Fraud and corruption control model

advertisement
Fraud and Corruption Control
Framework
2014-16F
Director-General’s Foreword
This framework sets out the standards for accountability that I expect of all staff. It aims to minimise
opportunities for fraudulent and/or corrupt activities in line with our zero tolerance policy.
A proactive approach enables the department to manage fraud and corruption risk at an acceptable
level in an environment that is becoming increasingly complex. The complexities inherent in our
work increase opportunities for fraud and corruption:

the ever changing environment in which we operate

the growing convergence of the public and private sectors, and

the increase in cooperative and or strategic partnerships.
All departmental staff must demonstrate a commitment to preventing and detecting fraud and
corruption. Effective governance arrangements, ethical leadership and decision making,
accountability and performance improvement underpin our controls.
This framework will help us to prevent, detect and respond to fraudulent and/or corrupt behaviour.
This will ensure our stakeholders continue to be confident of the quality of our services to the
community.
Dr Jim Watterston
Director-General
Contents
Introduction ··························································································································· 1
Purpose ··············································································································································· 1
Risk-management approach ·············································································································· 1
Structure ············································································································································· 1
Goals and objectives ·························································································································· 2
What are fraud and corruption ························································································ 2
Common examples of fraud and corruption ····················································································· 3
Fraud and corruption control policy statement ·························································· 3
Fraud and corruption control plan ························································································· 4
ANAO conditions ································································································································ 4
CMC 10-element model ····················································································································· 4
DETE fraud and corruption control model ························································································ 4
ANAO conditions in practice ·············································································································· 4
Ethical leadership and culture ······································································································· 5
Legislation and governance ··········································································································· 5
ANAO control strategies ··································································································································6
Roles and responsibilities ·················································································································· 7
DETE control strategies ···················································································································· 10
CMC elements in practice ················································································································ 11
Element 1: Agency-wide integrated policy ·················································································· 11
Element 2: Risk assessment ········································································································· 11
Element 3: Internal controls ········································································································ 13
Element 4: Internal reporting ······································································································ 15
Element 5: External reporting ····································································································· 16
Element 6: Public interest disclosures ························································································· 18
Element 7: Investigations ············································································································ 19
Element 8: Code of Conduct ········································································································ 21
Element 9: Staff education and awareness ················································································· 22
Element 10: Client and community awareness ·······················································································23
Monitoring, review and continuous improvement ········································································ 24
Appendix 1: Legislation and other instruments ············································································ 25
Appendix 2: Definitions ··············································································································· 26
Attachment 1: Risk Assessment Worksheet ················································································· 27
Attachment 2: Risk Matrix··········································································································· 28
Introduction
Purpose
The purpose of the Fraud and Corruption Control Framework (Framework) is to:
 minimise opportunities for fraud and corruption (whether committed by internal or external
parties)
 protect public monies, property, and information and organisational and individual rights
and
 maintain the effectiveness of departmental operations.
Its implementation will ensure that our workforce acts legally, ethically and in the public interest.
The Framework is based upon five best-practice fraud and corruption control resources:





Queensland Crime and Misconduct Commission - Fraud and corruption control guidelines for
best practice (CMC Guidelines)
Queensland Audit Office – Fraud risk management – Report to Parliament 9: 2012-13(QAO
Report)
The Australian Minister for Home Affairs and Minister for Justice – Commonwealth Fraud
Control Guidelines (Commonwealth Guidelines)
Australian National Audit Office – Fraud Control in Australian Government Entities – Better
Practice Guide (ANAO Better Practice Guide) and
Standards Australia – AS 8001-2008 Fraud and Corruption Control (the Standard)
Risk-management approach
As an integral part of the department’s Enterprise Risk Management Framework, this Framework
includes proactive measures designed to enhance system integrity (prevention measures) and
reactive responses (reporting, detecting and investigative activities).
Structure
The Framework consists of a suite of tools and resources including:





the department’s Fraud and Corruption Control Policy Statement
its Fraud and Corruption Control Plan
its Fraud and Corruption Control Risk Assessment
its Fraud and Corruption Control Procedure
Code of Conduct, Ethical Decision Making and Internal Controls training modules.
In addition, the department is currently developing a Fraud and Corruption Control website,
which will complement the Framework with factsheets, case studies, checklists and a
downloadable library of best practice fraud and corruption control resources.
The framework should be read in conjunction with:




Legislative Framework
Corporate Governance Framework
Enterprise Risk Management Framework
Developing Performance Framework
Page |1
Goals and objectives
Through the Department’s Fraud and Corruption Control Policy and Plan, the Framework aims to
clearly articulate:







the department’s commitment to a zero-tolerance attitude towards fraud and corruption
its approach to controlling fraud and corruption
the embedding of a strong and proactive fraud and corruption control ethos within the
department’s organisational structure
departmental roles and responsibilities for fraud and corruption control
strategies implemented within the department to prevent, detect and respond to fraud and
corruption
a summary of:
o the fraud risks (internal and external) associated with the department’s functions
o the controls in place to minimise the opportunity for fraud and corruption
o their implementation details and
protocols for the reporting of suspected fraud or corruption against the department
What are fraud and corruption?
Fraud and corruption can take many forms. Fraudulent and corrupt conduct by public officials may
fall within the category of ‘official misconduct’ under the Crime and Misconduct Act 2001. In
addition, many forms of fraud and corruption are offences under the Criminal Code Act 1899. These
include false claims, stealing, and misappropriation of property, false pretence, forgery and receipt
or solicitation of secret commissions. The following definitions of “fraud”, “corruption” and
“misconduct” and “official misconduct” are used throughout this document.
Fraud
Any deliberate deceitful conduct or omission designed to gain an advantage to which a person or
entity is not entitled. It is the intentional use of false representations or deception to avoid an
obligation, gain unjust advantage or in the context of public administration, commonly referred to as
‘rorting the system’.
Corruption
Behaviour that may involve fraud, theft, the misuse of position or authority or other acts which are
unacceptable to an organisation, its clients or the general community. It may also include other
elements such as breaches of trust and confidentiality.
Misconduct
Inappropriate or improper conduct in an official capacity or inappropriate or improper conduct in a
private capacity that reflects seriously and adversely on the public service”.
Official misconduct:
Serious misconduct relating to the performance of an officer’s duties, that is dishonest or lacks
impartiality, or involves a breach of trust, or a misuse of officially obtained information. The conduct
must be a criminal offence or a breach of discipline serious enough to warrant dismissal. The act may
be official misconduct even if the person:
 is no longer a public official, or was not at the time but is now a public official
Page |2


committed the misconduct outside Queensland
did not receive money or a personal benefit.
Attempting to influence a public official to act improperly is also classed as official misconduct.
Common examples of fraud and corruption
Internal
External
 corporate card misuse,
such as payment for
personal expenses
 including fictitious names
on the payroll system
 delayed terminations
 abuse of position and
power, including accepting
or offering bribes or gifts
 nepotism
 submitting false travel
claims
 consistently recording
incorrect hours of work on
timesheets
 unauthorised use of
government vehicles
 theft or unauthorised use
of public funds or physical
resources, such as office
supplies and stationery
 clients deliberately claiming
benefits for which they are
ineligible
 external providers making
claims for services that
were not provided
 the provision of false or
misleading information
 failure to provide
information when obliged
to do so
 inappropriate influence
over grants and subsidies
applications
 manipulation of a
procurement process
Collusion
• inappropriate involvement
with suppliers, including
‘kickbacks’ such as
entertainment and
hospitality
 unlawful or unauthorised
release of information
 knowingly making or using
forged or falsified
documentation
 failing to declare and
appropriately manage
conflicts of interest
Fraud and corruption control policy statement
We are committed to excellence in service performance and in meeting our statutory obligations.
This includes maintaining a fraud and corruption prevention culture. We have zero tolerance for
fraud and corruption.
We provide all staff and relevant stakeholders with education and training in ethics and fraud
awareness to ensure that we all understand our responsibilities and obligations.
Our organisational values and culture, governance and risk management frameworks, and controls
work together to prevent, detect and respond to potential or actual fraudulent or corrupt conduct.
We will deal appropriately with all allegations of fraud and corruption. All staff are obliged to report
suspected fraudulent and/or corrupt activities to their supervisor or manager, Internal Audit Branch
(IAB) or the Ethical Standards Unit (ESU), who will investigate and deal with the allegation. We will
refer any instances of official misconduct to the Crime and Misconduct Commission (CMC) and/ or
the Queensland Police Service for investigation and possible prosecution.
We will pursue the recovery of any losses incurred from fraud and corruption activities, after
considering all relevant issues.
Page |3
Our policy aligns with the CMCs Fraud and Corruption Control – Guidelines for Best Practice 2005and
the Australian Standard AS8001-2008 Fraud and Corruption Control.
Fraud and corruption control plan
Our Fraud and Corruption Control plan is based on the ANAO’s conditions that are essential for a
sound fraud control environment, and the CMC’s recommended 10-element model.1,2
ANAO conditions
The ANAO’s three conditions for a sound control environment are:



Ethical leadership and culture –strong ethical values and high standards of ethical behaviour
Legislation and governance –legislation and policies that promote accountability, are
transparent, and incorporate robust governance structures
Control strategies –actions to prevent, detect and respond to fraud and corruption, which
are reviewed and improved continuously.
CMC 10-element model
The CMC’s recommended integrated control model comprises 10 key elements and is consistent
with Australian and overseas best practices. The elements are interrelated, with each one playing an
important role.
The elements are set out in the table below:
Element 1 Department-wide Policy
Element 2 Risk Assessment
Element 3 Internal Controls
Element 4 Internal Reporting
Element 5 External Reporting
Element 6 Public Interest Disclosures
Element 7 Investigations
Element 8 Code of Conduct
Element 9 Staff Training and Awareness
Element 10 Client and Community Awareness
Our approach to fraud and corruption control also aligns with Australian Standard 8001 – 2008:
Fraud and Corruption Control.
Fraud and corruption control model
DETE’s Fraud and Corruption Control model (Figure 1) demonstrates the way in which the
department integrates the ANAO’s conditions and the CMC’s 10 key elements with its fraud and
corruption control prevention, detection and response strategies.
1
2
Australian National Audit Office, Fraud Control in Australian Government Entities – Better Practice Guide March 2011
Crime and Misconduct Commission, Fraud and Corruption Control – Guidelines for Best Practice 2005
Page |4
Figure 1: DETE’s Fraud and Corruption Control Model
ANAO conditions in practice
Ethical leadership and culture
Senior managers must lead by example and behave in a way consistent with the Code of Conduct for
the Queensland Public Service and DETE’s Standard of Practice.
The Code of Conduct and the Standard of Practice provide all employees with ethics principles,
values and standards of conduct to guide behaviour in the workplace. They are important corruption
resistance tools to promote ethical behaviour and, in conjunction with the Framework and the best
practice principles outlined in the department’s Enterprise Risk Management Framework, to support
the effective and efficient management of fraud and corruption risks across the agency.
Legislation and governance
The Framework is underpinned by legislation, Australian standards and best practice guidelines,
including:
Page |5



Financial Accountability Act 2009– commits the department to protecting its revenue,
expenditure and property from fraudulent activity
Public Sector Ethics Act 1994 – sets out the ethics principles and values for public service
agencies and public officials, and provides standards of conduct consistent with the ethics
principles and values
Crime and Misconduct Commission Fraud and Corruption Control – Guidelines for Best
Practice 2005 – provide the model for developing and implementing the fraud and
corruption control policy and plan.
ANAO control strategies
The ANAO’s control strategies are referenced in conjunction with the CMC elements for fraud and
corruption control in the “Control Strategies” section of this paper, which commences on page 11.
Appendix 1 includes a full list of the applicable legislation and other instruments, while the
Department’s Policy and Procedure Register sets out all departmental procedure-specific legislation
and governance instruments. The department’s rigorous governance structure ensures legislative
requirements are addressed effectively, transparently and with accountability.
As illustrated in Figure 2, consistent with the Enterprise Risk Management Framework, the
department’s governance structures support fraud and corruption control at the strategic, corporate
and operational levels.
Figure 2: Governance Structures
STRATEGIC
CORPORATE AND OPERATIONAL
DIRECTOR-GENERAL (DG)
AUDIT & RISK
MANAGEMENT
COMMITTEE
(ARMC)
EXECUTIVE
MANAGEMENT
BOARD (EMB)
FRAUD & CORRUPTION CONTROL
COMMITTEE (FCCC)
 EMB sets and reviews departmental
strategic direction, priorities and
performance objectives.
 ARMC provides the Director General
with independent audit and risk
management advice
 FCCC reports to ARMC and EMB at least
annually, advises ARMC on fraud and
corruption matters and through its
Chair may escalate matters to the DG,
ARMC or EMB as appropriate
EMB
BUSINESS AS
USUAL
PROGRAMS OF
CHANGE
DIVISIONS
BOARDS
BRANCHES
PROGRAMS
BUSINESS UNITS
PROJECTS
 Corporate and operational
management structures provide for
clear lines of reporting, accountability
and responsibility to support
appropriate, open and transparent
decision making.
Page |6
Roles and responsibilities
While fraud and corruption control is the responsibility of every employee, the table below details
specific roles and responsibilities.
ROLE
Director-General
RESPONSIBILITY
• overall accountability for prevention and detection of fraud and
corruption within DETE
• legislated responsibility to exercise authority, on behalf of the
department
• manage the department’s operations ensuring service delivery is
effective and economical, and in the process avoids waste and
extravagance
• manage public resources of the department efficiently, responsibly
and in a fully accountable manner
• define goals and objectives in accordance with its mandate and
governance framework
• implement policies and priorities responsibly
• ensure impartiality and integrity in the performance of the
department’s functions
• ensure accountability and transparency in the department’s
operational performance
• maintain accurate records and accounts, and report on these as
required
• promote continual evaluation and improvement of department’s
management practices
Deputy Director-General,
Corporate Services
• delegated authority as the Fraud and Corruption Control Coordinator
and acts as ‘champion’ to drive the fraud and corruption control
regime
• Chair of the Fraud and Corruption Control Committee
• oversee the implementation and management of the fraud and
corruption control framework
• take steps to ensure that all areas assume appropriate responsibility
for fraud and corruption control and perform their functions
according to the framework and relevant legislation
• ensure all areas of operation take the appropriate steps to
implement effective risk management practices, including risk
assessment of fraud and corruption in accordance with the
enterprise risk management framework
• ensure the scope and nature of the education, training and
awareness programs are comprehensive and designed to assist
employees, contractors and clients to recognise, detect and prevent
fraud and corruption
• provide advice to the Director-General and the EMG as necessary on
fraud and corruption matters
• provide accurate and timely advice to the Audit and Risk
Management Committee through the Internal Audit Branch on any
fraud and corruption matters
• display ethical leadership and high personal standards of behaviour
consistent with the Code of Conduct for the Queensland Public
Service and the department’s Standard of Practice
• visibly adhere to the department’s ethical framework and promote
adherence by all employees
• contribute to effective risk management strategies in accordance
with the department’s enterprise risk management framework and
Deputy Directors-General,
Assistant Directors-General,
Regional Directors, Executive
Directors, Directors and Managers
Page |7
ROLE
Deputy Directors-General,
Assistant Directors-General,
Regional Directors, Executive
Directors, Directors and Managers
(Cont)
Audit and Risk Management
Committee (ARMC)
Fraud and Corruption Control
Committee (FCCC)
Director Ethical Standards Unit
RESPONSIBILITY
ensure risk management practices are adhered to throughout their
area of control
• develop strong internal controls to assist with fraud and corruption
prevention in their area of responsibility
• ensure all employees are made aware of and attend appropriate
education, training and awareness sessions to allow for a skilled and
knowledgeable workforce, including public sector ethics education,
training and awareness internal controls and financial or
procurement training
• ensure effective employee communication about the process for
identifying and reporting on potential fraudulent and corrupt
activities
• ensure where a public interest disclosure is made, the procedure for
making and managing a public interest disclosure is adhered to
• follow the mandatory internal or external reporting requirements for
reporting suspected official misconduct, including fraud or
corruption
• advise the Director-General, outlining audit matters and certain risks
to the department, including potential fraud and corruption matters
and put forward pertinent recommendations regarding these.
• review governance processes to ensure all matters relating to
alleged fraud and corruption or unethical conduct are dealt with
appropriately
• review currency, comprehensiveness and relevance of the enterprise
risk management framework, policy and procedure for identifying,
monitoring and managing significant business risks, including the
identification and management of risks related to fraud
• review the internal audit plan annually to ensure it covers key fraud
and corruption risks and that there is appropriate coordination with
the external auditor, Queensland Audit Office
• submit recommendations to the Director-General to approve the
internal audit plan, reviewing its scope and progress and any
significant changes to it, including any potential difficulties or
restrictions on the scope of activities
• advise the ARMC and make recommendations in relation to fraud
and corruption matters
• implement and monitor the fraud and corruption program
• review and evaluate the effectiveness of compliance with relevant
legislation and best practice requirements for fraud and corruption
control
• ensure the ESU fulfils the legislative function on behalf of the
Director-General to investigate all allegations of suspected official
misconduct
• ensure a proactive approach to public sector ethics by promoting an
ethical culture, practice and decision making through education and
training programs
• implement, maintain and review the fraud and corruption control
framework
• ensure the fraud and corruption control framework undergoes a
biennial review or more frequently as required
• oversee the secretariat function for the FCCC
• develop strategies in consultation with other key areas to achieve an
effective fraud and corruption regime
• identify appropriate training and awareness options and develop
strategies in consultation with Internal Audit Branch to achieve an
Page |8
ROLE
Director Ethical Standards Unit
(Cont)
Ethical Standards Unit
Internal Audit Branch
All employees
RESPONSIBILITY
effective Fraud and Corruption Control regime
• as CMC liaison officer report suspected official misconduct, criminal
and other matters to the appropriate external agency:
o Crime and Misconduct Commission
o Queensland Police Service
o Queensland Ombudsman
o Queensland Audit Office
• conduct investigations into reports of suspected official misconduct,
including fraudulent or corrupt practices
• manage the department’s fraud and corruption hotline – 1800 727
031
• manage and coordinate all public interest disclosures made to the
department and ensure adequate support and certain protections
are afforded the discloser in accordance with Public Interest
Disclosure Act 2010
• review Standard of Practice at least once every two years
• develop and maintain ethics related policies and procedures for
building and sustaining integrity and accountability; for example,
Standard of Practice, public interest disclosure procedure and
guidelines, conflicts of interest, notification of other employment,
lobbying and the fraud and corruption framework
• provide secretariat function for FCCC
• develop public sector ethics related education and training material
to promote an ethical culture and performance; such as the ethical
decision making awareness, internal controls and fraud awareness
• provide advice and direction to employees on the correct protocol
for reporting matters to external agencies
• provide independent appraisals, examination and evaluation of the
department’s activities and assist management with the detection of
suspected fraud and corrupt activities
• undertake scheduled audits, which include examining established
controls to determine if these are robust enough to reduce the risks
of fraud and corruption, including the identification of work practices
that may lead to fraudulent and corrupt activities
• undertake targeted audit activities to specifically identify any
indication that fraud may have occurred, be alert to opportunities
that could allow fraudulent activities
• report in writing any suspected activities of fraudulent or corrupt
practices identified during an internal audit function to the Director,
ESU for assessment and possible investigation or referral to the
appropriate external agency
• contribute to the development of improved systems, policies and
procedures to enhance the department’s resistance to fraud and
corruption including:
o safeguarding assets and other resources under their control
o having a clear understanding of their obligations regarding any
losses, deficiencies and shortages that may be identified while at
work
o ensuring all personal claims are accurate with no deliberate
omissions (recording accurate hours of work on timesheets)
• fulfil their obligation to report wrongdoing in accordance with
section 1.1 (d) of the Code of Conduct for the Queensland Public
Service and section 4.1 of the department’s Standard of Practice
• actively seek education and training to learn and maintain
knowledge and skills required to undertake their duties
Page |9
ROLE
All employees (Cont)
RESPONSIBILITY
• gain an understanding of the policies, procedures and guidelines that
pertain to their role and work within the requirements of these
• follow the requirements for internal reporting of suspected fraud
and corruption
DETE Control Strategies
The following strategies constitute the department’s action regarding reporting, processing,
resolving and responding to suspected fraud and corruption within the department and its funded
services, when:
 a person suspects fraud or corruption is occurring within the department
 the suspected fraud and corruption constitutes misconduct or official misconduct on the
part of an employee: and/or
 it is appropriate that suspicions be addressed directly by the ESU or referred externally
The CMC’s 10-element model of fraud and corruption control, which the department has adopted as
the basis of its Fraud and Corruption Control strategy, falls into three key categories of control:



Prevent–as the first line of defence, to reduce the risk of fraud and corruption occurring
Detect –discover and investigate fraud and corruption when it occurs
Respond–take corrective action and remedy the harm caused by fraudulent and corrupt
behaviour.
The elements are categorised below, followed by a discussion of each element, and its alignment
with the ANAO conditions for better practice fraud and corruption control.
Table 1: Key Fraud and Corruption Control Strategies
KEY CONTROL
ELEMENT
CATEGORIES
Agency-wide
integrated policy

Demonstrate the department’s resolve to combat fraud and
corruption
Code of Conduct

Set out expectations and standards of ethical behaviour within the
department
Staff education and
awareness

Client and community
awareness

Risk assessment

Internal controls

P
D
PURPOSE
R

Ensure a well-informed workforce with the capacity to recognise
and respond to the risks of fraud and corruption
Maintain public trust and forestall potentially unacceptable
practices from external parties

Provide a comprehensive understanding of the department’s
internal and external vulnerabilities


Mechanisms to eliminate or minimise risks
Internal reporting


Mechanism for employees to report potential fraudulent or
corrupt activities and other alleged wrongdoing
Public Interest
Disclosures

Investigations

External reporting
COMMUNICATE
INTENT
LIMIT
OPPORTUNITIES
REINFORCE ZERO
TOLERANCE
Responsibility for receiving and managing all allegations of
wrongdoing received under Public Interest Disclosure Act 2010

Ensure allegations of fraud and corruption are actioned
appropriately and investigated competently

Mechanism for the Director-General to report any suspected
fraudulent or corrupt activity to the appropriate external agency
P a g e | 10
CMC elements in practice
CMC Element 1: Agency-wide integrated policy
ANAO conditions: legislation, ethical leadership and culture
The department is committed to excellence in fulfilling public expectations of service performance and
in meeting its statutory obligations. Its Fraud and Corruption Control Framework, is one of a suite of
policies and procedures designed to achieve this. It works with other government and departmental
legislation, frameworks, policy and other instruments to provide guidance to staff and forms the
keystone of fraud and corruption prevention. A list of related instruments is at Appendix 1.
CMC Element 2: Risk assessment
ANAO conditions: Legislation and governance, control strategies
Fraud and corruption risk assessment is an integral part of the department’s overall risk
management framework and provides the department with an understanding of its fraud and
corruption vulnerabilities and possible strategies to eliminate or minimise those risks.
Fraud and Corruption Control Committee
DETE’s risk-based approach to fraud and corruption control was strengthened in June 2012, by the
establishment of its Fraud and Corruption Control Committee, which is responsible for monitoring
and coordinating department-wide fraud and corruption mitigating mechanisms.
Chaired by the Deputy Director General, Corporate Services, who champions fraud and corruption
control across the department, the Committee’s membership consists of the Assistant DirectorGeneral Finance and Chief Financial officer, the Assistant Director-General Human Resources and the
Assistant Deputy-General, Strategy and Performance. The Head of Internal Audit is an
observer/advisor to the committee and the Ethical Standards Unit undertakes its Secretariat role.
The clearly designated responsibility with which the Committee is tasked aligns with
recommendations in the Guidelines and the Standard. It also demonstrates DETE’s corporate
understanding of and commitment to fraud and corruption control and ensures a consistent,
integrated and high profile approach to the management of fraud and corruption risk.
Risk assessment responsibility
The Director-General is the accountable officer under the Financial Accountability Act 2009 and has
ultimate legislative responsibility and accountability for ‘establishing and maintaining suitable
systems of internal control and risk management’. The Executive Management Board provides
oversight of strategic risks. Deputy Directors-General and Assistant Directors-General support the
Director-General with oversight of corporate risks. Executive Directors, Regional Directors, Directors,
principals and TAFE managers provide oversight of operational risks. All employees are required to
comply with the department’s Risk Management policy and apply risk management processes within
their work unit.
Fraud and corruption risk assessment
Fraud and corruption risk assessments are carried out in accordance with the department’s
Enterprise Risk Management Framework.
P a g e | 11
The department’s enterprise risk management procedure and process, risk assessment criteria, fact
sheets and tools to support the completion of fraud and corruption risk assessments are located in
the department’s Policy and Procedure Register.
Fraud and corruption risk assessments are to be conducted by each division on their specific
functions/processes every two years. Potential fraud and corruption risks are identified as risks to
the department’s functions/processes and as such are classified under the Enterprise Risk
Management Framework as operational risks and recorded accordingly in the department’s online
risk register, the Enterprise Risk Assessor (ERA).
Key risks and associated control activities were identified through a department-wide fraud and
corruption risk assessment in August 2013.
Fraud and corruption risk identification and the development and assessment of their control
activities form part of DETE’s continual process of risk review, which also takes into account
changing circumstances and operating environments, both internal and external to the organisation.
Risk areas for fraud and corruption
The department has identified a number of functions/processes considered to be areas of high
vulnerability to fraudulent and corrupt activity. As a minimum, fraud and corruption risks are to be
identified and assessed for the following areas:
Accounts payable and receivable
Procurement
Contract management
Recruitment
Payroll
Regulation
Corporate card
Purchasing
Asset management
Timesheets
Funds and grants management
Information management
Also as a minimum, the following specific matters should be examined:












enforcement of existing financial management standards, policies and practices governing
contracts and the supply of goods and services
proper recording of assets and provisions for known or expected losses
the collection, storage, management, handling and dissemination of information
segregation of functions, especially in regulatory, financial and cash handling areas
work activities which have little supervision or are open to collusion or manipulation
work practices associated with compliance and enforcement activities
work practices and ethical standards for accredited agents, certifiers etc.
formal or structured reviews of accounting and administrative controls
effectiveness of measures for reporting suspected fraud, corruption and other forms of official
misconduct
compliance of staff training with requirements of the Code of Conduct for the Queensland
Public Service and the department’s Standard of Practice
workplace grievance practices and their relationship with other OH&S issues
measures to ensure quick and decisive action on all suspected fraud and corruption situations.
In addition to the assessment of risk, suitable operational practices to detect fraudulent or corrupt
activity are to be implemented including:


establishing effective accounting and management controls
routine and random auditing of decisions and operational records
P a g e | 12



identifying variations from normal accounting procedures or work practices
recognising deviations or exceptions in outcomes from expectations
monitoring key indicators (red flags) of potential fraud and/or corruption.
Responsible officers will develop fraud and corruption resistant work practices and subsidiary
control plans as necessary. The worksheets and rating methodology for risk assessment
(Attachments 1 and 2) should be used to ensure consistency across the risk evaluation process.
Recommended processes for risk assessment and management are discussed in detail in DETE’s
Enterprise Risk Management Process document.
CMC Element 3: Internal controls
ANAO conditions: Legislation and governance, control strategies
Controls are used to manage risks identified through the risk assessment process. Our internal
control system consists of structures, policies, procedures, processes, tasks, information systems and
other tangible and intangible activities that record and manage risks.
Our internal control structure complies with the FPMS requirement that accountable officers
establish and implement a cost-effective internal control structure, including:








a strong emphasis on accountability, best practice management of departmental resources
an organisational structure and delegations which support the objectives and operations of
the department
employment of qualified and competent officers
training and performance assessment of officers
efficient, effective and economic operations of the internal audit function
compliance with all financial legislative requirements
appropriate separation of duties between officers of the accountable officer’s department
or the statutory body
preserving the integrity, accuracy and reliability of the agency’s ICT systems
It also aligns with best practice requirements that internal control procedures should include:






transparent operations, such as well-defined and publicised service standards, performance
indicators and targets
easily accessible information
client opportunity to provide feedback
transparent decision-making to highlight potential nepotism, favouritism or conflict of
interest
agency appropriate procedures through identification of fraud and corruption risks and
matching control measures
separation of functions through physical access controls, division of duties, different security
access levels for information
The department’s internal control procedures include basic checks and balances which are carried
out to ensure:




completeness, relevance and accuracy
timeliness of the department’s accounting and other transactions and records
safeguarding of assets
compliance with any prescribed requirements
P a g e | 13
In line with the QAO report, DETE’s internal controls specifically address identified fraud risk and are
regularly reviewed, with internal policies and procedures documented and promoted to relevant
staff. They also include all the elements of internal control identified in AS 8001:2008.
All employees must be continually alert to early warning signs of fraud, corruption or official
misconduct. Common red flags for possible fraud or corruption include:





over-familiar relationships between employees, suppliers and contractors
disregard of internal controls
employees demonstrating a reluctance to take leave, particularly where they have cash
control or debt collection responsibilities
employees remaining later at work than other employees, or accessing work premises
unnecessarily after other staff have left,
unreconciled accounting records, including corporate card transactions and/or poor followup of outstanding accounts
The integration of internal controls into management practices requires the inclusion of
accountability in annual and long term planning, job descriptions and performance reviews of
executive management, line managers and supervisors, reflecting their responsibility for identifying
system deficiencies that facilitate fraud and corruption.
Our controls include (but are not limited to):





governance committees, organisational structures, delegation of authority, strategic and
operational plans, the annual report, and the Service Delivery Statement
resource management, budget management and the Establishment Management
Framework
position descriptions, merit based recruitment and selection processes, pre-employment
screening, training, and the Developing Performance Framework
ICT systems including SAP, One School (transactions, records, operating programs and
systems producing ICT information), TRIM (Data collection and exchange), OnePortal
intranet and DETE internet (internal and external communications), MyHR (human resources
recording and reporting), information systems standards, assets registers (physical
resources) and reporting mechanisms, including adequate audit trails
Financial Management Practice Manual, School Accounting Manual and other procedures
published in our Policy and Procedure Register
Investigations into cases of fraud and corruption show strong links between the incidence of fraud
and corruption and poor internal control systems. As a result the assessment of internal control
effectiveness is a crucial step in the fraud and corruption risk assessment process.
The Internal Audit Branch supports the department’s efforts to establish and maintain systems
integrity through an established audit program. The audit program includes periodic risk based
assessments of the department’s business units using best practice methodologies to assess levels of
compliance with existing internal controls.
The Branch also contributes to the efficient and effective management of departmental operations,
by safeguarding agency assets, facilitating internal and external reporting and helping the
department comply with relevant legislation.
P a g e | 14
CMC Element 4: Internal reporting
ANAO condition: Legislation and governance, control strategies
Reporting suspected wrongdoing is vital to our agency’s integrity and that of the Queensland public
sector, with research studies and surveys consistently showing that staff provide the most
compelling source in detecting fraud and corruption3. The Code of Conduct requires all staff to
report suspicious actions or potential wrongdoing. Students, customers, parents, caregivers, or
members of the public can also make a complaint about fraud and corruption, anonymously if they
wish. Matters relating to official misconduct will be referred for investigation as a priority.
Complaints may also be lodged by agencies including the CMC, QCOT, QPS, QSA and UPA. They can
be lodged by telephone, email, hard copy correspondence, via the department’s iRefer electronic
complaints lodgement system or through the Fraud and Corruption Hotline; 1800 727 0314.
The following departmental procedures, located in the Policy and Procedure Register, explain how to
report suspected wrongdoing, including fraud and corruption:




Managing Employee Complaints
Complaints Management – state schools
Information privacy complaints, and
Making and Managing a Public Interest Disclosure under the Public Interest Disclosure Act
2010.
Characteristics of internal reporting
Our internal reporting system addresses the CMC requirements for an internal reporting system;
that it:
 receive information about identified risks and suggestions for system improvements
 receive information about suspected acts of fraud and/or corruption
 maintain, as far as possible, the confidentiality of the parties involved
 convey information to the relevant officer (supervisor or manager)
 ensure appropriate assessment and investigation
 ensure compliance with additional external reporting requirements
 provide feedback to the discloser, demonstrating that the information was taken seriously and
acted upon
Internal reporting arrangements
As per the Guidelines, DETE’s internal reporting system takes into account the agency’s size,
structure, function and geographic reach. Reporting to immediate supervisors or managers is
encouraged, with supervisory staff responsible for reporting to more senior management.
As one of Queensland’s largest public sector agencies, DETE has a dedicated Ethical Standards Unit
(ESU) to which reports can be submitted, if the employee concerned prefers not to report to their
immediate supervisor. The Director ESU has an unrestricted line of access to the Director-General,
enabling the Director-General to fulfil their legislative reporting responsibility to external bodies.
3CMC
Fraud and Corruption Control Guidelines for Best Practice, 2005
P a g e | 15
Fraud and corruption reporting guidelines






Employees should report suspected wrongdoing to their immediate supervisor or manager,
in the first instance.
Should staff be reluctant to report any concerns immediately or feel appropriate action has
not been taken by the supervisor or manager who received the complaint, alternative
reporting options include:
o a more senior manager
o Director, Ethical Standards Unit
o Head of Internal Audit
o Fraud and Corruption Hotline 1800 727 031
o directly to the CMC
Supervisors and managers are required to report information regarding suspected fraud
and/or corruption incidents immediately to the Ethical Standards Unit
A climate of trust and accountability should be developed so employees are aware that all
efforts will be made to maintain confidentiality and appropriate action will be taken
Objectivity and a perception of it will be increased by the identification of a senior, qualified
neutral officer to receive reports such as the Director, ESU
Under section 38 of the Crime and Misconduct Act 2001, the Director, ESU has an
unrestricted line of access to the Director-General for timely and effective advice so that the
Director-General can fulfil their legislative responsibilities for reporting to external bodies
when appropriate
Fraud and corruption reporting management system
DETE’s complaints management system, Resolve, managed by the ESU is used to capture, report,
analyse and escalate all detected fraud and corruption incidents.
It also takes the role of a fraud and corruption register, with monthly Case Status Reports – Fraud
and Corruption (Case Status Reports) being extracted from Resolve and provided to the Fraud and
Corruption Control Committee for ongoing monitoring and analysis. Data can also be used to
provide the department with information for other reporting purposes, and facilitate continuous
improvement of its fraud and corruption resistance capacity.
As set out in AS 8001:2008, the Case Status Reports include the following information with regard to
each incident reported:






Date and time of report
Date and time that incident was detected
How the incident came to the attention of management
The nature of the incident
Value of loss
Action taken following discovery of the incident.
CMC Element 5: External reporting
ANAO conditions: Governance, legislation, control strategies
Queensland’s public sector integrity framework includes several independent statutory bodies which
promote accountability, integrity and good governance:

Crime and Misconduct Commission (CMC)
P a g e | 16




Queensland Audit office (QAO)
Queensland Ombudsman
Queensland Integrity Commissioner
Office of the Information Commissioner
Their integrity-building activities are supplemented by the law enforcement role of the Queensland
Police Service (QPS).
The integrity agencies offer a range of external reporting channels and advice, depending on the
nature and scope of the alleged misconduct. In addition, the department has an external reporting
responsibility to the QPS for certain types of misconduct. In some instances there are legal
obligations for external reporting. The role of each of the bodies and our reporting obligations to
them is:
Government Body/Role
Reporting Obligations
Crime and Misconduct Commission (CMC)
receives complaints about possible misconduct
and determines the most appropriate action to
deal with them
Queensland Ombudsman
Provides oversight for all public interest
disclosures made to the Queensland
Government. Oversight agency for all public
interest disclosures made to the Queensland
government.
Queensland Audit Office (QAO)
Provides independent audit services to the
Queensland Parliament, all state public sector
entities and local governments. Monitors and
reports on compliance and other operational
practices and its recommendations can identify
risks and assist agencies in forestalling fraud
and corruption.
Director-General or delegate notifies the CMC under the
Crime and Misconduct Act 2001 if the department
suspects a report of wrongdoing involves official
misconduct.
Under the Public Interest Disclosure Act 2010and the
Public Interest Disclosure Standard No. 1, agencies are
required to provide regular reports the Ombudsman
about their PIDs
Queensland Integrity Commissioner (QIC)
Established by Parliament to maintain and
enhance the integrity of the Queensland public
sector, the Commissioner is also responsible for
maintaining the Register of Lobbyists and
monitoring compliance with the Integrity Act
2009 and the Lobbyists Code of Conduct.
Office of the Information Commissioner (OIC)
Initially established under the repealed
Freedom of Information Act 1992 (Qld), the OIC
continues under the Right to Information Act
2009 and the Information Privacy Act 2009 to
promote access to government-held informant
and to protect people’s personal information.
Queensland Police Service (QPS)
Upholds and enforces the law
Under s21 of the Financial and Performance
Management Standard 2009, the Director-General must
report any suspected material loss to the Auditor General
within six months of becoming aware of the loss.
A material loss is defined in the standard as a loss of
money of more than $500, or the loss of other property
valued at over $5,000. Agencies are also responsible to
inform the QAO of any loss they suspect to be the result
of an offence under the Criminal Code or other Act.
Professional lobbyists breaching the Lobbyists’ Code of
Conduct should be reported to the Commissioner.
The OIC deals with privacy complaints and makes
decisions where privacy conflicts with the public interest.
Director-General, or delegate reports:
 suspected fraud and/ or corruption arising out of
P a g e | 17
Government Body/Role
Reporting Obligations
criminal conduct under the Criminal Code Act 1899,
or other Act
 any suspected material loss which may have occurred
as a result of official misconduct or the commission of
a criminal offence in accordance with the Criminal
Code Act 1899, Crime and Misconduct Act 2001,
Financial and Performance Management Standard
2009, or other Act.
We also report to the Public Service Commission through the Director, ESU in relation to our
integrity and accountability.
Where a matter falls within the jurisdiction of more than one external integrity body, the agency
must ensure that it is reported to each one that is relevant. As recommended by the CMC
Guidelines, DETE has developed sound reporting policies and procedure to cater for these
potentially overlapping requirements. In accordance with the Crime and Misconduct Act 2001,
complaints about fraud and the outcome of preliminary investigations will be reported to the
appropriate agencies above.
The Director ESU should be contacted prior to matters being reported to an external agency, for
advice on correct reporting protocols.
CMC Element 6: Public Interest Disclosures
ANAO conditions: Legislation and governance, control strategies
A public interest disclosure (PID) is a disclosure of information of public interest, involving
wrongdoing within the public sector, made to a proper authority. Under the Public Interest
Disclosure Act 2010 (PID Act), a proper authority is defined as a public sector entity or a member of
the Legislative Assembly. The department strongly supports the principles embodied in the PID Act,
which provide for certain protection from reprisal for persons making a PID, with the intent of the
PID legislation being to ensure that persons making a complaint of wrongdoing can do so without
fear of retribution.
From the perspective of fraud and corruption control, a public service officer may make a PID if they
report information about another employee that may relate to:



unlawful, corrupt, negligent or improper conduct that could amount to official misconduct
maladministration that adversely affects anyone’s interests in a substantial and specific way
negligent or improper management by a public officer public sector entity or a government
contractor resulting or likely to result in a substantial waste of public funds.
We are committed to promoting the public interest by facilitating disclosures of wrongdoing and
ensuring that PIDs are managed thoroughly, impartially, in a timely manner and in accordance with
the Act.
The management of a PID includes initial evaluation, including a risk assessment and the
determination of appropriate action, which may include investigation. If an investigation is
conducted the discloser will be kept informed of its progress and outcome, and will be provided with
protection from reprisal action.
P a g e | 18
As recommended in the CMC Guidelines, DETE has a stand-alone PID procedure, Making and
managing a public interest disclosure under the Public Interest Disclosure Act 2010 (Qld) (WRF-PR013), which is consistent with the Code of Conduct for the Queensland Public Service and DETE’s
Fraud and Corruption Control policy.
DETE’s PID procedure covers:









the context in which a PID is appropriate
how, when and where to make a disclosure
who can make a disclosure
to whom a disclosure may be made
assessment and investigation of disclosure allegations
available support and protection mechanisms
the investigation process
PID-related roles and responsibilities and
confidentiality
DETE also has a program to actively encourage an ethical work climate and an atmosphere of
transparency and responsible reporting, which includes compulsory Code of Conduct, Standard of
Practice and internal controls training, and a team of officers trained to receive and manage PIDs,
and to offer support and protection for disclosers.
As with all internal reporting of suspected wrongdoing, we:





exercise due process and natural justice in managing PIDs
make all attempts to preserve confidentiality
provide appropriate protection to the person who made the PID
maintain all necessary records securely, and
report appropriately.
CMC Element 7: Investigations
ANAO conditions: Legislation and governance, control strategies
All reports, information, complaints and notifications concerning alleged employee misconduct are
referred to the ESU.
If there is a possibility that an incident constitutes official misconduct, the CEO is required under the
Crime and Misconduct Act, 2001 to report the matter to the CMC. As both fraud and corruption
generally fall within the definition of official misconduct, the majority of fraud and corruption
matters automatically need to be reported. The CMC may choose to investigate the matter itself,
refer it back to the department, or work with the department to investigate the matter.
Any allegation involving criminal offences against the department, by employees or external parties,
needs to be referred to the QPS. In the event the QPS does not lay criminal charges, but the
information requires further enquiry because the allegation raises a reasonable suspicion of
employee misconduct which, if proven, would be likely to result in formal disciplinary action, an ESU
investigation will be commenced.
Investigations may involve matters of suspected fraud, corruption, misappropriation,
maladministration, theft and other matters where the conduct of an employee, if substantiated,
could amount to official misconduct and may result in disciplinary action, including dismissal.
P a g e | 19
DETE’s fraud and corruption investigation practices
The department’s own fraud and corruption investigative practices comply with the CMC’s
Guidelines, its investigative toolkit Facing the facts - A CMC guide for dealing with suspected official
misconduct in Queensland public sector agencies and the Standard. Specialist training is provided to
departmental investigators, to ensure the integrity and professionalism of their investigative work.
Fraud and corruption investigations are conducted by experienced, senior personnel who are
independent of the business unit in which the alleged fraudulent or corrupt conduct occurred.
Investigations and any resultant disciplinary proceedings are always legislatively compliant and
conducted in an atmosphere of transparency, with the overall guiding principles being independence
and objectivity.
Information arising from, or relevant to, investigations is not disseminated to any person not
required by their position description to receive the information and in light of the seriousness of
fraud and corruption allegations, investigations are overseen by the Fraud and Corruption Control
Committee.
In planning and undertaking fraud and corruption investigations, the department follows the steps
outlined by the CMC:





Determining the scope and nature of investigations
Confirming the responsibilities and powers of the investigator
Conducting investigations in accordance with the rules of procedural fairness
Gathering the evidence
Concluding the investigation
Education and awareness
Employee responsibilities in relation to investigations are clearly set out in section 4.1 of the
department’s Standard of Practice which states “Employees must co-operate with an investigation
being conducted in connection with the administration, management and operation of the
department to ensure the best possible outcomes”.
Policies and procedures
In addition to its Fraud and Corruption Control Policy Statement, the department has a Fraud and
Corruption Control Procedure and an Investigations fact sheet, which discusses departmental
investigations, employees’ legislative obligations, misconduct and official misconduct, the
investigation process, the balance of probabilities, procedural fairness and natural justice, interviews
and what each party can expect from the other during an investigation.
When the department deems an investigation into alleged official misconduct, including fraud or
corruption, necessary:




all employees are obliged to respect the rights of all involved and maintain confidentiality
pending a full investigation into an alleged wrongdoing
managers and supervisors must ensure due process and encourage confidentiality
any person disclosing alleged wrongdoing must be advised of the outcome of the
investigation as soon as practicable, and
the outcome may be subject of review by the CMC.
P a g e | 20
Outcomes of investigations where complaints of alleged fraud and/ or corruption have been
substantiated may be published, when appropriate to do so and where confidential records can be
maintained.
CMC Element 8: Code of Conduct
ANAO conditions: Legislation and governance, ethical leadership and culture
The Code of Conduct for the Queensland Public Service and the DETE-specific Standard of Practice
provide guidance on the standards of conduct expected of all employees and others associated in
any significant way with the department.
They include ethics principles and values; and The Standard of Practice also provides advice and
guidance for employees in making ethical decisions, especially in circumstances where the ‘correct’
or ‘best’ course of action may not be clear.
Implementation of the FCCP will be based on the standards of conduct outlined in the Code of Conduct
and Standard of Practice, with breaches subject to disciplinary provisions when appropriate.
The code and Standard of Practice are based upon four ethics principles:
1.
2.
3.
4.
Integrity and impartiality
Promoting the public good
Commitment to the system of government
Accountability and transparency
As tools which outline the department’s ethical framework, it is outside the scope of the code and
Standard of Practice to cover all ethical situations which may arise. To assist in the resolution of
complex issues, including those relating to fraud or corruption, employees should seek the advice of
their supervisors, managers or senior management when appropriate. The value of the code and
Standard of Practice as deterrents to misconduct depends substantially on the perception that their
provisions are enforced swiftly and equitably. Accordingly, prompt and impartial action is taken by
the department in the event that a reasonable suspicion exists of fraud, corruption or official
misconduct.
The code and Standard of Practice reflect the corporate and business ethos of the department. As
such, their agency-wide implementation will promote integrity, encourage ethical behaviour, and
strengthen departmental resistance to fraud and corruption.
In compliance with their responsibilities under the Public Sector Ethics Act 1994, the department’s
CEO ensures that departmental employees are given access to appropriate education and training
about public sector ethics through mandatory training at orientation and regular refreshers
thereafter.
The ESU will review of the Standard of Practice biennially or more frequently if required. On an
ongoing basis, the Director, ESU will also review the need to develop any other related policies and
procedures, ethical awareness training or employee development materials.
P a g e | 21
CMC Element 9: Staff education and awareness
ANAO conditions: Governance, ethical leadership and culture
Legislative background
The Public Sector Ethics Act 1994 requires agencies to provide appropriate education and training for
their employees.
Mandatory training
Mandatory public sector ethics education and training completed by all new employees through the
DETE induction program. Ongoing ethics related education and training is undertaken by all
employees at regular intervals during their employment with the department.
The public sector ethics education and training module includes:
 Ethical Decision-Making training and awareness, including Code of Conduct
 Internal Controls training
 fraud and corruption (including Public Interest Disclosure) training and awareness.
It is available to employees through a variety of delivery modes:






face-to-face training
on-line ethical decision making training available via the Learning Place
train-the-trainer package
TAFE institutes, on-line, through the institutes’ learning management system (LMS)
ethics- related resources published on One Portal, developed by ESU and available to all
employees
DETE induction website (mandatory induction).
Formal information-sharing and the inclusion of fraud and corruption control components in induction
training is the responsibility of both central and regional management. Employees whose knowledge
of, and skills in, financial management are lacking are particularly vulnerable and specific training
should be provided for these officers. Employees in smaller, rural and remote locations as well as
those who perform a high level of resource and financial management should also receive specific
fraud and corruption control training.
Departmental education and awareness strategies
With the oversight of its Fraud and Corruption Control Committee, the department uses a variety of
education and awareness strategies to foster an ethical organisational culture and strengthen the
department’s resistance to fraud and corruption:




displaying notices about the Code of Conduct and Standard of Practice, and the expectation of
ethical behaviour, throughout the workplace
making a copy of the Code of Conduct and Standard of Practice available to all new employees
demonstrating executive management commitment to fraud and corruption control, with
senior executives leading by example and participating in training sessions
the appointment of the Deputy Director-General Corporate Services as Chair of the Fraud and
Corruption Control Committee and champion of fraud and corruption control across the
organisation
P a g e | 22














dissemination of advice about fraud and awareness strategies and internal controls emanating
from meetings of the Fraud and Corruption Control Committee
development of a fraud and corruption control newsletter
establishment of communities of practice
Fraud and Corruption Policy and Fraud and Corruption Control Plan made accessible to all
employees
dissemination of Public Interest Disclosure Policy and advice about the department’s PID
support program
Fraud and Corruption Control website on intranet
function-specific training about fraud and corruption control to employees working in high-risk
areas
online Internal Controls training
ethics awareness announcements on divisional home pages and division-specific publications
online resources including brochures, factsheets and PowerPoint presentations
ethics-related announcements in the department’s Education Views publication, for
dissemination to the general public as well as employees
the inclusion of fraud and corruption control KPIs in departmental financial sustainability
benchmarks
embedding fraud and corruption control in the department’s enterprise risk management
program
reinforcement of agency’s zero tolerance attitude to fraud and corruption demonstrated by
prompt response taken to incidents
Future training programs will include the provision of guidelines on the identification of misconduct
risk and the ‘red flag’ indicators of potential fraud. Training will also include information about public
sector accountability and ethical standards, as well as offering case studies and scenarios for ethical
decision making.
CMC Element 10: Client and Community Awareness
ANAO conditions: legislation and governance, ethical leadership and culture
The Fraud Corruption and Control Framework and other relevant policies and procedures are
published on our internet site to make them accessible for all community members.
The department’s external communication will emphasise the integrity of the department and its
commitment to the highest standard of probity in all its dealings. It will give the community
confidence in its dealings with us, and ensure that external providers, such as contractors, suppliers,
third party providers, and funding recipients are aware of our zero tolerance policy. This message
will be augmented by the ethical actions of employees at all times.
We promote our fraud corruption and control policy by:
 publishing the Fraud and Corruption Control Framework and procedure on the department’s
internet and employee portal
 gaining P&C commitment and ensuring a documented process for reporting potential
fraudulent and/or corrupt activities
 incorporating probity compliance declarations and provisions into our standard contract
arrangements
 providing a fraud reporting hotline - 1800 727 031
 publishing pertinent complaint data as Open Data.
P a g e | 23
The department’s zero tolerance of fraud should be highlighted, and measures be taken to ensure
the department’s fraud and corruption prevention goals are reported, in its Annual Report.
Monitoring, review and continuous improvement
The processes that support continuous improvement of the Framework include:



reviewing the Framework every two years (or following a significant change within the
department) including:
o control strategies, to ensure appropriate balance between prevention and detection
o control appropriateness and effectiveness of design and operation
updating fraud and corruption risk assessment to ensure fraud and corruption risks are
captured and managed
review of individual fraud and corruption cases to identify the cause, areas of control
weakness, where possible measure the loss or cost of fraud, and identify lessons learned.
Contact
Director, Ethical Standards Unit
Ph: (07) 3237 0255
Fax: (07) 3235 9996
ethicalstandards@dete.qld.gov.au
PO Box 15033
City East Qld 4002
P a g e | 24
Appendix 1: Legislation and other Instruments Fraud and Corruption Control
Legislation
Public Sector Ethics Act 1994 (Qld)
Public Service Act 2008 (Qld)
Public Service Regulation 2008 (Qld)
Education (General Provisions) Act 2006 (Qld)
Education (General Provisions) Regulation 2006 (Qld)
Public Interest Disclosure Act 2010 (Qld)
Crime and Misconduct Act 2001 (Qld)
Financial Accountability Act 2009 (Qld)
Financial Accountability Regulation 2009 (Qld)
Financial and Performance Management Standard 2009 (Qld)
Criminal Code Act 1899 (Qld)
Substantive policy
Code of Conduct for the Queensland Public Service
DETE Standard of Practice
Related procedures
Criminal History Checks
Complaints Management – State Schools
Contact with Lobbyists and Former Senior Government Representatives
Conflict of Interest
Intellectual Property and Copyright Use
Maintaining the Security of Department Information and Systems
Making and managing a public interest disclosure under the Public Interest Disclosure Act 2010 (Qld)
Managing employee complaints
Receipt of Gifts and Benefits by Employees of the Department
Risk Management
Acceptable Use of the Department's Information, Communication and Technology (ICT) Network and
Systems
Standards, guidance and best practice
Crime and Misconduct Commission:
 Fraud and Corruption Control - Guidelines for Best Practice
 Facing the facts - A CMC guide for dealing with suspected official misconduct in Queensland
public sector agencies
Standards Australia: AS 8001-2003 - Fraud and Corruption Control
Australian National Audit Office:Fraud Control in Australian Government Entities – Better Practice
Guide 2011
Australian Minister for Home Affairs and Minister for Justice: Commonwealth Fraud Control
Guidelines
Queensland Department of Treasury and Trade:
 Financial Accountability Handbook 2012
 A Guide to Risk Management 2011
 Financial Management Tools 2012
P a g e | 25
Appendix 2: Definitions
Code of Conduct - The Code of Conduct for the Queensland Public Service is a whole of government
code of ethics that provides a framework of ethical principles, values and standards of conduct that
guide employees in their work performance, professional standards, and how they should conduct
their relationships with others. The Public Sector Ethics Act 1994 defines the ethical principles and
values arising from these principles. The Public Interest Disclosure Act 2010 complements the Public
Sector Ethics Act 1994 by providing legal protection for the reporting of certain wrongdoing that
adversely affects the public interest.
The department’s Standard of Practice is a supplementary document which assists all employees to
apply the Code of Conduct of the Queensland Public Service and provides agency-relevant examples
that directly relate to how the Code is to be applied within the department.
Employee – For the purposes of this document and in accordance with the Code of Conduct for the
Queensland Public Service an employee is defined as:
 “any Queensland public service agency employee whether permanent, temporary, full-time,
part-time or casual;
 any volunteer, student, contractor, consultant or anyone who works in any other capacity
for a Queensland public service agency”
Fraud and corruption risk assessment - The application of risk management principles and
techniques to the assessment the risk of fraud and corruption.
Investigation - An inquiry or examination to ascertain facts; the act or process of investigating.
Risk - The chance of something occurring that will have a negative impact upon objectives. It is
measured in terms of likelihood and consequences .Residual risk is the remaining level of risk after
risk treatment measures have been taken.
Risk management - The term applied to a logical and systematic method of identifying, analysing,
assessing, treating, monitoring and communicating risks associated with any activity, function or
process in a way that will enable organisations to minimize losses and maximize positive outcomes.
The department has introduced an Enterprise Risk Management Framework which builds on the
existing risk management practices across the department and reflects current best practice and
international standard. All departmental employees are strongly encouraged to become familiar
with the Enterprise Risk Management Framework 2010-2014to ensure a consistent approach to
managing risk within the department.
Senior management - Personnel associated with the department at the executive and senior
management, director or principal level and those senior officers who have authority over the
direction or management of the department.
P a g e | 26
ATTACHMENT ONE
RISK ASSESSMENT WORKSHEET
Each agency work unit should develop label descriptions to suit its own business processes and operating environment
IDENTIFICATION
Area being
assessed
Specific Risks
Likelihood
A = Almost certain
B = Likely
C = Unlikely
D = Rare
Consequences
I = Insignificant
II = Minor
III = Moderate
IV = Major
V = Extreme
Likelihood
ANALYSIS
EVALUATION
RISK TREATMENTS
Risk Degree
Current Controls or Mitigating
Factors
Control Improvements
Consequences
Risk
exposure
Risk exposure
VH = Very high risk – immediate action required
H = High risk - senior management attention required
M = Medium risk - management responsibility must be specified
L = Low risk – manage by routine procedures
P a g e | 27
ATTACHMENT TWO
RISK MATRIX
 Consequence 
Insignificant
Minor
Moderate
Major
Critical
Medium
Medium
High
Extreme
Extreme
Likely
Low
Medium
High
High
Extreme
Possible
Low
Medium
Medium
High
High
Unlikely
Low
Low
Medium
Medium
High
Rare
Low
Low
Low
Low
Medium
 Likelihood 
Almost
Certain
= Risk tolerance
Likelihood of occurrence
Almost certain
Is almost certain to occur within the foreseeable future or within the project lifecycle
Likely
Is likely to occur within the foreseeable future or within the project lifecycle
Possible
May occur within the foreseeable future or within the project lifecycle
Unlikely
Is not likely to occur within the foreseeable future or within the project lifecycle
Rare
Will only occur in exceptional circumstances.
P a g e | 28
Download