RMIT Fraud and corruption control framework

Introduction

RMIT University and its controlled entities (collectively referred to as RMIT or the University) are committed to acting ethically, honestly, with integrity and in compliance with the law.

Fraudulent or corrupt activity (including bribery) of any kind, including for the benefit of RMIT, is expressly forbidden under the RMIT Code of Conduct, and the University has adopted a clear approach to fraud and corruption which is based on the Australian Standard for Fraud and Corruption Control AS 8001:2008.

RMIT University expects that its directors, officers, employees, agents, partners, contractors and any other party representing the University, wherever they are in the world, will act in a manner consistent with the principles and values of the University and its supporting codes of conduct, policies and processes.

It is easier to understand fraud and corruption prohibitions and the scope of the University’s Fraud & Corruption Control Framework in light of the defined terms and concepts in the following sections.

Definitions – what is fraud, bribery or corruption?

Fraud

Fraud is dishonestly obtaining a benefit, or causing a loss, by deception or other means; including wrongful or criminal deception, or making a false representation to gain an unjust advantage.

Examples of fraud:

  • Theft of plant & equipment or inventory by employees.
  • False invoicing (involving either a staff member or a person external to the organisation creating a fictitious invoice claiming payment for goods or services not delivered, or exaggerating the value of goods delivered or services provided).
  • Theft of funds or cash other than by way of false invoicing.
  • Accounts receivable fraud (misappropriation or misdirection of remittances received by the University from a debtor).
  • Credit card fraud involving the unauthorised use of a credit card or credit card number issued to another person or the use of stolen or fraudulently generated credit card numbers by merchants.
  • Theft of intellectual property or other confidential information.
  • Financial reporting fraud (falsification of the entity’s financial statements with a view to obtaining some form of improper financial benefit).
  • Release or use of misleading or inaccurate information for the purposes of deceiving, misleading or to hide wrongdoing.

Misuse of position in order to gain some form of financial advantage

Corrupt conduct or corruption

Conduct that:

  • Adversely affects the honest performance by a public officer or public body of his or her, or its, functions.
  • Constitutes or involves the dishonest performance of a public body or public officer’s functions as a public officer or public body.
  • Constitutes or involves knowingly or recklessly breaching public trust.
  • Involves the misuse of information or material acquired in the course of the performance of public duties.
  • Constitutes a conspiracy or an attempt to engage in any of the above conduct.

Corrupt conduct is considered significant enough to be reported as a Protected Disclosure to the IBAC (Independent Broad-based Anti-corruption Commission) when such conduct, if proven, would be serious enough to constitute a criminal or dismissible offence.

Examples of corrupt conduct or corruption:

  • Payment or receipt of secret commissions (bribes), which may be paid in money or in some other form of value to the receiver (e.g. building projects completed at an employee’s private residence) and may relate to a specific decision or action by the receiver or generally.
  • Release of confidential information for other than a proper business purpose in exchange for some form of non-financial benefit or advantage accruing to the employee releasing the information.
  • Collusive tendering (the act of multiple tenderers for a particular contract colluding in preparation of their bids).
  • Serious conflict of interest involving a Director or senior executive of an entity acting in his or her own self-interest rather than the interests of the entity to which he or she has been appointed (e.g. failing to declare to a Board an interest in a transaction the entity is about to enter into; or excessive payment of remuneration to Directors and senior executives).
  • Serious nepotism and cronyism where the appointee is inadequately qualified to perform the role to which he or she has been appointed.
  • Manipulation of the procurement process by favouring one tenderer over others or selectively providing information to some tenderers.
  • Gifts or entertainment intended to achieve a specific or generic commercial outcome in the short or long-term. An essential element rendering conduct of this type corrupt would be that it is in breach of the entity’s values or behavioural code or that it was done without the appropriate transparency within one or more of the entities affected.
  • Bribing officials (locally or in foreign jurisdictions) in order to secure a contract for the supply of goods or services.

Bribery

Bribery means the offering, promising or giving (on the one hand); or accepting or soliciting (on the other hand) anything of value (including a financial or other advantage) to improperly influence actions.

Improper influence involves the intent to induce an action that is illegal, unethical, dishonest or a breach of trust or duty (a misuse of someone’s position). The influence is often, but not always, sought in order to obtain a personal or business advantage (which can be obvious, like getting a contract; or less clear, like obtaining a licence or permit, avoiding a negative outcome or expense; or some other advantage).

The impropriety of the influence can be tested by considering transparency – would those involved be comfortable if the benefit and influence were openly and publicly known? Consideration about whether the end goal (the thing the influence is intended to assist in achieving) is in fact legitimately due to RMIT or RMIT personnel may be relevant to, but are not always determinative of, whether provision of the benefit breaches Policy, this Plan or relevant laws. Steps along the way to a goal considered legitimate or owing may involve benefits not so legitimate or appropriate.

Examples:

Bribery can take many forms, is often disguised and may be difficult to trace or detect. Some examples of common types of bribes, and things often used to hide or disguise bribes, include:,

  • Money (or cash equivalent such as shares, gift cards etc)
  • Gifts
  • Entertainment or hospitality (including upgrades, flights or accommodation)
  • Discounts
  • Benefits and ‘perks’ to relatives, including employment, education and training
  • Unwarranted allowances or expenses
  • Kickbacks
  • ‘Facilitation’ or ‘grease’ payments (see further information below)
  • Political or charitable contributions
  • Community outreach and stakeholder engagement expenses, including:
    • Fees charged for services already required to be provided, expenses related to those services, or matters for which a fee is not legitimately due
    • Uncompensated or improper use of University services or facilities
    • Enhanced fees or commissions, or false invoices
    • Information

Other points to remember

  1. Direct or indirect: Bribery can be direct or indirect. It may involve procuring an intermediary or an agent to make (or solicit) an offer which constitutes a bribe to another person, or where a bribe is made to an associate of a person who is sought to be influenced.
  2. Incomplete or unsuccessful bribes: The offence of bribery occurs even if the bribe is not actually accepted or paid, or if the bribe is unsuccessful (e.g. the conduct sought to be induced does not occur).
  3. Required intent, risk and wilful blindness: To be an offence, an act must be done with improper or corrupt intent. This typically means an act done voluntarily and intentionally, and with a purpose or motive of accomplishing either an unlawful end or result, or a lawful end or result but by some unlawful method or means – typically involving dishonesty.
    • Corrupt intent will exist where an offer, payment or promise was intended to induce the recipient to misuse his or her official position or position of trust.
    • Importantly, a person can be found to have the intent necessary to commit an offence under anti-bribery laws if they are aware of a significant risk that bribery is occurring (on behalf of the University) and they choose to ignore that risk. This is often called ‘wilful blindness’ or ‘conscious disregard’ of the act, risk or evidence of bribery. RMIT employees cannot avoid liability by turning a blind eye while an employee or agent pays a bribe, or by doing nothing to prevent a bribe from occurring where it is plain (or should be plain) that there is a significant risk it will occur.
    • Authorities may infer that intent existed based on the nature of the acts.

Facilitation payments

A facilitation payment is a minor payment or other inducement provided to a Public Official for the purposes of securing or expediting a routine government action which the Public Official is already ordinarily obliged to perform.

Secret commissions / ‘kick-backs’

A secret commission or ‘kick-back’ is an undisclosed payment (or something of value) that is offered or provided to an agent or representative of a person / company / university for the purpose of influencing the conduct of the business.

Anti-bribery and anti-corruption laws

Many laws criminalise or otherwise prohibit bribery and corruption, and many of those laws have ‘extra-territorial reach’ and therefore regulate conduct anywhere in the world if certain (and sometimes quite minimal) connections exist with the country of the law. Most countries have anti-bribery and corruption laws criminalising direct or indirect bribery involving foreign government officials.

Anti-bribery or corruption laws include, without limitation, the laws of Australia, the UK, the US and Canada, and any other laws which may apply to RMIT, its business partners or third parties operating on its behalf.

Detrimental action

Action taken in reprisal against a person making a disclosure, report or complaint; or involved in any way with such a disclosure. The action does not need to have actually been taken, but includes threatening to do so or inciting someone else to do so. Detrimental action may include:

  • Action causing injury, loss or damage
  • Intimidation or harassment
  • Discrimination, disadvantage or adverse treatment in relation to a person’s employment, career, profession, trade or business; including the taking of disciplinary action

Approaches adopted to control the risk of fraud and corruption at RMIT

Required conduct at RMIT

The University’s suite of policy and procedures provides clear guidance about:

  • The University’s position of zero tolerance of any conduct that undermines our integrity and reputation;
  • Laws and codes that apply to all such activities;
  • Strategies, initiatives and systems in place to prevent and detect fraud or corruption; and
  • Obligations and opportunities to report any suspicion of wrongdoing.

Staff are able to access all University policies, procedures and instructions from the Workplace Essentials staff intranet site.

Education and awareness of staff about the University’s policy and procedures is supported by a suite of on-line compliance education modules. Completion of relevant modules is mandated for all staff during their initial induction, and then refreshed every two years to ensure knowledge remains current. The Know your RMIT on-line compliance training course is mandated for all staff and includes a section on ‘Integrity’ that sets out the minimum requirements in relation to personal and professional behaviour. Academic staff are required to also complete a separate Research Integrity training module.

The Code of Conduct outlines the expected standards of behaviour and how members of the RMIT staff community are to conduct their duties while representing RMIT and working towards achieving the goals of the University. The Code is supported by policy, procedures and instructions that encourage a working environment of respect, transparency and integrity through appropriate behaviour and conduct and through compliance with relevant legislation, including:

The Recruitment and induction policy sets out principles and procedures for transparency and merit in staff recruitment. The policy is supported by the Recruitment and selection procedure which provides guidance and defines responsibility for mandating pre-employment screening based on the inherent requirements of a position (such as working with children or police checks).

RMIT policies, procedures and instructions relating to Finance and Procurement set out the principles of financial management (including proper record keeping) which underpin all financial activities undertaken by, and within, the University, including:

All Finance and Procurement policies, procedures and instructions are available on the RMIT staff intranet.

The Acceptable use of information and communication technology standard outlines the steps taken by the University to ensure the acceptable and authorised use of IT services and imposes obligations on authorised users to behave in accordance with the policy.

The Compliance policy affirms the University’s commitment to conducting its’ operations in accordance with legal and internal policy requirements and provides a systematic process for personnel to report compliance breaches, incidents and complaints; and for the investigation of such reports. Additionally, all Portfolio heads are required to confirm compliance with all laws and regulations in their areas on an annual basis as an assurance to the Vice-Chancellor and President, and the Audit & Risk Management Committee.

The Research policy formally adopts the principles embodied in the Australian Code for the Responsible Conduct of Research. It is supported by the Authorship of research outputs process which sets out the University’s criteria for the attribution of authorship in research publications which accords with the Australian Code.

The Controlled entities policy defines the relationship between the University and its controlled entities and stipulates that the Board of each entity is responsible for risk assessment processes and for policies that ensure compliance with applicable laws. It requires controlled entities to adopt:

  • A risk assessment and management policy in accordance with the standards required by the University and oversee risk management and risk assessments; and
  • Systems of control and accountability that are consistent with the requirements established by the RMIT Council.

Risk identification and management

Fraud risk management is an integrated part of the University’s overall risk assessment framework.

All levels of management are responsible for proactively identifying and managing fraud and corruption exposures in their areas of responsibility. Managers are encouraged to conduct risk assessments on exposures or vulnerabilities in the areas of: fraud and corruption; bribery; cyber security. Mitigation action plans should be implemented to review and update policies and processes to improve controls.

Data from allegations or incidents will be analysed to identify where control improvements should be implemented.

Additional fraud focused risk assessments may periodically be undertaken by the Internal Audit & Risk Management group (IARM) identifying and reviewing areas with a high predisposition to theft, fraud or corrupt conduct.

The Chief Risk Officer will report regularly to Council’s Audit & Risk Management Committee on how fraud and corruption risks are being managed throughout the University.

Internal and external audit

The University’s rolling 3-year Internal Audit & Risk Management Strategy and Plan is a critical element in the allocation of IARM effort based on an assessment of underlying risks. Areas of risk, including fraud risk, are prioritised against the following criteria: business objectives, materiality, change, image/reputation impact, and external stakeholder focus (including the Auditor General).

The University’s annual internal audit plan will include specific audits of areas where there is a high pre-disposition to theft, fraud or corrupt conduct. Continuous transaction and data analysis systems have been established and are executed as part of the annual internal audit program to identify suspicious transactions and/or instances of fraud or corruption by analysing and matching data extracted from various University systems. These systems increase the level of monitoring and control over transactions, thereby reducing the likelihood of fraudulent and corrupt activity.

The Victorian Auditor-General’s Office also considers fraud risks during the annual audit of RMIT University’s financial accounts.

Reporting, investigation and response

Any student, member of staff or member of the public who suspects theft, bribery, fraud or corrupt conduct by the University, its staff or officers; or detrimental action taken against a person who has made such a disclosure; should report such suspicious in accordance with processes set out below.

Making a disclosure under the Protected Disclosure Act 2012 (Vic)

Individuals who wish to make a disclosure under the Protected Disclosure Act 2012 (Vic) [the Act], of:

  • improper conduct by the University, its staff, contractors or Council; or
  • detrimental action by the University, its staff, contractors or Council taken in response to making such a disclosure or cooperating with an investigation into such a disclosure

must make that disclosure directly to the Independent Broad-based Anti-corruption Commission [the IBAC] or the Victorian Ombudsman.

Further information on making a protected disclosure about RMIT is available on the staff intranet, or by contacting the RMIT Protected Disclosure Coordinator (University Secretary) for advice.

Making a complaint directly to the University

Any individual may make a complaint directly to the University about improper conduct, detrimental action or any other corrupt conduct or misconduct by the University, its staff or officers.

Complaints received by the University will be dealt with in accordance with the University’s complaint handling and misconduct policies and procedures.

University processes have been established to guide the response and investigation into a suspected or alleged incidence of fraud or corruption that ensure:

  • Investigation of complaints of fraud or corruption are conducted by an appropriate independent investigator;
  • An investigation strategy is determined that ensures relevant documentation and records are preserved and managed as required by the Evidence Act 2008 (Vic) and other relevant laws;
  • Existing strategies, initiatives and systems are evaluated following any incidents and additional controls introduced as required; and
  • Formal reports about the response to allegations of fraud and corruption are provided to senior management and to the University’s governing body and committees.

What are the consequences of conduct involving fraud and corruption?

A breach of the framework will be regarded by RMIT as serious misconduct and any such breach will be investigated and addressed by the University. Depending on the circumstances, consequences may include:

  • Disciplinary action in accordance with relevant processes or enterprise bargaining agreements;
  • Cessation of relationship or contract where the matter relates to agents, contractors or vendors;
  • Recommendation for improvements in internal processes and controls;
  • Referral of the matter to regulatory and law enforcement authorities; and/or
  • Criminal and civil penalties or fines, criminal convictions and imprisonment.

It is RMIT’s policy to pursue those who have committed fraudulent or corrupt acts to recover any assets lost, and seek criminal or civil restitution whenever possible.

Additional business consequences for the University can also be very serious and include potential liabilities, loss of business, damage to relationships and reputation, and other such outcomes.

All members of the University Community are responsible for maintaining an appropriate standard of their own conduct and behaviour, and remain liable to appropriate consequences even if disclosing such conduct.

The consequences of conduct involving fraud or corruption may include:

  • Staff disciplinary procedures conducted in accordance with relevant Enterprise Agreement or equivalent within a controlled entity, and with reference to the University’s Managing for performance policy and procedure and Disciplinary process instruction.
  • Student disciplinary procedures for matters involving general misconduct or academic misconduct by students conducted in accordance with the University’s Student Conduct Regulations and the Student Conduct policy and procedure.
  • Formal reports or notifications of suspected or alleged fraud or corruption to responsible external authorities or agencies.
  • Recovery strategies determined and pursued as appropriate.

The University is required to report to the Auditor General’s Department each year on:

  • Implementation of preventative strategies, initiatives or systems;
  • Outcomes of risk assessments conducted; and
  • Action taken in response to incidents of fraud or corruption.