Comments

Document Feedback - Review and Comment

Step 1 of 4: Comment on Document

How to make a comment?

1. Use this Protected Document to open a comment box for your chosen Section, Part, Heading or clause.

2. Type your feedback into the comments box and then click "save comment" button located in the lower-right of the comment box.

3. Do not open more than one comment box at the same time.

4. When you have finished making comments proceed to the next stage by clicking on the "Continue to Step 2" button at the very bottom of this page.

 

Important Information

During the comment process you are connected to a database. Like internet banking, the session that connects you to the database may time-out due to inactivity. If you do not have JavaScript running you will recieve a message to advise you of the length of time before the time-out. If you have JavaScript enabled, the time-out is lengthy and should not cause difficulty, however you should note the following tips to avoid losing your comments or corrupting your entries:

  1. DO NOT jump between web pages/applications while logging comments.

  2. DO NOT log comments for more than one document at a time. Complete and submit all comments for one document before commenting on another.

  3. DO NOT leave your submission half way through. If you need to take a break, submit your current set of comments. The system will email you a copy of your comments so you can identify where you were up to and add to them later.

  4. DO NOT exit from the interface until you have completed all three stages of the submission process.

 

Fraud and Corruption Control Procedure

Section 1 - Purpose

(1) This procedure operationalises the Fraud and Corruption Control Policy by specifying controls to prevent, detect and respond to fraud and corruption at Charles Sturt University (the University), consistent with AS 8001:2021.

Scope

(2) This procedure applies to all staff, students, customers, contractors, business associates, partners, external service providers, volunteers and the University's controlled entities.

Top of Page

Section 2 - Policy

(3) This procedure supports the Fraud and Corruption Control Policy.

Top of Page

Section 3 - Procedure

Part A - Prevention

Risk assessment and management

(4) The Director, Security and Resilience (CSO) will coordinate a fraud and corruption risk program that includes:

  1. conducting risk assessments following substantive changes to the regulatory environment or University policies and procedures; following the detection of substantive fraud or corruption; or at least every two years
  2. continuous improvement based on risk reviews, University risk register, historical incidents, AS 8001:2021 guidance, and external environment scanning.

(5) The CSO will use findings to develop a fraud and corruption control risk management plan that is reported to the Audit and Risk Committee (ARC) every two years.

First-line assurance and the role of managers

(6) Responsibilities of managers are set out in the Fraud and Corruption Control Policy Part C. Meeting these responsibilities will include:

  1. implementing and maintaining effective internal controls within their areas of responsibility
  2. ensuring staff understand fraud and corruption risks, controls and reporting obligations
  3. monitoring operations for fraud and corruption indicators and unusual patterns
  4. immediately reporting suspected fraud or corruption
  5. preserving evidence and cooperating with investigations
  6. allocating any losses due to fraud and corruption to the cost centre in which the loss occurred.

(7) As part of the first-line assurance process, managers and staff directly involved in day-to-day University activities that carry a higher risk of fraud and corruption must develop appropriate business practices. These business practices must be:

  1. identified through an assessment of fraud or corruption risk
  2. documented and accessible to relevant staff and parties, including the CSO
  3. measured by including requirements to create records of process performance
  4. approved by a manager of sufficient skill, competence and accountability
  5. reviewed whenever new or revised policies, procedures, systems and controls are being developed and implemented
  6. subjected to periodic informal and formal audits.

Communication and awareness

(8) The CSO will coordinate induction, training, and awareness programs covering:

  1. the University’s definitions of behaviours that constitute fraud or corruption
  2. the general incidence of fraud and corruption and assessed exposures within the University and higher education sector
  3. types of fraud and corruption identified at the University in the previous five years and disciplinary/control responses
  4. the University’s zero tolerance position and the expectations of management and staff when fraud or corruption is detected or suspected
  5. fraud and corruption reporting processes including the Public Interest Disclosure (Whistleblowing) Policy and an overview of the University fraud and corruption control system (FCCS) and allocated resources
  6. behaviours that indicate possible fraud and corruption.

Conflicts of interest (including additional employment)

(9) Conflicts of interest can compromise impartial decision-making and threaten integrity where personal interests are prioritised over the best interests of the University. Fraud and corruption may occur where conflicts of interest are not declared or fully declared, or are not managed or monitored.

(10) Division of People and Culture and Procure to Pay will develop, implement and coordinate business processes for the declaration, management and monitoring of additional employment and other conflicts of interest.

Gifts and benefits

(11) Accepting gifts and benefits increases the risk of undue influence and compromises impartiality and integrity, which could lead to corruption. All staff are required to declare gifts and benefits received in line with the Conflict of Interest Procedure, and should notify their manager or other appropriate parties of any gifts which are offered and refused.

Travel

(12) The University manages travel in accordance with the Travel Policy and Procedure. Division of Finance will ensure that effective controls are in place to prevent travel related fraud and corruption. This can extend to using University travel for private purposes.

Recruitment

(13) Division of People and Culture will ensure all recruitment panel members are directed towards the Conflict of Interest Procedure and notified that they must comply with the procedure and declare any actual, potential or perceived conflicts of interest.

Segregation of duties

(14) The University implements segregation of duties across key financial and operational processes where fraud and corruption risks have been identified, ensuring no single individual has complete control over critical transactions.

Employment screening and employee declarations

(15) Division of People and Culture will develop, implement and coordinate an employment screening program consistent with relevant legislation, codes and standards, in line with the Employment Screening Procedure. The employment screening program should apply to appointments of:

  1. senior executives
  2. positions above the level of general academic and professional/general staff where the University faces an exposure to fraud and corruption.

Business associate vetting

(16) Division of Finance will develop, implement and coordinate a process for the vetting of business associates (suppliers). The vetting process:

  1. must be applied to all business associates with whom the University has a threshold value spend of $150,000 or more per year
  2. may be applied to other business associates, subject to resource availability to undertake the vetting
  3. will be repeated for all relevant business associates upon receipt of ASIC notices
  4. include, but is not limited to the following:
    1. search of company register
    2. ABN and bank account confirmation
    3. verification of the personal details of directors
    4. director bankruptcy search
    5. disqualified director search
    6. educational qualifications claimed
    7. assessment of credit rating
    8. search of legal proceedings pending and judgements entered
    9. telephone listing verification
    10. trading address verification
    11. media search
    12. search of available debarment, sanction and watch-lists
    13. search for politically exposed persons.

(17) Vetting is to be undertaken:

  1. prior to the award of contracts exceeding the threshold value
  2. at such time that the University becomes aware that expenditure with a specific supplier has exceeded the annual threshold value.

(18) Adverse outcomes in relation to vetting are to be reported to the Chief Operating Officer for consideration of the University's ongoing commercial relationship with the business associate.

Procure to Pay

(19) Procure to Pay will implement processes to support procurement processes including:

  1. Accounts payable (AP):
    1. Using independently verified contact details, AP staff confirm bank account details on vendor creation, or where invoice details contravene system data for each invoice processed.
    2. Three-way matching is used to verify that goods have been received and match the purchase order, and that invoice matches the purchase order, to ensure they all align.
    3. In addition to standard processing, high-value overseas payments must be approved by a Band 6 delegate in Division of Finance prior to payments being made.
  2. Procurement:
    1. Procurement staff engage with Division of People and Culture to ensure that additional employment and conflict of interest declarations are reviewed for impact on current and future supply chains.
    2. New vendor requests include a conflict of interest declaration. Where the spend with a new vendor is expected to be in excess of $150,000, vetting is to be conducted prior to vendor set up.
    3. Where a vendor’s poor performance or a conflict of interest is raised with the vendor, Procurement staff will remove access to the vendor, or remove the buyer, until the conflict is managed appropriately.

Information security and physical security

(20) The Director, IT Infrastructure and Security is to implement an information security management system consistent with relevant standards and contemporary practice.

(21) The CSO will maintain oversight of the University's physical security and asset management practices through:

  1. annual security risk assessments
  2. development and maintenance of university and campus security plans
  3. monitoring and review of security incidents and controls.

Education agent, intermediary and partner vetting

(22) Refer to the International Education Agent Policy and the University Partnerships Policy.

Student capability vetting

(23) The University undertakes pre-admission vetting on all prospective students applying for enrolment in a coursework or research course in accordance with the Admissions Policy and Procedure, or Charles Sturt Skills Centre Procedure.

(24) Where the University outsources pre-admission vetting to a third party, the Division of Customer Experience is to ensure that vetting occurs to an equivalent or better standard to that undertaken by the University.

(25) Verification of identification occurs:

  1. at point of issuing a student identification card (Charles Sturt Card) in accordance with the Enrolment and Fees Policy and Procedure
  2. when enrolling a Charles Sturt Skills Centre learner.

Protection of academic and research integrity

(26) Refer to the Academic Integrity Policy, Research Policy and Charles Sturt Skills Centre Procedure, which set out the requirements for the protection of academic and research integrity.

Protection of intellectual property

(27) Refer to the Intellectual Property Policy which sets out the requirements for the protection of intellectual property.

Protection of certification documentation

(28) The Executive Director, Student Experience and Executive Dean, Faculty of Science and Health (for Charles Sturt Skills Centre) will ensure the development, implementation and coordination of business practices to protect the integrity of certification documentation.

(29) These practices must ensure all certification documentation issued by the University is:

  1. unambiguously issued by Charles Sturt University
  2. readily distinguishable from other certification documents issued by the University
  3. protected against fraudulent issue, including implementing practices to:
    1. secure and account for paper stocks used in the production of certification documentation
    2. ensure the storage of electronic records of certification documentation in accordance with the University's requirements for records management
  4. traceable and authenticable
  5. designed to prevent unauthorised production or reproduction
  6. replaceable only through an authorised and verifiable process.

Privacy management

(30) The University Secretary will ensure the development, implementation and coordination of business practices to protect the integrity of personal information.

(31) These practices must ensure all personal information is compliant with:

  1. relevant statutory and regulatory requirements
  2. the information protection principles (IPP) applying to NSW public sector agencies.

Part B - Detection

Detection systems

(32) The Director, Security and Resilience (CSO), as the primary fraud control officer, has the responsibility to ensure and validate the development of systems to detect and investigate fraud and corruption. In the event that University mechanisms fail to prevent fraud and corruption, the University is committed to establishing robust systems of detection.

Post-transactional reviews

(33) Division of Finance will establish processes for review of transactions at the time of the transaction by Procure to Pay.

Data analytics

(34) Owners of processes vulnerable to fraud and corruption will ensure data analysis is undertaken and relevant indicators of the University's fraud and corruption exposures are considered. Data analysis is to be used to identify suspect transactions with particular focus on false invoicing.

Analysis of accounting reports

(35) Division of Finance will develop processes for the analysis of accounting reports to identify trends that may be indicative of fraud or corruption. Such analysis may include:

  1. monthly actual/budget comparison reports at account code level
  2. reports comparing expenditure against industry benchmarks
  3. reports highlighting unusual trends in bad or doubtful debts.

Student related fraud detection systems

(36) Various processes related to student related fraud are integrated into relevant policies, including the Admissions Policy, Enrolment and Fees Policy, Student Misconduct Rule 2020, Academic Integrity Policy, Research Integrity Complaints Management Procedure, Assessment Policy, Credit Policy, Research Policy and Charles Sturt Skills Centre Procedure.

External audit

(37) The University is required to submit its annual financial statements to the Auditor-General, through the Audit Office of NSW, for audit in accordance with the Government Sector Finance Act 2018 and the applicable Treasurer’s directions.

(38) The University will participate in the annual audit of its financial statements and in any other audits or examinations conducted by the Auditor-General or the Audit Office of NSW as required under applicable legislation. 

Part C - Response

Reporting fraud and corruption

(39) Allegations of fraud, corruption and other wrongdoing against a University employee or in relation to the University should reported as set out in the Public Interest Disclosure (Whistleblowing) Policy. The University encourages all members of the University community to report reasonable suspicions of wrongdoing in relation to the University.

(40) Members of the University community that meet the definition of public official must report reasonable suspicions of wrongdoing in relation to the University in line with the Public Interest Disclosures Act 2022 (NSW) and Public Interest Disclosure (Whistleblowing) Policy.

(41) All other potential incidents should be reported via the Incident and Risk Management System.

Coordination with public interest disclosure process

(42) The disclosure coordinator will receive reports of fraud and corruption in accordance with the Public Interest Disclosure (Whistleblowing) Policy and Procedure.

(43) When fraud or corruption is reported through the public interest disclosure (PID) process, the disclosure coordinator will notify the CSO of relevant fraud and corruption events following assessment. When notified, the CSO will:

  1. maintain confidential records of fraud and corruption incidents in accordance with PID confidentiality requirements
  2. assess whether additional fraud control measures or system adjustments are required based on reported incidents
  3. where appropriate, provide advice to PID investigators or conduct investigations on fraud control matters while maintaining appropriate separation between fraud control functions and PID investigation processes.

Exit interviews

(44) Division of People and Culture will communicate exit survey opportunities to departing staff and allow them to raise concerns, including fraud and corruption events:

  1. For executive staff exits (SNR03 and above):
    1. a link to the online exit survey is sent to departing staff
    2. an exit interview with Executive Director, People and Culture is provided upon request.
  2. For other staff exits:
    1. a link to the online exit survey is sent to departing staff
    2. an exit interview will be provided after completing the online survey if they contact a Business Partner and advise they have further issues to raise. The Business Partner will arrange for this to be with a disclosure officer if appropriate, in accordance with the Public Interest Disclosure (Whistleblowing) Policy.
  3. Personal information collected through the survey or interview is managed in accordance with the Privacy and Personal Information Act (1998) NSW.

(45) Where fraud or corruption concerns are raised during exit processes, Division of People and Culture will refer matters to appropriate disclosure officers in accordance with the Public Interest Disclosure (Whistleblowing) Policy.

Investigation of fraud and corruption

(46) Where a report of wrongdoing is made to an authorised disclosure officer as set out in the Public Interest Disclosure (Whistleblowing) Policy, the report will be managed and investigated as stated in the Public Interest Disclosure (Whistleblowing) Procedure.

Top of Page

Section 4 - Guidelines

(47) Nil.

Top of Page

Section 5 - Glossary

(48) This procedure uses terms defined in the Fraud and Corruption Control Policy.