View Document

Fraud and Corruption Control Framework

This is the current version of this document. You can provide feedback on this document to the document author - refer to the Status and Details on the document's navigation bar.

Section 1 - Background

(1) Effective prevention, detection and responses to fraud and corruption are essential to protect the reputation and business objectives of the University.

(2) This Framework defines fraud as a deliberate and dishonest act intended for financial or personal gain, as a major subject of corruption (see definitions at Section 4).

(3) Staff, students, contractors, Senators, Members and other affiliates must ensure ACU funds are spent for their intended purposes; its information is secure; academic and research activity is conducted with honesty and integrity; and assets and resources are used appropriately to protect ACU’s interests and reputation.

(4) Development of this Framework is based on based on Fraud and Corruption Control AS 8001:2021 (AS 8001:2021).

(5) This Framework is supported by:

  1. the ACU Fraud and Corruption Control Policy; and
  2. the ACU Fraud Control Plan.
Top of Page

Section 2 - Purpose

(6) The purpose of the Framework is to:

  1. minimise opportunities for fraud and corruption;
  2. protect ACU assets and reputation; and
  3. maintain the effectiveness of ACU risk management operations.
Top of Page

Section 3 - Fraud and Corruption Statement

(7) Fraudulent or corrupt activity of any kind, including for the benefit of ACU, is expressly forbidden. ACU has zero tolerance for fraud and corruption. Staff and students are expected to conduct themselves in a manner consistent with the principles and values of ACU.

Top of Page

Section 4 - Definitions

Fraud, Corruption and Misconduct

(8) Table 1 outlines definitions for Fraud, Corruption and Misconduct

Term Definition
Fraud
  • A major subset of corruption.
  • A deliberate, potentially opportune and premeditated dishonest act or omission intended for the purpose of gaining advantage from a position of trust or authority.
  • It includes acts such as:
    • theft;
    • making false statements or representations;
    • evasion;
    • manipulation or improper use of information or position;
    • criminal deception and abuse of property or time;
    • obtaining property, a financial advantage or any other benefit by deception, whether deception is used at the time, immediately before or immediately following the activity;
    • causing a loss, or avoiding or creating a liability by deception;
    • providing false or misleading information to ACU, or failing to provide information where there is an obligation to do so;
    • the deliberate falsification, concealment, possession, destruction or use of falsified documentation;
    • bribery, corruption or abuse of position;
    • unlawful use of ACU assets including computers, vehicles, telephones, research and intellectual or other property or services;
    • divulging confidential information to outside sources;
    • subverting or interfering with University computer systems and devices; and
    • any offences of a similar nature.
Corruption
  • Behaviour that may involve fraud, theft, misuse of position or authority or other acts that are unacceptable to an organisation and which may cause loss to the organisation, its clients or the general community.
  • May also include such elements as breaches of trust and confidentiality.
  • The behaviour need not necessarily be criminal.
  • Fraud and Corruption Control AS 8001:2021 defines corruption as “dishonest activity in which a director, executive, manager, staff member or contractor of an entity acts contrary to the interests of the entity and abuses their position of trust in order to achieve some personal gain or advantage for themselves or for another person or entity”.
Academic Misconduct
  •  Any action or attempted action that may result in an unfair academic advantage to one or more students.
Research Misconduct
  • Research misconduct is a serious breach of the Code which is also intentional or reckless or negligent.
  • Repeated or persistent breaches, even those that individually are deemed to be minor, may also constitute research misconduct.
Top of Page

Section 5 - Sources of fraud and corruption

Internal

(9) Fraud and corruption threats may be generated internally through students (e.g. deliberately compromising academic integrity), researchers (e.g. driven by grant applications or budgeting concerns / career advancement desires or / “publish or perish” mentality) or other staff who are either self-motivated or recruited by a third party to specifically exploit a potential, current or former privileged access. They may also be unintentional fraudsters such as students who may not understand or be aware of academic or research integrity expectations or who become complicit to a fraud unknowingly.

External

(10) Fraud and corruption threats may be generated by external parties such as research collaborators, contractors, and third-party service or placement providers.

Cyber

(11) Cyber fraud covers a wide range of criminal activity. This can include:

  1. identity theft;
  2. stolen bank account numbers;
  3. stolen online passwords;
  4. hacking;
  5. phishing;
  6. copyright infringement;
  7. theft of Intellectual Property (IP);
  8. theft of Personal Health Information (PHI); and
  9. theft of Personally Identifiable Information (PII).

(12) Both individuals and companies suffer from the costly effects of cyber fraud within their networks. 

International

(13) International threats may arise due to ACU’s activities, programmes and dealings with countries offshore. Issues may include:

  1. foreign bribery (whether intentional or unwittingly) can occur due to a lack of understanding or misinterpretation of foreign laws;
  2. cultural differences experienced by international students studying at ACU may impact understanding and expectations around what constitutes fraud; and
  3. contract cheating involving offshore providers.

(14) Foreign interference can occur when activities carried out by, or on behalf of a foreign actor, are coercive, covert, deceptive or corrupting and are contrary to Australia’s sovereignty, values and national interests. Foreign actors may seek to engage in foreign interference through efforts to alter or direct ACU’s research agenda, economic pressure, solicitation or recruitment of post-doctoral researchers and academic staff and cyber intrusions. 

Top of Page

Section 6 - Roles and Responsibilities

Who Fraud and Corruption Control Responsibilities
Senate
  • Oversee the establishment and effective operation of key policies.
  • Approval of Fraud and Corruption Control Framework.
  • Ensure adequate risk management procedures and associated internal controls are established and effectively maintained.
  • Require and monitor compliance with statutory and regulatory obligations.
  • Ensure ACU’s assets and resources are properly managed.
  • Effectively manage its own operations, with due concern for proper and appropriate accountability.
Senate Standing Committee
  • Approval of Fraud and Corruption Control Framework and Policy.
  • Oversee the establishment and effective management of fraud and corruption control and report to Senate.
Audit and Risk Committee
  • Review the risk management practices of the University with regards to fraud control, advise and report to Senate Standing Committee and Senate as required.
  • Quarterly monitoring and review of Fraud Registers.
Academic Board
  • Academic and Research Integrity.
  • Review of Academic and Research Fraud Misconduct and Dishonesty Reports.
Vice-Chancellor and President
  • Oversight of the Fraud and Corruption Control Framework, policy and effective internal control structure.
  • Regular communication of commitment to highest ethical standards.
Provost
Chief Operating Officer and Deputy Vice-Chancellor
  • Governance of the Fraud and Corruption Control Framework.
  • Lead operational fraud prevention, detection and response activity.
  • Lead operational fraud monitoring, evaluation and reporting activity.
  • Lead operational fraud and corruption strategy.
  • Oversee Fraud and Corruption Investigations.
Chief Financial Officer
  • Monitor financial integrity.
  • Review internal financial controls.
  • Ensure and co-ordinate external audit including its independence and authority.
  • Review insurance adequacies and currency.
  • Maintain a Register of financial matters associated with Fraud and Corruption and report as necessary (refer to Section 10).
  • Maintain a register for Gifts and Benefits and report as necessary.
Deputy Vice-Chancellor (Research and Enterprise)
  • Review of Research Fraud, Misconduct and Dishonesty Reports.
  • Manage, investigate and report Conflicts of Interest in Research Ethics applications.
  • Maintain a register of matters associated with Research Integrity Fraud Misconduct and Dishonesty (refer to Section 10).
  • Oversight and management of the Research Ethics and Integrity Unit which provides guidance and oversight with respect to research ethics and integrity at ACU. This includes but is not limited to:
    • delivery of education and training on the responsible conduct of research;
    • coordination, and training of, research integrity advisors;
    • provision of guidance and advice to researchers, research integrity advisors, governance committees and the University Executive on matters relating to the responsible conduct of research;
    • management of, and provision of support to, the Human Research Ethics Committee ;
    • oversight of the University’s ethics application process;
    • receipt and management of complaints pertaining to the responsible conduct of research;
    • defined roles within the University’s investigations process, as outlined in the Process for Managing Potential Breaches of the Research Code of Conduct; and
    • financial misconduct.
Human Research Ethics Committee
  • Provide guidance and oversight for all research involving participants, personal data, and human tissue that is conducted at ACU or by ACU researchers.
  • Provide approval for all research involving participants, personal data, and human tissue that is conducted at ACU or by ACU researchers prior to commencing research.
Academic Registrar and Director, Student Administration
  • Maintain a register of matters associated with academic misconduct (refer to Section 10).
Director, Legal, Assurance and Governance
  • Manage and report disclosures in relation to:
  • Conduct internal audits of risk, governance and control processes within ACU to independently review processes, systems and controls.
  • Review and maintain ACU Fraud and Corruption Control Policy.
  • Formally update the Fraud and Corruption Control Plan as required.
  • Ensure the Fraud and Corruption Control Policy is communicated to all staff.
  • Assist with Fraud Awareness Training to Staff.
  • Implementation and support of enterprise risk management.
  • Explore use of data analytics for continuous monitoring and control.
  • Consolidate and report incidents of fraud, corruption & misconduct provided by responsible officers via the Fraud Registers (defined at Section 10) to the Audit and Risk Committee.
General Counsel
  • Provide independent legal guidance on matters pertaining to identified or suspected fraud and corruption as required.
Chief People Officer
  • Ensure Code of Conduct for Staff reflects legislative obligations.
  • Ensure terms of employment refer to Code of Conduct for Staff.
  • Ensure Code of Conduct for Staff is referenced in annual performance reviews.
  • Ensure Code of Conduct for Staff is regularly communicated to all staff.
  • Educate, staff members of behavioural and ethical standards such as required by the Code of Conduct for Staff.
  • Identify and develop training and induction options relating to fraud and corruption control including basic investigation training for relevant staff.
  • Ensure staff engagement surveys include reference to fraud and corruption control activities.
  • Coordinate actions to effect employment disciplinary outcomes from investigations as necessary.
  • Maintain a register of People and Capability matters associated with fraud and corruption and report as necessary (refer to Section 10).
Chief Marketing Officer
  • Ensure Fraud-related policies and procedures are immediately accessible on public, student and staff websites.
  • Ensure awareness of fraud and corruption control obligations through multimedia and regular communication plans for all ACU stakeholders with content sourced from responsible stakeholders.
Chief Information and Digital Officer
  • Maintain regular testing of physical and technical barriers and tools.
  • Conduct regular expert reviews of cyber security.
  • Promote education of cyber and information technology fraud and corruption controls.
  • Ensure regular review compliance & currency of the Information Security Policy.
  • Maintain a register of Information Technology matters associated with fraud and corruption and report as necessary (refer to Section 10).
National Manager, Advancement and Alumni
  • Coordination and reporting of a register of donations.
Management Levels
1–5
  • Identify individual fraud risks originating in or relevant to their unit.
  • Ensure appropriate processes are in place to manage ACU fraud risks.
  • Foster an environment which promotes the highest standards of ethical behaviour.
  • Ensure all fraud and corruption control awareness and training is undertaken by all relevant staff.
  • Advise staff on procedures for resolving ethical dilemmas through Code of Conduct for Staff, the Research Code of Conduct and as required People and Capability or line executive.
  • Perform risk assessments on third parties who operate on the University’s behalf and ensure all contracts and service level agreements are duly authorised and include clear accountabilities for performance and management of fraud risk.
  • Act within the Delegations of Authority Policy and Register and ensure all staff do likewise.
  • Undertake analysis of control failures and report as necessary
  • Ensure all identified or suspected fraud or corruption incidents are referred for recording in appropriate Fraud Registers
  • Assist in conduct of investigations into suspected fraudulent activity, and where necessary, engage services of agencies to assist as needed.
All staff
  • Familiarise themselves with Fraud and Corruption Control Policy, the Fraud Control and Corruption Control Plan and fraud and corruption control procedures to enable them to make risk-based decisions about fraud control compliance in their day-to-day operations
  • Immediately report suspected incidents of fraud and misconduct either directly to management or via Protected Disclosures procedure.
  • Complete fraud and corruption control training as required.
  • Behave ethically and in accordance with the Code of Conduct for Staff in the performance of their duties.
  • Comply with the Delegations of Authority Policy and Register, Information Security Policy and Travel Policy.
Credit Card Holders
Top of Page

Section 7 - Fraud and Corruption Control Framework

(15) THis Framework is based on two key components:

  1. Structural foundations support effective and timely fraud and corruption control; and
  2. Strategies related to the measures taken to identify and assess, prevent, detect and respond to fraud threats and challenges. 
Top of Page

Section 8 - Fraud and Corruption Framework – Structural Foundations

Framework STRUCTURAL FOUNDATIONS ACTIVITY
Leadership Senate is committed to the highest ethical standards such that they support and imbue the ACU Strategic Plan and ACU Mission, Identity and Values and vision.

Members of the Senior Executive place the utmost importance on effective fraud control and ethical behaviour in all ACU’s operations as they relate to students, staff members, education and research quality and integrity and interactions with all other stakeholders and wider ACU community.

ACU leaders acknowledge that the “tone is set from the top”.
  • Support resourcing capabilities and development opportunities to continuously improve ACU’s fraud and corruption control and resilience.
  • Provide regular communication from the Senior Executive to staff members and students highlighting and promoting fraud control at ACU as ongoing reinforcement of ACU’s commitment and expectations to integrity and focus on ethics.
Culture Underpinning the success of all ACU fraud and corruption control strategies is a strong ethical culture that values and supports honesty, trust, transparency and fair dealings.
Code of Conduct for Staff
The Code of Conduct for Staff establishes the standards of behaviour expected from all staff members.

It speaks to issues around honesty and integrity which are “fundamental principles of the University as an institution devoted to the pursuit of excellence in student learning and teaching, research and service, and to respecting the value and dignity of each person.”
The reference to honesty in the Code of Conduct for Staff encourages readers to act lawfully and with integrity.

Importantly it points to important aspects of Fraud including “Conflicts of Interest” and Gifts and Benefits.
Training and Awareness Formal and informal training and awareness programs provide staff members with:
  • awareness of what constitutes fraud and corruption.
  • resources for detection and prevention of fraud and corruption.
  • an understanding of consequences of engaging in fraud or corruption behaviour.
  • feedback to ACU management to gauge effectiveness of training and awareness programs.
  • Ensure fraud and corruption awareness training is undertaken by all staff members.
  • Provide specialised training on an ongoing basis to those staff whose roles are critical to fraud prevention and detection.
  • Ensure integrity officer roles (including Research Integrity Advisors and Research Ethics and Integrity Officers), support research conduct and provide a valuable resource to all students and staff members needing guidance.
  • Ensure fraud related policies and procedures are immediately accessible via the ACU public, student and staff websites and provide up to date clarity with regards to issues such as academic integrity, procurement processes, financial control, and protected disclosures for example.
  • Ensure the ACU Workplace site provides regular fraud related news and information as a means of keeping fraud awareness fresh and topical.
  • Utilise multi-media including online screen savers, library material, posters and newsletter to keep ACU’s wider community aware and informed of fraud control related activities and responsibilities.
  • Ensure staff feedback surveys (e.g. MyVoice) include fraud and awareness content.
Ethical Employment Practices ACU acknowledges that commitment to ACU Mission, Identity and Values is best served when staff members feel appropriately valued.

Staff member investment reduces the risk of internal fraud.
  • Ensure ACU employment practices support positive staff engagement through transparent and fair dealings consistent with related legislation and standards.
  • Evaluate candidates thoroughly to ensure their credentials, competencies, skills and attitudes align with job requirements and position descriptions and related key performance indicators are set to ensure staff members are motivated correctly and optimally. 
  • Conduct criminal history, working with children and other background checks where relevant.
Capability Development ACU supports a strong and positive culture through its Capability Development Framework (“CDF”).

The CDF is one of several frameworks and standards that express the University’s expectations of the conduct, capability, participation and contribution of staff (such as the Code of Conduct for Staff, Research Code of Conduct, the Learning for Life Framework and the Academic Performance Matrices).

The CDF applies to everyone. It enables a whole-of-organisation approach to develop and strengthening capability, and it is part of the ongoing investment by the University in the professional development of our staff. The CDF enables a clear view of the competencies that support achievement of excellence.

It supports conversations between staff and supervisors in identifying professional development opportunities, both to strengthen capability in the current role and understand expectations at the next level.
  • Integrate the CDF into:
    • Development of position descriptions:
    • Recruitment;
    • Performance reviews;
    • Performance management;
    • All ongoing training opportunities and requirements.
Governance Corporate Structure

ACU’s governance structure supports fraud and corruption control at the strategic, academic and operational levels.
  • Senate sets and reviews strategic direction, priorities and performance directives upon the recommendation of the Vice-Chancellor and President.
  • The Audit and Risk Committee provides Senate with independent audit and risk management advice.
  • The Academic Board provides Senate with advice related to issues of academic and research integrity.
  • Report all key information and advice regarding fraud and control to relevant committee as per the Statutes and terms of reference.
Risk Management Accountability - Three Lines of Defence Model
All staff at ACU have a responsibility for acting ethically.

This responsibility is imbued not only within the Code of Conduct for Staff, policy compliance and employment agreements but also within the Three Line of Defense model which ACU has adopted with regards to risk and control management.
  • The “First Line of Defense” extends responsibility for managing risk beyond operational and functional management level, to all staff. This means that staff members who become aware of the potential or existence of fraud, to respond appropriately either by escalating the issue, by reporting it through the protected disclosures channels or by acting directly to mitigate any risk.
  • The “Second Line of Defense” establishes functions that oversee the first line of defense to ensure ACU complies with policies, procedures and regulatory requirements. These functions include risk management, compliance and governance, health and safety and a number of sub-committees established by the Senate.
  • The “Third Line of Defense” provides independent assurance through internal and external audit.
  • Ensure all staff are made aware of their obligations as first line of defense with regards to fraud and corruption control.
  • Maintain governance, risk and compliance functions within ACU.
  • Ensure independence and authority of internal and external audit functions. Refer to external expert consultants for advice when required.
  • Ensure reporting to the Research Ethics and Integrity Unit for matters of research integrity or breaches of the Research Code of Conduct.
Roles and Responsibilities Fraud and corruption control are a responsibility of every staff member.

Specific responsibilities for fraud and corruption control within the University however exist and are detailed in Section 6.
  • Ensure employment contracts include obligations for performance of duties in accordance with legislative requirements, Code of Conduct for Staff, Research Code of Conduct, and policies and procedures.
  • Ensure staff with specific responsibility for fraud and corruption control understand and can competently perform their obligations.
Communications and Protections
The Code of Conduct for Staff encourages staff members to be “courageous” in actions relating to issues of ethical decision making.
The Research Code of Conduct and Research Complaints and Investigations Procedure provide guidance and direction with regards to research integrity
The University supports staff members through its Protected Disclosures Policy and Protected Disclosures Procedure for reportable conduct as well as through its Discrimination and Harassment Policy.
Staff are encouraged to report concerns of fraud to their supervisor. In matters of potential research integrity breaches, report concerns to the Research Ethics and Integrity Unit or Research Integrity Advisor. In the event the Supervisor is the subject of this concern, staff are encouraged to speak to another more senior manager or disclose the matter in accordance with the Protected Disclosures Policy and Protected Disclosures Procedure.
  • Ensure processes for notifying concerns regarding fraud and corruption are readily accessible via ACU’s website.
  • Conduct Protected Disclosures Policy and Protected Disclosures Procedure workshops on a regular basis.
  • Conduct Research Ethics and Integrity training on a regular basis for staff and students.
Policy and Procedures
Commentary on fraud exists by implication in the Code of Conduct for Staff and other key governance documents including but not limited to the Misconduct and Serious Misconduct Policy, Research Code of Conduct, as well as Research Complaints and Investigations Procedure.
Compliance with policy and procedure is mandatory and is subject to not only supervisor and management oversight, but also ongoing substantive and qualitative testing and reporting via the ”Three lines of defense” model.
  • Ensure policies and procedures are readily accessible for all relevant stakeholders.
  • Ensure policies and procedures are regularly reviewed and updated for currency and application.
Legislation ACU complies with all relevant legislation as it relates to its Australian and international operations.
Top of Page

Section 9 - Fraud and Corruption Framework – Strategies

Framework Strategy Activity
Assessment
Identifying Sources of Threats
Understanding sources of fraud and corruption threats is important particularly given the breadth of ACU operations. Strategies need to be in place and agile where necessary, in order to preempt or respond to misconduct. Appendix B lists potential sources of fraud and corruption.
  • Ensure Code of Conduct for Staff encourages awareness.
  • Ensure training of all staff as well as targeted training for specific staff members includes fraud and corruption control assessment capacity.
Risk Management Cycle
ACU has adopted a risk-based approach to managing fraud and corrupt practices through its policy and procedures and via its Enterprise Risk Management Framework (ERMF).

Under the ERMF, all risks relating to fraud and corruption must be captured, assessed, responded to and monitored on an ongoing basis.
  • ACU’s Risk Management System should be used to assess fraud and corruption risks which will then be managed via assigned action responsibility, action due dates, second line of defence oversight and escalation and reporting provided regularly to the Audit and Risk Committee.
  • Ensure risk appetite and tolerance levels for fraud and corruption risk are set and regularly reviewed within the Risk Appetite Statement with processes for breach reporting outlined. 
Prevention Review and Ongoing Monitoring of ACU’s Fraud and Corruption Control Framework Foundations

ACU regularly reviews and monitors the foundations that underpin its Fraud and Corruption Control Framework. These reviews serve to highlight and action critical weaknesses such as staff disengagement or dissatisfaction, breakdowns in communications, distrust, and other issues that can lead to a fracture in ethical commitment. They also serve to provide transparent feedback to staff as part of the ongoing capabilities and development programme.
Regularly review the Framework with consideration to information and feedback provided through:
  • my Voice Survey.
  • ACU’s internal audit and quality assurance programme.
  • Staff member Position Descriptions and performance reviews.
  • Regular “Campus Conversations”.
  • Vice-Chancellor and President's updates.
  • ‘Workplace’ news briefings.
  • Periodic reviews of all policies and procedures.
  • Corporate Governance periodic independent review (at least seven years as per Higher Education Standards Framework (Threshold Standards) 2021 Part A 6.1.3.d).
  • Fraud training and awareness programmes.
  • Continued development of employment screening processes.
  • Misconduct and Serious Misconduct Policy and Research Code of Conduct.
  • Student communications / campaigns regarding academic integrity.
Delegated Authorities
The University maintains its delegated authorities to ensure that correct approval for all activities conducted within ACU is consistent and authorised in line with Senate's determinations.
  • Ensure the Delegations of Authority Policy and Register is regularly reviewed and updated for currency.
  • Ensure that breaches are appropriately reported to Senate at regular intervals, including remedial action undertaken.
Financial Control
Checks and balances are built into existing financial and financially implied processes.
Regularly review and confirm operation of key financial control processes including:
  • Segregated duties
  • Delegated expense limits
  • Claims management
  • Credit card acquittal
  • Procurement and tendering
  • Vendor confirmations
  • Leave applications
  • Payroll
  • Project due diligence
Office of Research Services and Research Finance Grants team regularly review and confirm operation of key financial control processes.
ICT Security and Physical Access Control
ACU has a detailed set of cyber security protocols and processes aimed at reducing ACU exposure to cybercrime.
  • Maintain and regularly test physical barriers, technical barriers and tools.
  • Promote education and advisory services.
  • Undertake regular expert review to ensure ACU’s cyber resilience.
Disclosures of Interest
ACU requires staff with relevant interests to disclose directorships, secretaryships and partnerships. Any other conflicts of Interest must also be disclosed.
  • Ensure gifts received and provided over the value of $100 are recorded within the ACU Operational Gift Registers.
  • Gift Registers to be reviewed by Senior Management (Level 4) at least annually.
Suspected Fraud Response and Investigation training
Key staff responding to suspected fraud and involved in fraud investigations are provided with specific training as part of the capabilities and development framework.
  • Ensure key staff are trained in appropriate response to suspected fraud including fraud investigation techniques to be used under the advice and direction of the Office of General Counsel.
Third party fraud and corruption prevention
Contractors, suppliers, research collaborators and practical placement providers are subject to a structured risk based due diligence process. 
  • Risk assessments are conducted on all procured third-party providers.
  • Contracts and service level agreements must be duly authorised and include clear accountabilities for performance and managing fraud risk. 
  • Dispute and termination provisions are required to be clear and agreed.
  • Procurement managers and staff members responsible for managing contracts must demonstrate a high level of awareness of potential fraud risks and understand ACU processes for investigation and notification.
  • All contracts including the contracting process and where appropriate, third party processes and performance, may be subject to internal audit.
Detection Internal Controls

In order to detect fraud and corruption, a robust internal control environment exists within the University.

This includes but is not limited to reconciliations, budgets, approvals and authorities, control self-assessments, and reporting for example.
  • Ensure internal controls are in place and regularly tested for substantive and compliance integrity.
  • Ensure internal audit function is appropriately resourced, supported and operates in alignment with the Internal Audit Charter.
Data Analytics and Monitoring
Sophisticated data analytics provides ACU with metrics and reporting against which variance analysis and performance evaluations can be regularly conducted.
  • Financial Corporate Services to provide business intelligence and analysis to identify inconsistencies or unusual trends.
  • Finance and Planning to apply continuous monitoring techniques and conduct reviews of payments to allows timely detection of duplications, and other suspicious transactions.
  • IT security checks to run simultaneously to ensure access and data have not been compromised.
Internal Audit

ACU maintains an outsourced Internal Audit Programme to provide an independent and objective assurance of ACU operations and activities.

Internal Audit provides a disciplined, systematic risk-based approach to detecting fraud and corruption risk and provides recommendations for strengthening the fraud control environment through consultation and reporting back to review sponsors, the Assurance Unit and the Audit and Risk Committee (ARC).
  • Ensure an Internal Audit Schedule is developed periodically through collaboration with Executive management (Level 2-4), the ARC and ACU’s internal and external audit partners and is approved by the ARC.
  • Conduct surveys from stakeholders to ensure Internal Audit engagement is operating satisfactorily.
  • Conduct an annual review of internal audit services for compliance against the International Professional Practices Framework.
  • Track internal audit agreed management actions to ensure completion and report regularly to ARC.
External Audit

External Audit is responsible for conducting an annual audit (and/or ad hoc reviews upon request) of the University’s financial statements. External Audit consider whether the accounts are true and fair or whether material misstatements exist. 
  • Escalate evidence of fraud identified by external audit appropriately for further investigation.
Protected Disclosures

ACU is committed to ensuring that staff members and other identified stakeholders within the wider ACU community are protected upon making fraud and corruption disclosures.
Escalation and reporting

In order to ensure detected frauds and environment control weaknesses cannot be overlooked or underplayed, a quarterly de-identified report of all fraudulent activity must be provided to the Vice-Chancellor and President, the Academic Board (Academic and Research related only) and the ARC.
  • Ensure quarterly report is provided to the Vice-Chancellor and President, the Academic Board (Academic and Research related only) and / or ARC.
Fraud Database / Registers
The University maintains fraud and corruption databases / registers containing reports of suspected misconduct or actual fraud including actions taken and outcomes.
  • Regularly review the fraud and corruption databases / registers to identify systemic issues that need attention.
  • Keep databases / registers up to date and publish de-identified data on the ACU website to demonstrate to staff and the wider ACU community that fraud is taken seriously and dealt with as part of a transparent and accountable process.
  • Where appropriate, databases / registers should be anonymised with consideration for stakeholder privacy and sensitivity
Response
Investigation
ACU provides direction for investigations related to identifications of potential fraud and corruption through documented policies, procedures and processes. These include:
  • Ensure resources including skilled staff members trained in fraud investigative procedures and necessary budget will be sufficiently allocated to conduct the investigation appropriately and that advice from the Office of General Counsel is sought, where necessary. 
  • Ensure personnel with a conflict of interest in the matter must not be involved in the investigation process and confidentiality must be maintained. 
  • Collect and record data and evidence without bias or pre-judgement.
  • Ensure processes are of the highest standard of quality in order not to taint the investigative process or cause possible prosecution to fail. 
  • Report results of a material fraud investigation must be reported to the Vice-Chancellor and President, the Academic Board, the Finance and Resources Committee (FRC) and the ARC as required
  • Advise Internal and External Audit as and when appropriate.
  • Ensure all processes and decisions always observe procedural fairness, privacy principles and public interest disclosure protections.
External Investigation
In some circumstances external investigation of reported or detected fraud and corruption may be required.
  • Ensure external investigators are appropriately qualified (e.g. certified member of the Association of Certified Fraud Examiners) and have relevant experience. 
Disciplinary Actions

The University has zero tolerance for fraud and corruption activity.

Should fraud or corruption activity be identified and confirmed, the University will follow its documented disciplinary procedures as outlined in the ACU Staff Enterprise Agreement 2022-2025, the Code of Conduct for Staff, the Student Academic Integrity and Misconduct Policy, the Research Code of Conduct and the Research Complaints and Investigations Procedure.

Where appropriate, fraud or corruption activity will be reported to external authorities for investigation and action.
  • Ensure documented disciplinary procedures as outlined in relevant policies are followed.
Insurance and Asset Recovery

ACU holds a fidelity guarantee insurance policy to protect against the financial consequences of fraud by a staff member.

This obligation is required under AS 8001-2008.

ACU also holds insurance to protect against losses that result from cyber security breaches.

If external parties instigate a fraud against ACU, asset recovery may be pursued via civil or criminal action.

In cases where there is an opportunity to make a financial recovery from a person or company convicted of fraud, the decision to pursue this perpetrator will be made by the relevant officer in accordance with the Delegations of Authority Policy and Register.
  • Ensure insurance policies are current and include relevant cover.
  • Ensure relevant authorities and directions are confirmed before pursuing asset recovery.
Analysis of Control failures

ACU will conduct analysis of control failures and will ensure that learnings occur at the organisational level. ACU will strive for continuous improvement to strengthen and extend the foundations of its Fraud and Corruption Control Framework as well as its strategies to assess, prevent, detect and investigate potential and actual fraud.
  • Ensure analysis of control failures occurs on a timely basis and report as required to relevant members of the Senior Executive (Level 2) and Executive (Level 3-4) and the ARC.
Top of Page

Section 10 - Fraud Registers

(16) Incidents of identified or suspected fraud and corruption incidents must be recorded in ACU’s Fraud Registers. Five Fraud Registers will be maintained. These Registers will be reviewed by the Director, Legal, Assurance and Governance with summarised reports provided to Audit and Risk Committee at each meeting.

Fraud Register Responsibility
Academic Integrity Provost, supported by Academic Registrar and Director, Student Administration and Academic Integrity Team.
Research Integrity Deputy Vice-Chancellor (Research and Enterprise)
Financial Chief Financial Officer
Human Resources Chief People Officer
Information Technology Chief Information and Digital Officer
Top of Page

Section 11 - Review

(17) This Framework is scheduled for review every five years or more frequently if appropriate.

Top of Page

Section 12 - Further assistance

(18) For further assistance, please contact the Responsible Officer, Director, Legal, Assurance and Governance.

Top of Page

Section 13 - Review

(19) Unless otherwise indicated, this Framework will still apply beyond the review date.