Corruption Risk Control

Corrupt conduct is defined in the Independent Commission Against Corruption Act 1988 (ICAC Act) as being "any conduct that adversely affects(or that could adversely affect) either directly or indirectly the honest or impartial exercise of public official functions."

Broadly, it is conduct that involves a:

• dishonest exercise of public functions, or
• breach of public trust, or
• misuse of information or material acquired in the course of official functions.

In addition, for the ICAC to exercise its jurisdiction over a matter, the conduct must be such that, if proved, it could constitute:

• a criminal offence, or
• a disciplinary offence, or
• reasonable grounds for dismissing, dispensing with the services of or otherwise terminating the services of a public official.

It is the intention under the ICAC Act to capture only intentional or deliberate acts of corruption. Mistakes or negligence may not be considered to be corrupt because they are not done intentionally.

NSW universities are 'public authorities' as defined in section 3 of the ICAC Act and, as such, fall within the jurisdiction of the ICAC, an independent statutory body with responsibility to expose and minimise corruption in the NSW public sector.

The ICAC can, therefore, investigate allegations or complaints of corrupt conduct concerning the University or its staff (full-time, part-time, casual or contract) who are deemed to be public officials as defined in the Act. NSW universities also have statutory reporting obligations under section 11 of the ICAC Act to notify the ICAC of possible corrupt conduct.

The control of corruption within the University should be an integral element of its overall risk management processes. Corruption or the perception of corrupt conduct reflects badly on the University and has the potential to damage its reputation. Scarce resources may not be allocated fairly and equitably eg. places in a course or in the awarding of a tender, and academic standards may be threatened.

In recent years, the ICAC has conducted a number of investigations into allegations relating to universities. These investigations show that universities are subject to the same kinds of risks and vulnerabilities as other organisations that administer public funds and authority - recruitment of staff, procurement of goods and services, the use (or misuse) of public resources, and regulatory functions, for example. Further information is available on the ICAC Investigations webpage.

While corrupt conduct is not necessarily criminal, like much criminal activity it generally has three essential elements:

• motivation
• opportunity
• an environment where there is a low threat of detection.

Therefore, to minimise corrupt conduct, organisations need to address these elements by:

1. guiding the behaviour of the individuals that make up the organisation;
2. ensuring that administrative processes do not create opportunities or incentives for corrupt conduct; and
3. establishing methods of detecting inappropriate conduct when it occurs.

University's face many of the corruption risks faced by all organisations and all of the public sector eg. financial fraud, favouritism in recruitment, conflicts of interest, misuse of resources including cars, telephones, confidential information and the internet, to name a few. But, in addition to these types of corporate risks, universities also face some corruption risks associated with their distinctive academic activities of teaching, learning and research.

Some of these include:

• in the learning process - cheating, plagiarism, soft marking, favouritism;
• in the research process - falsifying results, undeclared conflict of interest, misuse of research funds;
• in financial processes - fraud, undeclared conflict of interest, accepting bribes, gifts or other benefits;
• in management & administration - misuse of resources, inappropriate recruitment and selection processes, abuse of confidential information;
• staff behaviour - falsifying credentials, favouritism, accepting bribes, gifts or benefits, undeclared conflict of interest, abuse of confidential information;
• student behaviour - falsifying documents, abuse of internet, cheating, plagiarism, inappropriate relationships;
• corporate behaviour - failure to take action if wrongdoing is reported, collusion, inappropriate relationships with suppliers/clients;
• involvement with the private sector - poor contract management, lack of transparency in commercial relationships (tendering, selection of suppliers etc), undeclared conflict of interest.

Reducing Corruption Risks

The systems and mechanisms an organisation has in place to allow it to effectively conduct its business can also be used to manage or treat corruption risks by reducing the motivation to act corruptly, reducing opportunities and increasing the threat of detection.

These organisational systems and mechanisms include:

• corporate strategies, such as strategic and business planning and risk management;
• code of conduct;
• policies and procedures;
• internal controls, such as ID cards, passwords, financial delegations, segregation of duties;
• communication strategies, such as training courses, 'staff' emails, intranet;
• internal and external audit processes;
• leadership and management, and
• sanctions.

Many or all of these systems will already be in place so do not require the establishment of additional layers of bureaucracy or the development of new and different systems. Like all risk management systems, corruption prevention programs work best when they are incorporated into the broader governance framework.

While central administration and governance units of the university will be largely responsible for the development of these systems, senior staff still have a central role to play in their implementation and in the development and promotion of appropriate organisational cultures.

To assist in corruption prevention, managers must:

• use the organisation's systems effectively;
• authorise and endorse corruption prevention activities;
• communicate with staff about policies and procedures, and
• model the desired behaviour.

The systems and mechanisms an organisation has in place to allow it to effectively conduct its business can also be used to manage or treat corruption risks by reducing the motivation to act corruptly, reducing opportunities and increasing the threat of detection.

These organisational systems and mechanisms include:

• corporate strategies, such as strategic and business planning and risk management;
• code of conduct;
• policies and procedures;
• internal controls, such as ID cards, passwords, financial delegations, segregation of duties;
• communication strategies, such as training courses, 'staff' emails, intranet;
• internal and external audit processes;
• leadership and management, and
• sanctions.

Many or all of these systems will already be in place so do not require the establishment of additional layers of bureaucracy or the development of new and different systems. Like all risk management systems, corruption prevention programs work best when they are incorporated into the broader governance framework.

While central administration and governance units of the university will be largely responsible for the development of these systems, senior staff still have a central role to play in their implementation and in the development and promotion of appropriate organisational cultures.

To assist in corruption prevention, managers must:

• use the organisation's systems effectively;
• authorise and endorse corruption prevention activities;
• communicate with staff about policies and procedures, and
• model the desired behaviour.

When corrupt conduct is alleged or suspected, the University has statutory obligations through the ICAC Act and the Protected Disclosures Act (see below), and other obligations imposed by its own policies and procedures.

In order to reduce the risk of the corrupt conduct happening again, the University's longer-term response might include educating staff to recognise corruption and deal with the more high risk exposures to corruption; show commitment from the top to the prevention of corruption; enforce existing policies, including taking appropriate action for policy breaches, and take other appropriate actions that will further encourage trust in management.

Public Interest Disclosure Act 1994

One option for public officials to report corrupt conduct is to make an internal disclosure under the University's Public Interest Disclosures Policy which, through the Public Interest Disclosure Act 1994, provides protection from reprisals.

For a person to be protected under the Act, the disclosure must be:

1. made by a public official in relation to his/her official work;
2. about a public official or public agency;
3. voluntary, rather than made under a statutory obligation to report;
4. 'show or tend to show' corrupt conduct, maladministration, serious and substantial waste;
5. made to an investigating authority, the principal officer of an agency, a person identified as one who can accept disclosures (such as a protected disclosures co-ordinator), or an MP or journalist (in very limited circumstances).

In such cases, the University has an obligation to maintain confidentiality, assess the disclosure to determine what action will be taken, provide feedback to the complainant and ensure the complainant is protected against reprisals.

While many of the findings of corrupt conduct that the ICAC makes involve conflicts of interest of some kind, this does not mean that all conflicts of interest are corrupt. It is more a matter of how conflicts are dealt with that is important.

Everyone has personal interests and for university staff it is inevitable that sometimes these interests may conflict with their professional decisions or actions.

A recommended definition is: "A 'conflict of interest' involves a conflict between the public duty and private interests of a public official, in which the public official has private interests which could improperly influence the performance of their official duties and responsibilities." (OEDC 2003, Guidelines for Managing Conflicts of Interest in the Public Service, OECD, Paris, paragraph 10)

Public Duty

Public officials must always put the public interest above their own personal or private interests when carrying out their official duties. The public duty of university staff is to act in the public interest by performing their proper role according to accepted university and professional ethical frameworks.

Refer to the University's Code of Conduct

Private Interest

This means anything that could affect the impartial decision-making of a public official and includes not only that individual's personal, professional or business interests but also those of individuals or groups with which he/she associates.

A conflict of interest can arise from avoiding personal losses as well as gaining personal advantage - whether financial or otherwise.

• A pecuniary interest is where a public official is in a position to potentially gain financially from his/her public position eg. an academic engaged in a research project is a major shareholder in the company sponsoring the research.
• Non-pecuniary interests are those which do not have a financial component eg. selection of a student for admission.

Generally speaking, there are three types of conflicts of interest:

• actual - involves a direct conflict between a public official's current duties and responsibilities and his/her existing private interests eg. your spouse is an applicant for a job for which you are on the interview panel;
• perceived - where it could be perceived by others that a public official's private interests could improperly influence the performance of his/her public duties - whether or not this is in fact the case eg. your spouse is an applicant for a job within your work unit although you have no part in the selection process; and
• potential - when a public official has private interests that could interfere with his/her official duties in the future eg. a relative has just enrolled as a student in the Faculty in which you teach.

Not only must decisions be made without bias, they must also be seen to be made without bias.

Identifying a Conflict

Identifying conflicts of interest is an important step in managing them appropriately. The key test is whether an individual could be influenced, or appear to be influenced, by a private interest in carrying out his/her public duty.

This objective test should be based on an impartial examination of the official role and private relationship and interests of the person concerned, and whether these create an opportunity for corrupt conduct or have the capacity to influence the official's role.

Managing Conflicts of Interest

Properly managed conflicts of interest ensure that decisions are both made and seen to be made on proper grounds, for legitimate reasons and without bias. This reduces opportunities for corruption and improper conduct and, by implementing effective policies and procedures for identifying, disclosing and managing conflicts, the university can deal with unfounded accusations of bias more easily and efficiently.

An added benefit is that the university can demonstrate its commitment to good governance by addressing an issue that is commonly associated with corruption and misconduct.

Strategies for managing conflicts of interest range from registering the conflict to restricting involvement, recruiting a disinterested third party or removing the person completely from the situation.

Senior staff need to demonstrate leadership and commitment to the organisation's University's Code of Conduct by modelling compliance and appropriate behaviour.

Managers should encourage their staff to disclose conflicts of interest and be prepared to exercise judgment to help staff resolve or manage a conflict of interest.

Fraud impedes the University's ability to perform and to meet its objectives. 
It wastes scarce funds and resources, affects the University's reputation and the reputation of all those working within the organisation.
This document seeks to raise awareness of potential fraud risk exposure and outlines the University's expectations of staff, students and others with which we interact.

What is fraud?

Fraud is generally regarded as a subset of corruption. The difference is primarily that fraud involves personal gain. For instance, taking a bribe in return for favouring a tender submission could be regarded as fraud. If no bribe was involved, that is, if favouritism was given to a tenderer and no personal gain was involved, then this would be regarded as corrupt. The benefits involved in a fraud may be financial or non-financial in nature.

The University is exposed to frauds perpetrated by persons both internal and external to SCU. The possibilities of fraud and corruption are numerous. The following are just some examples:

• using taxi vouchers for private purposes;
• personal use of university assets, including taking building or other materials or equipment from the area in which you work;
• manipulation of records;
• receiving personal benefits in exchange for assisting a consultant to gain work at the University;
• claiming for travel entitlement to attend a course, not attending the course and not reimbursing travel monies;
• falsification of research results;
• manipulating a tendering process to achieve a desired outcome;
• misuse of a University credit card;
• manipulating the selection process for a staff appointment;
• theft of intellectual property;
• allowing a conflict of interest to undermine your independence;
• writing off recoverable assets or debts;
• making cheques out to false persons;
• theft or leakage of exam papers;
• using counterfeit signatures;
• using imaging and desktop publishing to produce apparent original invoices;
• mis-using or disclosing private information.

The University's attitude to fraud

Southern Cross University is committed to ensuring its policies, procedures and practices are consistent with best practice and the highest standards of ethical conduct.

Staff of the University are expected to act ethically, fairly and honestly in the performance of their duties. Conduct that compromises public trust and confidence in the integrity and the professionalism of the University and its officers and employees is unacceptable and could lead to termination of employment, other disciplinary procedures, loss of reputation and career progression, investigation for corruption and/or matters being referred for criminal investigation.

The University has an obligation to the community to ensure that its operations are free from fraud and corruption. In doing so, we will endeavour to protect those who assist SCU by providing information concerning suspected frauds. Wherever possible, confidentiality will be maintained and the Protected Disclosures Act 1994 (NSW), supported by the University's Public Interest Disclosures Policy, makes it an offence for anyone to take detrimental action against you in reprisal for you making a protected disclosure.

On the other hand, any investigation commenced following the reporting of a suspected fraud will be undertaken on the assumption of innocence of the implicated individual(s).

The University also has an obligation to report all matters of suspected fraudulent and corrupt conduct to the relevant regulatory authorities.

Responsibilities for fraud control

The responsibility for fraud and corruption prevention rests with all University staff-members and primarily with senior management of the University. The University shall act to ensure that its operations are free from fraud and corruption; provide a framework that facilitates the identification of fraud and corruption risks and encourages timely and effective responses to those risks; ensure an environment exists that promotes prevention of possible fraudulent and corrupt conduct and detection and disclosure of suspected fraudulent and corrupt conduct; take prompt and appropriate disciplinary action against any staff-member who is found guilty of fraudulent or corrupt conduct, and report regularly to the NSW Independent Commission Against Corruption (ICAC) on matters of suspected corruption.

All staff-members of the University shall ensure that their conduct meets the highest probity standards. All employees have a duty to report incidents or suspected incidents of fraudulent or corrupt conduct as soon as possible after becoming aware of them.

Every staff member should contribute to the development of better systems and procedures that will improve the University's resistance to fraud and corruption based on a risk management philosophy and methodology. Staff are responsible for implementing controls and regularly monitoring and reviewing the risks and the effectiveness of controls in reducing the University's fraud and corruption exposure to an acceptable level.

Discovery of fraud

Knowing the warning signs helps an organisation identify fraud in its early stages and therefore minimise loss.

Recent KPMG Fraud Surveys indicate the following early warning signs, among others, are relevant in relation to fraud: a large number of refunds being made; bank statement anomalies; documentation being altered; employee won't take holidays &/or won't let anyone help; evidence of habitual gambling; favour/preference being given to a particular supplier; large unexplained budget variance; manager's behaviour inappropriate; supplier invoice lacks detail; unusual level of activity on an account.

What allows fraud to occur?

Major factors allowing fraud to occur are the overriding of internal controls or poor internal controls in general. Effective internal control is crucial to preventing fraud.

Respondents to the above-mentioned surveys indicated other factors allowing frauds to occur include: collusion between employees and third parties; lack of accountability; individual control of inventory; poor physical security; poor ethical culture, and poor hiring practices.

What should you do about suspected fraud?

Staff should advise their supervisor of any concern, suspicion, or information of any substance of fraudulent, corrupt or improper conduct and encourage others to do the same. Supervisors should deal with all reports of suspected fraud or improper conduct in a professional and prompt manner.

Making your disclosure in accordance with the University's Public Interest Disclosures Policy means the University must act to remedy the situation. It is preferable that any report be supported in writing (not email) wherever possible.

The Protected Disclosures Act 1994 encourages all those involved to focus on the issues (not the people) and, in the spirit of the Act, the University must make all reasonable efforts to protect you from reprisals.

Under the Act, persons making protected disclosures can be given protection against any reprisals or detrimental action in relation to the making of the protected disclosure. Detrimental action includes injury, damage or loss, intimidation or harassment, discrimination, disadvantage or adverse treatment in relation to employment, dismissal from or prejudice in employment or disciplinary proceedings. A person who is found to have taken detrimental action against another person for having made a protected disclosure, risks a substantial fine or 12 months imprisonment or both.

What happens once I report my concerns?

It is important that you do not alert the person or persons suspected of fraud or attempt to conduct your own investigation or interview suspects as this could compromise the success of possible future criminal prosecutions or civil proceedings. It could also prevent you and the subject of the suspicion/allegation from receiving appropriate protection from public disclosure of an allegation.

It is important, too, that confidentiality be maintained with respect to any information disclosed and the identification of you and the person about whom the allegation is made. Don't tell others that you have made a disclosure.

The University will decide the manner of and person who will make any investigation into the information disclosed and whether a report needs to be made immediately to any outside organisation eg. ICAC or the Police.

The University must tell you within six months what action has been taken or is proposed to be taken. If you are not happy with the response you can complain to the NSW Ombudsman or ICAC.