Fraud and Corruption Control
Framework
Director-General’s Foreword
This framework sets out the standards for accountability that I expect of all staff. It aims to minimise
opportunities for fraudulent and/or corrupt activities in line with our zero tolerance policy.
A proactive approach enables the department to manage fraud and corruption risk at an acceptable
level in an environment that is becoming increasingly complex. The complexities inherent in our
work increase opportunities for fraud and corruption:
the ever changing environment in which we operate
the growing convergence of the public and private sectors, and
the increase in cooperative and or strategic partnerships.
All departmental staff must demonstrate a commitment to preventing and detecting fraud and
corruption. Effective governance arrangements, ethical leadership and decision making,
accountability and performance improvement underpin our controls.
This framework will help us to prevent, detect and respond to fraudulent and/or corrupt behaviour.
This will ensure our stakeholders continue to be confident of the quality of our services to the
community.
Dr Jim Watterston
Director-General
Contents
Introduction ··························································································································· 1
Purpose ··············································································································································· 1
Risk-management approach ·············································································································· 1
Structure ············································································································································· 1
Goals and objectives ·························································································································· 2
What are fraud and corruption ························································································ 2
Common examples of fraud and corruption ····················································································· 3
Fraud and corruption control policy statement ·························································· 3
Fraud and corruption control plan ························································································· 4
ANAO conditions ································································································································ 4
CMC 10-element model ····················································································································· 4
DETE fraud and corruption control model ························································································ 4
ANAO conditions in practice ·············································································································· 4
Ethical leadership and culture ······································································································· 5
Legislation and governance ··········································································································· 5
ANAO control strategies ··································································································································6
Roles and responsibilities ·················································································································· 7
DETE control strategies ···················································································································· 10
CMC elements in practice ················································································································ 11
Element 1: Agency-wide integrated policy ·················································································· 11
Element 2: Risk assessment ········································································································· 11
Element 3: Internal controls ········································································································ 13
Element 4: Internal reporting ······································································································ 15
Element 5: External reporting ····································································································· 16
Element 6: Public interest disclosures ························································································· 18
Element 7: Investigations ············································································································ 19
Element 8: Code of Conduct ········································································································ 21
Element 9: Staff education and awareness ················································································· 22
Element 10: Client and community awareness ·······················································································23
Monitoring, review and continuous improvement ········································································ 24
Appendix 1: Legislation and other instruments ············································································ 25
Appendix 2: Definitions ··············································································································· 26
Attachment 1: Risk Assessment Worksheet ················································································· 27
Attachment 2: Risk Matrix ··········································································································· 28
P a g e | 1
Introduction
Purpose
The purpose of the Fraud and Corruption Control Framework (Framework) is to:
minimise opportunities for fraud and corruption (whether committed by internal or external parties)
protect public monies, property, and information and organisational and individual rights and
maintain the effectiveness of departmental operations. Its implementation will ensure that our workforce acts legally, ethically and in the public interest. The Framework is based upon five best-practice fraud and corruption control resources:
Queensland Crime and Misconduct Commission 1 - Fraud and corruption control guidelines for best practice (CMC Guidelines)
Queensland Audit Office – Fraud risk management – Report to Parliament 9: 2012-13(QAO Report)
The Australian Minister for Home Affairs and Minister for Justice – Commonwealth Fraud Control Guidelines (Commonwealth Guidelines)
Australian National Audit Office – Fraud Control in Australian Government Entities – Better Practice Guide (ANAO Better Practice Guide) and
Standards Australia – AS 8001-2008 Fraud and Corruption Control (the Standard)
Risk-management approach
As an integral part of the department’s Enterprise Risk Management Framework, this Framework includes proactive measures designed to enhance system integrity (prevention measures) and reactive responses (reporting, detecting and investigative activities).
Structure
The Framework consists of a suite of tools and resources including:
the department’s Fraud and Corruption Control Policy Statement
its Fraud and Corruption Control Plan
its Fraud and Corruption Control Risk Assessment
its Fraud and Corruption Control Procedure
Code of Conduct, Ethical Decision Making and Internal Controls training modules. In addition, the department has developed a Fraud and Corruption Control website, which will complement the Framework with factsheets, case studies, checklists and a downloadable library of best practice fraud and corruption control resources. The framework should be read in conjunction with:
Legislative Framework
Corporate Governance Framework
Enterprise Risk Management Framework
Developing Performance Framework
1 On 1 July 2014 the Crime and Misconduct Commission became the Crime and Corruption Commission, and the Crime and Misconduct
Act 2001 became the Crime and Corruption Act 2001.
P a g e | 2
Goals and objectives
Through the Department’s Fraud and Corruption Control Policy and Plan, the Framework aims to clearly articulate:
the department’s commitment to a zero-tolerance attitude towards fraud and corruption
its approach to controlling fraud and corruption
the embedding of a strong and proactive fraud and corruption control ethos within the department’s organisational structure
departmental roles and responsibilities for fraud and corruption control
strategies implemented within the department to prevent, detect and respond to fraud and corruption
a summary of: o the fraud risks (internal and external) associated with the department’s functions o the controls in place to minimise the opportunity for fraud and corruption o their implementation details and
protocols for the reporting of suspected fraud or corruption against the department
What are fraud and corruption?
Fraud and corruption can take many forms. Fraudulent and corrupt conduct by public officials may fall within the category of ‘corrupt conduct’ under the Crime and Corruption Act 2001. In addition, many forms of fraud and corruption are offences under the Criminal Code Act 1899. These include false claims, stealing, and misappropriation of property, false pretence, forgery and receipt or solicitation of secret commissions. The following definitions of “fraud”, “corruption”, “misconduct” and “corrupt conduct” are used throughout this document. Fraud Any deliberate deceitful conduct or omission designed to gain an advantage to which a person or entity is not entitled. It is the intentional use of false representations or deception to avoid an obligation, gain unjust advantage or in the context of public administration, commonly referred to as ‘rorting the system’.
Corruption Behaviour that may involve fraud, theft, the misuse of position or authority or other acts which are unacceptable to an organisation, its clients or the general community. It may also include other elements such as breaches of trust and confidentiality.
Misconduct Inappropriate or improper conduct in an official capacity or inappropriate or improper conduct in a private capacity that reflects seriously and adversely on the public service. Corrupt conduct: Conduct of a person, regardless of whether they hold or held an appointment in a unit of public administration, that adversely affects, or could adversely affect the performance of functions or the exercise of powers of a unit of public administration or a person holding an appointment within the unit of public administration, and results or could result in their performance or exercise in a way that:
is not honest or impartial; or
involves a breach of the trust placed in the person as a public officer, either knowingly or recklessly; or
P a g e | 3
involves a misuse of official information or material; and
is engaged in for the purpose of providing a benefit either to the person or another person or causing a detriment to another person.
The conduct in question, if proven, must also amount to a criminal offence or a disciplinary breach providing reasonable grounds for the person’s dismissal. Anyone who tries to corrupt a public sector officer can also be guilty of corrupt conduct if the matter involves a criminal offence.
Common examples of fraud and corruption
Internal External Collusion
corporate card misuse, such as payment for personal expenses
including fictitious names on the payroll system
delayed terminations
abuse of position and power, including accepting or offering bribes or gifts
nepotism
submitting false travel claims
consistently recording incorrect hours of work on timesheets
unauthorised use of government vehicles
theft or unauthorised use of public funds or physical resources, such as office supplies and stationery
clients deliberately claiming benefits for which they are ineligible
external providers making claims for services that were not provided
the provision of false or misleading information
failure to provide information when obliged to do so
inappropriate influence over grants and subsidies applications
manipulation of a procurement process
• inappropriate involvement with suppliers, including ‘kickbacks’ such as entertainment and hospitality
unlawful or unauthorised release of information
knowingly making or using forged or falsified documentation
failing to declare and appropriately manage conflicts of interest
Fraud and corruption control policy statement We are committed to excellence in service performance and in meeting our statutory obligations. This includes maintaining a fraud and corruption prevention culture. We have zero tolerance for fraud and corruption. We provide all staff and relevant stakeholders with education and training in ethics and fraud awareness to ensure that we all understand our responsibilities and obligations. Our organisational values and culture, governance and risk management frameworks, and controls work together to prevent, detect and respond to potential or actual fraudulent or corrupt conduct. We will deal appropriately with all allegations of fraud and corruption. All staff are obliged to report suspected fraudulent and/or corrupt activities to their supervisor or manager, Internal Audit Branch (IAB) or the Ethical Standards Unit (ESU), who will investigate and deal with the allegation. We will
P a g e | 4
refer any instances of corrupt conduct to the Crime and Corruption Commission (CCC) and/ or the Queensland Police Service for investigation and possible prosecution. We will pursue the recovery of any losses incurred from fraud and corruption activities, after considering all relevant issues. Our policy aligns with the CMC’s Fraud and Corruption Control – Guidelines for Best Practice and the Australian Standard AS8001-2008 Fraud and Corruption Control.
Fraud and corruption control plan
Our Fraud and Corruption Control plan is based on the ANAO’s conditions that are essential for a sound fraud control environment, and the CMC’s recommended 10-element model.2,3
ANAO conditions
The ANAO’s three conditions for a sound control environment are:
Ethical leadership and culture –strong ethical values and high standards of ethical behaviour
Legislation and governance –legislation and policies that promote accountability, are transparent, and incorporate robust governance structures
Control strategies –actions to prevent, detect and respond to fraud and corruption, which are reviewed and improved continuously.
CMC 10-element model
The CMC’s recommended integrated control model comprises 10 key elements and is consistent with Australian and overseas best practices. The elements are interrelated, with each one playing an important role. The elements are set out in the table below:
Element 1 Department-wide Policy Element 6 Public Interest Disclosures
Element 2 Risk Assessment Element 7 Investigations
Element 3 Internal Controls Element 8 Code of Conduct
Element 4 Internal Reporting Element 9 Staff Training and Awareness
Element 5 External Reporting Element 10 Client and Community Awareness
Our approach to fraud and corruption control also aligns with Australian Standard 8001 – 2008: Fraud and Corruption Control.
Fraud and corruption control model
DETE’s Fraud and Corruption Control model (Figure 1) demonstrates the way in which the department integrates the ANAO’s conditions and the CMC’s 10 key elements with its fraud and corruption control prevention, detection and response strategies.
2Australian National Audit Office, Fraud Control in Australian Government Entities – Better Practice Guide March 2011 3 Crime and Misconduct Commission, Fraud and Corruption Control – Guidelines for Best Practice
P a g e | 5
Figure 1: DETE’s Fraud and Corruption Control Model
ANAO conditions in practice
Ethical leadership and culture
Senior managers must lead by example and behave in a way consistent with the Code of Conduct for the Queensland Public Service and DETE’s Standard of Practice. The Code of Conduct and the Standard of Practice provide all employees with ethics principles, values and standards of conduct to guide behaviour in the workplace. They are important corruption resistance tools to promote ethical behaviour and, in conjunction with the Framework and the best practice principles outlined in the department’s Enterprise Risk Management Framework, to support the effective and efficient management of fraud and corruption risks across the agency.
Legislation and governance
The Framework is underpinned by legislation, Australian standards and best practice guidelines, including:
P a g e | 6
Financial Accountability Act 2009– commits the department to protecting its revenue, expenditure and property from fraudulent activity
Public Sector Ethics Act 1994 – sets out the ethics principles and values for public service agencies and public officials, and provides standards of conduct consistent with the ethics principles and values
Crime and Misconduct Commission Fraud and Corruption Control – Guidelines for Best Practice – provide the model for developing and implementing the fraud and corruption control policy and plan.
ANAO control strategies
The ANAO’s control strategies are referenced in conjunction with the CMC elements for fraud and corruption control in the “Control Strategies” section of this paper, which commences on page 11. Appendix 1 includes a full list of the applicable legislation and other instruments, while the Department’s Policy and Procedure Register sets out all departmental procedure-specific legislation and governance instruments. The department’s rigorous governance structure ensures legislative requirements are addressed effectively, transparently and with accountability. As illustrated in Figure 2, consistent with the Enterprise Risk Management Framework, the department’s governance structures support fraud and corruption control at the strategic, corporate and operational levels. Figure 2: Governance Structures
STRATEGIC CORPORATE AND OPERATIONAL
DIRECTOR-GENERAL (DG)
AUDIT & RISK MANAGEMENT
COMMITTEE (ARMC)
EXECUTIVE MANAGEMENT BOARD (EMB)
FRAUD & CORRUPTION CONTROL COMMITTEE (FCCC)
BUSINESS AS USUAL
PROGRAMS OF CHANGE
DIVISIONS
BRANCHES
BUSINESS UNITS
BOARDS
PROGRAMS
PROJECTS
EMB
EMB sets and reviews departmental strategic direction, priorities and performance objectives.
ARMC provides the Director General with independent audit and risk management advice
FCCC reports to ARMC and EMB at least annually, advises ARMC on fraud and corruption matters and through its Chair may escalate matters to the DG, ARMC or EMB as appropriate
Corporate and operational management structures provide for clear lines of reporting, accountability and responsibility to support appropriate, open and transparent decision making.
P a g e | 7
Roles and responsibilities
While fraud and corruption control is the responsibility of every employee, the table below details specific roles and responsibilities. ROLE RESPONSIBILITY
Director-General • overall accountability for prevention and detection of fraud and corruption within DETE
• legislated responsibility to exercise authority, on behalf of the department
• manage the department’s operations ensuring service delivery is effective and economical, and in the process avoids waste and extravagance
• manage public resources of the department efficiently, responsibly and in a fully accountable manner
• define goals and objectives in accordance with its mandate and governance framework
• implement policies and priorities responsibly • ensure impartiality and integrity in the performance of the
department’s functions • ensure accountability and transparency in the department’s
operational performance • maintain accurate records and accounts, and report on these as
required • promote continual evaluation and improvement of department’s
management practices
Deputy Director-General, Corporate Services
• delegated authority as the Fraud and Corruption Control Coordinator and acts as ‘champion’ to drive the fraud and corruption control regime
• Chair of the Fraud and Corruption Control Committee • oversee the implementation and management of the fraud and
corruption control framework • take steps to ensure that all areas assume appropriate responsibility
for fraud and corruption control and perform their functions according to the framework and relevant legislation
• ensure all areas of operation take the appropriate steps to implement effective risk management practices, including risk assessment of fraud and corruption in accordance with the enterprise risk management framework
• ensure the scope and nature of the education, training and awareness programs are comprehensive and designed to assist employees, contractors and clients to recognise, detect and prevent fraud and corruption
• provide advice to the Director-General and the EMB as necessary on fraud and corruption matters
• provide accurate and timely advice to the Audit and Risk Management Committee through the Internal Audit Branch on any fraud and corruption matters
Deputy Directors-General,
Assistant Directors-General,
Regional Directors, Executive
Directors, Directors and Managers
• display ethical leadership and high personal standards of behaviour consistent with the Code of Conduct for the Queensland Public Service and the department’s Standard of Practice
• visibly adhere to the department’s ethical framework and promote adherence by all employees
• contribute to effective risk management strategies in accordance with the department’s enterprise risk management framework and
P a g e | 8
ROLE RESPONSIBILITY
Deputy Directors-General, Assistant Directors-General, Regional Directors, Executive Directors, Directors and Managers (Cont)
ensure risk management practices are adhered to throughout their area of control
• develop strong internal controls to assist with fraud and corruption prevention in their area of responsibility
• ensure all employees are made aware of and attend appropriate education, training and awareness sessions to allow for a skilled and knowledgeable workforce, including public sector ethics education, training and awareness internal controls and financial or procurement training
• ensure effective employee communication about the process for identifying and reporting on potential fraudulent and corrupt activities
• ensure where a public interest disclosure is made, the procedure for making and managing a public interest disclosure is adhered to
• follow the mandatory internal or external reporting requirements for reporting suspected corrupt conduct, including fraud or corruption
Audit and Risk Management
Committee (ARMC)
• advise the Director-General, outlining audit matters and certain risks to the department, including potential fraud and corruption matters and put forward pertinent recommendations regarding these
• review governance processes to ensure all matters relating to alleged fraud and corruption or unethical conduct are dealt with appropriately
• review currency, comprehensiveness and relevance of the enterprise risk management framework, policy and procedure for identifying, monitoring and managing significant business risks, including the identification and management of risks related to fraud
• review the internal audit plan annually to ensure it covers key fraud and corruption risks and that there is appropriate coordination with the external auditor, Queensland Audit Office
• submit recommendations to the Director-General to approve the internal audit plan, reviewing its scope and progress and any significant changes to it, including any potential difficulties or restrictions on the scope of activities
Fraud and Corruption Control
Committee (FCCC)
• advise the ARMC and make recommendations in relation to fraud and corruption matters
• implement and monitor the fraud and corruption program • review and evaluate the effectiveness of compliance with relevant
legislation and best practice requirements for fraud and corruption control
Director, Ethical Standards Unit
• ensure the ESU fulfils the legislative function on behalf of the Director-General to investigate all allegations of suspected corrupt conduct
• ensure a proactive approach to public sector ethics by promoting an ethical culture, practice and decision making through education and training programs
• implement, maintain and review the fraud and corruption control framework
• ensure the fraud and corruption control framework undergoes a biennial review or more frequently as required
• oversee the secretariat function for the FCCC • develop strategies in consultation with other key areas to achieve an
effective fraud and corruption regime • identify appropriate training and awareness options and develop
strategies in consultation with Internal Audit Branch to achieve an effective Fraud and Corruption Control regime
P a g e | 9
ROLE RESPONSIBILITY
Director, Ethical Standards Unit
(Cont)
• as CCC liaison officer report suspected corrupt conduct, criminal and other matters to the appropriate external agency: o Crime and Corruption Commission o Queensland Police Service o Queensland Ombudsman o Queensland Audit Office
Ethical Standards Unit • conduct investigations into reports of suspected corrupt conduct, including fraudulent or corrupt practices
• manage the department’s fraud and corruption hotline – 1800 727 031
• manage and coordinate all public interest disclosures made to the department and ensure adequate support and certain protections are afforded the discloser in accordance with Public Interest Disclosure Act 2010
• review Standard of Practice at least once every two years • develop and maintain ethics related policies and procedures for
building and sustaining integrity and accountability; for example, Standard of Practice, public interest disclosure procedure and guidelines, conflicts of interest, notification of other employment, lobbying and the fraud and corruption framework
• provide secretariat function for FCCC • develop public sector ethics related education and training material
to promote an ethical culture and performance; such as the ethical decision making awareness, internal controls and fraud awareness
• provide advice and direction to employees on the correct protocol for reporting matters to external agencies
Internal Audit Branch • provide independent appraisals, examination and evaluation of the department’s activities and assist management with the detection of suspected fraud and corrupt activities
• undertake scheduled audits, which include examining established controls to determine if these are robust enough to reduce the risks of fraud and corruption, including the identification of work practices that may lead to fraudulent and corrupt activities
• undertake targeted audit activities to specifically identify any indication that fraud may have occurred, be alert to opportunities that could allow fraudulent activities
• report in writing any suspected activities of fraudulent or corrupt practices identified during an internal audit function to the Director, ESU for assessment and possible investigation or referral to the appropriate external agency
All employees
• contribute to the development of improved systems, policies and procedures to enhance the department’s resistance to fraud and corruption including: o safeguarding assets and other resources under their control o having a clear understanding of their obligations regarding any
losses, deficiencies and shortages that may be identified while at work
o ensuring all personal claims are accurate with no deliberate omissions (recording accurate hours of work on timesheets)
• fulfil their obligation to report wrongdoing in accordance with section 1.1 (d) of the Code of Conduct for the Queensland Public Service and section 4.1 of the department’s Standard of Practice
• actively seek education and training to learn and maintain knowledge and skills required to undertake their duties
• gain an understanding of the policies, procedures and guidelines that
P a g e | 10
ROLE RESPONSIBILITY
All employees (Cont) pertain to their role and work within the requirements of these • follow the requirements for internal reporting of suspected fraud
and corruption
DETE Control Strategies
The following strategies constitute the department’s action regarding reporting, processing, resolving and responding to suspected fraud and corruption within the department and its funded services, when:
a person suspects fraud or corruption is occurring within the department
the suspected fraud and corruption constitutes misconduct or corrupt conduct on the part of an employee: and/or
it is appropriate that suspicions be addressed directly by the ESU or referred externally
The CMC’s 10-element model of fraud and corruption control, which the department has adopted as the basis of its Fraud and Corruption Control strategy, falls into three key categories of control:
Prevent–as the first line of defence, to reduce the risk of fraud and corruption occurring
Detect –discover and investigate fraud and corruption when it occurs
Respond–take corrective action and remedy the harm caused by fraudulent and corrupt behaviour.
The elements are categorised below, followed by a discussion of each element, and its alignment with the ANAO conditions for better practice fraud and corruption control.
Table 1: Key Fraud and Corruption Control Strategies
KEY CONTROL
ELEMENT
CATEGORIES PURPOSE
P D R
Agency-wide
integrated policy
Demonstrate the department’s resolve to combat fraud and
corruption
COMMUNICATE
INTENT
Code of Conduct Set out expectations and standards of ethical behaviour within the
department
Staff education and
awareness
Ensure a well-informed workforce with the capacity to recognise
and respond to the risks of fraud and corruption
Client and community
awareness
Maintain public trust and forestall potentially unacceptable
practices from external parties
Risk assessment Provide a comprehensive understanding of the department’s
internal and external vulnerabilities
LIMIT
OPPORTUNITIES
Internal controls Mechanisms to eliminate or minimise risks
Internal reporting Mechanism for employees to report potential fraudulent or
corrupt activities and other alleged wrongdoing
REINFORCE ZERO
TOLERANCE
Public Interest
Disclosures
Responsibility for receiving and managing all allegations of
wrongdoing received under Public Interest Disclosure Act 2010
Investigations Ensure allegations of fraud and corruption are actioned
appropriately and investigated competently
External reporting Mechanism for the Director-General to report any suspected
fraudulent or corrupt activity to the appropriate external agency
P a g e | 11
CMC elements in practice
CMC Element 1: Agency-wide integrated policy ANAO conditions: legislation, ethical leadership and culture
The department is committed to excellence in fulfilling public expectations of service performance and in meeting its statutory obligations. Its Fraud and Corruption Control Framework, is one of a suite of policies and procedures designed to achieve this. It works with other government and departmental legislation, frameworks, policy and other instruments to provide guidance to staff and forms the keystone of fraud and corruption prevention. A list of related instruments is at Appendix 1.
CMC Element 2: Risk assessment ANAO conditions: Legislation and governance, control strategies
Fraud and corruption risk assessment is an integral part of the department’s overall risk management framework and provides the department with an understanding of its fraud and corruption vulnerabilities and possible strategies to eliminate or minimise those risks. Fraud and Corruption Control Committee DETE’s risk-based approach to fraud and corruption control was strengthened in June 2012, by the establishment of its Fraud and Corruption Control Committee, which is responsible for monitoring and coordinating department-wide fraud and corruption mitigating mechanisms. Chaired by the Deputy Director-General, Corporate Services, who champions fraud and corruption control across the department, the Committee’s membership consists of the Assistant Director-General, Finance and Chief Financial officer, the Assistant Director-General, Human Resources and the Assistant Deputy-General, Strategy and Performance. The Head of Internal Audit is an advisor to the committee and the Ethical Standards Unit undertakes its Secretariat role. The clearly designated responsibility with which the Committee is tasked aligns with recommendations in the Guidelines and the Standard. It also demonstrates DETE’s corporate understanding of and commitment to fraud and corruption control and ensures a consistent, integrated and high profile approach to the management of fraud and corruption risk. Risk assessment responsibility The Director-General is the accountable officer under the Financial Accountability Act 2009 and has ultimate legislative responsibility and accountability for ‘establishing and maintaining suitable systems of internal control and risk management’. The Executive Management Board provides oversight of strategic risks. Deputy Directors-General and Assistant Directors-General support the Director-General with oversight of corporate risks. Executive Directors, Regional Directors, Directors and principals provide oversight of operational risks. All employees are required to comply with the department’s Risk Management policy and apply risk management processes within their work unit.
Fraud and corruption risk assessment
Fraud and corruption risk assessments are carried out in accordance with the department’s Enterprise Risk Management Framework.
P a g e | 12
The department’s enterprise risk management procedure and process, risk assessment criteria, fact sheets and tools to support the completion of fraud and corruption risk assessments are located in the department’s Policy and Procedure Register.
Fraud and corruption risk assessments are to be conducted by each division on their specific functions/processes every two years. Potential fraud and corruption risks are identified as risks to the department’s functions/processes and as such are classified under the Enterprise Risk Management Framework as operational risks and recorded accordingly in the department’s online risk register, the Enterprise Risk Assessor (ERA). Key risks and associated control activities were identified through a department-wide fraud and corruption risk assessment in August 2013. Fraud and corruption risk identification and the development and assessment of their control activities form part of DETE’s continual process of risk review, which also takes into account changing circumstances and operating environments, both internal and external to the organisation. Risk areas for fraud and corruption The department has identified a number of functions/processes considered to be areas of high vulnerability to fraudulent and corrupt activity. As a minimum, fraud and corruption risks are to be identified and assessed for the following areas: Accounts payable and receivable Payroll Asset management Procurement Regulation Timesheets Contract management Corporate card Funds and grants management Recruitment Purchasing Information management Also as a minimum, the following specific matters should be examined:
enforcement of existing financial management standards, policies and practices governing contracts and the supply of goods and services
proper recording of assets and provisions for known or expected losses
the collection, storage, management, handling and dissemination of information
segregation of functions, especially in regulatory, financial and cash handling areas
work activities which have little supervision or are open to collusion or manipulation
work practices associated with compliance and enforcement activities
work practices and ethical standards for accredited agents, certifiers etc.
formal or structured reviews of accounting and administrative controls
effectiveness of measures for reporting suspected fraud, corruption and other forms of corrupt conduct
compliance of staff training with requirements of the Code of Conduct for the Queensland Public Service and the department’s Standard of Practice
workplace grievance practices and their relationship with other OH&S issues
measures to ensure quick and decisive action on all suspected fraud and corruption situations. In addition to the assessment of risk, suitable operational practices to detect fraudulent or corrupt activity are to be implemented including:
establishing effective accounting and management controls
routine and random auditing of decisions and operational records
P a g e | 13
identifying variations from normal accounting procedures or work practices
recognising deviations or exceptions in outcomes from expectations
monitoring key indicators (red flags) of potential fraud and/or corruption. Responsible officers will develop fraud and corruption resistant work practices and subsidiary control plans as necessary. The worksheets and rating methodology for risk assessment (Attachments 1 and 2) should be used to ensure consistency across the risk evaluation process. Recommended processes for risk assessment and management are discussed in detail in DETE’s Enterprise Risk Management Process document. CMC Element 3: Internal controls ANAO conditions: Legislation and governance, control strategies
Controls are used to manage risks identified through the risk assessment process. Our internal control system consists of structures, policies, procedures, processes, tasks, information systems and other tangible and intangible activities that record and manage risks. Our internal control structure complies with the FPMS requirement that accountable officers establish and implement a cost-effective internal control structure, including:
a strong emphasis on accountability, best practice management of departmental resources
an organisational structure and delegations which support the objectives and operations of the department
employment of qualified and competent officers
training and performance assessment of officers
efficient, effective and economic operations of the internal audit function
compliance with all financial legislative requirements
appropriate separation of duties between officers of the accountable officer’s department or the statutory body
preserving the integrity, accuracy and reliability of the agency’s ICT systems
It also aligns with best practice requirements that internal control procedures should include:
transparent operations, such as well-defined and publicised service standards, performance indicators and targets
easily accessible information
client opportunity to provide feedback
transparent decision-making to highlight potential nepotism, favouritism or conflict of interest
agency appropriate procedures through identification of fraud and corruption risks and matching control measures
separation of functions through physical access controls, division of duties, different security access levels for information
The department’s internal control procedures include basic checks and balances which are carried out to ensure:
completeness, relevance and accuracy
timeliness of the department’s accounting and other transactions and records
safeguarding of assets
compliance with any prescribed requirements
P a g e | 14
In line with the QAO report, DETE’s internal controls specifically address identified fraud risk and are regularly reviewed, with internal policies and procedures documented and promoted to relevant staff. They also include all the elements of internal control identified in AS 8001:2008. All employees must be continually alert to early warning signs of fraud, corruption or corrupt conduct. Common red flags for possible fraud or corruption include:
over-familiar relationships between employees, suppliers and contractors
disregard of internal controls
employees demonstrating a reluctance to take leave, particularly where they have cash control or debt collection responsibilities
employees remaining later at work than other employees, or accessing work premises unnecessarily after other staff have left
unreconciled accounting records, including corporate card transactions and/or poor follow-up of outstanding accounts
The integration of internal controls into management practices requires the inclusion of accountability in annual and long term planning, job descriptions and performance reviews of executive management, line managers and supervisors, reflecting their responsibility for identifying system deficiencies that facilitate fraud and corruption. Our controls include (but are not limited to):
governance committees, organisational structures, delegation of authority, strategic and operational plans, the annual report, and the Service Delivery Statement
resource management, budget management and the Establishment Management Framework
position descriptions, merit based recruitment and selection processes, pre-employment screening, training, and the Developing Performance Framework
ICT systems including SAP, One School (transactions, records, operating programs and systems producing ICT information), TRIM (Data collection and exchange), OnePortal intranet and DETE internet (internal and external communications), MyHR (human resources recording and reporting), information systems standards, assets registers (physical resources) and reporting mechanisms, including adequate audit trails
Financial Management Practice Manual, School Accounting Manual and other procedures published in our Policy and Procedure Register
Investigations into cases of fraud and corruption show strong links between the incidence of fraud and corruption and poor internal control systems. As a result the assessment of internal control effectiveness is a crucial step in the fraud and corruption risk assessment process. The Internal Audit Branch supports the department’s efforts to establish and maintain systems integrity through an established audit program. The audit program includes periodic risk based assessments of the department’s business units using best practice methodologies to assess levels of compliance with existing internal controls. The Branch also contributes to the efficient and effective management of departmental operations, by safeguarding agency assets, facilitating internal and external reporting and helping the department comply with relevant legislation.
P a g e | 15
CMC Element 4: Internal reporting ANAO condition: Legislation and governance, control strategies Reporting suspected wrongdoing is vital to our agency’s integrity and that of the Queensland public sector, with research studies and surveys consistently showing that staff provide the most compelling source in detecting fraud and corruption4. The Code of Conduct requires all staff to report suspicious actions or potential wrongdoing. Students, customers, parents, caregivers, or members of the public can also make a complaint about fraud and corruption, anonymously if they wish. Matters relating to corrupt conduct will be referred for investigation as a priority. Complaints may also be lodged by agencies including the CCC, QCOT, QPS, QSA and UPA. They can be lodged by telephone, email, hard copy correspondence, via the department’s iRefer electronic complaints lodgement system or through the Fraud and Corruption Hotline; 1800 727 031. The following departmental procedures, located in the Policy and Procedure Register, explain how to report suspected wrongdoing, including fraud and corruption:
Managing Employee Complaints
Complaints Management – state schools
Information privacy complaints, and
Making and Managing a Public Interest Disclosure under the Public Interest Disclosure Act 2010.
Characteristics of internal reporting Our internal reporting system addresses the CCMC requirements for an internal reporting system; that it:
receive information about identified risks and suggestions for system improvements
receive information about suspected acts of fraud and/or corruption
maintain, as far as possible, the confidentiality of the parties involved
convey information to the relevant officer (supervisor or manager)
ensure appropriate assessment and investigation
ensure compliance with additional external reporting requirements
provide feedback to the discloser, demonstrating that the information was taken seriously and acted upon
Internal reporting arrangements As per the Guidelines, DETE’s internal reporting system takes into account the agency’s size, structure, function and geographic reach. Reporting to immediate supervisors or managers is encouraged, with supervisory staff responsible for reporting to more senior management. As one of Queensland’s largest public sector agencies, DETE has a dedicated Ethical Standards Unit (ESU) to which reports can be submitted, if the employee concerned prefers not to report to their immediate supervisor. The Director ESU has an unrestricted line of access to the Director-General, enabling the Director-General to fulfil their legislative reporting responsibility to external bodies.
4CMC Fraud and Corruption Control Guidelines for Best Practice
P a g e | 16
Fraud and corruption reporting guidelines
Employees should report suspected wrongdoing to their immediate supervisor or manager, in the first instance.
Should staff be reluctant to report any concerns immediately or feel appropriate action has not been taken by the supervisor or manager who received the complaint, alternative reporting options include: o a more senior manager o Director, Ethical Standards Unit o Head of Internal Audit o Fraud and Corruption Hotline 1800 727 031 o directly to the CCC
Supervisors and managers are required to report information regarding suspected fraud and/or corruption incidents immediately to the Ethical Standards Unit
A climate of trust and accountability should be developed so employees are aware that all efforts will be made to maintain confidentiality and appropriate action will be taken
Objectivity and a perception of it will be increased by the identification of a senior, qualified neutral officer to receive reports such as the Director, ESU
Under section 38 of the Crime and Corruption Act 2001, https://www.legislation.qld.gov.au/LEGISLTN/CURRENT/C/CrimeandCorruptionA01.pdf the Director, ESU has an unrestricted line of access to the Director-General for timely and effective advice so that the Director-General can fulfil their legislative responsibilities for reporting to external bodies when appropriate
Fraud and corruption reporting management system DETE’s complaints management system, Resolve, managed by the ESU is used to capture, report, analyse and escalate all detected fraud and corruption incidents. It also takes the role of a fraud and corruption register, with monthly Case Status Reports – Fraud and Corruption (Case Status Reports) being extracted from Resolve and provided to the Fraud and Corruption Control Committee for ongoing monitoring and analysis. Data can also be used to provide the department with information for other reporting purposes, and facilitate continuous improvement of its fraud and corruption resistance capacity. As set out in AS 8001:2008, the Case Status Reports include the following information with regard to each incident reported:
Date and time of report
Date and time that incident was detected
How the incident came to the attention of management
The nature of the incident
Value of loss
Action taken following discovery of the incident.
CMC Element 5: External reporting ANAO conditions: Governance, legislation, control strategies Queensland’s public sector integrity framework includes several independent statutory bodies which promote accountability, integrity and good governance:
P a g e | 17
Crime and Corruption Commission (CCC)
Queensland Audit office (QAO)
Queensland Ombudsman
Queensland Integrity Commissioner
Office of the Information Commissioner
Their integrity-building activities are supplemented by the law enforcement role of the Queensland Police Service (QPS). The integrity agencies offer a range of external reporting channels and advice, depending on the nature and scope of the alleged misconduct. In addition, the department has an external reporting responsibility to the QPS for certain types of misconduct. In some instances there are legal obligations for external reporting. The role of each of the bodies and our reporting obligations to them is:
Government Body/Role Reporting Obligations
Crime and Corruption Commission (CCC) receives complaints about possible corrupt conduct and determines the most appropriate action to deal with them
Director-General or delegate notifies the CCC under the Crime
and Corruption Act 2001
https://www.legislation.qld.gov.au/LEGISLTN/CURRENT/C/Cri
meandCorruptionA01.pdf
if the department suspects a report of wrongdoing involves corrupt conduct.
Queensland Ombudsman Provides oversight for all public interest disclosures made to the Queensland Government. Oversight agency for all public interest disclosures made to the Queensland government.
Under the Public Interest Disclosure Act 2010and the Public Interest Disclosure Standard No. 1, agencies are required to provide regular reports the Ombudsman about their PIDs
Queensland Audit Office (QAO) Provides independent audit services to the Queensland Parliament, all state public sector entities and local governments. Monitors and reports on compliance and other operational practices and its recommendations can identify risks and assist agencies in forestalling fraud and corruption.
Under s21 of the Financial and Performance Management Standard 2009, the Director-General must report any suspected material loss to the Auditor General within six months of becoming aware of the loss. A material loss is defined in the standard as a loss of money of more than $500, or the loss of other property valued at over $5,000. Agencies are also responsible to inform the QAO of any loss they suspect to be the result of an offence under the Criminal Code or other Act.
Queensland Integrity Commissioner (QIC) Established by Parliament to maintain and enhance the integrity of the Queensland public sector, the Commissioner is also responsible for maintaining the Register of Lobbyists and monitoring compliance with the Integrity Act 2009 and the Lobbyists Code of Conduct.
Professional lobbyists breaching the Lobbyists’ Code of Conduct should be reported to the Commissioner.
Office of the Information Commissioner (OIC) Initially established under the repealed Freedom of Information Act 1992 (Qld), the
The OIC deals with privacy complaints and makes decisions where privacy conflicts with the public interest.
P a g e | 18
Government Body/Role Reporting Obligations
OIC continues under the Right to Information Act 2009 and the Information Privacy Act 2009 to promote access to government-held informant and to protect people’s personal information.
Queensland Police Service (QPS) Upholds and enforces the law
Director-General, or delegate reports:
suspected fraud and/ or corruption arising out of criminal conduct under the Criminal Code Act 1899, or other Act
any suspected material loss which may have occurred as a result of corrupt conduct or the commission of a criminal offence in accordance with the Criminal Code Act 1899, Crime and Corruption Act 2001, Financial and Performance Management Standard 2009, or other Act.
We also report to the Public Service Commission through the Director, ESU in relation to our integrity and accountability. Where a matter falls within the jurisdiction of more than one external integrity body, the agency must ensure that it is reported to each one that is relevant. As recommended by the CMC Guidelines, DETE has developed sound reporting policies and procedure to cater for these potentially overlapping requirements. In accordance with the Crime and Corruption Act 2001, https://www.legislation.qld.gov.au/LEGISLTN/CURRENT/C/CrimeandCorruptionA01.pdf complaints about fraud and the outcome of preliminary investigations will be reported to the appropriate agencies above. The Director ESU should be contacted prior to matters being reported to an external agency, for advice on correct reporting protocols. CMC Element 6: Public Interest Disclosures ANAO conditions: Legislation and governance, control strategies A public interest disclosure (PID) is a disclosure of information of public interest, involving wrongdoing within the public sector, made to a proper authority. Under the Public Interest Disclosure Act 2010 (PID Act), a proper authority is defined as a public sector entity or a member of the Legislative Assembly. The department strongly supports the principles embodied in the PID Act, which provide for certain protection from reprisal for persons making a PID, with the intent of the PID legislation being to ensure that persons making a complaint of wrongdoing can do so without fear of retribution. From the perspective of fraud and corruption control, a public service officer may make a PID if they report information about another employee that may relate to:
unlawful, corrupt, negligent or improper conduct that could amount to corrupt conduct
maladministration that adversely affects anyone’s interests in a substantial and specific way
negligent or improper management by a public officer public sector entity or a government contractor resulting or likely to result in a substantial waste of public funds.
We are committed to promoting the public interest by facilitating disclosures of wrongdoing and ensuring that PIDs are managed thoroughly, impartially, in a timely manner and in accordance with the Act.
P a g e | 19
The management of a PID includes initial evaluation, including a risk assessment and the determination of appropriate action, which may include investigation. If an investigation is conducted the discloser will be kept informed of its progress and outcome, and will be provided with protection from reprisal action. As recommended in the CMC Guidelines, DETE has a stand-alone PID procedure, Making and managing a public interest disclosure under the Public Interest Disclosure Act 2010 (Qld) (WRF-PR-013), which is consistent with the Code of Conduct for the Queensland Public Service and DETE’s Fraud and Corruption Control policy. DETE’s PID procedure covers:
the context in which a PID is appropriate
how, when and where to make a disclosure
who can make a disclosure
to whom a disclosure may be made
assessment and investigation of disclosure allegations
available support and protection mechanisms
the investigation process
PID-related roles and responsibilities and
confidentiality
DETE also has a program to actively encourage an ethical work climate and an atmosphere of transparency and responsible reporting, which includes compulsory Code of Conduct, Standard of Practice and internal controls training, and a team of officers trained to receive and manage PIDs, and to offer support and protection for disclosers.
As with all internal reporting of suspected wrongdoing, we:
exercise due process and natural justice in managing PIDs
make all attempts to preserve confidentiality
provide appropriate protection to the person who made the PID
maintain all necessary records securely, and
report appropriately. CMC Element 7: Investigations ANAO conditions: Legislation and governance, control strategies All reports, information, complaints and notifications concerning alleged employee misconduct are referred to the ESU. If there is a possibility that an incident constitutes corrupt conduct, the CEO is required under the Crime and Corruption Act, 2001 to report the matter to the CCC. As both fraud and corruption generally fall within the definition of corrupt conduct, the majority of fraud and corruption matters automatically need to be reported. The CCC may choose to investigate the matter itself, refer it back to the department, or work with the department to investigate the matter. Any allegation involving criminal offences against the department, by employees or external parties, needs to be referred to the QPS. In the event the QPS does not lay criminal charges, but the information requires further enquiry because the allegation raises a reasonable suspicion of employee misconduct which, if proven, would be likely to result in formal disciplinary action, an ESU investigation will be commenced.
P a g e | 20
Investigations may involve matters of suspected fraud, corruption, misappropriation, maladministration, theft and other matters where the conduct of an employee, if substantiated, could amount to corrupt conduct and may result in disciplinary action, including dismissal. DETE’s fraud and corruption investigation practices The department’s own fraud and corruption investigative practices comply with the CCC’s Guidelines, its investigative toolkit Corruption in focus: A guide to dealing with corrupt conduct in the Queensland public sector( http://www.ccc.qld.gov.au/research-and-publications/publications/ccc/corruption-in-focus/corruption-in-focus.pdf ) (PDF, 984.4 kB) and the Standard. Specialist training is provided to departmental investigators, to ensure the integrity and professionalism of their investigative work. Fraud and corruption investigations are conducted by experienced, senior personnel who are independent of the business unit in which the alleged fraudulent or corrupt conduct occurred. Investigations and any resultant disciplinary proceedings are always legislatively compliant and conducted in an atmosphere of transparency, with the overall guiding principles being independence and objectivity. Information arising from, or relevant to, investigations is not disseminated to any person not required by their position description to receive the information and in light of the seriousness of fraud and corruption allegations, investigations are overseen by the Fraud and Corruption Control Committee. In planning and undertaking fraud and corruption investigations, the department follows the steps outlined by the CCC:
Determining the scope and nature of investigations
Confirming the responsibilities and powers of the investigator
Conducting investigations in accordance with the rules of procedural fairness
Gathering the evidence
Concluding the investigation Education and awareness Employee responsibilities in relation to investigations are clearly set out in section 4.1 of the department’s Standard of Practice which states “Employees must co-operate with an investigation being conducted in connection with the administration, management and operation of the department to ensure the best possible outcomes”. Policies and procedures In addition to its Fraud and Corruption Control Policy Statement, the department has a Fraud and Corruption Control Procedure and an Investigations fact sheet, which discusses departmental investigations, employees’ legislative obligations, misconduct and corrupt conduct, the investigation process, the balance of probabilities, procedural fairness and natural justice, interviews and what each party can expect from the other during an investigation. When the department deems an investigation into alleged corrupt conduct, including fraud or corruption, necessary:
P a g e | 21
all employees are obliged to respect the rights of all involved and maintain confidentiality pending a full investigation into an alleged wrongdoing
managers and supervisors must ensure due process and encourage confidentiality
any person disclosing alleged wrongdoing must be advised of the outcome of the investigation as soon as practicable, and
the outcome may be subject of review by the CCC. Outcomes of investigations where complaints of alleged fraud and/ or corruption have been substantiated may be published, when appropriate to do so and where confidential records can be maintained. CMC Element 8: Code of Conduct ANAO conditions: Legislation and governance, ethical leadership and culture The Code of Conduct for the Queensland Public Service and the DETE-specific Standard of Practice provide guidance on the standards of conduct expected of all employees and others associated in any significant way with the department. They include ethics principles and values; and The Standard of Practice also provides advice and guidance for employees in making ethical decisions, especially in circumstances where the ‘correct’ or ‘best’ course of action may not be clear. Implementation of the FCCP will be based on the standards of conduct outlined in the Code of Conduct and Standard of Practice, with breaches subject to disciplinary provisions when appropriate. The code and Standard of Practice are based upon four ethics principles:
1. Integrity and impartiality 2. Promoting the public good 3. Commitment to the system of government 4. Accountability and transparency
As tools which outline the department’s ethical framework, it is outside the scope of the code and Standard of Practice to cover all ethical situations which may arise. To assist in the resolution of complex issues, including those relating to fraud or corruption, employees should seek the advice of their supervisors, managers or senior management when appropriate. The value of the code and Standard of Practice as deterrents to misconduct depends substantially on the perception that their provisions are enforced swiftly and equitably. Accordingly, prompt and impartial action is taken by the department in the event that a reasonable suspicion exists of fraud, corruption or corrupt conduct. The code and Standard of Practice reflect the corporate and business ethos of the department. As such, their agency-wide implementation will promote integrity, encourage ethical behaviour, and strengthen departmental resistance to fraud and corruption. In compliance with their responsibilities under the Public Sector Ethics Act 1994, the department’s CEO ensures that departmental employees are given access to appropriate education and training about public sector ethics through mandatory training at orientation and regular refreshers thereafter. The ESU will review of the Standard of Practice biennially or more frequently if required. On an ongoing basis, the Director, ESU will also review the need to develop any other related policies and procedures, ethical awareness training or employee development materials.
P a g e | 22
CMC Element 9: Staff education and awareness ANAO conditions: Governance, ethical leadership and culture
Legislative background The Public Sector Ethics Act 1994 requires agencies to provide appropriate education and training for their employees. Mandatory training Mandatory public sector ethics education and training completed by all new employees through the DETE induction program. Ongoing ethics related education and training is undertaken by all employees at regular intervals during their employment with the department. The public sector ethics education and training module includes:
ethical decision-making training and awareness, including Code of Conduct
internal controls training
fraud and corruption (including Public Interest Disclosure) training and awareness. It is available to employees through a variety of delivery modes:
face-to-face training
on-line ethical decision making training available via the Learning Place
train-the-trainer package
ethics- related resources published on One Portal, developed by ESU and available to all employees
DETE induction website (mandatory induction). Formal information-sharing and the inclusion of fraud and corruption control components in induction training is the responsibility of both central and regional management. Employees whose knowledge of, and skills in, financial management are lacking are particularly vulnerable and specific training should be provided for these officers. Employees in smaller, rural and remote locations as well as those who perform a high level of resource and financial management should also receive specific fraud and corruption control training. Departmental education and awareness strategies With the oversight of its Fraud and Corruption Control Committee, the department uses a variety of education and awareness strategies to foster an ethical organisational culture and strengthen the department’s resistance to fraud and corruption:
displaying notices about the Code of Conduct and Standard of Practice, and the expectation of ethical behaviour, throughout the workplace
making a copy of the Code of Conduct and Standard of Practice available to all new employees
demonstrating executive management commitment to fraud and corruption control, with senior executives leading by example and participating in training sessions
the appointment of the Deputy Director-General, Corporate Services as Chair of the Fraud and Corruption Control Committee and champion of fraud and corruption control across the organisation
P a g e | 23
dissemination of advice about fraud and awareness strategies and internal controls emanating from meetings of the Fraud and Corruption Control Committee
development of a fraud and corruption control newsletter
establishment of communities of practice
Fraud and Corruption Policy and Fraud and Corruption Control Plan made accessible to all employees
dissemination of Public Interest Disclosure Policy and advice about the department’s PID support program
Fraud and Corruption Control website on intranet
function-specific training about fraud and corruption control to employees working in high-risk areas
online Internal Controls training
ethics awareness announcements on divisional home pages and division-specific publications
online resources including brochures, factsheets and PowerPoint presentations
ethics-related announcements in the department’s Education Views publication, for dissemination to the general public as well as employees
the inclusion of fraud and corruption control KPIs in departmental financial sustainability benchmarks
embedding fraud and corruption control in the department’s enterprise risk management program
reinforcement of agency’s zero tolerance attitude to fraud and corruption demonstrated by prompt response taken to incidents
Future training programs will include the provision of guidelines on the identification of misconduct risk and the ‘red flag’ indicators of potential fraud. Training will also include information about public sector accountability and ethical standards, as well as offering case studies and scenarios for ethical decision making. CMC Element 10: Client and Community Awareness ANAO conditions: legislation and governance, ethical leadership and culture The Fraud Corruption and Control Framework and other relevant policies and procedures are published on our internet site to make them accessible for all community members. The department’s external communication will emphasise the integrity of the department and its commitment to the highest standard of probity in all its dealings. It will give the community confidence in its dealings with us, and ensure that external providers, such as contractors, suppliers, third party providers, and funding recipients are aware of our zero tolerance policy. This message will be augmented by the ethical actions of employees at all times. We promote our fraud corruption and control policy by:
publishing the Fraud and Corruption Control Framework and procedure on the department’s internet and employee portal
gaining P&C commitment and ensuring a documented process for reporting potential fraudulent and/or corrupt activities
incorporating probity compliance declarations and provisions into our standard contract arrangements
providing a fraud reporting hotline - 1800 727 031
publishing pertinent complaint data as Open Data.
P a g e | 24
The department’s zero tolerance of fraud should be highlighted, and measures be taken to ensure the department’s fraud and corruption prevention goals are reported, in its Annual Report.
Monitoring, review and continuous improvement The processes that support continuous improvement of the Framework include:
reviewing the Framework every two years (or following a significant change within the department) including:
o control strategies, to ensure appropriate balance between prevention and detection o control appropriateness and effectiveness of design and operation
updating fraud and corruption risk assessment to ensure fraud and corruption risks are captured and managed
review of individual fraud and corruption cases to identify the cause, areas of control weakness, where possible measure the loss or cost of fraud, and identify lessons learned.
Contact Director, Ethical Standards Unit Ph: (07) 3255 2955 Fax: (07) 3055 2996 [email protected] PO Box 15033 City East Qld 4002
P a g e | 25
Appendix 1: Legislation and other Instruments - Fraud and Corruption Control
Legislation
Public Sector Ethics Act 1994 (Qld) Public Service Act 2008 (Qld) Public Service Regulation 2008 (Qld) Education (General Provisions) Act 2006 (Qld) Education (General Provisions) Regulation 2006 (Qld) Public Interest Disclosure Act 2010 (Qld) Crime and Corruption Act 2001 (Qld) https://www.legislation.qld.gov.au/LEGISLTN/CURRENT/C/CrimeandCorruptionA01.pdfFinancial
Accountability Act 2009 (Qld) Financial Accountability Regulation 2009 (Qld) Financial and Performance Management Standard 2009 (Qld) Criminal Code Act 1899 (Qld)
Substantive policy
Code of Conduct for the Queensland Public Service DETE Standard of Practice
Related procedures
Criminal History Checks Complaints Management – State Schools Contact with Lobbyists and Former Senior Government Representatives Conflict of Interest Intellectual Property and Copyright Use Maintaining the Security of Department Information and Systems Making and managing a public interest disclosure under the Public Interest Disclosure Act 2010 (Qld) Managing employee complaints Receipt of Gifts and Benefits by Employees of the Department Risk Management Acceptable Use of the Department's Information, Communication and Technology (ICT) Network and Systems
Standards, guidance and best practice
Crime and Corruption Commission:
Fraud and Corruption Control - Guidelines for Best Practice
Corruption in focus: A guide to dealing with corrupt conduct in the Queensland public
sector(http://www.ccc.qld.gov.au/research-and-publications/publications/ccc/corruption-in-
focus/corruption-in-focus.pdf ) (PDF, 984.4 kB) Standards Australia: AS 8001-2003 - Fraud and Corruption Control
Australian National Audit Office:Fraud Control in Australian Government Entities – Better Practice Guide 2011
Australian Minister for Home Affairs and Minister for Justice: Commonwealth Fraud Control Guidelines
Queensland Department of Treasury and Trade:
Financial Accountability Handbook 2012
A Guide to Risk Management 2011
Financial Management Tools 2012
P a g e | 26
Appendix 2: Definitions Code of Conduct - The Code of Conduct for the Queensland Public Service is a whole of government code of ethics that provides a framework of ethical principles, values and standards of conduct that guide employees in their work performance, professional standards, and how they should conduct their relationships with others. The Public Sector Ethics Act 1994 defines the ethical principles and values arising from these principles. The Public Interest Disclosure Act 2010 complements the Public Sector Ethics Act 1994 by providing legal protection for the reporting of certain wrongdoing that adversely affects the public interest. The department’s Standard of Practice is a supplementary document which assists all employees to apply the Code of Conduct of the Queensland Public Service and provides agency-relevant examples that directly relate to how the Code is to be applied within the department. Employee – For the purposes of this document and in accordance with the Code of Conduct for the Queensland Public Service an employee is defined as:
“any Queensland public service agency employee whether permanent, temporary, full-time, part-time or casual;
any volunteer, student, contractor, consultant or anyone who works in any other capacity for a Queensland public service agency”
Fraud and corruption risk assessment - The application of risk management principles and techniques to the assessment the risk of fraud and corruption. Investigation - An inquiry or examination to ascertain facts; the act or process of investigating. Risk - The chance of something occurring that will have a negative impact upon objectives. It is measured in terms of likelihood and consequences .Residual risk is the remaining level of risk after risk treatment measures have been taken. Risk management - The term applied to a logical and systematic method of identifying, analysing, assessing, treating, monitoring and communicating risks associated with any activity, function or process in a way that will enable organisations to minimize losses and maximize positive outcomes. The department has introduced an Enterprise Risk Management Framework which builds on the existing risk management practices across the department and reflects current best practice and international standard. All departmental employees are strongly encouraged to become familiar with the Enterprise Risk Management Framework 2010-2014 to ensure a consistent approach to managing risk within the department. Senior management - Personnel associated with the department at the executive and senior management, director or principal level and those senior officers who have authority over the direction or management of the department.
P a g e | 27
ATTACHMENT ONE RISK ASSESSMENT WORKSHEET Each agency work unit should develop label descriptions to suit its own business processes and operating environment
IDENTIFICATION ANALYSIS EVALUATION RISK TREATMENTS
Area being assessed
Specific Risks Risk Degree Current Controls or Mitigating Factors
Control Improvements
Likelihood Consequences Risk exposure
Likelihood Consequences Risk exposure
A = Almost certain B = Likely C = Unlikely D = Rare
I = Insignificant II = Minor III = Moderate IV = Major V = Extreme
VH = Very high risk – immediate action required H = High risk - senior management attention required M = Medium risk - management responsibility must be specified L = Low risk – manage by routine procedures
P a g e | 28
ATTACHMENT TWO RISK MATRIX
Consequence
Insignificant Minor Moderate Major Critical
Lik
elih
oo
d
Almost Certain
Medium Medium High Extreme Extreme
Likely Low Medium High High Extreme
Possible Low Medium Medium High High
Unlikely Low Low Medium Medium High
Rare Low Low Low Low Medium
= Risk tolerance
Likelihood of occurrence
Almost certain Is almost certain to occur within the foreseeable future or within the project lifecycle
Likely Is likely to occur within the foreseeable future or within the project lifecycle
Possible May occur within the foreseeable future or within the project lifecycle
Unlikely Is not likely to occur within the foreseeable future or within the project lifecycle
Rare Will only occur in exceptional circumstances.