Fraud and Corruption Control - Governing Policy | UniSC | University of the Sunshine Coast, Queensland, Australia

Accessibility links

Non-production environment - editcd.usc.edu.au

Search

Pro tip: To search, just start typing - at any time, on any page.

Searching {{ model.searchType }} for returned no results.

News

More news

Staff

More

Fraud and Corruption Control - Governing Policy
Approval authority
Council
Responsible Executive member
Vice-Chancellor and President
Designated officer
Director, Governance and Risk Management
First approved
13 June 2006
Last amended
22 August 2025
Review date
22 August 2026
Status
Active
Related documents
Linked documents
Related legislation / standards
  • Public Interest Disclosure Act 2010 (Qld)
  • University of the Sunshine Coast Act 1998 (Qld)
  • Criminal Code Act 1995 (Cth)
  • Financial and Performance Management Standard 2009 (Qld)
  • Financial Accountability Act 2009 (Qld)
  • Public Sector Act 1994 (Qld)
  • Crime and Corruption Act 2001 (Qld)
  • Foreign Influence Transparency Scheme Act 2018 (Cth)
  • Queensland Crime and Corruption Commission’s (CCC) Fraud and Corruption: Best Practice Guide
  • AS ISO 37301: 2023 Compliance Management Systems
  • AS ISO 31000: 2018: Risk Management Guidelines
  • AS ISO 37003: 2025 Fraud Control Management Systems

1. Purpose

1.1 This policy affirms the University’s commitment to preventing and detecting fraudulent, corrupt, unlawful, negligent or improper conduct.

1.2 The University considers that fraud and corruption control is an integral component of its overall risk and compliance management framework and plans for and resource activities accordingly, consistent with the University’s relevant Codes of Conduct and is consistent with AS ISO 37003:2025 Fraud Control Management Systems.

1.3 This policy is based on the guidelines and principles of the Financial Accountability Act 2009 (Qld), Crime and Corruption Act 2001 (Qld) (CC Act), AS ISO 37003:2025 Fraud Control Management Systems (the Australian Standard) and the Queensland Crime and Corruption Commission’s (CCC) Fraud and Corruption: Best Practice Guide.

1.4 This policy must be read in conjunction with the linked Fraud and Corruption Control - Procedures.

2. Scope and application

2.1 This policy applies to all staff, students, contractors or consultants, strategic partners, third party service providers, controlled entities, volunteers, affiliates and members of University decision-making or advisory bodies, including Council and its committees.

2.2 The University is identified as a statutory authority under the Crime and Corruption Act 2001 (Qld) and falls under the jurisdiction of the Queensland Crime and Corruption Commission (CCC). This requires that any University conduct that could be classified as corrupt conduct is reported by the Vice-Chancellor and President, as the University’s Chief Executive Officer (or public official). The Vice-Chancellor and President has delegated this duty to the Director, People and Culture.

2.3 University activities and operations undertaken outside of Queensland can be subject to similar fraud and corruption legislation and regulation in those jurisdictions. In these cases, the requirements in those jurisdictions must be complied with in addition to any obligations under Queensland law.

2.4 This policy does not apply to notification to the CCC regarding the conduct of the Vice-Chancellor and President, which is managed in accordance with the Complaints about the Vice-Chancellor and President (Crime and Corruption Act 2001, s 48A) - Governing Policy.

3. Definitions

3.1 Refer to the University’s Glossary of Terms for definitions as they specifically relate to policy documents.

Affiliate refers to Academic title-holders, visiting academics, emeritus professors, adjunct and honorary title-holders, industry fellows and conjoint appointments.

Fraud refers to dishonest activity causing actual or potential financial loss to any person or entity including theft of monies or other property by employees or persons external to the entity and where deception is used at the time, immediately before or immediately following the activity. This also includes the deliberate falsification, concealment, destruction or use of falsified documentation used or intended for use for a normal business purpose or the improper use of information or position for personal financial benefit.

Fraud Control Management System means the set of interrelated or interacting elements of an organisation that establish policies and objectives and processes to achieve those objectives consistent with Australian Standard AS ISO 37003: 2025 Fraud Control Management Systems.

Corruption is dishonest activity in which a director, executive, manager, employee or contractor of an entity acts contrary to the interests of the entity and abuses their position of trust in order to achieve some personal gain or advantage for themself or for another person or entity. The concept of ‘corruption’ can also involve corrupt conduct by the entity or a person purporting to act on behalf of and in the interests of the entity, in order to secure some form of improper advantage for the entity either directly or indirectly.

Corrupt conduct is defined as per section 15 of the Crime and Corruption Act 2001 (Qld).

4. Policy statement

4.1. The University recognises that fraud and corruption management is an integral part of good governance and management practice. The University has an Averse appetite to and zero tolerance for fraud and corruption. The University is committed to managing its fraud and corruption risks and to combatting and reducing the incidence of such activities across all of its operations and activities. This policy is consistent with the Staff Code of Conduct – Governing Policy, the University Risk and Compliance Management – Governing Policy and relevant legislation and standards.

5. Principles

5.1 Approach to fraud and corruption

5.1.1 The University is committed to implementing effective controls and treatments to prevent, avoid or eliminate the risks, so far as reasonably practicable, of such behaviour and ensuring continuing organisational integrity and transparency in all University activities.

5.1.2 The University Risk Classification Table (login required) reflects a structured classification and hierarchy of risks to ensure consistent risk identification and management across the University. At the core of this are five risk classes, which are further comprised of underpinning risk categories and risk types. Fraud and corruption risks have been captured as follows:

(a) Risk Class: Operational Risks

(i) Risk Category: Fraud & Corruption

  • Risk Type: Internal (Staff)
  • Risk Type: External (Admissions)
  • Risk Type: External (Third Party Vendor/Supplier)
  • Risk Type: Academic integrity and student misconduct
  • Risk Type: Research integrity and misconduct

5.1.3 The University aims to develop and maintain an organisational culture of honesty and integrity.

5.1.4 The University puts in place processes that ensure effective prevention, detection and management of fraud and corruption.

5.1.5 The University encourages, supports and protects persons who report suspected fraud and corruption.

5.2 Fraud and corruption control

5.2.1 In addition to this policy, the University maintains a Fraud and Corruption Control Plan (login required) and the Fraud and Corruption Control – Procedures. These documents form part of the University’s fraud control management system which is an integral part of the University’s risk management framework.

5.2.2 Diagram 1 provides an overview of the key components of fraud and corruption control.

Diagram 1 – Fraud and Corruption Control

5.3 Fraud risk protected disclosures

5.3.1 When a staff member is aware of, or suspects, fraudulent or corrupt conduct, they must report these suspicions immediately. Staff should do so in accordance with the Fraud and Corruption Control – Procedures.

5.3.2 Confidentiality must be maintained throughout any investigative process.

5.3.3 The University ensures protection of those reporting suspected instances of fraud and corruption and ensures that this policy is well understood by the University community.

5.3.4 The University ensures that there are adequate means, for reporting suspected instances of suspicious, illegal or unethical conduct, and that these means are widely known and available. This includes the means for anonymously reporting of such conduct.

5.4 Monitoring and review

5.4.1 Following the detection of fraud or corrupt conduct, the organisational unit manager, in consultation with the Director, Governance and Risk Management, reassesses the adequacy of the internal control environment and identify actions required to strengthen controls.

5.5 Fraud risk reporting

5.5.1 The preparation of fraud and corruption risk reporting is facilitated by the Director, Governance and Risk Management (DGRM) through the biannual risk management and quarterly compliance management processes. In addition to data obtained through the risk and compliance management and risk assessment processes, this reporting consolidates, and analyses incident data collected and reported by:

(a) People and Culture (staff misconduct and CCC referrals);

(b) Office of Research (research integrity);

(c) Academic Integrity Unit within Centre for Support and Advancement of Learning and Teaching (CSALT) (academic integrity);

(d) Financial Services (procurement/financial fraud); and

(e) Student Services & Engagement (admissions and student misconduct)

5.5.2 This reporting is provided to the University Executive Committee (ExCom), Academic Board (AB), the Audit and Risk Management Committee (ARMC), and the University Council on the following basis:

Report Title 

Report Content 

Report Producer 

Report Recipient 

Frequency * 

(At least) 

University Fraud and Corruption Risk Profile 

The qualitative and quantitative assessment of Fraud and Corruption Risk by the University Executive and Cost Centre Managers and includes details of:  

(a) Fraud Risk Assessment vs Risk Appetite measuring compliance with the Risk Appetite Statement 

(b) Key controls and treatment plans for managing High Rated Fraud Risks and Fraud Risks out of Appetite to acceptable levels, on a so far as reasonably practical basis.

DGRM 

 

ExCom 

ARMC 

Council

Annually (Sept) 

6. Authorities and responsibilities

6.1 As the Approval Authority, Council approves this policy in accordance with the University of the Sunshine Coast Act 1998 (Qld).

6.2 As the Responsible Executive Member of this policy the Vice-Chancellor and President can approve procedures and guidelines to operationalise this policy. All procedures and guidelines must be compatible with the provisions of this policy.

6.3 As the Designated Officer of this policy the Director, Governance and Risk Management can approve associated documents to support the application of this policy. All associated documents must be compatible with the provisions of the policy.

6.4 This policy operates from the last amended date, superseding all previous versions of the fraud and corruption control policy, with no further operation from this date.

6.5 All records relating to the fraud and corruption control must be stored and managed in accordance with the Records Management - Procedures.

6.6 This policy must be maintained in accordance with the University Policy Documents – Procedures and reviewed on a standard 5-year policy review cycle.

6.7 Any exception to this policy to enable a more appropriate result must be approved in accordance with the University Policy Documents – Procedures prior to deviation from the policy.

6.8 Refer to Schedule C of the Delegations Manual in relation to the approved delegations detailed within this policy.

6.9 The following authorities and responsibilities are delegated under this policy:

Responsibilities

Authority

  • Setting the University’s risk appetite in regard to its material risks.
  • Authority to approve the Fraud and Corruption Control – Governing Policy.

University Council

  • Authority to approve the Fraud and Corruption Control Plan (login required).
  • Monitoring and oversight of compliance with legislative and regulatory requirements.
  • Monitoring risk and compliance management frameworks at the University.
  • Monitoring and oversight of the effectiveness of the internal control environment

Audit and Risk Management Committee

  • Monitoring and oversight of research and academic integrity matters relating to (alleged) fraud or corrupt conduct.

Academic Board

  • Promote a culture that encourages strong risk management (including fraud and corruption).
  • Ensuring that all matters relating to (alleged) fraud or corrupt conduct are dealt with appropriately.
  • Ensuring that risk management activities are carried out effectively within the University.
  • Notifying the Audit and Risk Management Committee and internal audit of allegations of suspected fraud or corrupt conduct.
  • Fulfilling the University’s obligations under the Crime and Corruption Act 2001 (Qld).
  • Communicating the expectation that all employees are required to conduct their duties to high professional and ethical standards and always act in the public interest.
  • Ensuring that appropriate and effective internal controls systems are in place that will assist in preventing and detecting fraud and corruption.

Vice-Chancellor and President

  • Providing high level advice to the Vice-Chancellor and President, members of Executive and senior management on procedural matters to strengthen risk management and proactively provide leadership and support of this policy and its objectives.
  • Maintaining policies and procedures and records in relation to fraud and corruption control within their area(s) of responsibility as set out in the University’s Fraud Control Plan.
  • Maintaining the University Risk and Compliance Management Framework, including policies and procedures relating to fraud and corruption.
  • Undertaking a biennial review of the Fraud and Corruption Control Plan (login required) and Governing Policy.
  • Facilitating annual reporting of the University’s fraud and corruption risk profile to Executive, the Audit and Risk Management Committee and Council if appropriate.

Director, Governance and Risk Management

  • Responsibility for reporting any known instances of fraud and corruption to the Vice-Chancellor and President, other members of Executive and Audit and Risk Management Committee as appropriate.
  • Nominee responsible for reporting corrupt conduct to the Crime and Corruption Commission and acting as the liaison officer to the CCC.
  • Maintaining policies and procedures and records in relation to fraud and corruption control components within their area(s) of responsibility as set out in the University’s Fraud Control Plan.
  • Monitoring training completions to ensure that upon commencement of employment, all staff must complete compulsory training and declaration activities related to fraud and corruption control, specifically: 
  • Fraud and Corruption Awareness training; 
  • Code of Conduct training;
  • Conflict of Interest declaration;
  • Academic Integrity Training (compulsory for all academic staff; Modules 1-3 compulsory for professional staff working in curriculum or research); and 
  • Research Integrity Training (compulsory for all academic staff; compulsory for professional staff working research management or support).

Director, People and Culture

  • Responsibility for ensuring that appropriate mechanisms are in place within their areas of control to:
    • promote awareness amongst staff of this policy and of the ethical principles subscribed to by the University;
    • establish controls and procedures for prevention and detection of any fraudulent or corrupt conduct;
    • identify risk exposures to fraudulent and corrupt conduct and ensure that regular assessment of the risks is undertaken;
    • advise the Vice-Chancellor and President, via the Director, People and Culture, of any reported allegations of fraud or corrupt conduct,;
    • assist staff to analyse and work through issues in fraud and corruption prevention and detection.
    • ensure prompt responses to allegations or indications of fraudulent and corrupt conduct; and
    • complete and sign End of Year Internal Control Certifications required as part of the preparation and completion of the University’s Annual Financial Statements.

University Executive and Senior Staff

  • Responsibility for undertaking their duties in accordance with the University’s Staff Code of Conduct, and the timely completion of all mandatory training relevant to their role.
  • Responsible to:
    • immediately report any suspected fraudulent or corrupt activity of which they become aware to their supervisor, Organisational Unit Manager or, if appropriate, another member of executive staff or internal audit; and
    • assist with any enquiries or investigations pertaining to fraudulent and corrupt activity, where requested by an appropriately authorised officer.

All University staff

  • Monitoring and evaluating the effectiveness of internal controls and risk management processes in preventing and detecting fraudulent or corrupt conduct.
  • Advising the Audit and Risk Management Committee of any allegations of fraudulent or corrupt conduct reported to it or identified through routine or random audits.

Internal audit

7. Appendices and supporting documents

Fraud and Corruption Control Plan (login required)