Policy Corporate Governance Fraud and Corruption Procedure

Fraud and Corruption Procedure

Print Friendly and PDFPrint Friendly


The University is committed to ensuring that fraud and corruption is identified, appropriately managed to address wrongdoing, and that those who make disclosures are supported and protected from reprisals.

This Procedure outlines the Universities processes to prevent, detect and respond to any actual or potential fraudulent or corrupt activity and identifies those with responsibilities for ensuring ethical conduct as described in the Staff Code of Conduct, Code of Conduct for the University Council and its Committees, the Crime and Corruption Act 2001 (Qld) and the Public Sector Ethics Act 1994 (Qld).


All University staff, whether they are continuing, fixed-term, or casual appointments, including senior management, executive, academic, professional and technical, conjoint and adjunct appointments and visiting staff, members of Council and its committees are considered Public or University Officers for the purpose of this procedure.


Except as otherwise specified in this Procedure or the Council or Staff Codes of Conduct, the meaning of terms used are as per the Policy Glossary.

Corrupt Conduct

As defined in section 15 of the Crime and Corruption Act 2001:

(1) Corrupt conduct means conduct of a person, regardless of whether the person holds or held an appointment, that:

(a) adversely affects, or could adversely affect, directly or indirectly, the performance of functions or the exercise of powers of:

(i) a unit of public administration; or

(ii) a person holding an appointment; and

(b) results, or could result, directly or indirectly, in the performance of functions or the exercise of powers mentioned in paragraph (a) in a way that –

(i) is not honest or is not impartial; or

(ii) involves a breach of the trust placed in a person holding an appointment, either knowingly or recklessly; or

(iii) involves a misuse of information or material acquired in or in connection with the performance of functions or the exercise of powers of a person holding an appointment; and

(c) is engaged in for the purpose of providing a benefit to the person or another person or causing a detriment to another person; and

(d) would, if proved be:

(i) a criminal offence; or

(e) A disciplinary breach providing reasonable grounds for terminating the person’s services, if the person is or were the holder of an appointment.


includes –

(a) personal injury or prejudice to safety; and

(b) property damage or loss; and

(c) intimidation or harassment; and

(d) adverse discrimination, disadvantage or adverse treatment about career, profession, employment, trade or business; and

(e) financial loss; and

(f) damage to reputation, including for example, personal, professional or business reputation.


A person who makes a Public Interest Disclosure about a matter concerning JCU. The Discloser may be a staff member or other University/Public Officer.


Dishonest activity causing actual or potential financial loss to any person or entity including theft of money or other property by a University Officer(s) and whether or not deception is used at the time, immediately before or immediately following the activity. This also includes the deliberate falsification, concealment, destruction or use of falsified documentation used or intended for use for a normal business purpose or the improper use of information or position.

Fraud can be perpetrated by staff (internal fraud) or by persons external to the University (external fraud), or by a combination of both. It can involve financial and non-financial incidents that have an impact upon the operations and the reputation of the University.

Public Interest Disclosure (PID) Coordinator

The Chief of Staff has been appointed the responsible officer for receiving disclosures and acting on them, and is responsible for implementation of the University’s PID management program, including acting as the principal point of contact with the Queensland Ombudsman, as oversight agency.

PID Support Officer

A PID Support Officer is a suitably qualified member of the University staff, with the responsibility for providing support to a Discloser, subject officer or witness who is involved in the management of a PID.

Responsible Officer

For the purposes of this procedure, a Responsible Officer is the Chief of Staff, Chief Financial Officer, Director Human Resources, University General Counsel, or Manager Internal Audit.

University/Public Officer

A staff member or officer of the entity including members of the University’s Council, its committees and sub-committees.


Means a report of suspected fraud and/or corruption.

1. Principles

1.1  The University considers that its fraud and corruption control program is an integral component of its overall risk management framework and will plan for and resource activities accordingly, consistent with the University’s relevant Codes of Conduct,  legislation and in accordance with the Australian Standard 8001-2008 Fraud and Corruption Control.

1.2  Staff of the University are placed in a position of trust and are required to maintain and enhance public confidence in the integrity of the University and to advance the common good of the University community. JCU has a zero tolerance to fraud and corruption in relation to any of its operations, and will take appropriate action if any instance of fraud or corruption is suspected or detected. The University is committed to providing an environment that:

1.2.1 fosters ethical practices;

1.2.2 is safe for those who wish to raise concerns; and

1.2.3 has fair processes for all persons involved in the management of a report of suspected fraud or corruption and where all parties act in good faith.

1.3 JCU operates in an environment in which ethical conduct is expected, encouraged and supported. Any person who makes a report knowing that the content is false or misleading or does so maliciously or recklessly should be aware that they may commit a serious offence. A University Officer or student may be also subject to disciplinary action by the University for making a vexatious report.

1.4 Nothing in this procedure prevents the University or any person from making a report of suspected fraud or corruption directly to the Police or Crime and Corruption Commission.

2. Roles and Responsibilities

2.1 Every member of the University Community has obligations under this procedure with the following having further obligations and accountabilities:

2.1.1 Council: oversight responsibility for fraud and corruption prevention.  It approves policy and delegations and through the Audit, Risk and Compliance Committee, receives advice on fraud and corruption prevention and risk management issues as required.

2.1.2 Audit, Risk and Compliance Committee: responsible for the oversight of the internal assurance functions including risk and compliance management, and Internal Audit function, and monitoring of the external auditing activities. It reports to Council as required on any systemic issues related to the effectiveness of the system of internal controls.

2.1.3 Vice-Chancellor: ultimately responsible for the establishment of a cost-effective risk management and internal control structure processes for the University, including maintenance of an internal audit function to evaluate and improve the effectiveness of risk management, control, and governance processes. The Vice Chancellor is to communicate with the Chancellor and/or Council where appropriate, and has a statutory obligation to refer all cases of suspected Corrupt Conduct to the Crime and Corruption Commission.

2.1.4 Senior Management Group: responsible for: the prevention and detection of acts of fraud and corruption; ensuring there are sufficient internal controls to provide for the security and accountability of University resources to prevent or reduce the opportunity for fraudulent and corrupt activities; remaining vigilant to fraudulent and corrupt activity and reporting suspected acts of fraud and corruption to the relevant Director below depending on the nature of the fraud; promoting staff awareness of the Staff Code of Conduct and University policies and procedures relating to ethical behaviour; promoting a positive and appropriate attitude towards compliance with laws, rules and regulations; being aware of common indicators and symptoms of fraud and corruption and responds to those indicators as appropriate; and cooperating with any fraud or corruption investigation and granting access to persons and documentation required.

2.1.5 Chief of Staff: as the University’s Public Interest Disclosure Coordinator and Crime and Corruption Commission Liaison Officer and other portfolio responsibilities, is to: ensure the University has sound policies in place for risk identification, management and control; take steps to limit the University's exposure to fraud; liaise with the Manager Internal Audit, Director Human Resources, Chief Financial Officer, and/or University General Counsel on allegations of fraud and corruption to undertake an initial assessment and allocate responsibilities and tasks; receive disclosures relating to non-financial fraud and corruption and maintain the fraud reporting register (template at appendix 1); undertake a preliminary assessment on whether reports might constitute a PID and/or corrupt conduct notifiable to the Queensland Ombudsman or Crime and Corruption Commission (in accordance with the Public Interest Disclosure Procedure); where required, develop an investigation plan and a protection plan for any Discloser; determine if any other action related to the disclosure is required, fulfil the University’s record-keeping and reporting obligations related to fraud and corruption reporting; and provide advice to the Vice-Chancellor and senior managers in relation to both the disclosure and to more general issues of fraud and corruption management, as required.

2.1.6 Manager, Internal Audit: is responsible for: referring any disclosures or audit findings relating to financial fraud and corruption to the Chief Financial Officer and Chief of Staff, or the Vice Chancellor as appropriate; supporting the Vice-Chancellor and senior managers in carrying out their responsibilities for fraud and corruption prevention and management, the provision of on-going advice and guidance to all levels of management on (a) the implementation of fraud and corruption prevention and management strategies and (b) procedures for responding to allegations of fraud and corruption; the performance of risk based, periodic reviews of internal control structures; and supporting any investigation of allegations of financial fraud and corruption.

2.1.7 Director, Human Resources: responsible for: establishing appropriate and effective HR systems and controls to mitigate the risk of fraud and corruption; training and education regarding HR recruitment and performance management processes; and managing misconduct/serious misconduct processes where investigations indicate that further action is warranted under the Enterprise Agreement.

2.1.8 Chief Financial Officer: responsible for: establishing appropriate and effective financial systems (Finance One and Concur), policies, procedures and controls to assess and mitigate the risk of financial fraud and corruption; referring financial fraud and corruption to the University General Counsel and Chief of Staff as appropriate; notifications to banks and other financial and external authorities where required (see section 5); training and education regarding the appropriate use of University corporate credit cards; and establishing appropriate and effective strategic procurement systems and controls to mitigate the risk of fraud and corruption.

2.1.9 All staff: have a responsibility to: comply with internal control requirements, policies and procedures and delegations; making a report of suspected fraud or corruption as soon as possible should they begin to hold a reasonable suspicion; assist with any enquiries and investigations maintaining confidentiality about any report of suspected fraud and/or corruption and any actions taken in relation to the matter.

3. Fraud and Corruption Prevention, Detection and Response Processes

3.1 Examples. Examples of fraud (and potentially corrupt conduct) include, but are not limited to:

3.1.1   theft;

3.1.2   bribery;

3.1.3   conflict of interest;

3.1.4   accounting fraud (such as false invoices, misappropriation of funds etc);

3.1.5   unlawful use of, or obtaining property, equipment, material or services;

3.1.6   causing a loss, or avoiding and/or creating a liability;

3.1.7   providing false or misleading information to the University, or failing to provide it when there is an obligation to do so;

3.1.8   misuse of JCU assets, equipment or facilities;

3.1.9   making, or using false, forged or falsified documents;

3.1.10 misuse of the corporate credit card by the cardholder (this includes acquitting a corporate credit card transaction of a personal or private nature as a business expense).

3.1.11 claiming benefits where the individual or entity is not entitled (this includes misuse of leave and/or work time and unentitled accruing, and use, of op-time)

3.1.12 falsely recording work time to gain additional flexi-time or over-payment of wages; and

3.1.13 wrongfully using JCU information or intellectual property.

3.2 Prevention

3.2.1 Policies and Procedures. An integrated framework of policies and procedures aimed at prevention including delegations frameworks, conflict of interest management, strong procurement practices, transaction level procedures and internal controls have been established.

3.2.2 Risk Assessment. Identification, assessment and management of the risk of fraud and corruption are to be an integral part of the University’s risk management process, as set out in the Risk Management Framework and Plan. Fraud and corruption risks will normally be identified, evaluated and managed by those identified under section 2 specific their fraud risks.

3.2.3 Internal Controls. Manual and automated controls enabled by technology in financial, administrative, information systems and academic operations are all essential requirements for fraud and corruption prevention. Individual managers are responsible for effective design, implementation, daily operations and continuous management monitoring of cost-effective internal control structures within their organisational responsibility. Review of the operation of internal controls is the responsibility of Senior Management within their areas of accountability and the Manager, Internal Audit.

3.2.4 The University has established a comprehensive internal control framework including delegations, policies and procedures for financial, academic, WHS operations for example, which require staff to follow established processes when conducting University business, to act in accordance with best practice, and to adhere to controls in place. Applicable internal controls include: HR controls including suitable recruitment procedures in line with the Recruitment, Selection and Appointment Policy and its associated Procedures. This includes verification of identity (birth certificate, driver's license), reference checks from the two most recent employers, and verification of formal qualifications; suitable staff separation practices such as exit interviews; reporting and management of conflicts of interest; segregation of duties, approvals within delegated authority, clear reporting lines, and performance management. Financial controls including suitable procurement practices, reconciliations, budget control, regular review of management reports, limiting authorization of transactions to specific staff; separation of duties (one employee not responsible for all aspects of a transaction); registers,  stocktaking and disposal processes for IT and Communications equipment; credit card and other procedures; contractor and vendor checks with ASIC and ASTO Technical controls including security of records and information systems, ICT risk management and cybersecurity controls (in particular ID management); Research controls including the responsible conduct of research, Animal Welfare and Ethics policies and procedures to ensure research conducted is of the highest ethical standard; Management controls including consideration of risk and risk management strategies, supervision and internal checks, delegation of authority and decision making rules; conflict of interest procedures; and Internal audit.

3.2.5 The University's internal audit program is to include both systematic and random audits to test compliance, and effectiveness of internal controls. The findings of these audits are reported to the Audit, Risk and Compliance Committee, and then to Council, so that any identified adverse trends or deficiencies are acted upon.

3.2.6 Codes of Conduct. The Staff Code of Conduct which applies to all managers and staff of the University and the Council Code of Conduct is a reflection of the University’s commitment to create an ethos and environment in which ethical conduct is expected, encouraged, supported and achieved.

3.2.7 The Codes of Conduct requires that members of Council, managers and staff act in accordance with four fundamental ethical principles, including integrity and respect for the law and the system of governance.  Managers and staff control University resources, have access to University information and make decisions that affect the interests of others. By conducting themselves with the highest standards of honesty, fairness and propriety, staff enhance public confidence in the integrity of the University.

3.3 Staff awareness, recruitment and education

3.3.1 Recruitment policy and practices underpin fraud and corruption prevention. All staff must support the University’s recruitment strategies, which include: criminal background checks on staff where the position warrants it and as guided by Human Resources; contacting referees; verifying transcripts, qualifications, publications and other certification or documentation; and avoiding entering into recruitment of individuals that could potentially lead to conflicts of interest.

3.3.2 Staff development and training is key to combating fraudulent and corrupt behaviour. To that end: induction procedures will make new staff aware of this procedure; training on ethics, fraud and corruption prevention and detection, Public Interest Disclosure and reporting obligations of individual staff members is part of the University’s ongoing staff development program.

3.4 Detection

3.4.1 The University has systems aimed at quickly identifying instances of fraud and corruption in the event that prevention strategies fail. Detection controls serve as the strongest deterrents to fraudulent or corrupt behaviour. Detection methods include but are not limited to anonymous reporting mechanisms (public interest disclosure) and proactive fraud detection procedures specifically designed to identify fraudulent activity particularly relating to financial, HR, procurement and/or cybersecurity.

3.4.2 Disclosers can approach University management without fear of reprisals. Any claim of fraud or corruption will be handled with confidentiality as allegations of fraud and corruption, even if not proven, can cause damage to individual reputations and expose the University to legal claims for damages. Further guidance can be found in the Public Interest Disclosure Procedure or the Complaint about the Vice Chancellor Procedure.

3.4.3 JCU uses proactive fraud detection procedures – such as continuous management monitoring using data analysis, computer assisted auditing techniques, and other technology tools - to detect fraudulent and corrupt activities as part of internal audit and external audit reviews. These are established as part of the internal audit plans on an annual basis.

3.4.4 Additional warning signs that may indicate fraud or corruption include:   unexplained and/or sudden sources of wealth;   excessive secrecy in relation to work;   staff who are aggressive or defensive when challenged, and/or controlling of certain colleagues;   staff known to be under external financial pressure;   staff who delay providing information or who provide different answers to different people;   staff under apparent stress without identifiable pressure;   staff making procedural or computer enquiries inconsistent or not related to their normal duties;   managers who avoid using the Procurement Unit (e.g. excessive use of cash or credit cards to purchase items outside the procurement framework);   staff who appear to make a large number of mistakes, especially those leading to financial loss; staff with competing or undeclared external business interests; staff (especially managers) with too much hands-on control; staff refusing to take leave; an unusual number of customer complaints; customers or suppliers insisting on dealing with just one individual; inconsistent signatures, mismatched fonts or handwriting on different pages of the same document; invoices which look different to previous invoices issued by the same provider; and/or attempts to obtain sensitive information such as usernames, passwords and credit card details (e.g. phishing emails, whaling attacks).

3.4.5 Some warning signs of fraudulent behaviour (e.g. staff refusing to take leave, making a large number of mistakes) may relate to conduct and/or performance issues rather than being an indicator of fraud. However, the more inter-related indicators identified, the higher the risk of potential fraud or corruption.

3.5 Response

3.5.1 In the case of suspected corrupt conduct not requiring notification, or in circumstances where the Crime and Corruption Commission has referred the matter back to the University, the University will adopt a comprehensive approach to the subsequent investigation, disciplinary proceedings, prosecution or recovery action.

3.5.2 The University will ensure protection of those reporting suspected instances of fraud and corruption and will ensure that this procedure is well understood by the University community.

3.5.3 The University will ensure that there are adequate means for reporting suspicious or known illegal/unethical conduct, and that these means are widely known and available.

4.  Making and managing reports of suspected fraud or corruption

4.1 Internal Reporting - by staff

4.1.1 Any instance of suspected fraud and/or corruption should be reported.

4.1.2 Suspected fraudulent and/or corrupt behaviour should be reported either to a supervisor/Manager, or to relevant Officers identified at section 2, depending on the nature of the fraud and/or corruption (financial or non-financial). Where this is not possible and/or appropriate, a report should be made to the next-level supervisor or a Senior Manager.

4.1.3 JCU has protections in place for individuals making the complaint, and natural justice to those individuals being subject of such complaint. (Also refer to section 4.4 below).

4.1.4 Where there is a reasonable suspicion that corrupt conduct may have occurred, the Crime and Corruption Commission will be notified prior to any investigation commencing (refer to section 4.3 below).

4.1.5 A report must be submitted in writing, and clearly marked 'Private and Confidential'. A report should include the following information wherever possible: the nature of the suspected misconduct; the location; the identity of University Officer(s) involved ; the time period over which it is suspected to have occurred; an estimated monetary value; and evidence, e.g. letters, emails, records of conversations, photographs, sketches, research data, receipts, invoices, statements or any other written or non-written material.

4.1.6 A University Officer in receipt of a  report must refer it to the Chief of Staff and Director HR. Confidential advice on the appropriateness of a report is available from them prior to referral.

4.1.7 The reporter must be advised as to whether their report was referred to a Responsible Officer under this procedure. If the reporter is dissatisfied with the University Officer's decision, they may lodge a staff grievance under the Enterprise Agreement or submit a complaint. Alternatively, they may also make a report directly to the Crime and Corruption Commission or Police under 1.4 of this procedure.

4.1.8 Following receipt and consideration of any report, the Chief of Staff either makes a notification to the Crime and Corruption Commission or determines what, if any, internal action the University will take in relation to the matter.

4.1.9 Notifications of breaches of ethical standards may be made anonymously, however this is not encouraged as it can make the disclosure more difficult to investigate.

4.1.10 Where the identity of the notifying person is known, the disclosure of the name of that person may be kept confidential where a duty of confidentiality has been established between that person and the University subject to any lawful direction to disclose.

4.1.11 A proper record needs to be kept of reports made and how they are addressed (see 4.8 below).

4.2 Reporting by third parties

4.2.1 The provisions in 4.1 apply except that the initial report is to be made to the Chief of Staff.

4.3 External Reporting - by the University

4.3.1 Various legislation sets out the requirements for agencies such as the University to report matters of fraud and corrupt conduct to the Crime and Corruption Commission, Queensland Police Service, the Ombudsman and Queensland Audit Office.

4.4 Public Interest Disclosures

4.4.1 The University has a Public Interest Disclosure Procedure and a Complaint about the Vice Chancellor Procedure in accordance with the provisions of the Public Interest Disclosure Act 2010 and the Crime and Corruption Act 2001. This Procedure establishes a disclosure process and provides protection for individuals making a disclosure and natural justice for those who are the subject of disclosures.

4.4.2 All public interest disclosures made by University staff and students are to be managed in accordance with that Procedure.

4.5 Investigation

4.5.1 The University’s response to fraud and corruption allegations or matters will vary, according to the nature and seriousness of the alleged conduct. A full investigative response will be undertaken where the conduct, if proved, could result in misconduct/serious misconduct action (eg termination). Some complaints may best be dealt with by prompt managerial action.

4.5.2 The University will manage the initial receipt of a complaint, or suspected fraud or corruption, to determine if the matter requires notification to the Crime and Corruption Commission and establish, based on the substance of the complaint the most appropriate action to take.

4.5.3 Where investigation is required, the Appointing Officer – Director HR or Vice-Chancellor and President (as appropriate) – will appoint an Investigations Officer, who may be internal or an external party to the University. The Crime and Corruption Commission’s “Corruption in Focus: A guide to dealing with corrupt conduct in the Queensland Public Sector” will be used as a guide to the conduct of the formal investigation, it describes the various steps involved as follows: determining the scope and nature of any investigation, confirming the responsibilities and powers of the investigator, conducting the investigation, gathering the evidence, and concluding the investigation.

4.5.4 The Investigations Officer will provide a report and recommendation to the Appointing Officer. The Appointing Officer will review the outcomes and recommendations made by the Investigations Officer and commence appropriate action.

4.5.5 Instances of fraud and corrupt conduct on the part of individuals other than staff will be managed in accordance with contractual conditions specified in their association with the University.

4.6 Records

4.6.1 University Officers must capture, maintain and transmit records in relation to fraud and corruption matters in a confidential manner, in accordance with this procedure and its related procedures and the Records Management Policy.

4.6.2 A confidential TRIM file must be established by the University Officer that receives a report of suspected fraud or corruption under this policy. This file is requested through Corporate Records.

4.6.3 This file must be maintained throughout the management of the matter and should contain the following: the initial report; evidence and an evidence log; written records and a running sheet of management actions taken; written records of all interactions, signed by the person(s) involved wherever possible; and file notes.

4.6.4 File access must be determined on a case-by-case basis and is subject to change.

5 External Oversight Functions

5.1 Queensland independent agencies perform complementary roles to promote good governance, accountability and integrity. The prominent agencies responsible for oversight and control functions of managing, monitoring and reporting in Queensland are:

External Reporting Body

Reporting obligations

Crime and Corruption Commission (CCC)

The Vice Chancellor (through the Chief of Staff) must notify the CCC if he/she suspects that a matter involves or may involve corrupt conduct.

Queensland Ombudsman

Under the Public Interest Disclosure Act 2010, agencies are required to provide regular reports to the Ombudsman about their PIDs.

Queensland Audit Office (QAO)

Any suspected material loss must be reported to the Auditor-General within six months of becoming aware of the loss, or if the loss is suspected to be the result of an offence under the Criminal Code or related Act. This is reported through the Chief Financial Officer.

Queensland Police Service (QPS)

If the investigation determines there may be criminal matters, the University may also inform the QPS. This must be reported through the Chief of Staff or accountable officer identified in a local policy and/or procedure.

Office of the Information Commissioner (OIC)

The OIC manages privacy complaints and mediates conflicts between privacy and the public interest. These complaints are reported through the Deputy University Secretary as per JCU’s Information Privacy Policy.

6. Community awareness

6.1 The University’s Codes of Conduct provide that under the ethical principle of acting with integrity and impartiality, the University, its officers and staff are placed in a position of trust. They manage University resources, have access to University information and make decisions that affect the interest of others. By conducting themselves with the highest standards of honesty, fairness and propriety, staff enhance public confidence in the integrity of the University. To maintain public confidence and trust, the community must be confident that the University and its officers behave ethically and honestly.

6.2 JCU will make accessible to its stakeholders and the wider community its Code of Conduct, and other policies and procedures concerning the assurance procedures the University has adopted to ensure that its officers act ethically and honestly, and are socially responsible.

6.3 The University recognises not only the legitimate right of the media to follow up matters, which may be in the public interest, but also the importance of keeping the community informed of significant matters affecting the University and its operation. The University will take a proactive approach to communicating with the media and the community on all matters of suspected fraud and corruption within the bounds of privacy and confidentiality.


Appendix 1: Fraud reporting register template

Related policies and procedures documents and legislation

Code of Conduct - Staff

Code of Conduct - University Council and its Committees

Complaint about the Vice Chancellor Procedure

Conflict of Interests - Member of Council or a Committee of Council Policy

Digital Technologies Acceptable Use Policy

Public Interest Disclosure Procedure

Reportable Gifts and Benefits Procedure

Risk Management Policy

Other related documents and legislation

Crime and Corruption Act 2001

Criminal Code Act 1899 (Qld) Section 408C

Financial Accountability Act 2009 (Qld)

Public Interest Disclosure Act 2010

Public Records Act 2002

Public Sector Ethics Act 1994


NOTE: Printed copies of this policy are uncontrolled, and currency can only be assured at the time of printing.

Approval Details

Policy DomainCorporate Governance
Policy Sub-domainCulture

Policy Custodian

Vice Chancellor

Approval Authority


Date for next Major Review


Revision History


Approval date

Implementation date






Procedure established on disestablishment of Statement on Integrity.

Vanessa Cannon, Chief of Staff

Contact person:

Chief of Staff


Conduct, fraud, public interest, corruption