Fraud and Corruption Control Framework July 2015 Page 1 – Fraud and Corruption Control Framework – July 2015 Contents Introduction .............................................................................................................. 4 Definitions ................................................................................................................. 4 Corruption ............................................................................................................... 4 Fraud ...................................................................................................................... 5 Misconduct ............................................................................................................. 5 Policy Scope ............................................................................................................. 6 Policy Statement ...................................................................................................... 7 Fraud and Corruption Control ................................................................................. 7 1. Planning and resourcing ................................................................................... 7 Roles and responsibilities ................................................................................... 8 2. Prevention ...................................................................................................... 10 3. Detection ........................................................................................................ 12 Observation and awareness by all employees .................................................. 12 Risk Management System ................................................................................ 12 Internal audit ..................................................................................................... 12 External audit .................................................................................................... 12 Mechanisms for reporting .................................................................................. 13 Public Interest Disclosure (Whistle-Blower Protection) ..................................... 13 4. Response ....................................................................................................... 13 Responding to Fraud and Corruption Incidents ................................................. 14 Preliminary Assessment .................................................................................... 14 Investigations .................................................................................................... 14 Disciplinary Procedures .................................................................................... 15 External Reporting requirements....................................................................... 15 Recovery and Legal Proceedings ..................................................................... 16 Insurance .......................................................................................................... 16 Staff communication, education and awareness ................................................ 16 Monitor, Review and Evaluation ........................................................................... 17 Page 2 – Fraud and Corruption Control Framework – July 2015 Performance indicators ......................................................................................... 17 Stakeholders, Client and Community Awareness ............................................... 18 References .............................................................................................................. 18 Accountability Framework .................................................................................... 19 Policies and procedures ....................................................................................... 19 Legislation ............................................................................................................ 19 Across government requirements ......................................................................... 20 Page 3 – Fraud and Corruption Control Framework – July 2015 Introduction The Department of Local Government and Communities (hereinafter referred to as the Department) is committed to ensuring it promotes a high standard of integrity and accountability by: demonstrating professional behaviour consistent with our role and values, and operating in an environment of openness, probity and accountability in all aspects of its operations. The purpose of this Fraud and Corruption Control Framework (hereinafter referred to as the Framework) is to provide direction on the strategies adopted by the Department for implementing and monitoring fraud and corruption prevention, detection and response initiatives and activities. The Framework has been developed referencing the Australian Standard AS80012008 Fraud and Corruption Control and forms an integral part of the Department’s Risk Management Framework. Definitions Corruption Corruption is defined by Australian Standard AS8001 – 2008 as: “Corruption is dishonest activity in which an employee or contractor of the Department acts contrary to the interests of the Department and abuses their position of trust in order to achieve some personal gain or advantage for themselves or for another person or organisation. The concept of ‘corruption’ can also involve corrupt conduct by the Department, or a person purporting to act on behalf of and in the interests of the Department, in order to secure some form of improper advantage for the Department.” Corruption is any deliberate or intentional wrongdoing that is improper, dishonest or fraudulent and may include: conflict of interest; failure to disclose acceptance of gifts or hospitality; acceptance of a bribe; Page 4 – Fraud and Corruption Control Framework – July 2015 misuse of internet or email; or release of confidential or private information or intellectual property. Corrupt conduct tends to show a deliberate intent or an improper purpose and motivation and may involve conduct such as the deliberate failure to perform the functions of office properly; the exercise of a power or duty for an improper purpose; or dishonesty. Fraud Fraud is defined by Australian Standard AS8001 – 2008 as: “Dishonest activity causing actual or potential financial loss to any person or entity including theft of monies or other property by employees or persons external to the entity and where deception is used at the time, immediately before or immediately following the activity.” This also includes the deliberate falsification, concealment, destruction or use of falsified documentation used or intended for use for a normal business purpose or the improper use of information or position for personal financial benefit. The theft of property belonging to an entity by a person or persons internal to the entity by where deception is not used is also considered ‘fraud’ for the purposes of this Standard. Note: the concept of fraud within the meaning of the standard can involve fraudulent or corrupt conduct by internal or external parties targeting the entity or fraudulent or corrupt conduct by the entity itself targeting external parties. Fraud can take many forms including: the misappropriation of assets; the manipulation of financial reporting (either internal or external to the Department); and corruption involving abuse of position for personal gain. Misconduct Serious misconduct as defined by the Corruption, Crime and Misconduct Act 2003 is when a public officer: acts corruptly or corruptly fails to act in the course of their duties; or Page 5 – Fraud and Corruption Control Framework – July 2015 corruptly takes advantage of their position for the benefit or detriment of any person; or commits an offence which carries a penalty of two or more year’s imprisonment. Minor misconduct as defined by section 4(d) of the Corruption, Crime and Misconduct Act 2003 occurs if a public officer engages in conduct that: adversely affects , or could adversely affect, directly or indirectly, the honest or impartial performance of the functions of a public authority or public officer, whether or not the public officer was acting in their public officer capacity at the time of engaging in the conduct; or constitutes or involves the performance of his or her functions in a manner that is not honest or impartial; or constitutes or involves a breach of trust placed in the public officer by reason of his or her office or employment as a public officer; or involves the misuse of information or material that the public officer has acquired is in connection with his or her functions as the public officer, whether the misuse is for the benefit of the public officer or the benefit or detriment of another person and constitutes, or could constitute; a disciplinary offence providing reasonable grounds for termination of a person’s office or employment as a public service officer under the Public Sector Management Act 1994 (whether or not the public officer to whom the allegation relates is a public service officer or is a person whose office or employment could be terminated on the grounds of such conduct). Policy Scope This document applies to: all employees whether by way of appointment, secondment, contract, temporary arrangement or volunteering, work experience, trainees and interns; and any external party involved in providing goods or services, with or without receipt of payment, to the Department, such as contractors, consultants, outsourced service providers and suppliers. Page 6 – Fraud and Corruption Control Framework – July 2015 Policy Statement The Department is committed to an organisational culture that promotes a high standard of integrity and accountability by demonstrating professional behaviours that are consistent with our role and values and provides clear direction in supporting an effective risk management strategy, including fraud and corruption risk. The Department has zero tolerance to fraudulent and corrupt conduct. All employees have a key responsibility to safeguard against damage and loss through fraud, corruption or misconduct. All employees have an obligation to support efforts to reduce associated risk by behaving with integrity and professionalism in undertaking their duties. Where employees detect suspected or actual fraud and corruption they have a responsibility to take all necessary steps to report such conduct as required under the Department of Local Government and Communities Code of Conduct, relevant statutes, instructions and standards. Suspected fraud or corruption will be reported, investigated and resolved in accordance with internal policies and relevant legislation. All legal obligations to the principles of procedural fairness and natural justice will be met. Fraud and Corruption Control Fraud and corruption control requires the implementation of a number of key strategies which contribute to an effective control framework: 1. Planning and resourcing The Framework is an integral part of the Department’s overall risk management system and details its approach to fraud and corruption prevention, detection, response and monitoring and evaluation initiatives. The Framework will be monitored regularly by the Audit and Risk Management Committee and reviewed every two years, or as considered necessary, taking into account any changes to the Department’s business and operating environment, including the impact of fraud and corruption risks. Page 7 – Fraud and Corruption Control Framework – July 2015 Roles and responsibilities Director General Legislated responsibility to exercise authority on behalf of the Department. Overall accountability for prevention and detection of fraud and corruption within the Department. Ensure integrity and accountability in the performance of the Department’s functions. Manage the Department’s operations and resources ensuring service delivery is effective and efficient. Promote continual evaluation and improvement of the Department’s management practices. Executive Director Corporate Services Delegated authority for fraud and corruption control and acts as ‘sponsor’ of the risk management process, including fraud and corruption. Chair of the Audit and Risk Management Committee. Oversee the development, implementation and continued management of the fraud and corruption control plan. Provide accurate and timely advice to the Director General, Audit and Risk Management Committee and Ethics and Accountability Committee on fraud and corruption matters. Promote the implementation of effective risk management practices, in relation to fraud and corruption. Ensure training and awareness programs are comprehensive and designed to assist employees, contractors and stakeholders to identify, prevent and detect fraud and corruption, including methods of reporting. Audit and Risk Management Committee Oversight of risk management, including fraud and corruption control. Provide advice to the Director General, including potential fraud and corruption matters and recommendations. Review governance processes to ensure all matters relating to alleged fraud and corruption or unethical conduct are dealt with appropriately. Page 8 – Fraud and Corruption Control Framework – July 2015 Review the Department’s Risk Management Framework for identifying, monitoring and managing business risk, including risks associated with fraud and corruption. Review the Strategic Internal Audit Plan annually to ensure it covers fraud and corruption risks. Senior Management Commitment Encourage and maintain a culture and working environment that fosters personal responsibility, integrity and accountability. Develop and maintain best practice for the prevention and detection of fraud and corruption and ensuring due consideration is given to confidentiality, natural justice and procedural fairness pertaining to any reported incidents. Corporate Strategy, Planning and Governance Develop, implement and monitor the fraud and corruption control plan in consultation with divisional business areas. Coordinate, monitor and review the fraud and corruption risk assessment process. Implement fraud and corruption strategies with divisional business areas, including internal and external audit recommendations. Record and collate fraud and corruption incident reports. Coordinate investigations into allegations of fraud and corruption. Provide reports to the Audit and Risk Management Committee on fraud and corruption as necessary. Employees Understand responsibilities associated with performing their official duties and commit to acting ethically and with integrity in accordance with the Department’s Code of Conduct and other relevant policies and procedures. Contribute to the development of improved systems, policies and procedures to enhance the Department’s prevention of fraud and corruption. Undertake awareness training and education. Report all suspected or actual incidents of fraud and corruption that they may be aware of to an appropriate officer being: o Line Manager Page 9 – Fraud and Corruption Control Framework – July 2015 o Director o Executive Director o Executive Director Corporate Services o Director General Alternatively, employees can make a Public Interest Disclosure under the Public Interest Disclosure Act 2003. Further information can be obtained from the Department’s Public Interest Disclosure Guidelines or the Public Sector Commission’s website. Provide any necessary information and cooperation in the conduct of any such assessment or investigation in relation to an incident. External parties or contractors All external parties or contractors who become aware of any suspected fraud and or corruption within the Department should contact the Director General or the Corruption and Crime Commission with relevant information. Internal Audit Activity in the control of fraud and corruption Internal audit activity has been demonstrated to be an effective mechanism in the prevention and detection of fraud and corruption by ensuring due adherence to internal control systems. The Department has contracted an independent internal auditor under Common Use Agreement 23706. 2. Prevention Robust internal controls and systems are a prime defence mechanism against fraud and corruption. The Department demonstrates these by: Adopting and encouraging a workplace culture based on the Western Australian Public Sector Code of Ethics and the general principles of official conduct prescribed by the Public Sector Management Act 1994. Endorsing a workplace Code of Conduct which reinforces a commitment to promoting a high standard of integrity and accountability by demonstrating professional behaviours that are consistent with the Department’s role and values. The Code of Conduct (Principle 3) covers fraud and corruption. Page 10 – Fraud and Corruption Control Framework – July 2015 A commitment from senior management to be role models and demonstrate ethical and accountable behaviour by their actions. Establishing a strategic Ethics and Accountability Committee responsible for identifying and implementing strategies to develop and maintain a strong culture of professionalism, ethics, accountability and intolerance of breaches of conduct. Ensuring all employees participate in and complete the mandatory Induction Program and Accountability and Ethical Decision Making Training. Involving employees in the Performance Development Program, a process which provides clarity to employees about what is expected of their behaviour and work performance, required outcomes, and how they contribute to the team and departmental strategies. Ensuring effective management of conflict of interests as per the Department’s Conflict of Interest Guidelines. Establishing effective reporting mechanisms and protection for employees making disclosures about fraud and corruption activities. The Department has published Public Interest Disclosure Guidelines to document this process. Promoting, practising and adhering to risk management policies and procedures, ensuring risk assessments are conducted and treatment plans developed to address identified risks as required. Pre-employment screening to verify qualifications, suitability and experience of a potential candidate for employment. Techniques used can include confirmation of qualifications, verification of employment background, referee and criminal history checks. Supplier and customer screening to verify credentials. o Contracts entered into by the Department for goods and services that are relatively low risk and value are awarded either through the Department of Finance Whole of Government Common Use Arrangement or, if outside a Common Use Arrangement, are contracted in accordance with the State Supply Commission Supply Policies. All preferred providers under the Common Use Arrangement have undergone stringent assessment. o Funding and grants contracts entered into by the Department are subject to rigorous screening and assessment processes. o Concessions, rebates, benefits provided by the Department are subject to rigorous screening and assessment processes. Page 11 – Fraud and Corruption Control Framework – July 2015 3. Detection The Department has the following measures in place to identify and detect incidents of fraud and/or corruption: Observation and awareness by all employees Through the Department’s Code of Conduct and Accountable and Ethical Decision Making training, staff have knowledge and understanding of how to respond if fraud and corrupt activity is detected or suspected. Detection of fraud or corruption often requires specialised and knowledge of the business area where the activity may be perpetrated. However the presence of indicators of fraud does not necessarily mean that fraud is occurring; they may be the result of other factors. Risk Management System The Department has a Risk Management system in place for the identification, analysis, evaluation and treatment of risk, including fraud and corruption, and a process to monitor and review on a regular basis. The application of risk management principles and techniques in the assessment of the risk of fraud and corruption must be carried out within the Risk Management Framework as adopted by the Department. Internal audit Internal Auditing is an independent evaluation and assurance activity that assists the Department to improve the effectiveness of its risk management, control and governance processes. The Department’s internal audit function is currently outsourced to SR Governance (Common Use Arrangement 23706), who operates in accordance with the Institute of Internal Auditors’ Standard. Two officers from this organisation attend meetings of the Audit and Risk Management Committee providing advice and guidance as well as findings and recommendations associated with audits conducted in line with the Strategic Internal Audit Plan. External audit External auditors are responsible for planning and performing an audit to obtain reasonable assurance that the Department’s financial statements are free of material misstatement, whether caused by fraud or error. The ‘Australian Auditing Standard ASA 240 – The Auditor’s Responsibilities Relating to Fraud in an Audit of a Financial Report’ details the external auditor’s Page 12 – Fraud and Corruption Control Framework – July 2015 responsibilities in relation to fraud and ensuring an attitude of professional scepticism is maintained throughout the audit, considering the potential for management override of controls and recognising the fact that audit procedures that are effective for detecting error may not be effective in detecting fraud. The Department’s Audit and Risk Management Committee has a representative officer from the Office of the Auditor General, as an observer to comment and offer guidance, as required. Mechanisms for reporting It is mandatory to report known or suspected fraud and/or corruption through one or more of the channels outlined below: Reporting should, in the first instance, be to an officer’s immediate manager, or the next level senior officer if more appropriate. However, an officer may feel more comfortable reporting their suspicions to the Executive Director Corporate Services or a Public Interest Disclosure Officer, as identified on the Department’s intranet. Staff may also report directly to the Corruption and Crime Commission if desired. The Corruption and Crime Commission does not require callers to provide their personal details or reveal their identity, but anonymous reports are difficult to assess and will be treated with scepticism until supporting evidence is gained through a preliminary independent investigation. Public Interest Disclosure (Whistle-Blower Protection) The Public Interest Disclosure Act 2003 facilitates the disclosure of public interest information, enabling anyone to make disclosures about improper or unlawful conduct within the State Public Sector, local government and public universities without fear of reprisal. The Public Interest Disclosure Act 2003 also provides protection for those who are the subject of a disclosure. 4. Response Employees are sometimes reluctant to become involved in a matter of suspected fraud and corruption by a co-worker. Employees should be mindful that such behaviour is likely to continue and become substantially worse the longer it occurs. The failure to take action to stop, or to report suspected fraud and corruption may place employees in breach of the Department’s Code of Conduct - Principle 7 Reporting suspected breaches of the code. Page 13 – Fraud and Corruption Control Framework – July 2015 The function of reporting an incident of fraud or corruption is quite separate from investigating, and not all reports will result in an investigation. Responding to Fraud and Corruption Incidents Suspected fraud will be assessed, reported and if necessary investigated in accordance with the Public Sector Management Act 1994 and the Department’s policies and procedures. Where an employee is not employed under the Act, the assessment and if necessary, the investigation will be conducted in accordance with the principles of confidentiality, procedural fairness and natural justice. The Director General will be advised of all incidences of alleged fraud and be provided with regular updates on the progress of any investigation. The Audit and Risk Management Committee will be informed of all instances of alleged fraud and the status of investigations to consider and ensure controls are appropriately designed and implemented. Civil action to recover misappropriated public funds or property will be at the discretion of the State or Director General, as applicable. Preliminary Assessment All reported incidents of known or suspected fraud or corruption will be subject to a preliminary assessment by the Department to determine whether the behaviour meets the threshold for reporting to the Corruption and Crime Commission or whether the actions involve a less serious breach of trust, element of dishonesty or lack of integrity and are reportable to the Public Sector Commission. The assessment will be undertaken by the Executive Director Corporate Services (or delegate) and a recommendation will be provided to the Director General. Where there is evidence of wilful and deliberate misconduct, the Director General is required to report the allegations to the Corruption and Crime Commission (serious misconduct) or the Public Sector Commission (minor misconduct). Less serious allegations will be dealt with internally in accordance with departmental disciplinary procedures. Investigations The Corruption and Crime Commission (serious misconduct) or the Public Sector Commission (minor misconduct) will determine the most appropriate action in responding to the allegations of fraud or corruption and may include: Page 14 – Fraud and Corruption Control Framework – July 2015 investigation by the Department; investigation by the Corruption and Crime Commission, the Public Sector Commission or another independent agency, such as the Ombudsman, or the Auditor General; alternative further action, if the allegation is deemed not to be misconduct, not in the public, or outside the Corruption and Crime Commission or Public Sector Commission jurisdiction; or require no further action. If the Corruption and Crime Commission or the Public Sector Commission refers the investigation back to the Department, an assessment will be made on a case by case basis as to whether the matter will be investigated internally or an external investigator appointed. Disciplinary Procedures Appropriate disciplinary action will be taken against officers involved in any misconduct incident in accordance with the Department’s relevant policies and procedures for misconduct. External Reporting requirements Where fraudulent and corrupt activity is suspected as criminal, the Director General will determine notification to relevant authorities. Corruption and Crime Commission Under section 28 of the Corruption, Crime and Misconduct Act 2003 the Director General is required to notify the Corruption and Crime Commission in writing of any reasonable suspicion that serious misconduct may have occurred. Following notification the Corruption and Crime Commission may determine to investigate or take other action in relation to the matter. Western Australia Police The Director General will determine whether any information that raises a suspicion of criminal conduct is to be referred to the Western Australian Police (in addition to notifying the Corruption and Crime Commission), for advice and possible investigation. Page 15 – Fraud and Corruption Control Framework – July 2015 Recovery and Legal Proceedings The Department may seek to recover any money or assets lost due to incidents of fraud and corruption; and undertake criminal or civil actions as deemed appropriate. Insurance Treasury Instruction 812 on Insurance requires the Accountable Authority to ensure that there is an appropriate level of insurance cover over all insurable risks faced by the Department and where practicable, these arrangements should be reviewed before renewal. The Department maintains Fidelity Insurance through the Insurance Commission of Western Australia (RiskCover). This insurance is reviewed based on fraud and corruption incidents within the Department. The Fidelity Insurance certificate is held by the Department’s Finance team, (Assets and Facilities Branch). Staff communication, education and awareness Staff bulletins will be regularly broadcast to all officers on the Department’s Intranet or global emails. This will ensure all officers are reminded of their obligations to identify and report suspected fraud and/or corruption. Mandatory training in the following modules is required by all new officers, with refresher training scheduled at regular intervals during employment with the Department. These modules include: Induction; Code of Conduct; Accountable and ethical decision making; and Record-keeping awareness. The Department uses a variety of education and awareness strategies to foster an accountable and ethical organisational culture and strengthen resistance to fraud and corruption: Code of Conduct is available to all staff on the Department’s Intranet. All officers are required to read the Code of Conduct and acknowledge the conduct and behaviour required for working in the Department is understood. Page 16 – Fraud and Corruption Control Framework – July 2015 The Director General and senior management demonstrate commitment to fraud and corruption control by leading by example and participating in training sessions. The Executive Director Corporate Services has delegated authority and acts as ‘sponsor’ of the risk management process, including fraud and corruption. The Framework is accessible to all officers on the Department’s Intranet. Dissemination of Public Interest Disclosure Guidelines to all officers on the Department’s Intranet and the publication of Public Interest Disclosure officers’ details. Reinforcement of the Department’s zero tolerance attitude to fraud and corruption demonstrated by prompt response to incidents. Monitor, Review and Evaluation The effective monitoring, review and evaluation of the Framework is a mechanism by which the Department can demonstrate accountability and provide assurance that legislative and governance requirements are being met. A Fraud and Corruption Register will be used to capture all instances of suspected fraud and corruption. Following an incident or investigation where fraud or corruption was substantiated, the Coordinator Corporate Governance will conduct a review to determine the failure of internal controls and corrective measures to be taken. Regular review of the fraud and corruption control plan for adequacy and effectiveness of controls and the analysis of trends. A review of the Framework will be performed every two years to identify systemic control weaknesses and to take into account changes to business operations, legislation or any other significant development. Performance indicators There are performance indicators as follows: Total number of incidents and the number of open incidents Page 17 – Fraud and Corruption Control Framework – July 2015 Percentage of current staff with training Percentage of new staff receiving induction training Level of perceived risk of fraud and corruption Stakeholders, Client and Community Awareness The Framework will be communicated externally by publishing on the Department’s website, making it accessible for all stakeholders, clients and community members. The Department’s zero tolerance to fraud and/or corruption will be referenced in the annual report as part of the risk management plan. References Australian Standard AS/NZS ISO 31000:2009 Risk management – Principles and guidelines Australian Standard AS 8001-2008 Fraud and Corruption Control Australian Auditing Standard ASA 240 – The Auditor’s Responsibilities Relating to Fraud in an Audit of a Financial Report Australian National Audit Office – Fraud Control in Australian Government Entities – Better Practice Guide (March 2011) Notification of misconduct in Western Australia – a joint information resource prepared by the Public Sector Commission and the Corruption and Crime Commission on misconduct as defined by the Corruption, Crime and Misconduct Act 2003 – 1 July 2015 Western Australian Auditor General’s Report: Fraud Prevention and Detection in the Public Sector – Report 7 – 30 June 2013 Department of Culture and the Arts Fraud and Corruption Control Plan August 2014 Page 18 – Fraud and Corruption Control Framework – July 2015 Accountability Framework Policies and procedures Accountability Ethical Decision Making Training Access to and management of Personal Information Policy Audit and Risk Committee Charter Code of Conduct – Principle 3: Fraudulent and Corrupt Behaviour Complaints Management Policy Conflict of Interest Guidelines Criminal History Checks Discipline Policy and Procedures Financial Management Manual Flexible Working Hours Policy Internal Audit Charter Leave Management Policy Misconduct Prevention Policy Public Interest Disclosure Guidelines Purchasing Card Policy Recruitment, Selection and Appointment Policy Reporting and Handling Misconduct Policy Risk Management Framework Screening Policy Travel Approval and Reimbursements Policy Legislation Public Sector Management Act 1994 Page 19 – Fraud and Corruption Control Framework – July 2015 o Section 9: Principles of conduct by public sector bodies – Act with integrity in the performance of official duties and are to be scrupulous in the use of official information, equipment and facilities Corruption and Crime Commission Act 2003 o Section 4: Misconduct Corruption, Crime and Misconduct Act 2003 Criminal Code Act Compilation Act 1913 o Section 409: Fraud Criminal Code Chapter XIII: Corruption and Abuse of Office Financial Management Act 2006 o Treasurer’s Instruction – 812 - Insurance - requires the Accountable Authority to ensure that there is an appropriate level of insurance cover over all insurable risks faced by the Department and where practicable, these arrangements should be reviewed before renewal. o Treasurer’s Instruction – 825 - Risk management and security - Public sector bodies should safeguard assets from misuse and loss due to theft or damage. Public Interest Disclosure Act 2003 State Records Act 2000 Across government requirements Filling a public sector vacancy (Commissioner’s Instruction Number 2) - sets out the requirements which apply when filling a vacancy in the Western Australian public sector. Code of Ethics (Commissioner’s Instruction Number 7) - Outlines the minimum standards of conduct and integrity to be complied with by all public sector bodies and employees. Codes of conduct and integrity training (Commissioner’s Instruction Number 8) – Requires all public sector bodies to have a code of conduct and ensure Accountable and Ethical Decision Making Training is provided to employees. Page 20 – Fraud and Corruption Control Framework – July 2015