Fraud and Corruption Control

Framework

Director-General’s Foreword

This framework sets out the standards for accountability that I expect of all staff. It aims to minimise

opportunities for fraudulent and/or corrupt activities in line with our zero tolerance policy.

A proactive approach enables the department to manage fraud and corruption risk at an acceptable

level in an environment that is becoming increasingly complex. The complexities inherent in our

work increase opportunities for fraud and corruption:

the ever changing environment in which we operate

the growing convergence of the public and private sectors, and

the increase in cooperative and or strategic partnerships.

All departmental staff must demonstrate a commitment to preventing and detecting fraud and

corruption. Effective governance arrangements, ethical leadership and decision making,

accountability and performance improvement underpin our controls.

This framework will help us to prevent, detect and respond to fraudulent and/or corrupt behaviour.

This will ensure our stakeholders continue to be confident of the quality of our services to the

community.

Dr Jim Watterston

Director-General

Contents

Introduction ··························································································································· 1

Purpose ··············································································································································· 1

Risk-management approach ·············································································································· 1

Structure ············································································································································· 1

Goals and objectives ·························································································································· 2

What are fraud and corruption ························································································ 2

Common examples of fraud and corruption ····················································································· 3

Fraud and corruption control policy statement ·························································· 3

Fraud and corruption control plan ························································································· 4

ANAO conditions ································································································································ 4

CMC 10-element model ····················································································································· 4

DETE fraud and corruption control model ························································································ 4

ANAO conditions in practice ·············································································································· 4

Ethical leadership and culture ······································································································· 5

Legislation and governance ··········································································································· 5

ANAO control strategies ··································································································································6

Roles and responsibilities ·················································································································· 7

DETE control strategies ···················································································································· 10

CMC elements in practice ················································································································ 11

Element 1: Agency-wide integrated policy ·················································································· 11

Element 2: Risk assessment ········································································································· 11

Element 3: Internal controls ········································································································ 13

Element 4: Internal reporting ······································································································ 15

Element 5: External reporting ····································································································· 16

Element 6: Public interest disclosures ························································································· 18

Element 7: Investigations ············································································································ 19

Element 8: Code of Conduct ········································································································ 21

Element 9: Staff education and awareness ················································································· 22

Element 10: Client and community awareness ·······················································································23

Monitoring, review and continuous improvement ········································································ 24

Appendix 1: Legislation and other instruments ············································································ 25

Appendix 2: Definitions ··············································································································· 26

Attachment 1: Risk Assessment Worksheet ················································································· 27

Attachment 2: Risk Matrix ··········································································································· 28

P a g e | 1

Introduction

Purpose

The purpose of the Fraud and Corruption Control Framework (Framework) is to:

minimise opportunities for fraud and corruption (whether committed by internal or external parties)

protect public monies, property, and information and organisational and individual rights and

maintain the effectiveness of departmental operations. Its implementation will ensure that our workforce acts legally, ethically and in the public interest. The Framework is based upon five best-practice fraud and corruption control resources:

Queensland Crime and Misconduct Commission 1 - Fraud and corruption control guidelines for best practice (CMC Guidelines)

Queensland Audit Office – Fraud risk management – Report to Parliament 9: 2012-13(QAO Report)

The Australian Minister for Home Affairs and Minister for Justice – Commonwealth Fraud Control Guidelines (Commonwealth Guidelines)

Australian National Audit Office – Fraud Control in Australian Government Entities – Better Practice Guide (ANAO Better Practice Guide) and

Standards Australia – AS 8001-2008 Fraud and Corruption Control (the Standard)

Risk-management approach

As an integral part of the department’s Enterprise Risk Management Framework, this Framework includes proactive measures designed to enhance system integrity (prevention measures) and reactive responses (reporting, detecting and investigative activities).

Structure

The Framework consists of a suite of tools and resources including:

the department’s Fraud and Corruption Control Policy Statement

its Fraud and Corruption Control Plan

its Fraud and Corruption Control Risk Assessment

its Fraud and Corruption Control Procedure

Code of Conduct, Ethical Decision Making and Internal Controls training modules. In addition, the department has developed a Fraud and Corruption Control website, which will complement the Framework with factsheets, case studies, checklists and a downloadable library of best practice fraud and corruption control resources. The framework should be read in conjunction with:

Legislative Framework

Corporate Governance Framework

Enterprise Risk Management Framework

Developing Performance Framework

1 On 1 July 2014 the Crime and Misconduct Commission became the Crime and Corruption Commission, and the Crime and Misconduct

Act 2001 became the Crime and Corruption Act 2001.

P a g e | 2

Goals and objectives

Through the Department’s Fraud and Corruption Control Policy and Plan, the Framework aims to clearly articulate:

the department’s commitment to a zero-tolerance attitude towards fraud and corruption

its approach to controlling fraud and corruption

the embedding of a strong and proactive fraud and corruption control ethos within the department’s organisational structure

departmental roles and responsibilities for fraud and corruption control

strategies implemented within the department to prevent, detect and respond to fraud and corruption

a summary of: o the fraud risks (internal and external) associated with the department’s functions o the controls in place to minimise the opportunity for fraud and corruption o their implementation details and

protocols for the reporting of suspected fraud or corruption against the department

What are fraud and corruption?

Fraud and corruption can take many forms. Fraudulent and corrupt conduct by public officials may fall within the category of ‘corrupt conduct’ under the Crime and Corruption Act 2001. In addition, many forms of fraud and corruption are offences under the Criminal Code Act 1899. These include false claims, stealing, and misappropriation of property, false pretence, forgery and receipt or solicitation of secret commissions. The following definitions of “fraud”, “corruption”, “misconduct” and “corrupt conduct” are used throughout this document. Fraud Any deliberate deceitful conduct or omission designed to gain an advantage to which a person or entity is not entitled. It is the intentional use of false representations or deception to avoid an obligation, gain unjust advantage or in the context of public administration, commonly referred to as ‘rorting the system’.

Corruption Behaviour that may involve fraud, theft, the misuse of position or authority or other acts which are unacceptable to an organisation, its clients or the general community. It may also include other elements such as breaches of trust and confidentiality.

Misconduct Inappropriate or improper conduct in an official capacity or inappropriate or improper conduct in a private capacity that reflects seriously and adversely on the public service. Corrupt conduct: Conduct of a person, regardless of whether they hold or held an appointment in a unit of public administration, that adversely affects, or could adversely affect the performance of functions or the exercise of powers of a unit of public administration or a person holding an appointment within the unit of public administration, and results or could result in their performance or exercise in a way that:

is not honest or impartial; or

involves a breach of the trust placed in the person as a public officer, either knowingly or recklessly; or

P a g e | 3

involves a misuse of official information or material; and

is engaged in for the purpose of providing a benefit either to the person or another person or causing a detriment to another person.

The conduct in question, if proven, must also amount to a criminal offence or a disciplinary breach providing reasonable grounds for the person’s dismissal. Anyone who tries to corrupt a public sector officer can also be guilty of corrupt conduct if the matter involves a criminal offence.

Common examples of fraud and corruption

Internal External Collusion

corporate card misuse, such as payment for personal expenses

including fictitious names on the payroll system

delayed terminations

abuse of position and power, including accepting or offering bribes or gifts

nepotism

submitting false travel claims

consistently recording incorrect hours of work on timesheets

unauthorised use of government vehicles

theft or unauthorised use of public funds or physical resources, such as office supplies and stationery

clients deliberately claiming benefits for which they are ineligible

external providers making claims for services that were not provided

the provision of false or misleading information

failure to provide information when obliged to do so

inappropriate influence over grants and subsidies applications

manipulation of a procurement process

• inappropriate involvement with suppliers, including ‘kickbacks’ such as entertainment and hospitality

unlawful or unauthorised release of information

knowingly making or using forged or falsified documentation

failing to declare and appropriately manage conflicts of interest

Fraud and corruption control policy statement We are committed to excellence in service performance and in meeting our statutory obligations. This includes maintaining a fraud and corruption prevention culture. We have zero tolerance for fraud and corruption. We provide all staff and relevant stakeholders with education and training in ethics and fraud awareness to ensure that we all understand our responsibilities and obligations. Our organisational values and culture, governance and risk management frameworks, and controls work together to prevent, detect and respond to potential or actual fraudulent or corrupt conduct. We will deal appropriately with all allegations of fraud and corruption. All staff are obliged to report suspected fraudulent and/or corrupt activities to their supervisor or manager, Internal Audit Branch (IAB) or the Ethical Standards Unit (ESU), who will investigate and deal with the allegation. We will

P a g e | 4

refer any instances of corrupt conduct to the Crime and Corruption Commission (CCC) and/ or the Queensland Police Service for investigation and possible prosecution. We will pursue the recovery of any losses incurred from fraud and corruption activities, after considering all relevant issues. Our policy aligns with the CMC’s Fraud and Corruption Control – Guidelines for Best Practice and the Australian Standard AS8001-2008 Fraud and Corruption Control.

Fraud and corruption control plan

Our Fraud and Corruption Control plan is based on the ANAO’s conditions that are essential for a sound fraud control environment, and the CMC’s recommended 10-element model.2,3

ANAO conditions

The ANAO’s three conditions for a sound control environment are:

Ethical leadership and culture –strong ethical values and high standards of ethical behaviour

Legislation and governance –legislation and policies that promote accountability, are transparent, and incorporate robust governance structures

Control strategies –actions to prevent, detect and respond to fraud and corruption, which are reviewed and improved continuously.

CMC 10-element model

The CMC’s recommended integrated control model comprises 10 key elements and is consistent with Australian and overseas best practices. The elements are interrelated, with each one playing an important role. The elements are set out in the table below:

Element 1 Department-wide Policy Element 6 Public Interest Disclosures

Element 2 Risk Assessment Element 7 Investigations

Element 3 Internal Controls Element 8 Code of Conduct

Element 4 Internal Reporting Element 9 Staff Training and Awareness

Element 5 External Reporting Element 10 Client and Community Awareness

Our approach to fraud and corruption control also aligns with Australian Standard 8001 – 2008: Fraud and Corruption Control.

Fraud and corruption control model

DETE’s Fraud and Corruption Control model (Figure 1) demonstrates the way in which the department integrates the ANAO’s conditions and the CMC’s 10 key elements with its fraud and corruption control prevention, detection and response strategies.

2Australian National Audit Office, Fraud Control in Australian Government Entities – Better Practice Guide March 2011 3 Crime and Misconduct Commission, Fraud and Corruption Control – Guidelines for Best Practice

P a g e | 5

Figure 1: DETE’s Fraud and Corruption Control Model

ANAO conditions in practice

Ethical leadership and culture

Senior managers must lead by example and behave in a way consistent with the Code of Conduct for the Queensland Public Service and DETE’s Standard of Practice. The Code of Conduct and the Standard of Practice provide all employees with ethics principles, values and standards of conduct to guide behaviour in the workplace. They are important corruption resistance tools to promote ethical behaviour and, in conjunction with the Framework and the best practice principles outlined in the department’s Enterprise Risk Management Framework, to support the effective and efficient management of fraud and corruption risks across the agency.

Legislation and governance

The Framework is underpinned by legislation, Australian standards and best practice guidelines, including:

P a g e | 6

Financial Accountability Act 2009– commits the department to protecting its revenue, expenditure and property from fraudulent activity

Public Sector Ethics Act 1994 – sets out the ethics principles and values for public service agencies and public officials, and provides standards of conduct consistent with the ethics principles and values

Crime and Misconduct Commission Fraud and Corruption Control – Guidelines for Best Practice – provide the model for developing and implementing the fraud and corruption control policy and plan.

ANAO control strategies

The ANAO’s control strategies are referenced in conjunction with the CMC elements for fraud and corruption control in the “Control Strategies” section of this paper, which commences on page 11. Appendix 1 includes a full list of the applicable legislation and other instruments, while the Department’s Policy and Procedure Register sets out all departmental procedure-specific legislation and governance instruments. The department’s rigorous governance structure ensures legislative requirements are addressed effectively, transparently and with accountability. As illustrated in Figure 2, consistent with the Enterprise Risk Management Framework, the department’s governance structures support fraud and corruption control at the strategic, corporate and operational levels. Figure 2: Governance Structures

STRATEGIC CORPORATE AND OPERATIONAL

DIRECTOR-GENERAL (DG)

AUDIT & RISK MANAGEMENT

COMMITTEE (ARMC)

EXECUTIVE MANAGEMENT BOARD (EMB)

FRAUD & CORRUPTION CONTROL COMMITTEE (FCCC)

BUSINESS AS USUAL

PROGRAMS OF CHANGE

DIVISIONS

BRANCHES

BUSINESS UNITS

BOARDS

PROGRAMS

PROJECTS

EMB

EMB sets and reviews departmental strategic direction, priorities and performance objectives.

ARMC provides the Director General with independent audit and risk management advice

FCCC reports to ARMC and EMB at least annually, advises ARMC on fraud and corruption matters and through its Chair may escalate matters to the DG, ARMC or EMB as appropriate

Corporate and operational management structures provide for clear lines of reporting, accountability and responsibility to support appropriate, open and transparent decision making.

P a g e | 7

Roles and responsibilities

While fraud and corruption control is the responsibility of every employee, the table below details specific roles and responsibilities. ROLE RESPONSIBILITY

Director-General • overall accountability for prevention and detection of fraud and corruption within DETE

• legislated responsibility to exercise authority, on behalf of the department

• manage the department’s operations ensuring service delivery is effective and economical, and in the process avoids waste and extravagance

• manage public resources of the department efficiently, responsibly and in a fully accountable manner

• define goals and objectives in accordance with its mandate and governance framework

• implement policies and priorities responsibly • ensure impartiality and integrity in the performance of the

department’s functions • ensure accountability and transparency in the department’s

operational performance • maintain accurate records and accounts, and report on these as

required • promote continual evaluation and improvement of department’s

management practices

Deputy Director-General, Corporate Services

• delegated authority as the Fraud and Corruption Control Coordinator and acts as ‘champion’ to drive the fraud and corruption control regime

• Chair of the Fraud and Corruption Control Committee • oversee the implementation and management of the fraud and

corruption control framework • take steps to ensure that all areas assume appropriate responsibility

for fraud and corruption control and perform their functions according to the framework and relevant legislation

• ensure all areas of operation take the appropriate steps to implement effective risk management practices, including risk assessment of fraud and corruption in accordance with the enterprise risk management framework

• ensure the scope and nature of the education, training and awareness programs are comprehensive and designed to assist employees, contractors and clients to recognise, detect and prevent fraud and corruption

• provide advice to the Director-General and the EMB as necessary on fraud and corruption matters

• provide accurate and timely advice to the Audit and Risk Management Committee through the Internal Audit Branch on any fraud and corruption matters

Deputy Directors-General,

Assistant Directors-General,

Regional Directors, Executive

Directors, Directors and Managers

• display ethical leadership and high personal standards of behaviour consistent with the Code of Conduct for the Queensland Public Service and the department’s Standard of Practice

• visibly adhere to the department’s ethical framework and promote adherence by all employees

• contribute to effective risk management strategies in accordance with the department’s enterprise risk management framework and

P a g e | 8

ROLE RESPONSIBILITY

Deputy Directors-General, Assistant Directors-General, Regional Directors, Executive Directors, Directors and Managers (Cont)

ensure risk management practices are adhered to throughout their area of control

• develop strong internal controls to assist with fraud and corruption prevention in their area of responsibility

• ensure all employees are made aware of and attend appropriate education, training and awareness sessions to allow for a skilled and knowledgeable workforce, including public sector ethics education, training and awareness internal controls and financial or procurement training

• ensure effective employee communication about the process for identifying and reporting on potential fraudulent and corrupt activities

• ensure where a public interest disclosure is made, the procedure for making and managing a public interest disclosure is adhered to

• follow the mandatory internal or external reporting requirements for reporting suspected corrupt conduct, including fraud or corruption

Audit and Risk Management

Committee (ARMC)

• advise the Director-General, outlining audit matters and certain risks to the department, including potential fraud and corruption matters and put forward pertinent recommendations regarding these

• review governance processes to ensure all matters relating to alleged fraud and corruption or unethical conduct are dealt with appropriately

• review currency, comprehensiveness and relevance of the enterprise risk management framework, policy and procedure for identifying, monitoring and managing significant business risks, including the identification and management of risks related to fraud

• review the internal audit plan annually to ensure it covers key fraud and corruption risks and that there is appropriate coordination with the external auditor, Queensland Audit Office

• submit recommendations to the Director-General to approve the internal audit plan, reviewing its scope and progress and any significant changes to it, including any potential difficulties or restrictions on the scope of activities

Fraud and Corruption Control

Committee (FCCC)

• advise the ARMC and make recommendations in relation to fraud and corruption matters

• implement and monitor the fraud and corruption program • review and evaluate the effectiveness of compliance with relevant

legislation and best practice requirements for fraud and corruption control

Director, Ethical Standards Unit

• ensure the ESU fulfils the legislative function on behalf of the Director-General to investigate all allegations of suspected corrupt conduct

• ensure a proactive approach to public sector ethics by promoting an ethical culture, practice and decision making through education and training programs

• implement, maintain and review the fraud and corruption control framework

• ensure the fraud and corruption control framework undergoes a biennial review or more frequently as required

• oversee the secretariat function for the FCCC • develop strategies in consultation with other key areas to achieve an

effective fraud and corruption regime • identify appropriate training and awareness options and develop

strategies in consultation with Internal Audit Branch to achieve an effective Fraud and Corruption Control regime

P a g e | 9

ROLE RESPONSIBILITY

Director, Ethical Standards Unit

(Cont)

• as CCC liaison officer report suspected corrupt conduct, criminal and other matters to the appropriate external agency: o Crime and Corruption Commission o Queensland Police Service o Queensland Ombudsman o Queensland Audit Office

Ethical Standards Unit • conduct investigations into reports of suspected corrupt conduct, including fraudulent or corrupt practices

• manage the department’s fraud and corruption hotline – 1800 727 031

• manage and coordinate all public interest disclosures made to the department and ensure adequate support and certain protections are afforded the discloser in accordance with Public Interest Disclosure Act 2010

• review Standard of Practice at least once every two years • develop and maintain ethics related policies and procedures for

building and sustaining integrity and accountability; for example, Standard of Practice, public interest disclosure procedure and guidelines, conflicts of interest, notification of other employment, lobbying and the fraud and corruption framework

• provide secretariat function for FCCC • develop public sector ethics related education and training material

to promote an ethical culture and performance; such as the ethical decision making awareness, internal controls and fraud awareness

• provide advice and direction to employees on the correct protocol for reporting matters to external agencies

Internal Audit Branch • provide independent appraisals, examination and evaluation of the department’s activities and assist management with the detection of suspected fraud and corrupt activities

• undertake scheduled audits, which include examining established controls to determine if these are robust enough to reduce the risks of fraud and corruption, including the identification of work practices that may lead to fraudulent and corrupt activities

• undertake targeted audit activities to specifically identify any indication that fraud may have occurred, be alert to opportunities that could allow fraudulent activities

• report in writing any suspected activities of fraudulent or corrupt practices identified during an internal audit function to the Director, ESU for assessment and possible investigation or referral to the appropriate external agency

All employees

• contribute to the development of improved systems, policies and procedures to enhance the department’s resistance to fraud and corruption including: o safeguarding assets and other resources under their control o having a clear understanding of their obligations regarding any

losses, deficiencies and shortages that may be identified while at work

o ensuring all personal claims are accurate with no deliberate omissions (recording accurate hours of work on timesheets)

• fulfil their obligation to report wrongdoing in accordance with section 1.1 (d) of the Code of Conduct for the Queensland Public Service and section 4.1 of the department’s Standard of Practice

• actively seek education and training to learn and maintain knowledge and skills required to undertake their duties

• gain an understanding of the policies, procedures and guidelines that

P a g e | 10

ROLE RESPONSIBILITY

All employees (Cont) pertain to their role and work within the requirements of these • follow the requirements for internal reporting of suspected fraud

and corruption

DETE Control Strategies

The following strategies constitute the department’s action regarding reporting, processing, resolving and responding to suspected fraud and corruption within the department and its funded services, when:

a person suspects fraud or corruption is occurring within the department

the suspected fraud and corruption constitutes misconduct or corrupt conduct on the part of an employee: and/or

it is appropriate that suspicions be addressed directly by the ESU or referred externally

The CMC’s 10-element model of fraud and corruption control, which the department has adopted as the basis of its Fraud and Corruption Control strategy, falls into three key categories of control:

Prevent–as the first line of defence, to reduce the risk of fraud and corruption occurring

Detect –discover and investigate fraud and corruption when it occurs

Respond–take corrective action and remedy the harm caused by fraudulent and corrupt behaviour.

The elements are categorised below, followed by a discussion of each element, and its alignment with the ANAO conditions for better practice fraud and corruption control.

Table 1: Key Fraud and Corruption Control Strategies

KEY CONTROL

ELEMENT

CATEGORIES PURPOSE

P D R

Agency-wide

integrated policy

Demonstrate the department’s resolve to combat fraud and

corruption

COMMUNICATE

INTENT

Code of Conduct Set out expectations and standards of ethical behaviour within the

department

Staff education and

awareness

Ensure a well-informed workforce with the capacity to recognise

and respond to the risks of fraud and corruption

Client and community

awareness

Maintain public trust and forestall potentially unacceptable

practices from external parties

Risk assessment Provide a comprehensive understanding of the department’s

internal and external vulnerabilities

LIMIT

OPPORTUNITIES

Internal controls Mechanisms to eliminate or minimise risks

Internal reporting Mechanism for employees to report potential fraudulent or

corrupt activities and other alleged wrongdoing

REINFORCE ZERO

TOLERANCE

Public Interest

Disclosures

Responsibility for receiving and managing all allegations of

wrongdoing received under Public Interest Disclosure Act 2010

Investigations Ensure allegations of fraud and corruption are actioned

appropriately and investigated competently

External reporting Mechanism for the Director-General to report any suspected

fraudulent or corrupt activity to the appropriate external agency

P a g e | 11

CMC elements in practice

CMC Element 1: Agency-wide integrated policy ANAO conditions: legislation, ethical leadership and culture

The department is committed to excellence in fulfilling public expectations of service performance and in meeting its statutory obligations. Its Fraud and Corruption Control Framework, is one of a suite of policies and procedures designed to achieve this. It works with other government and departmental legislation, frameworks, policy and other instruments to provide guidance to staff and forms the keystone of fraud and corruption prevention. A list of related instruments is at Appendix 1.

CMC Element 2: Risk assessment ANAO conditions: Legislation and governance, control strategies

Fraud and corruption risk assessment is an integral part of the department’s overall risk management framework and provides the department with an understanding of its fraud and corruption vulnerabilities and possible strategies to eliminate or minimise those risks. Fraud and Corruption Control Committee DETE’s risk-based approach to fraud and corruption control was strengthened in June 2012, by the establishment of its Fraud and Corruption Control Committee, which is responsible for monitoring and coordinating department-wide fraud and corruption mitigating mechanisms. Chaired by the Deputy Director-General, Corporate Services, who champions fraud and corruption control across the department, the Committee’s membership consists of the Assistant Director-General, Finance and Chief Financial officer, the Assistant Director-General, Human Resources and the Assistant Deputy-General, Strategy and Performance. The Head of Internal Audit is an advisor to the committee and the Ethical Standards Unit undertakes its Secretariat role. The clearly designated responsibility with which the Committee is tasked aligns with recommendations in the Guidelines and the Standard. It also demonstrates DETE’s corporate understanding of and commitment to fraud and corruption control and ensures a consistent, integrated and high profile approach to the management of fraud and corruption risk. Risk assessment responsibility The Director-General is the accountable officer under the Financial Accountability Act 2009 and has ultimate legislative responsibility and accountability for ‘establishing and maintaining suitable systems of internal control and risk management’. The Executive Management Board provides oversight of strategic risks. Deputy Directors-General and Assistant Directors-General support the Director-General with oversight of corporate risks. Executive Directors, Regional Directors, Directors and principals provide oversight of operational risks. All employees are required to comply with the department’s Risk Management policy and apply risk management processes within their work unit.

Fraud and corruption risk assessment

Fraud and corruption risk assessments are carried out in accordance with the department’s Enterprise Risk Management Framework.

P a g e | 12

The department’s enterprise risk management procedure and process, risk assessment criteria, fact sheets and tools to support the completion of fraud and corruption risk assessments are located in the department’s Policy and Procedure Register.

Fraud and corruption risk assessments are to be conducted by each division on their specific functions/processes every two years. Potential fraud and corruption risks are identified as risks to the department’s functions/processes and as such are classified under the Enterprise Risk Management Framework as operational risks and recorded accordingly in the department’s online risk register, the Enterprise Risk Assessor (ERA). Key risks and associated control activities were identified through a department-wide fraud and corruption risk assessment in August 2013. Fraud and corruption risk identification and the development and assessment of their control activities form part of DETE’s continual process of risk review, which also takes into account changing circumstances and operating environments, both internal and external to the organisation. Risk areas for fraud and corruption The department has identified a number of functions/processes considered to be areas of high vulnerability to fraudulent and corrupt activity. As a minimum, fraud and corruption risks are to be identified and assessed for the following areas: Accounts payable and receivable Payroll Asset management Procurement Regulation Timesheets Contract management Corporate card Funds and grants management Recruitment Purchasing Information management Also as a minimum, the following specific matters should be examined:

enforcement of existing financial management standards, policies and practices governing contracts and the supply of goods and services

proper recording of assets and provisions for known or expected losses

the collection, storage, management, handling and dissemination of information

segregation of functions, especially in regulatory, financial and cash handling areas

work activities which have little supervision or are open to collusion or manipulation

work practices associated with compliance and enforcement activities

work practices and ethical standards for accredited agents, certifiers etc.

formal or structured reviews of accounting and administrative controls

effectiveness of measures for reporting suspected fraud, corruption and other forms of corrupt conduct

compliance of staff training with requirements of the Code of Conduct for the Queensland Public Service and the department’s Standard of Practice

workplace grievance practices and their relationship with other OH&S issues

measures to ensure quick and decisive action on all suspected fraud and corruption situations. In addition to the assessment of risk, suitable operational practices to detect fraudulent or corrupt activity are to be implemented including:

establishing effective accounting and management controls

routine and random auditing of decisions and operational records

P a g e | 13

identifying variations from normal accounting procedures or work practices

recognising deviations or exceptions in outcomes from expectations

monitoring key indicators (red flags) of potential fraud and/or corruption. Responsible officers will develop fraud and corruption resistant work practices and subsidiary control plans as necessary. The worksheets and rating methodology for risk assessment (Attachments 1 and 2) should be used to ensure consistency across the risk evaluation process. Recommended processes for risk assessment and management are discussed in detail in DETE’s Enterprise Risk Management Process document. CMC Element 3: Internal controls ANAO conditions: Legislation and governance, control strategies

Controls are used to manage risks identified through the risk assessment process. Our internal control system consists of structures, policies, procedures, processes, tasks, information systems and other tangible and intangible activities that record and manage risks. Our internal control structure complies with the FPMS requirement that accountable officers establish and implement a cost-effective internal control structure, including:

a strong emphasis on accountability, best practice management of departmental resources

an organisational structure and delegations which support the objectives and operations of the department

employment of qualified and competent officers

training and performance assessment of officers

efficient, effective and economic operations of the internal audit function

compliance with all financial legislative requirements

appropriate separation of duties between officers of the accountable officer’s department or the statutory body

preserving the integrity, accuracy and reliability of the agency’s ICT systems

It also aligns with best practice requirements that internal control procedures should include:

transparent operations, such as well-defined and publicised service standards, performance indicators and targets

easily accessible information

client opportunity to provide feedback

transparent decision-making to highlight potential nepotism, favouritism or conflict of interest

agency appropriate procedures through identification of fraud and corruption risks and matching control measures

separation of functions through physical access controls, division of duties, different security access levels for information

The department’s internal control procedures include basic checks and balances which are carried out to ensure:

completeness, relevance and accuracy

timeliness of the department’s accounting and other transactions and records

safeguarding of assets

compliance with any prescribed requirements

P a g e | 14

In line with the QAO report, DETE’s internal controls specifically address identified fraud risk and are regularly reviewed, with internal policies and procedures documented and promoted to relevant staff. They also include all the elements of internal control identified in AS 8001:2008. All employees must be continually alert to early warning signs of fraud, corruption or corrupt conduct. Common red flags for possible fraud or corruption include:

over-familiar relationships between employees, suppliers and contractors

disregard of internal controls

employees demonstrating a reluctance to take leave, particularly where they have cash control or debt collection responsibilities

employees remaining later at work than other employees, or accessing work premises unnecessarily after other staff have left

unreconciled accounting records, including corporate card transactions and/or poor follow-up of outstanding accounts

The integration of internal controls into management practices requires the inclusion of accountability in annual and long term planning, job descriptions and performance reviews of executive management, line managers and supervisors, reflecting their responsibility for identifying system deficiencies that facilitate fraud and corruption. Our controls include (but are not limited to):

governance committees, organisational structures, delegation of authority, strategic and operational plans, the annual report, and the Service Delivery Statement

resource management, budget management and the Establishment Management Framework

position descriptions, merit based recruitment and selection processes, pre-employment screening, training, and the Developing Performance Framework

ICT systems including SAP, One School (transactions, records, operating programs and systems producing ICT information), TRIM (Data collection and exchange), OnePortal intranet and DETE internet (internal and external communications), MyHR (human resources recording and reporting), information systems standards, assets registers (physical resources) and reporting mechanisms, including adequate audit trails

Financial Management Practice Manual, School Accounting Manual and other procedures published in our Policy and Procedure Register

Investigations into cases of fraud and corruption show strong links between the incidence of fraud and corruption and poor internal control systems. As a result the assessment of internal control effectiveness is a crucial step in the fraud and corruption risk assessment process. The Internal Audit Branch supports the department’s efforts to establish and maintain systems integrity through an established audit program. The audit program includes periodic risk based assessments of the department’s business units using best practice methodologies to assess levels of compliance with existing internal controls. The Branch also contributes to the efficient and effective management of departmental operations, by safeguarding agency assets, facilitating internal and external reporting and helping the department comply with relevant legislation.

P a g e | 15

CMC Element 4: Internal reporting ANAO condition: Legislation and governance, control strategies Reporting suspected wrongdoing is vital to our agency’s integrity and that of the Queensland public sector, with research studies and surveys consistently showing that staff provide the most compelling source in detecting fraud and corruption4. The Code of Conduct requires all staff to report suspicious actions or potential wrongdoing. Students, customers, parents, caregivers, or members of the public can also make a complaint about fraud and corruption, anonymously if they wish. Matters relating to corrupt conduct will be referred for investigation as a priority. Complaints may also be lodged by agencies including the CCC, QCOT, QPS, QSA and UPA. They can be lodged by telephone, email, hard copy correspondence, via the department’s iRefer electronic complaints lodgement system or through the Fraud and Corruption Hotline; 1800 727 031. The following departmental procedures, located in the Policy and Procedure Register, explain how to report suspected wrongdoing, including fraud and corruption:

Managing Employee Complaints

Complaints Management – state schools

Information privacy complaints, and

Making and Managing a Public Interest Disclosure under the Public Interest Disclosure Act 2010.

Characteristics of internal reporting Our internal reporting system addresses the CCMC requirements for an internal reporting system; that it:

receive information about identified risks and suggestions for system improvements

receive information about suspected acts of fraud and/or corruption

maintain, as far as possible, the confidentiality of the parties involved

convey information to the relevant officer (supervisor or manager)

ensure appropriate assessment and investigation

ensure compliance with additional external reporting requirements

provide feedback to the discloser, demonstrating that the information was taken seriously and acted upon

Internal reporting arrangements As per the Guidelines, DETE’s internal reporting system takes into account the agency’s size, structure, function and geographic reach. Reporting to immediate supervisors or managers is encouraged, with supervisory staff responsible for reporting to more senior management. As one of Queensland’s largest public sector agencies, DETE has a dedicated Ethical Standards Unit (ESU) to which reports can be submitted, if the employee concerned prefers not to report to their immediate supervisor. The Director ESU has an unrestricted line of access to the Director-General, enabling the Director-General to fulfil their legislative reporting responsibility to external bodies.

4CMC Fraud and Corruption Control Guidelines for Best Practice

P a g e | 16

Fraud and corruption reporting guidelines

Employees should report suspected wrongdoing to their immediate supervisor or manager, in the first instance.

Should staff be reluctant to report any concerns immediately or feel appropriate action has not been taken by the supervisor or manager who received the complaint, alternative reporting options include: o a more senior manager o Director, Ethical Standards Unit o Head of Internal Audit o Fraud and Corruption Hotline 1800 727 031 o directly to the CCC

Supervisors and managers are required to report information regarding suspected fraud and/or corruption incidents immediately to the Ethical Standards Unit

A climate of trust and accountability should be developed so employees are aware that all efforts will be made to maintain confidentiality and appropriate action will be taken

Objectivity and a perception of it will be increased by the identification of a senior, qualified neutral officer to receive reports such as the Director, ESU

Under section 38 of the Crime and Corruption Act 2001, https://www.legislation.qld.gov.au/LEGISLTN/CURRENT/C/CrimeandCorruptionA01.pdf the Director, ESU has an unrestricted line of access to the Director-General for timely and effective advice so that the Director-General can fulfil their legislative responsibilities for reporting to external bodies when appropriate

Fraud and corruption reporting management system DETE’s complaints management system, Resolve, managed by the ESU is used to capture, report, analyse and escalate all detected fraud and corruption incidents. It also takes the role of a fraud and corruption register, with monthly Case Status Reports – Fraud and Corruption (Case Status Reports) being extracted from Resolve and provided to the Fraud and Corruption Control Committee for ongoing monitoring and analysis. Data can also be used to provide the department with information for other reporting purposes, and facilitate continuous improvement of its fraud and corruption resistance capacity. As set out in AS 8001:2008, the Case Status Reports include the following information with regard to each incident reported:

Date and time of report

Date and time that incident was detected

How the incident came to the attention of management

The nature of the incident

Value of loss

Action taken following discovery of the incident.

CMC Element 5: External reporting ANAO conditions: Governance, legislation, control strategies Queensland’s public sector integrity framework includes several independent statutory bodies which promote accountability, integrity and good governance:

P a g e | 17

Crime and Corruption Commission (CCC)

Queensland Audit office (QAO)

Queensland Ombudsman

Queensland Integrity Commissioner

Office of the Information Commissioner

Their integrity-building activities are supplemented by the law enforcement role of the Queensland Police Service (QPS). The integrity agencies offer a range of external reporting channels and advice, depending on the nature and scope of the alleged misconduct. In addition, the department has an external reporting responsibility to the QPS for certain types of misconduct. In some instances there are legal obligations for external reporting. The role of each of the bodies and our reporting obligations to them is:

Government Body/Role Reporting Obligations

Crime and Corruption Commission (CCC) receives complaints about possible corrupt conduct and determines the most appropriate action to deal with them

Director-General or delegate notifies the CCC under the Crime

and Corruption Act 2001

https://www.legislation.qld.gov.au/LEGISLTN/CURRENT/C/Cri

meandCorruptionA01.pdf

if the department suspects a report of wrongdoing involves corrupt conduct.

Queensland Ombudsman Provides oversight for all public interest disclosures made to the Queensland Government. Oversight agency for all public interest disclosures made to the Queensland government.

Under the Public Interest Disclosure Act 2010and the Public Interest Disclosure Standard No. 1, agencies are required to provide regular reports the Ombudsman about their PIDs

Queensland Audit Office (QAO) Provides independent audit services to the Queensland Parliament, all state public sector entities and local governments. Monitors and reports on compliance and other operational practices and its recommendations can identify risks and assist agencies in forestalling fraud and corruption.

Under s21 of the Financial and Performance Management Standard 2009, the Director-General must report any suspected material loss to the Auditor General within six months of becoming aware of the loss. A material loss is defined in the standard as a loss of money of more than $500, or the loss of other property valued at over $5,000. Agencies are also responsible to inform the QAO of any loss they suspect to be the result of an offence under the Criminal Code or other Act.

Queensland Integrity Commissioner (QIC) Established by Parliament to maintain and enhance the integrity of the Queensland public sector, the Commissioner is also responsible for maintaining the Register of Lobbyists and monitoring compliance with the Integrity Act 2009 and the Lobbyists Code of Conduct.

Professional lobbyists breaching the Lobbyists’ Code of Conduct should be reported to the Commissioner.

Office of the Information Commissioner (OIC) Initially established under the repealed Freedom of Information Act 1992 (Qld), the

The OIC deals with privacy complaints and makes decisions where privacy conflicts with the public interest.

P a g e | 18

Government Body/Role Reporting Obligations

OIC continues under the Right to Information Act 2009 and the Information Privacy Act 2009 to promote access to government-held informant and to protect people’s personal information.

Queensland Police Service (QPS) Upholds and enforces the law

Director-General, or delegate reports:

suspected fraud and/ or corruption arising out of criminal conduct under the Criminal Code Act 1899, or other Act

any suspected material loss which may have occurred as a result of corrupt conduct or the commission of a criminal offence in accordance with the Criminal Code Act 1899, Crime and Corruption Act 2001, Financial and Performance Management Standard 2009, or other Act.

We also report to the Public Service Commission through the Director, ESU in relation to our integrity and accountability. Where a matter falls within the jurisdiction of more than one external integrity body, the agency must ensure that it is reported to each one that is relevant. As recommended by the CMC Guidelines, DETE has developed sound reporting policies and procedure to cater for these potentially overlapping requirements. In accordance with the Crime and Corruption Act 2001, https://www.legislation.qld.gov.au/LEGISLTN/CURRENT/C/CrimeandCorruptionA01.pdf complaints about fraud and the outcome of preliminary investigations will be reported to the appropriate agencies above. The Director ESU should be contacted prior to matters being reported to an external agency, for advice on correct reporting protocols. CMC Element 6: Public Interest Disclosures ANAO conditions: Legislation and governance, control strategies A public interest disclosure (PID) is a disclosure of information of public interest, involving wrongdoing within the public sector, made to a proper authority. Under the Public Interest Disclosure Act 2010 (PID Act), a proper authority is defined as a public sector entity or a member of the Legislative Assembly. The department strongly supports the principles embodied in the PID Act, which provide for certain protection from reprisal for persons making a PID, with the intent of the PID legislation being to ensure that persons making a complaint of wrongdoing can do so without fear of retribution. From the perspective of fraud and corruption control, a public service officer may make a PID if they report information about another employee that may relate to:

unlawful, corrupt, negligent or improper conduct that could amount to corrupt conduct

maladministration that adversely affects anyone’s interests in a substantial and specific way

negligent or improper management by a public officer public sector entity or a government contractor resulting or likely to result in a substantial waste of public funds.

We are committed to promoting the public interest by facilitating disclosures of wrongdoing and ensuring that PIDs are managed thoroughly, impartially, in a timely manner and in accordance with the Act.

P a g e | 19

The management of a PID includes initial evaluation, including a risk assessment and the determination of appropriate action, which may include investigation. If an investigation is conducted the discloser will be kept informed of its progress and outcome, and will be provided with protection from reprisal action. As recommended in the CMC Guidelines, DETE has a stand-alone PID procedure, Making and managing a public interest disclosure under the Public Interest Disclosure Act 2010 (Qld) (WRF-PR-013), which is consistent with the Code of Conduct for the Queensland Public Service and DETE’s Fraud and Corruption Control policy. DETE’s PID procedure covers:

the context in which a PID is appropriate

how, when and where to make a disclosure

who can make a disclosure

to whom a disclosure may be made

assessment and investigation of disclosure allegations

available support and protection mechanisms

the investigation process

PID-related roles and responsibilities and

confidentiality

DETE also has a program to actively encourage an ethical work climate and an atmosphere of transparency and responsible reporting, which includes compulsory Code of Conduct, Standard of Practice and internal controls training, and a team of officers trained to receive and manage PIDs, and to offer support and protection for disclosers.

As with all internal reporting of suspected wrongdoing, we:

exercise due process and natural justice in managing PIDs

make all attempts to preserve confidentiality

provide appropriate protection to the person who made the PID

maintain all necessary records securely, and

report appropriately. CMC Element 7: Investigations ANAO conditions: Legislation and governance, control strategies All reports, information, complaints and notifications concerning alleged employee misconduct are referred to the ESU. If there is a possibility that an incident constitutes corrupt conduct, the CEO is required under the Crime and Corruption Act, 2001 to report the matter to the CCC. As both fraud and corruption generally fall within the definition of corrupt conduct, the majority of fraud and corruption matters automatically need to be reported. The CCC may choose to investigate the matter itself, refer it back to the department, or work with the department to investigate the matter. Any allegation involving criminal offences against the department, by employees or external parties, needs to be referred to the QPS. In the event the QPS does not lay criminal charges, but the information requires further enquiry because the allegation raises a reasonable suspicion of employee misconduct which, if proven, would be likely to result in formal disciplinary action, an ESU investigation will be commenced.

P a g e | 20

Investigations may involve matters of suspected fraud, corruption, misappropriation, maladministration, theft and other matters where the conduct of an employee, if substantiated, could amount to corrupt conduct and may result in disciplinary action, including dismissal. DETE’s fraud and corruption investigation practices The department’s own fraud and corruption investigative practices comply with the CCC’s Guidelines, its investigative toolkit Corruption in focus: A guide to dealing with corrupt conduct in the Queensland public sector( http://www.ccc.qld.gov.au/research-and-publications/publications/ccc/corruption-in-focus/corruption-in-focus.pdf ) (PDF, 984.4 kB) and the Standard. Specialist training is provided to departmental investigators, to ensure the integrity and professionalism of their investigative work. Fraud and corruption investigations are conducted by experienced, senior personnel who are independent of the business unit in which the alleged fraudulent or corrupt conduct occurred. Investigations and any resultant disciplinary proceedings are always legislatively compliant and conducted in an atmosphere of transparency, with the overall guiding principles being independence and objectivity. Information arising from, or relevant to, investigations is not disseminated to any person not required by their position description to receive the information and in light of the seriousness of fraud and corruption allegations, investigations are overseen by the Fraud and Corruption Control Committee. In planning and undertaking fraud and corruption investigations, the department follows the steps outlined by the CCC:

Determining the scope and nature of investigations

Confirming the responsibilities and powers of the investigator

Conducting investigations in accordance with the rules of procedural fairness

Gathering the evidence

Concluding the investigation Education and awareness Employee responsibilities in relation to investigations are clearly set out in section 4.1 of the department’s Standard of Practice which states “Employees must co-operate with an investigation being conducted in connection with the administration, management and operation of the department to ensure the best possible outcomes”. Policies and procedures In addition to its Fraud and Corruption Control Policy Statement, the department has a Fraud and Corruption Control Procedure and an Investigations fact sheet, which discusses departmental investigations, employees’ legislative obligations, misconduct and corrupt conduct, the investigation process, the balance of probabilities, procedural fairness and natural justice, interviews and what each party can expect from the other during an investigation. When the department deems an investigation into alleged corrupt conduct, including fraud or corruption, necessary:

P a g e | 21

all employees are obliged to respect the rights of all involved and maintain confidentiality pending a full investigation into an alleged wrongdoing

managers and supervisors must ensure due process and encourage confidentiality

any person disclosing alleged wrongdoing must be advised of the outcome of the investigation as soon as practicable, and

the outcome may be subject of review by the CCC. Outcomes of investigations where complaints of alleged fraud and/ or corruption have been substantiated may be published, when appropriate to do so and where confidential records can be maintained. CMC Element 8: Code of Conduct ANAO conditions: Legislation and governance, ethical leadership and culture The Code of Conduct for the Queensland Public Service and the DETE-specific Standard of Practice provide guidance on the standards of conduct expected of all employees and others associated in any significant way with the department. They include ethics principles and values; and The Standard of Practice also provides advice and guidance for employees in making ethical decisions, especially in circumstances where the ‘correct’ or ‘best’ course of action may not be clear. Implementation of the FCCP will be based on the standards of conduct outlined in the Code of Conduct and Standard of Practice, with breaches subject to disciplinary provisions when appropriate. The code and Standard of Practice are based upon four ethics principles:

1. Integrity and impartiality 2. Promoting the public good 3. Commitment to the system of government 4. Accountability and transparency

As tools which outline the department’s ethical framework, it is outside the scope of the code and Standard of Practice to cover all ethical situations which may arise. To assist in the resolution of complex issues, including those relating to fraud or corruption, employees should seek the advice of their supervisors, managers or senior management when appropriate. The value of the code and Standard of Practice as deterrents to misconduct depends substantially on the perception that their provisions are enforced swiftly and equitably. Accordingly, prompt and impartial action is taken by the department in the event that a reasonable suspicion exists of fraud, corruption or corrupt conduct. The code and Standard of Practice reflect the corporate and business ethos of the department. As such, their agency-wide implementation will promote integrity, encourage ethical behaviour, and strengthen departmental resistance to fraud and corruption. In compliance with their responsibilities under the Public Sector Ethics Act 1994, the department’s CEO ensures that departmental employees are given access to appropriate education and training about public sector ethics through mandatory training at orientation and regular refreshers thereafter. The ESU will review of the Standard of Practice biennially or more frequently if required. On an ongoing basis, the Director, ESU will also review the need to develop any other related policies and procedures, ethical awareness training or employee development materials.

P a g e | 22

CMC Element 9: Staff education and awareness ANAO conditions: Governance, ethical leadership and culture

Legislative background The Public Sector Ethics Act 1994 requires agencies to provide appropriate education and training for their employees. Mandatory training Mandatory public sector ethics education and training completed by all new employees through the DETE induction program. Ongoing ethics related education and training is undertaken by all employees at regular intervals during their employment with the department. The public sector ethics education and training module includes:

ethical decision-making training and awareness, including Code of Conduct

internal controls training

fraud and corruption (including Public Interest Disclosure) training and awareness. It is available to employees through a variety of delivery modes:

face-to-face training

on-line ethical decision making training available via the Learning Place

train-the-trainer package

ethics- related resources published on One Portal, developed by ESU and available to all employees

DETE induction website (mandatory induction). Formal information-sharing and the inclusion of fraud and corruption control components in induction training is the responsibility of both central and regional management. Employees whose knowledge of, and skills in, financial management are lacking are particularly vulnerable and specific training should be provided for these officers. Employees in smaller, rural and remote locations as well as those who perform a high level of resource and financial management should also receive specific fraud and corruption control training. Departmental education and awareness strategies With the oversight of its Fraud and Corruption Control Committee, the department uses a variety of education and awareness strategies to foster an ethical organisational culture and strengthen the department’s resistance to fraud and corruption:

displaying notices about the Code of Conduct and Standard of Practice, and the expectation of ethical behaviour, throughout the workplace

making a copy of the Code of Conduct and Standard of Practice available to all new employees

demonstrating executive management commitment to fraud and corruption control, with senior executives leading by example and participating in training sessions

the appointment of the Deputy Director-General, Corporate Services as Chair of the Fraud and Corruption Control Committee and champion of fraud and corruption control across the organisation

P a g e | 23

dissemination of advice about fraud and awareness strategies and internal controls emanating from meetings of the Fraud and Corruption Control Committee

development of a fraud and corruption control newsletter

establishment of communities of practice

Fraud and Corruption Policy and Fraud and Corruption Control Plan made accessible to all employees

dissemination of Public Interest Disclosure Policy and advice about the department’s PID support program

Fraud and Corruption Control website on intranet

function-specific training about fraud and corruption control to employees working in high-risk areas

online Internal Controls training

ethics awareness announcements on divisional home pages and division-specific publications

online resources including brochures, factsheets and PowerPoint presentations

ethics-related announcements in the department’s Education Views publication, for dissemination to the general public as well as employees

the inclusion of fraud and corruption control KPIs in departmental financial sustainability benchmarks

embedding fraud and corruption control in the department’s enterprise risk management program

reinforcement of agency’s zero tolerance attitude to fraud and corruption demonstrated by prompt response taken to incidents

Future training programs will include the provision of guidelines on the identification of misconduct risk and the ‘red flag’ indicators of potential fraud. Training will also include information about public sector accountability and ethical standards, as well as offering case studies and scenarios for ethical decision making. CMC Element 10: Client and Community Awareness ANAO conditions: legislation and governance, ethical leadership and culture The Fraud Corruption and Control Framework and other relevant policies and procedures are published on our internet site to make them accessible for all community members. The department’s external communication will emphasise the integrity of the department and its commitment to the highest standard of probity in all its dealings. It will give the community confidence in its dealings with us, and ensure that external providers, such as contractors, suppliers, third party providers, and funding recipients are aware of our zero tolerance policy. This message will be augmented by the ethical actions of employees at all times. We promote our fraud corruption and control policy by:

publishing the Fraud and Corruption Control Framework and procedure on the department’s internet and employee portal

gaining P&C commitment and ensuring a documented process for reporting potential fraudulent and/or corrupt activities

incorporating probity compliance declarations and provisions into our standard contract arrangements

providing a fraud reporting hotline - 1800 727 031

publishing pertinent complaint data as Open Data.

P a g e | 24

The department’s zero tolerance of fraud should be highlighted, and measures be taken to ensure the department’s fraud and corruption prevention goals are reported, in its Annual Report.

Monitoring, review and continuous improvement The processes that support continuous improvement of the Framework include:

reviewing the Framework every two years (or following a significant change within the department) including:

o control strategies, to ensure appropriate balance between prevention and detection o control appropriateness and effectiveness of design and operation

updating fraud and corruption risk assessment to ensure fraud and corruption risks are captured and managed

review of individual fraud and corruption cases to identify the cause, areas of control weakness, where possible measure the loss or cost of fraud, and identify lessons learned.

Contact Director, Ethical Standards Unit Ph: (07) 3255 2955 Fax: (07) 3055 2996 ethicalstandards@dete.qld.gov.au PO Box 15033 City East Qld 4002

P a g e | 25

Appendix 1: Legislation and other Instruments - Fraud and Corruption Control

Legislation

Public Sector Ethics Act 1994 (Qld) Public Service Act 2008 (Qld) Public Service Regulation 2008 (Qld) Education (General Provisions) Act 2006 (Qld) Education (General Provisions) Regulation 2006 (Qld) Public Interest Disclosure Act 2010 (Qld) Crime and Corruption Act 2001 (Qld) https://www.legislation.qld.gov.au/LEGISLTN/CURRENT/C/CrimeandCorruptionA01.pdfFinancial

Accountability Act 2009 (Qld) Financial Accountability Regulation 2009 (Qld) Financial and Performance Management Standard 2009 (Qld) Criminal Code Act 1899 (Qld)

Substantive policy

Code of Conduct for the Queensland Public Service DETE Standard of Practice

Related procedures

Criminal History Checks Complaints Management – State Schools Contact with Lobbyists and Former Senior Government Representatives Conflict of Interest Intellectual Property and Copyright Use Maintaining the Security of Department Information and Systems Making and managing a public interest disclosure under the Public Interest Disclosure Act 2010 (Qld) Managing employee complaints Receipt of Gifts and Benefits by Employees of the Department Risk Management Acceptable Use of the Department's Information, Communication and Technology (ICT) Network and Systems

Standards, guidance and best practice

Crime and Corruption Commission:

Fraud and Corruption Control - Guidelines for Best Practice

Corruption in focus: A guide to dealing with corrupt conduct in the Queensland public

sector(http://www.ccc.qld.gov.au/research-and-publications/publications/ccc/corruption-in-

focus/corruption-in-focus.pdf ) (PDF, 984.4 kB) Standards Australia: AS 8001-2003 - Fraud and Corruption Control

Australian National Audit Office:Fraud Control in Australian Government Entities – Better Practice Guide 2011

Australian Minister for Home Affairs and Minister for Justice: Commonwealth Fraud Control Guidelines

Queensland Department of Treasury and Trade:

Financial Accountability Handbook 2012

A Guide to Risk Management 2011

Financial Management Tools 2012

P a g e | 26

Appendix 2: Definitions Code of Conduct - The Code of Conduct for the Queensland Public Service is a whole of government code of ethics that provides a framework of ethical principles, values and standards of conduct that guide employees in their work performance, professional standards, and how they should conduct their relationships with others. The Public Sector Ethics Act 1994 defines the ethical principles and values arising from these principles. The Public Interest Disclosure Act 2010 complements the Public Sector Ethics Act 1994 by providing legal protection for the reporting of certain wrongdoing that adversely affects the public interest. The department’s Standard of Practice is a supplementary document which assists all employees to apply the Code of Conduct of the Queensland Public Service and provides agency-relevant examples that directly relate to how the Code is to be applied within the department. Employee – For the purposes of this document and in accordance with the Code of Conduct for the Queensland Public Service an employee is defined as:

“any Queensland public service agency employee whether permanent, temporary, full-time, part-time or casual;

any volunteer, student, contractor, consultant or anyone who works in any other capacity for a Queensland public service agency”

Fraud and corruption risk assessment - The application of risk management principles and techniques to the assessment the risk of fraud and corruption. Investigation - An inquiry or examination to ascertain facts; the act or process of investigating. Risk - The chance of something occurring that will have a negative impact upon objectives. It is measured in terms of likelihood and consequences .Residual risk is the remaining level of risk after risk treatment measures have been taken. Risk management - The term applied to a logical and systematic method of identifying, analysing, assessing, treating, monitoring and communicating risks associated with any activity, function or process in a way that will enable organisations to minimize losses and maximize positive outcomes. The department has introduced an Enterprise Risk Management Framework which builds on the existing risk management practices across the department and reflects current best practice and international standard. All departmental employees are strongly encouraged to become familiar with the Enterprise Risk Management Framework 2010-2014 to ensure a consistent approach to managing risk within the department. Senior management - Personnel associated with the department at the executive and senior management, director or principal level and those senior officers who have authority over the direction or management of the department.

P a g e | 27

ATTACHMENT ONE RISK ASSESSMENT WORKSHEET Each agency work unit should develop label descriptions to suit its own business processes and operating environment

IDENTIFICATION ANALYSIS EVALUATION RISK TREATMENTS

Area being assessed

Specific Risks Risk Degree Current Controls or Mitigating Factors

Control Improvements

Likelihood Consequences Risk exposure

Likelihood Consequences Risk exposure

A = Almost certain B = Likely C = Unlikely D = Rare

I = Insignificant II = Minor III = Moderate IV = Major V = Extreme

VH = Very high risk – immediate action required H = High risk - senior management attention required M = Medium risk - management responsibility must be specified L = Low risk – manage by routine procedures

P a g e | 28

ATTACHMENT TWO RISK MATRIX

Consequence

Insignificant Minor Moderate Major Critical

Lik

elih

oo

d

Almost Certain

Medium Medium High Extreme Extreme

Likely Low Medium High High Extreme

Possible Low Medium Medium High High

Unlikely Low Low Medium Medium High

Rare Low Low Low Low Medium

= Risk tolerance

Likelihood of occurrence

Almost certain Is almost certain to occur within the foreseeable future or within the project lifecycle

Likely Is likely to occur within the foreseeable future or within the project lifecycle

Possible May occur within the foreseeable future or within the project lifecycle

Unlikely Is not likely to occur within the foreseeable future or within the project lifecycle

Rare Will only occur in exceptional circumstances.