(1) The purpose of this policy is to protect the reputation and assets of Charles Sturt University (the University) from fraudulent and corrupt activities. (2) This policy establishes a fraud and corruption control system (FCCS) consistent with the Australian Standard on Fraud and Corruption Control (AS 8001:2021). The policy provides guidance on how to prevent, detect and respond to incidents of fraud and corruption and: (3) This policy applies to all staff, students, customers, contractors, business associates, partners, external service providers, volunteers and controlled entities of the University. (4) This policy should be read in consideration of the University’s Organisational Assurance Policy and the Risk Management Policy. (5) The reporting and investigation of any allegations of fraud or corrupt conduct are dealt with under the Public Interest Disclosure (Whistleblowing) Policy and associated processes. (6) Research, academic and general misconduct by staff and students will be dealt with under the relevant policy instruments such as the Research Misconduct Procedure and the Student Misconduct Rule 2020. (7) Disciplinary matters in relation to staff are dealt with in accordance with the provisions of the prevailing Charles Sturt University Enterprise Agreement. (8) For the purpose of this policy, the following additional terms have the definitions stated: (9) Charles Sturt University has zero tolerance for fraud and corruption. (10) The University Council acknowledges and accepts overall accountability for controlling the University’s fraud and corruption risks. (11) The University recognises that fraud and corruption can create reputational and financial damage to the University, undermine public confidence and damage staff and student productivity and morale. Fraud and corruption are incompatible with the values of the University and present a risk to the achievement of our objectives and provision of our services to all our stakeholders. (12) The University recognises that the risk of fraud and corruption can arise in various contexts and will put in place measures proportionate to the risks it faces in order that staff, students and associates of the University and its controlled entities are aware and understand the relevant policies and procedures for the prevention, detection and response to fraud and corruption. (13) To demonstrate this commitment the University, through the Vice-Chancellor and Executive Leadership Team, will ensure: (14) This policy is one element of a suite of practices in place across the University that reinforce the University’s values. These values aim to guide our behaviour and way of working to help us achieve our ethos of respectfully knowing how to live well in a world worth living in. (15) The University’s framework of ethical conduct includes but is not limited to: (16) Supporting the University’s commitment to an observable ethical culture, all staff are required to confirm in writing, annually, that they have over the previous twelve months complied with the University’s Code of Conduct and this Fraud and Corruption Control Policy and that they will so comply over the ensuing twelve months. (17) The University recognises the Chief Security Officer as its primary fraud control officer. In relation to fraud and corruption matters, the Chief Security Officer is responsible for: (18) While not limiting the capacity of any person to report matters of concern to any person or agency, the Chief Security Officer is the nominated position authorised to make official reports to external agencies as a representative of the University with the exception of: (19) The Chief Security Officer is to attend continuing professional development in order to maintain a sound understanding of methods for managing the risk of fraud and corruption in accordance with relevant standards and contemporary and emerging practice in the field. (20) The Chief Security Officer is responsible for ensuring that all of the University’s fraud and corruption control resources are coordinated and work together to fulfill the objectives of this policy. (21) The University recognises the Director, IT Infrastructure and Security (DIIS) as the information security management system officer. The DIIS is responsible for: (22) The University is committed to preventing fraud and corruption within the University and its controlled entities. To this end, the University will put in place appropriate mechanisms for fraud and corruption risk management, including policies and procedures, risk assessment, internal controls, investigation, reporting, education and independent auditing to reduce the incidence of fraud and corruption and regularly evaluate these for effectiveness. (23) The University will minimise the incidence of fraud and corruption by: (24) The Chief Security Officer will coordinate an annual program of fraud and corruption risk management activities across the University: (25) The Chief Security Officer will use the findings of the fraud and corruption risk assessments to develop a fraud and corruption control assurance management plan to be reported annually to the Audit and Risk Committee and monitored for effectiveness over time. (26) The Chief Security Officer will coordinate a regular program of communication and awareness to inform all stakeholders impacted by this policy of: (27) The Executive Director, People and Culture will develop, implement and coordinate an employment screening program consistent with contemporary human resources practice, relevant legislation, codes and standards. The employment screening program should apply to appointments of: (28) The program will provide for effective employment screening of relevant persons: (29) The Executive Director, People and Culture will develop, implement and coordinate business processes for the declaration of outside professional activities. (30) The Executive Director, People and Culture will develop, implement and coordinate business processes for the declaration of conflicts of interest. (31) The Chief Financial Officer will develop, implement and coordinate a process for the vetting of business associates (suppliers): (32) The vetting process is to include but is not limited to the following: (33) Vetting is to be undertaken prior to the award of contracts exceeding the threshold value and at such time that the University becomes aware that expenditure with a specific supplier has exceeded the annual threshold value. (34) Adverse outcomes in relation to vetting are to be reported to the Chief Operating Officer for consideration of the University’s ongoing commercial relationship with the business associate. (35) The Director, IT Infrastructure and Security (DIIS) is to implement an information security management system consistent with relevant standards and contemporary practice. (36) The Chief Security Officer is to maintain oversight of the University’s practices for the physical security and asset management. The security of the physical environment is to be assessed in order to ensure appropriate measures are put in place for the prevention of theft of valuable tangible assets. These measures should include but are not limited to consideration of the following: (37) Refer to the International Education Agent Policy and the University Partnerships Policy. (38) The University undertakes pre-admission vetting on all potential students applying for enrolment in a coursework or research course in accordance with the Admissions Policy and Admissions Procedure. (39) Where the University outsources pre-admission vetting to a third party, the Division of Customer Experience is to ensure that vetting occurs to an equivalent or better standard to that undertaken by the University. (40) Verification of identification occurs at point of issuing a student identification card (Charles Sturt Card) in accordance with the Enrolment and Fees Policy and Enrolment and Fees Procedure. (41) Refer to the Academic Integrity Policy and the Research Policy which set out the requirements for the protection of academic and research integrity. (42) Refer to the Intellectual Property Policy which sets out the requirements for the protection of intellectual property. (43) The University Secretary will ensure the development, implementation and coordination of business practices to protect the integrity of certification documentation. (44) These business practices must ensure all certification documentation issued by the University is: (45) The University Secretary will ensure the development, implementation and coordination of business practices to protect the integrity of personal information. (46) These business practices must ensure all personal information is compliant with: (47) These business practices will also have consideration of the Australian Privacy Principles and best practice in the sector. (48) Internal audit supports the prevention of fraud and corruption by: (49) In the event that the mechanisms in place at the University fail to prevent fraud and corruption, the University is committed to the establishment of robust systems of detection. The Chief Security Officer, as the University’s primary fraud control officer, has the responsibility to ensure and validate the development of systems to detect and investigate fraud and corruption. As a minimum, these processes will include post transactional review, data mining and analysis of management accounting reports. (50) A random selection of transactions will be reviewed, after processing, by personnel unconnected with the business unit making the transaction. Transactions to be reviewed include any action where a fraudulent or corrupt gain or loss is possible and includes: (51) The transaction reviews will look to ensure: (52) Processes for data analysis will be developed to consider the relevant indicators of the University’s fraud and corruption exposures. Data analysis is to be used to identify suspect transactions with particular consideration of false or fictitious invoicing. (53) Processes for the analysis of accounting reports will be developed to identify trends that may be indicative of fraud or corrupt conduct. Such analysis may include: (54) Refer to relevant policies such as Admissions Policy, Enrolment and Fees Policy, Student Misconduct Rule, Academic Integrity Policy, Research Misconduct Procedure, Assessment Policy, Credit Policy, or Research Policy. (55) The University will have the Audit Office of NSW validate the annual financial statements. (56) The University will participate in audits by the Audit Office of NSW annually and as otherwise required. (57) Fraud and corruption, and other wrongdoing, can be reported as set out in the Public Interest Disclosure (Whistleblowing) Policy. The University encourages all members of the University community to report reasonable suspicions of wrongdoing in relation to the University. (58) The University’s complaints management processes are to ensure that relevant staff receiving complaints, including frontline and communications staff, are trained in recognising complaints about fraud and corruption and the subsequent internal and external reporting processes that are available. (59) The University’s exit interview process is to seek to identify any knowledge or reasonable suspicion the exiting employee has of potentially fraudulent or corrupt conduct. The scope of the enquiry is to include the conduct of: (60) Where a report of wrongdoing is made to an authorised disclosure officer as set out in the Public Interest Disclosure (Whistleblowing) Policy, the report will be managed and investigated as stated in the Public Interest Disclosure (Whistleblowing) Procedure. (61) Where a person expresses a concern regarding their personal information held by the University, these concerns will be responded to in accordance with the University’s Privacy Management Plan. (62) The University may commence applicable disciplinary procedures if a person to whom this policy applies breaches this policy (or any related procedures), which may include referral to the police. A breach of this policy may also be a breach of other University policies, such as the Code of Conduct. (63) The University may consider breaches of this policy serious misconduct and grounds for termination of employment, in accordance with the relevant enterprise agreement and/or employment contract. (64) Nil. (65) Nil.Fraud and Corruption Control Policy
Section 1 - Purpose
Scope
Section 2 - Glossary
Top of PageSection 3 - Policy
Part A - Planning and prevention of fraud and corruption
Mandate and commitment
Framework of ethical conduct
Chief Security Officer is the fraud control officer
Director, IT Infrastructure and Security is the information security management system officer
Prevention systems
Fraud and corruption risk assessment
Communication and awareness of fraud and corruption
Employment screening and employee declarations
Business associate vetting
Preventing technology-enabled fraud
Physical security and asset management
Education agent, intermediary and partner vetting
Student capability vetting
Protection of academic and research integrity
Protection of intellectual property
Protection of certification documentation
Privacy management
Internal audit
Part B - Detection of fraud and corruption
Detection systems
Post-transactional reviews
Data analytics
Analysis of accounting reports
Student related fraud and corruption detection systems
External audit
Part C - Response to fraud and corruption
Reporting fraud and corruption
Complaint management
Exit interviews
Investigation of fraud and corruption
Responses to privacy concerns
Breach of policy
Section 4 - Procedures
Section 5 - Guidelines
View Current
This is not a current document. To view the current version, click the link in the document's navigation bar.