The purpose of the Fraud and Corruption Control Plan (Plan) is to provide the University with a formal plan for the ongoing management of its fraud and corruption risks. 
This Plan forms a critical part of the University's broader Resilience Management Framework and is consistent with the Australian Standard 8001-2008 Fraud and Corruption Control.
The Public Interest Disclosure Act 2012 (PID Act) applies to the University as an ACT Public Sector entity and the measures to prevent, detect and deal with fraud found in the PID Act are set out in this Plan.
The University does not tolerate fraudulent conduct which includes any form of corrupt conduct.  Accordingly, the University is committed to minimising the incidence of fraud and corruption through the identification of fraud risks and the development, implementation and regular review of a range of fraud prevention and detection strategies.  
The University will seek prosecution of those who commit fraud against it, whether they are internal or external to the University, and the recovery of any money or resources misappropriated through fraudulent or corrupt activity.
The University will take appropriate disciplinary action against staff members who have engaged in fraudulent or corrupt activity and all University staff are encouraged to become familiar with this Plan and contribute to its effective implementation. 

Student Fraud and Grievance Processes 
The University of Canberra (Student Conduct) Rules 2018 (Student Conduct Rules) set out procedures for reporting and dealing with cases of alleged misconduct by a student, whether academic or non-academic, the consequences which flow from findings of misconduct, and appeal rights for students. 

Approach to Fraud Risk Management
To manage its fraud risk, the University has developed:

• key policies to support an effective control environment which will discourage fraud, facilitate its detection and the timely reporting of potential fraud and its investigation;
• a Fraud Risk Register for the University (in accordance with the University's Risk Management Plan) in order to identify key fraud risk exposures across the University, together with controls in place to manage those risks;
• mechanisms for preventing, detecting and responding to fraud – refer to Appendix A for an outline of these measures; and
• mechanisms for investigating or otherwise dealing with incidents of fraud or suspected fraud – refer to Appendix B for details.

Effective fraud control requires active participation and input from all University personnel. This Plan is one element of the University’s effective fraud control strategy.  It is essential that fraud control be consistently integrated into the management and culture of the University.
Management and staff should familiarise themselves with the areas of specific responsibility as set out in the table below. Prior awareness will assist in a prompt and effective response to fraud, should it be suspected. This will assist in reducing the chances of fraudulent activity succeeding, enhancing the potential for successful investigation and assisting in the mitigation of losses and damage to reputation.

Who	Responsibilities
The Council	Primary responsibility for fraud control as the governing authority of the University under the University of Canberra Act 1989.
Audit and Risk Management Committee	Review, evaluate, approve and monitor, on the delegated authority of Council, fraud policy and systems. Advise Council on the adequacy and effectiveness of the University’s control environment, including major risks which may impact on the operation or reputation of the University and associated risk mitigation mechanisms.
Vice-Chancellor (Public Interest Disclosure Officer)	Approves the Fraud and Corruption Control Plan. Foster an environment within the University which makes active fraud control and ethical behaviour a responsibility of all staff and ensure strategies are implemented to prevent, detect and investigate fraud. Hold the position of Public Interest Disclosure (Disclosure) Officer under the PID Act, with particular responsibilities for receiving and acting upon disclosures of suspected instances of fraud or corruption. Final decision maker under the PID Act – following any investigation into fraudulent or corrupt behaviour, the Vice-Chancellor is responsible for making a decision in response to the disclosure based on the recommendations of the investigation, including potential prosecution.
General Counsel and University Secretary (Public Interest Disclosure Officer)	Establish and maintain procedures for the University to facilitate and deal with public interest disclosures, including, but not limited to, instances of actual or suspected fraud and corruption. Hold the position of Public Interest Disclosure (Disclosure) Officer under the PID Act, with particular responsibilities for receiving and acting upon disclosures of suspected instances of fraud or corruption. Ensure reviews of the University’s Fraud and Corruption Control Plan and supporting Fraud Risk Register are undertaken in accordance with the University’s Resilience Management Framework. Receive fraud allegations, conduct an initial assessment, and where substantiated refer the allegation for formal investigation as per the procedures at Appendix B of Plan. For each detected occurrence of fraud, ensure a review is undertaken to assess the adequacy of the University’s internal control structure. Ensure University staff clearly understand their obligations and receive fraud awareness training.
People and Diversity	Custodian of the Charter of Conduct and Values, which is enforceable and outlines the University's expectations of its employees. Ensure cases of fraud or potential fraud are handled in accordance with Schedule 6 - Handling Misconduct Procedure and/or Clause 40 Handling Serious Misconduct of the 2019-22 Enterprise Agreement. In cases of Serious Misconduct, convene an independent panel of review, and provide relevant information to the Vice-Chancellor to enable a determination as to whether employment will or will not be terminated. In cases of professional staff misconduct, appoint an independent delegate to conduct an investigation.
Associate Director, Risk and Audit	Facilitate reporting of actual or suspected instances of fraud or corruption. If an incident of fraud or corruption is reported to the Associate Director, Risk and Audit he/she will notify a Public Interest Disclosure Officer for the purpose of complying with the PID Act. Coordinate fraud control management to ensure that the University’s Fraud and Corruption Control Plan and supporting Fraud Risk Register are reviewed in accordance with the University’s Resilience Management Framework. Coordinate fraud risk assessment by: review of the implementation of additional controls/strategies identified in this Plan and the Fraud Risk Register; and reporting to the Audit and Risk Management Committee twice each year. Establish and maintain the Fraud Risk Register. Ensure all updates and changes to University's fraud and corruption related rules, policies, procedures, codes of conduct, and guidelines on behaviour are communicated to all staff.
Internal Audit team	Undertake key management-initiated reviews. Prepare strategic and internal audit plans. Conduct internal audit reviews. Report any suspected incidents of fraud or corruption.
Executive Deans/Directors/ Managers	Implement fraud control strategies as identified in the Fraud Risk Registers and this Plan. Ensure staff clearly understand their role and obligations as a first line of defence in the prevention and detection of fraud.  Ensure that their staff are aware of the mechanisms for reporting incidents of suspected fraud and encourage staff to report any suspected incidents of fraud to an appropriate contact officer in accordance with this Plan. If an incident of fraud or corruption is reported to an Executive Dean, Director or Manager they should notify a Public Interest Disclosure (Disclosure) Officer for the purpose of complying with the PID Act.
Staff	Behave with honesty and integrity, in accordance with applicable law, University rules, policy, procedures and code of ethics and conduct. Implement fraud risk management strategies and participate fully in activities relating to fraud control. Report all incidences of suspected or actual fraud to an appropriate contact officer in accordance with this Plan. Deal with all reports of fraud in a professional and prompt manner. Undertake training in fraud awareness, ethics and privacy as required.

Fraud Disclosure Avenues
Instances of actual or suspected cheating, plagiarism or other form of fraud by a University student, should be reported to Deputy Vice-Chancellor Academic or a Prescribed Authority (defined under the Student Conduct Rules) to be dealt with in accordance with the Student Conduct Rules.    
Actual or suspected fraud by staff members or contractors engaged by the University should be disclosed to one of the following disclosure officers. 
 

1. Vice-Chancellor and President
          E-mail:  ovc@canberra.edu.au
2. General Counsel and University Secretary
          Eric Wells
          Ph: (02) 6206 8515
          E-mail:  eric.wells@canberra.edu.au
          Mail: University of Canberra, Australia 2601
3. Alternatively, actual or suspected fraud by staff members or contractors can be reported online through the:
   Health and Safety Online Report Form (option to report anonymously).

The suspected or actual fraud may be disclosed anonymously or in-confidence but should, wherever possible, be detailed and include information such as:

• name of the relevant University business unit, faculty, centre, activity, program, course or arrangement;
• name of parties involved;
• brief details of the actual or suspected fraud; and
• any other information considered relevant.

Instances of actual or suspected fraud may be dislosed to any University manager or staff member. However, the person making the notification should be aware that such instances will be reported to a Public Interest (Disclosure) Disclosure Officer for the purposes of complying with the PID Act.
Managers and staff members are to be guided by the advice of the Vice-Chancellor or the Office of the General Counsel and University Secretary and, following a report, are to refrain from any action which may potentially jeopardise the success of an investigation.
A Public Interest Disclosure Officer must acknowledge receipt of any public interest disclosure involving actual or suspected fraud by issuing a formal acknowledgement letter to the person who has made the disclosure. The Public Interest Disclosure Officer will assess, manage and potentially investigate the notification/allegation in accordance with the processes set out in Appendix B.

Governing Framework
University of Canberra Resilience Management Framework

Further Information
To access AS 8001-2008 Fraud and Corruption Control standard go to:

• http://www.canberra.edu.au/library/research-gateway/databases; and
• select ‘standards on-line’ and enter ‘fraud and corruption control’ into the search field.

For further advice and assistance please contact the Risk and Audit team within the University’s Office of General Counsel and University Secretary by emailing risk.management@canberra.edu.au.
Implementation Officer
The Associate Director, Risk and Audit is responsible for the promulgation and implementation of this Plan.  Enquiries about the above process should be directed to the implementation officer.
Review                                                                                                                               
This plan will be reviewed every three years.

References
Resilience Management Framework
ANAO Better Practice Guide for Fraud Control in Australian Government Entities 2011
Australian Government Investigation Standards 2011
Australian Standard AS 8001-2008 Fraud and Corruption Control
Commonwealth Fraud Control Policy 2014
Resource Management Guide No. 201 – Preventing, detecting and dealing with fraud issued by the Attorney-General’s Department in July 2014
Public Interest Disclosure Act 2012 (ACT)
Public Interest Disclosure Guidelines 2017
Charter of Conduct and Values
University of Canberra (Student Conduct) Rules 2018
Responsible Conduct of Research Policy


APPENDIX A - FRAUD PREVENTION, DETECTION AND RESPONSE STRATEGIES

The key strategies and actions for each fraud control function within the University are shown in the table below.

Strategy	Key Actions
Prevention
Maintain ongoing fraud awareness	Ensure all staff are aware of the University’s Fraud and Corruption Control Plan and relevant codes of conduct. Provide fraud awareness training to University staff as part of induction processes. Ensure staff clearly understand their role and obligations as a first line of defence in the prevention and detection of fraud. Encourage staff to report any suspected incidents of fraud through ongoing training and promotion of fraud-related policies. Ensure all updates and changes to fraud-related policies, procedures, codes of conduct, and guidelines on behaviour are published to all staff.
Advise all managers and staff of their responsibilities for preventing, detecting and reporting fraud	The Fraud and Corruption Control Plan is available to all University personnel on the University policy database. Provide fraud awareness training to University staff as part of induction processes.
Managers will advise their staff that the University has developed and implemented its latest Fraud and Corruption Control Plan and foster an environment which promotes the highest standards of ethical behaviour	Use this Plan as a basis for briefing staff within their areas of specific fraud issues affecting them. Ensure that their staff are aware of the mechanisms for reporting incidents of suspected fraud, in accordance with this Plan, and the need for incidents of suspected fraud to be reported in a timely manner. Ensure staff are aware of relevant codes of conduct/ethics, such as the University’s Charter of Conduct and Values and Responsible Conduct of Research Policy. Take remedial and preventative action, in consultation with the General Counsel and University Secretary, to minimise the potential for the recurrence of similar fraud activities.
Implement a fraud risk assessment program	Document the fraud risk assessment in the Fraud Risk Register, which is reviewed in accordance with the University’s Resilience Management Framework, with input from managers and Internal Audit. The outcome of the University's fraud risk assessment program will include appropriate revisions to this Fraud and Corruption Control Plan.
Implement strategies that identify and reduce the risk of fraud and unethical conduct	The Associate Director, Risk and Audit is responsible for coordinating the follow-up fraud risk assessment by reviewing the Fraud Risk Register, to confirm progress of implementation of all strategies identified in the Register. Provide a report to the Audit Risk and Management Committee quarterly on fraud related activity. Enact policies and procedures which minimise risk of fraud and enable protection.
Detection
Regular review of operations		This will involve: key management reviews (the need for which should be identified principally through the University's strategic corporate planning, and ongoing audit and evaluation processes) the preparation of strategic and internal audit plans the conduct of internal audit reviews.
Provide clear avenues for reporting potential or actual fraud		The University will provide easily identifiable points of contact and guidance for staff and students to report instances of actual or suspected instances of fraud or corruption.
Investigation (including prosecution and resolution)
Conducting investigations		If the disclosure is assessed to be a public interest disclosure, it will be investigated in accordance with the ACT Government Public Interest Disclosure Guidelines (PID Guidelines) (noting certain exceptions under Section 20 of the PID Act). Other matters may be dealt with under the University’s disciplinary/administrative Rules, policies and procedures. Refer to Appendix B of this plan for further details.
Initiating disciplinary/legal action		Alleged criminal offences may be referred for prosecution.
Review systems and procedures (post fraud)		For each detected occurrence of fraud, the University will assess the significance of the occurrence and, if considered necessary, undertake a review to assess the adequacy of the internal control structure. The General Counsel and University Secretary will provide advice on the need to modify the internal control structure as a consequence of such reviews.
Recovery of money/property lost through fraud		The University may pursue the recovery of any money/property lost through fraud.
Recording and Reporting
Reporting incidences of fraud		All incidences of suspected fraud are to be reported to a Public Interest Disclosure Officer or reported through the Health and Safety Online Report Form.
Maintain a management reporting regime		This will be undertaken predominately by the Associate Director, Risk and Audit and include: establishing and maintaining the Fraud Incident Register; and ongoing collecting, monitoring, and reporting of investigation data to management as appropriate.
Provision of information to the police		The General Counsel and University Secretary will ensure that the police receive complete and relevant information relating to prima facie cases of fraud, where referrals to law enforcement are made.
Annual reporting		The University will meet fraud-reporting obligations in its Annual Report in accordance with relevant legislation and codes including the PID Act.

APPENDIX B - FRAUD ASSESSMENT AND INVESTIGATION PROCEDURES
Under the PID Act certain processes and timeframes must be followed in relation to the receipt, acknowledgement, assessment, investigation and reporting of public interest disclosures. Certain public interest disclosures will constitute fraud and with this in mind the University has taken steps to ensure that investigation processes in this Plan are aligned with investigation processes in its Public Interest Disclosure Guidelines. 

1. Refer
   • The General Counsel and University Secretary (Disclosure Officer) will assess whether the reported instance of actual or suspected fraud (disclosure) should be referred to another business unit for their consideration.
2. Assess
   • The General Counsel and University Secretary (Disclosure Officer) will make a decision as to whether the disclosure is a public interest disclosure (PID) under the PID Act.  
   • If the disclosure is assessed to be a PID, it must be investigated in accordance with the PID Guidelines (noting certain exceptions under Section 20 of the PID Act, such as when the discloser withdraws his/her disclosure or a lack of information makes it impracticable for the disclosure to be investigated).
   • If the disclosure is not assessed to be a PID or the suspicion of fraud is not sustained by sufficient evidence to support a formal investigation, the Disclosure Officer may determine that the instance nonetheless warrants further action in accordance with the University’s disciplinary/administrative policies and procedures.
3. Investigate If the disclosure is assessed to be a PID, the Disclosure Officer will determine whether the investigation should be conducted internally or by an external party.  If the investigation is outsourced, referral options include:
   • Australian Federal Police (AFP)/ACT Police - less serious (minor and/or routine) criminal allegations may be referred to the Police for investigation.
   • Qualified investigator – allegations may also be referred to a suitably qualified external investigator.
   • The Vice-Chancellor is to be kept informed of the progress of any investigations.
4. Manage the process
   • The Disclosure Officer has the responsibility to track the process from the point of disclosure to resolution and notify relevant persons as required.
   • The existence of any one of the following factors is an indication that the matter is a complex investigation:
     • a serious breach of trust by an employee or contractor of the University
     • use of sophisticated techniques or technology to avoid detection where investigation of the matter requires specialised skills and technology
     • elements of a criminal conspiracy
     • known or suspected criminal activity against the University and one or more other entities
     • activities which could affect wider aspects of Commonwealth law enforcement (e.g. illegal immigration, money laundering)
     • the possibility of action being taken under the Proceeds of Crime Act 2002, or
     • conflicts of interest and/or politically sensitive matters.

The University may seek guidance from the AFP/ACT Police and discuss possible referrals with the AFP/ACT Police where there is any doubt as to whether it is appropriate to refer a particular matter. 

The University retains responsibility
Following any investigation into alleged fraudulent or corrupt behaviour, the Vice-Chancellor will detemine the University's response to the disclosure based on the recommendations of the investigation, including potential prosecution.
Where the AFP/ACT Police determines, for whatever reason, a referral will not be pursued, the University resumes responsibility for dealing with the actual or suspected fraud.  Where the AFP/ACT Police decline to conduct an investigation, or do not proceed to prosecution, the University shall seek the timely return of all case information provided to the AFP/ACT Police in order that the University may make its own determination as to what further action, if any, it should take. Further action by the University may include:

• referral to an accredited fraud control service provider for investigation
• conduct of a disciplinary inquiry
• administrative action, and/or
• civil proceedings, such as termination of a contract and/or recovery of funds or property lost.

Terms	Definitions
Fraud	The University of Canberra defines fraud as: ‘dishonestly obtaining a benefit or causing a loss by deception or other means’. There is a mental or fault element to fraud; it requires more than carelessness, accident or error.  Fraud against the University may include, but is not limited to: theft accounting fraud   causing a loss, or avoiding and/or creating a liability providing false or misleading information to the University, or failing to provide information when there is an obligation to do so misuse of University assets, equipment or facilities making, or using false, forged or falsified documents bribery or corruption wrongfully using University information or intellectual property. The benefits referred to are not restricted to monetary or material benefits, and may be tangible or intangible, including the unauthorised provision of access to or disclosure of information. A benefit may also be obtained by a third party rather than, or in addition to, the perpetrator of the fraud. Fraud can be perpetrated by employees/contractors (internal fraud) or by external parties such as service providers, students or members of the public (external fraud).
Corruption	is a form of fraud and the University has adopted the definition of corruption as provided in AS 8001-2008 Fraud and Corruption Control, being: ‘abuse of a person’s position or office for personal gain (e.g. bribery, misuse of information, nepotism, illegal conduct, maladministration, wastage of public money)’. Examples of corruption by University officers may include: release of confidential information for an improper purpose in exchange for some form of financial or non-financial benefit bribery of officials in order to secure a contract for the supply of goods or services conflict of interest whereby an officer acts in his or her own self-interest rather than the interests of the entity to which he or she has been appointed.