Fraud and Corruption Control Plan 2018-2019 1. INTRODUCTION 1.1 Commitment to fraud and corruption control University of Adelaide ( the University ) recognises that it has a responsibility to develop, encourage and implement sound financial, legal and ethical decision-making and organisational practices. This Fraud and Corruption Control Plan represents the University s commitment to effective fraud risk management and prevention. The desired outcome of this commitment is to minimise the potential for fraud against the University, whether by staff or persons external to the University. Fraud and corruption has the potential to damage the reputation of the University and have a detrimental effect on the resources available to promote the University s objectives and accordingly, the University has adopted a zero tolerance to fraud and corruption. 1.2 Application of Fraud and Corruption Control Plan This Fraud and Corruption Control Plan represents the University s commitment to the management and prevention of fraud. It aims to draw together its fraud prevention and detection initiatives into one document. It forms part of the University s Risk Management Framework that has three major components: Prevention initiatives to deter and minimise the opportunities for fraud or corruption; Detection initiatives to detect fraud or corruption as soon as possible after it occurs; and Response initiatives to deal with detected or suspected fraud or corruption, which are detailed in the Fraud and Corruption Control Policy procedures. 1.3 Definition of fraud The University has adopted the following definition of fraud: Dishonestly obtaining or attempting to obtain a benefit or advantage for any person or dishonestly causing or attempting to cause a detriment to the University of Adelaide or its Controlled Entities. Fraud can be perpetrated by employees (internal fraud) or by persons external to the University (external fraud), or by a combination of both. It can involve financial and non-financial incidents that have an impact upon the operations and the reputation of the University. The University has adopted the following definition of corruption; The misuse of office or conferred power for personal or private advantage and may include bribery, fraud, nepotism, extortion or dishonesty. Corruption includes conspiring to aid, induce or conceal these offences. Corruption can include improper action taken to further the purported interests of an organisation.
2. PREVENTION 2.1 Integrity framework A fundamental strategy in controlling the risk of fraud and corruption is the development and maintenance of a sound ethical culture, underpinned by effective and continuous communication and example-setting by management. The University s attitude to ethical conduct is outlined in the Code of Conduct, which describes the value statement of fairness, integrity and responsibility as the obligation for staff to: Comply with standards of equity and justice; Behave with integrity; Act in a responsible manner in dealing with every member of the University Community; and Ensure that bias or prejudice on unlawful grounds do not influence or override their objectivity in academic, research, administrative, business or management matters. 2.2 Fraud and corruption control planning To maintain effective practice in its fraud risk management practices, the University is committed to the following: Communication of senior management s strong commitment to ensure there is regular communication to all staff promoting compliance with the Fraud and Corruption Control Plan and adherence to the Fraud and Corruption Control Policy; Regular review of the Fraud and Corruption Control Plan - the University is committed to reviewing its Fraud and Corruption Control Plan every two years to ensure that it remains up-to-date and considers changes in the University s operations and environment and significant risk areas. Plan Action: Approved Fraud and Corruption Control Plan to be communicated to all staff and compliance of Fraud and Corruption Control Policy to be reinforced. The Fraud and Corruption Plan is to be accessible to all staff through the University intranet. 2.3 Staff induction training All new staff appointed by the University are required to complete online fraud and corruption training. In 2017, mandatory training was also introduced for all staff regarding computer security and phishing emails. Plan Action: Ensure compliance with mandatory security and phishing email training and implement phishing email testing. 2.4 Fraud awareness training Generally, a significant proportion of fraud or corruption goes undetected because of the inability to recognise the early warning signs of fraudulent activity or because staff are unsure
how, when, or to whom they should report their suspicions. Fraud and corruption awareness training assists in raising the general level of awareness amongst staff. An awareness of the risk of fraud and corruption will be fostered by: ensuring attendees are aware of the University Fraud and Corruption Control Policy and Fraud and Corruption Control Plan; ensuring attendees understand what might constitute fraud or corruption; ensuring attendees are aware of the University s zero tolerance attitude towards fraud and corruption; ensuring all staff that are considered to be in positions requiring training, attend fraud and corruption awareness training; ensuring attendees are aware of the ways in which they can report allegations or concerns regarding alleged fraud or corruption or alleged unethical conduct; and encouraging attendees to report any suspected incidents of fraud and corruption. Plan Action: During 2018, conduct fraud and corruption awareness training sessions. 2.5 Fraud or corruption risk assessment The Fraud and Corruption Control Policy identifies areas considered to be of higher risk that may warrant review. A program of fraud or corruption risk assessments includes functional areas considered to be of higher risk, to identify specific functions or activity warranting review. To maximise the effectiveness of the fraud or corruption risk assessment process, the assessment should: be completed by a prioritised sample of functional areas on a rotational basis; include assessment at local levels by agreed self assessment criteria; be relevant and comprehensive, covering as far as possible, all potential risks; comply with AS 8001:2008 Fraud and Corruption Prevention; and separately consider inherent risk and internal control risk. Plan Action: Complete a fraud or corruption risk assessment of one high-risk area in 2018 and 2019. 2.6 Internal control Internal controls are the first line of defence against fraud and corruption. The University maintains a strong internal control system and promotes and monitors a robust internal control culture. The University will continue to review internal controls and ensure all key internal controls are documented in a standardised policies and procedures.
3. DETECTION The University recognises that, despite a comprehensive fraud and corruption control program, it is possible that fraud or corruption may occur. Accordingly the University has adopted a program aimed at detecting fraud as soon as possible after it has occurred. 3.1 Data analysis program Data analysis is a powerful means of detecting fraud and other improper behaviours. It is a process of uncovering patterns and relationships in datasets that on face value appear unrelated, highlighting activity of fraud and irregular behaviour, or to explain what lies behind previously identified discrepancies. For example, this might include such tests as searching accounts payable data for repeated invoice numbers to identify duplicate payments, or analysing payroll data for duplicate bank account numbers to uncover a ghost employee payroll fraud. Plan Action: Complete a data analytics review of accounts payable and payroll data in Q1 2018. 3.2 Management accounting reporting review Using relatively straightforward techniques in analysing the University s management accounting reports, trends can be examined and investigated which may be indicative of fraudulent conduct. Some examples of the types of management accounting reports that can be utilised on a compare and contrast basis are: financial reports comparing actual and budgeted results for each faculty and division; reports comparing expenditure against industry benchmarks; and reports highlighting unusual trends in bad or doubtful debts. The University currently adopts appropriate management accounting reporting reviews. 3.3 Internal control review Formal internal control reviews are conducted by both the internal and external auditors. During 2017, reviews were conducted of corporate credit cards, accounts payable & procurement and in particular, the controls around the creation of vendors and vendor bank account changes. The internal audit program also incorporates bi-annual reviews of the large grant funding through NHMRC and ARC. As a part of continual business improvements, internal controls are continually reviewed and policies and procedures updated accordingly. The outputs of the fraud or corruption risk assessments may identify particular functions or activities that require review. Plan Action: Initiate the review of activities identified as high risk by the fraud or corruption risk assessments. 3.4 Whistleblower protection The University maintains a Public Accountability and Integrity framework that incorporates disclosure requirements for Public Officers under the Independent Commissioner Against Corruption Act 2012 (SA) and the University Whistleblower policy. The University strives to meet or exceed best practice standards on whistleblower protection (including the relevant Australian Standard) and will do the following:
Require staff to act in good faith and reasonably in making reports under Whistleblower protection; Recognise and respect the confidentiality of the identity of a bona fide informant; and Ensure support and protection are provided to an informant against any form of recrimination or reprisal or any threat of detriment. 3.5 External audit The University recognises that the external audit function has a role to play in the detection of fraud given the responsibilities of auditors under ASA240 The Auditors' Responsibility to Consider Fraud in an Audit of a Financial Report.