitment to fraud and corruption control is an important aspect of Victoria University's fraud and corruption prevention strategies. The University ensures its senior management has an observably-high level of commitment to controlling the risks of fraud and corruption by ensuring they receive appropriate training in fraud and corruption control and by having a high level of risk consciousness in accordance with the Risk Management Policy. (25) All levels of Victoria University carry the responsibility for the prevention and detection of fraud and corruption, in particular, line managers are accountable for fraud prevention and detection within their area of responsibility. Line managers are made aware of these responsibilities in training in fraud and corruption control. (26) Good corporate governance within an embedded ethical culture reduces the risk of corrupt and fraudulent behaviour. The University ensures oversight of risk mitigation activities through the ARC; Finance and Investment Committee; Research and Research Training Committee; Academic Board and Council. (27) At Victoria University, internal controls are established through the following mechanisms: (28) The University will conduct comprehensive fraud and corruption risks assessments on a periodic basis. Risk assessments will be conducted in accordance with the Risk Management Policy, Risk Management Procedure and the Risk Management Framework Guidelines. Risk assessments will be conducted across the University as part of the development and maintenance of the operational risk registers by each College and Division, with support and oversight from the Fraud and Corruption Control Officer who will use the information to inform and update the Fraud and Corruption Control Framework. (29) Risks assessments will generally be performed every two years (or sooner if there are significant changes in their operating processes or risk environment). Consideration will be given to both internal and external risks, emerging risks and the University’s operating environment. Colleges, school and divisional directors will perform the risk assessments to identify risks within their areas of responsibility, and develop controls to mitigate the risks to an acceptable level, in consultation with the Fraud and Corruption Control Officer. (30) Each risk is assessed with regards to consequence and likelihood, relative to other operational risks. Treatment plans are monitored for implementation and effectiveness. (31) Risk assessment will be performed in accordance with the risk management standard ISO 31000:018 and includes: (32) The University's Fraud and Corruption Control Framework will be communicated to all staff and external parties by: (33) Records of attendance at training will be maintained by Victoria University. (34) Managers are responsible to ensure their staff receive appropriate fraud and corruption awareness training and communications and should contact the Fraud and Corruption Control Officer should any deficiencies in the training program be identified. (35) Victoria University undertakes pre-employment screening on all potential staff in accordance with the Recruitment and Selection Procedure. The types of checks undertaken are specific to the position. Pre-employment screening may include the following, subject to all legal requirements and with informed and express consent: (36) The Recruitment and Selection Procedure also notes that it is important that the currency of certain occupational requirements, such as professional registration, is checked on a regular and ongoing basis. Although processes are in place to prompt such regular checks through the People and Culture information system there is a joint responsibility of managers (to ensure their staff have up to date registrations and other checks at all times) and staff themselves to ensure they satisfy such checks at all times during their employment with the University. (37) Due diligence on potential contractors or partners is performed as a precursor to entering into a contract of significant value or an important business relationship. The scope of the due diligence, including financial, compliance and reputational considerations, will depend on the nature of the matter and the entity involved, with guidance provided by Legal Services. This includes consideration of the entity’s fraud and corruption risk. Due diligence may be performed regularly thereafter, as appropriate to the risk profile. Where heightened risks are identified, Victoria University may implement controls or reconsider a relationship. Records of due diligence performed are to be maintained by Victoria University. (38) Contract clauses are included as appropriate to require suppliers to attest to compliance and enable Victoria University to exit relationships where incidents in relation to fraud or corruption have occurred. Contracts may include provision where appropriate to enable Victoria University to request information or perform audits on suppliers or customers. (39) Staff are expected to take their annual leave in the year it is accumulated and that annual leave balances are to be reviewed on a quarterly basis by managers and supervisors based on information provided by People and Culture. (40) Job rotation may be implemented in high-risk positions for fraud or corruption. (41) The University has specific measures for countering the risk of corruption including: (42) The Fraud and Corruption Control Officer is responsible for overseeing the detection program and working with line management and Internal Audit to apply the findings from the fraud and corruption risk assessment process to develop effective fraud and corruption detection systems and procedures. (43) The external auditor of Victoria University is the Victorian Auditor-General’s Office (VAGO). The Fraud and Corruption Control Officer will undertake discussions with VAGO in terms of the audit procedures that will be carried out during the audit that are aimed at detecting material misstatements in the University’s financial statements due to fraud or error. (44) Victoria University has implemented a formal internal reporting system through which staff can report suspected fraud and corruption. (45) The reporting system establishes the arrangements for dealing with allegations that are not public interest disclosures. Staff wanting to make a public interest disclosure should refer to the Public Interest Disclosures Policy and may consult with the Public Interest Disclosure Coordinator to make their report direct to IBAC. (46) The reporting system controls the risk of detrimental action against, or any victimisation of, those making disclosures. It will also ensure that any person named will be treated fairly and not disadvantaged if the results of the internal review show they were not implicated in improper behaviour. (47) All persons to whom this Procedure applies must report suspected fraud, corruption or improper conduct, as required by the Appropriate Workplace Behaviour Policy. Any external parties are also encouraged to report reasonable suspicions. If member of the University community has a suspicion of fraud or corruption, they must make a report via: (48) An individual who reports suspected fraud should provide as much information as possible, including details of any person they believe to be involved and the actions or activities they believe to be fraudulent, including how, when and where those actions or activities occurred. However, they should not investigate the matter themselves, as this may compromise a subsequent investigation. (49) Upon receiving a report of suspected fraud or corruption the recipient will record the time and date the report is made and details of all matters reported, such as: (50) Reports received by a supervisor should be referred to the Fraud and Corruption Control Officer prior to any investigation of such allegations being undertaken. (51) The Fraud and Corruption Control Officer is available for individuals to make reports or raise concerns with the assurance of confidentiality. If these reports raise matters that could form the subject of a public interest disclosure, the Fraud and Corruption Control Officer will involve the Public Interest Disclosure Coordinator to advise the staff member that they should make the disclosure to the IBAC. (52) In accordance with the Standing Direction 3.5 2018 under the Financial Management Act 1994 (Vic), the Fraud and Corruption Control Officer will ensure all instances of fraud and corruption are recorded on a central register, including details of any remedial actions planned and taken. (53) Subject at all time to the Independent Broad-based Anti-corruption Commission Act 2011 (Vic) and the Public Interest Disclosures Act 2012 (Vic), should the report of suspected fraud or corruption involve a senior officer of the University, or be significant in terms of value or complexity, the Fraud and Corruption Control Officer will refer the report to the Chancellor via the Chair of the ARC immediately. Otherwise the Fraud and Corruption Control Officer will report all suspected or actual fraud and corruption incidents to the ARC on a periodic basis. (54) The Fraud and Corruption Control Officer will also provide a report to the ARC on an annual basis with a summary of the key fraud risks from the fraud and corruption risk assessment as well as a summary of the reports of suspected fraud and their status and outcomes and remedial actions taken. (55) The University’s website will inform individuals who are not staff or students of the University how to submit a report of suspected fraud or corruption to the Fraud and Corruption Control Officer. (56) The University will ensure that all reasonable reports of fraud or corruption are thoroughly investigated, matters are appropriately escalated and externally reported as required and there are procedures for the recovery of losses and remediation. (57) All instances of suspected fraud, corruption or improper conduct will be promptly evaluated to establish whether a basis exists for further investigation. These evaluations will be undertaken by an appropriately qualified and independent party, using the principles of independence, objectivity and procedural fairness. (58) The Fraud and Corruption Control Officer is responsible for coordinating and overseeing the University’s investigation response. (59) The Fraud and Corruption Control Officer will assess the incident to determine the appropriate manner of investigation. Although every suspected incident will be different, consideration will be given to, among other things: (60) Where the Fraud and Corruption Control Officer determines that an investigation is required, the investigation may be carried out by appropriately qualified and experienced personnel within the University. Depending on the type of fraud or corruption being investigated the investigation may be conducted by personnel including Risk, Audit, Procurement, IT, People and Culture and other appropriate and trained staff. If external investigators are engaged, the University will ensure that they are also appropriately qualified so that all investigations will be undertaken skilfully and confidentiality maintained and all persons are treated fairly and consistent with the principles of procedural fairness applied. (61) The investigators, whether internal or external, will be overseen by the Fraud and Corruption Control Officer, and will determine the appropriate form of investigation and ensure it is appropriately documented, including an investigation plan and investigation report, which will also be provided to the ARC. (62) In cases where any doubt exists as to the appropriate course of action, advice is to be sought from the Public Interest Disclosure Coordinator. (63) Confidential and independent counselling and other services are available to all staff of Victoria University through the Employee Assistance Program (EAP). EAP services are private and confidential. Staff can ring the EAP provider on 1300 EAP AT VU or 1300 327 288. (64) On reaching a finding that there is evidence of fraud or corruption, the Fraud and Corruption Control Officer will make a recommendation (in consultation with the Head of Legal Services, Chief Human Resources Officer and any other stakeholders as appropriate) as to whether the matter is to be reported to the relevant authority including law enforcement. (65) In accordance with section 57 of the Independent Broad-based Anti-corruption Commission Act 2011 (Vic) this includes the Office of the Vice-Chancellor notifying IBAC, as soon as practical, of any matter which they suspect on reasonable grounds that corrupt conduct has occurred or is occurring. (66) In accordance with the Standing Direction 3.5 2018 under the Financial Management Act 1994 (Vic) this also includes notifying, as soon as is practicable, the Minister of Tertiary Education, the Department of Education, the ARC and the Auditor-General of all significant or systemic incidents and the remedial action to be taken. This also includes ensuring that the persons notified are kept informed about the incident, including the outcome of investigations and actions taken to mitigate against future fraud, corruption and other losses. (67) The Standing Directions 2018 define ‘significant or systemic’ to means an incident, or a pattern or recurrence of incidences, that a reasonable person would consider has a significant impact on the Agency or the State's reputation, financial position or financial management. The thresholds relevant to Victoria University are: (68) The Fraud and Corruption Control Officer will have responsibility to make such reports through the Office of the Vice-Chancellor. (69) The Fraud and Corruption Control Officer, on advice from the Head of Legal Services, will also refer instances of potential serious or complex fraud offences to the Police. (70) When a matter has been referred to the relevant authority or law enforcement bodies, the University will provide assistance as requested in the investigation process. (71) Following an investigation, the University may pursue disciplinary proceedings with respect to all staff against whom violations of the Fraud and Corruption Control Policy or other relevant University policies have been established. These may include disciplinary action, which may include dismissal, in accordance with the University's disciplinary procedures and subject to the limitations of relevant enterprise agreements and workplace laws. Line Management, People and Culture, Legal and Compliance will consult to determine the appropriate course of action. (72) Other actions may include possible termination of relationship with the University or associate entities or civil action for the recovery of losses. (73) All information received by the University in relation to suspected fraudulent or corrupt conduct will be collected, classified and handled appropriately having regard to privacy, confidentiality, legal professional privilege and the requirements of natural justice. (74) Individuals involved in or who become aware of a theft, fraud, or corrupt conduct investigation must keep the details and results of the investigation confidential, subject to the needs of the University, and/or the police during their investigation. Staff must not discuss or report any suspected or proven instance of theft, fraud or corrupt conduct to the media, except with the prior written approval of the Vice-Chancellor. (75) The University will maintain appropriate insurance cover against losses from fraud, including cyber fraud. (76) Following an incident of fraud and corruption the Fraud and Corruption Control Officer and Line Management will reassess the adequacy of the internal control environment and consider whether improvements are required, reporting their findings to the ARC.Fraud and Corruption Control Procedure
Section 1 - Summary
Section 2 - HESF/ASQA/ESOS Alignment
Section 3 - Scope
Section 4 - Definitions
Section 5 - Policy/Regulation
Section 6 - Procedures
Part A - Summary of Roles and Responsibilities
Role
Responsibilities
Public Interest Disclosure Coordinator
(Head of Legal Services)Contact point for general advice about the operation of the Public Interest Disclosures Act 2012 (Vic) and integrity agencies such as the Independent Broad-based Anti-corruption Commission (IBAC) and the Victorian Ombudsman.
Ensuring VU carries out its responsibilities under the Public Interest Disclosures Act 2012 (Vic), any regulations made pursuant to the Act and any guidelines issued by IBAC.
VU's chief liaison with the IBAC in regards to the Public Interest Disclosures Act 2012 (Vic).
Take all necessary steps to ensure information received or obtained in connection with a disclosure, including identity of the discloser and the identity of the person to whom the disclosure relates are kept secure, private and confidential at all times.
Fraud and Corruption Control Officer
(Deputy Vice-Chancellor Finance)Responsible Officer for Fraud and Corruption Control and is the point of contact for the Fraud and Corruption Control Procedure.
Responsible for the University’s Fraud and Corruption Risk Assessment and the review of the Fraud and Corruption Control Procedure and Fraud and Corruption Control Policy.
Oversees the University’s fraud and corruption detection program.
Is a point of contact for receiving reports of suspected fraud or corruption (both internally and externally).
Is responsible for assessing fraud and corruption allegations and determining the appropriate manner of investigations. Supervises internal and external investigations into allegations of fraud and corruption.
Is responsible for making a recommendation (in consultation with the Head of Legal Services, Chief Human Resources Officer and any other stakeholders as appropriate) as to whether a matter is to be reported to the relevant authority and for making such reports in accordance with the External Reporting procedures.
Is responsible for reporting to the Audit and Risk Committee (ARC) and the University Council on the Fraud and Corruption Control Framework.
Is responsible for providing a report to the ARC on an annual basis with a summary of the key fraud risks from the fraud and corruption risk assessment as well as summary of the reports of suspected fraud, investigation reports and their status and outcomes.
Will discuss with VAGO the audit procedures that will be performed aimed at detecting material misstatements in the University’s financial statements due to fraud or error.
Coordinate external reporting requirements (e.g. Victoria Police).
Where reports of suspected fraud or corruption involve a senior officer of the University, or are significant in terms of value or complexity, refer the report to the Chancellor via the Chair of the ARC immediately.
Appoint investigators and provide terms of reference.
Audit and Risk Committee (ARC)
Is responsible for overseeing the implementation of the Fraud and Corruption Control Procedure.
Receives reports of fraud and corruption incidents, including information about remediation undertaken from the Fraud and Corruption Control Officer, to identify strategic responses as required.
Endorses the Fraud and Corruption Control Procedure.
Reviews and endorses the outcomes of the fraud and corruption risk assessment every two years or sooner as required.
Inform Council of any completed investigation reports that find evidence of fraud or corruption and strategic responses required.
Disclose gifts, benefits, hospitality and conflicts of interest as required by the Gifts, Benefits and Hospitality Policy and Appropriate Workplace Behaviour Policy.
University Council
Receive and review any completed investigation reports that find evidence of fraud or corruption and strategic responses required.
Receive reports on the Fraud and Corruption Control Framework.
Disclose gifts, benefits, hospitality and conflicts of interest as required by the Gifts, Benefits and Hospitality Policy and Appropriate Workplace Behaviour Policy.
Vice-Chancellor
Has overall responsibility for fraud and corruption including the implementation of the Fraud and Corruption Control Procedure.
Ensure appropriate measures are in place to prevent, detect and respond to fraud and corruption.
Disclose gifts, benefits, hospitality and conflicts of interest as required by the Gifts, Benefits and Hospitality Policy and Appropriate Workplace Behaviour Policy.
Promote a culture of integrity and accountability in which fraud and corruption is clearly prohibited.
Communicates that it is the responsibility of all staff to prevent and detect fraud and corruption.
Ensure appropriate measures are in place within their areas of responsibility to prevent and detect fraud and corruption.
Receive any reports of suspected fraud or corruption from staff and escalate any reports to the Fraud and Corruption Control Officer.
Ensure their staff meet fraud and corruption training requirements and identify if any additional training needs.
Ensure their staff have up-to-date registrations and other checks at all times for pre-employment screening purposes.
To review annual leave balances on a quarterly basis to ensure that excessive balances are not accrued.
Disclose gifts, benefits, hospitality and conflicts of interest as required by the Gifts, Benefits and Hospitality Policy and Appropriate Workplace Behaviour Policy.
Executive Deans, school and departmental directors
Promote a culture of integrity and accountability in which fraud and corruption is clearly prohibited.
Communicate that it is the responsibility of all staff to prevent and detect fraud and corruption.
Ensure appropriate measures are in place within their areas of responsibility to prevent and detect fraud and corruption.
In consultation with the Fraud and Corruption Control Officer, ensure a fraud and corruption risk assessment is performed in accordance with the agreed schedule.
Implement the recommendations arising from the fraud and corruption risk assessment, fraud or corruption investigation or from the Fraud and Corruption Control Officer.
Disclose gifts, benefits, hospitality and conflicts of interest as required by the Gifts, Benefits and Hospitality Policy and Appropriate Workplace Behaviour Policy.
Managers and Supervisors
Promote a culture of integrity and accountability, in which fraud and corruption is clearly prohibited.
Communicate that it is the responsibility of all staff to prevent and detect fraud and corruption.
Ensure appropriate measures are in place within their areas of responsibility to prevent and detect fraud and corruption.
Receive any reports of suspected fraud or corruption from staff and escalate any reports to the Fraud and Corruption Control Officer.
Ensure their staff meet fraud and corruption training requirements and identify if any additional training needs.
Ensure their staff have up to date registrations and other checks at all times for pre-employment screening purposes.
To review annual leave balances on a quarterly basis to ensure that excessive balances are not accrued.
Disclose gifts, benefits, hospitality and conflicts of interest as required by the Gifts, Benefits and Hospitality Policy and Appropriate Workplace Behaviour Policy.
All staff, students and volunteers
Conduct themselves in accordance with the University’s policies, including the Fraud and Corruption Control Procedure and Fraud and Corruption Control Policy Framework and the Appropriate Workplace Behaviour Policy, or the Student Charter Policy.
Actively participate in a culture of integrity and accountability, in which fraud and corruption is clearly prohibited.
Disclose gifts, benefits, hospitality and conflicts of interest as required by the Gifts, Benefits and Hospitality Policy and Appropriate Workplace Behaviour Policy.
Report any suspicions of fraud or corruption to their supervisor, The Fraud and Corruption Control Officer, the Public Interest Disclosure Coordinator or IBAC, as appropriate.
Complete training requirements as determined by People and Culture.
Ensure employment dependent qualifications and registrations are maintained.
Internal Audit
Consider the results of the fraud and corruption risk assessments and reports of suspected fraud when developing the Internal Audit plan.
Legal Services
Provide assistance to the Fraud and Corruption Control Officer in the investigation of fraud, corruption and serious misconduct including liaising with IBAC, law enforcement, insurers and any civil action initiated to recover the losses due to fraud and corruption.
Provide guidance on due diligence requirements as part of the contract review process.
Ensure appropriate contract clauses are in place to mitigate corruption and fraud risks.
Procurement
Due diligence on potential contractors or partners is performed as a precursor to entering into a contract of significant value or an important business relationship.
Identify, analyse, evaluate, prioritise and treat any fraud and corruption related risks that might affect any procurement activity.
Ensure compliance with the University's Gifts, Benefits and Hospitality Policy in regards to activities undertaken in relation to procurement, such as the awarding of tenders and procurement contract negotiations.Part B - Fraud and Corruption Control Framework
Planning and Resourcing
Internal Audit
Prevention
Culture
Management Commitment and Line Manager Accountability
Internal Controls
Risk Assessment
Training and Awareness: staff, clients and stakeholders
Due Diligence and Employee Screening
Leave Management
Controlling the Risk of Corruption
Detection
Reporting Suspicions of Fraud or Corruption
Response
Investigations
Employee Support
External Reporting
Sanctions
Insurance
Review of Internal Controls
View Document
This is the current version of this document. To view historic versions, click on the 'Historic Versions' tab above.
Vice-Chancellor’s Executive Group