• Section 1 - Purpose
• Section 2 - Authority
• Section 3 - Scope
• Section 4 - Procedure

Section 1 - Purpose

(1) The purpose of this procedure is to outline how the management of fraud and corruption across the RMIT Group reflects RMIT’s commitment to integrity and probity. It details how RMIT identifies and raises awareness of fraud and corruption risks, and the strategies for preventing, detecting and responding to allegations of fraud and corruption, including whistleblower disclosures.

(2) Details on making a whistleblower or public interest disclosure and RMIT’s support for whistleblowers are in the Whistleblower Procedure.

(3) RMIT’s compliance with the Australian Standard for Fraud and Corruption Control (AS8001:2021) in how it conducts fraud and corruption investigations is detailed in the Fraud and Corruption Investigation Instruction.

Section 2 - Authority

(4) Authority for this document is established by the Fraud and Corruption Control Policy.

Section 3 - Scope

(5) This procedure applies to RMIT Council members and all employees across RMIT University and its controlled entities, hereafter referred to as RMIT.

Section 4 - Procedure

Education and Awareness

(6) As part of their onboarding, new employees complete a learning module on workplace integrity covering the Code of Conduct, conflict of interest, managing gifts or benefits, and the process for reporting fraud and corruption. 

(7) Supervisors ensure their employees, through their induction and ongoing workplace discussions, are aware of the fraud and corruption risks associated with their specific functions, and the prevention and detection strategies they need to employ.

(8) Employees who have discretionary decision-making roles are appropriately trained and supervised in areas identified as high risk for fraud and corruption (refer to the Fraud and Corruption Control Policy Schedule 1 – Examples of Corrupt Conduct, Fraud, Public Interest Disclosures and High-Risk Activities).

(9) A rolling campaign of awareness-raising across the RMIT Group is coordinated by the Central Complaints and Investigation Unit to:

1. promote a culture of honesty, integrity and professionalism
2. foster awareness of the significance and impact of fraud and corruption
3. reinforce employee responsibilities regarding preventing, detecting and disclosing fraud and corruption, including managing conflicts of interest and gifts, benefits and hospitality.

(10) The Chief Information Security Officer coordinates employee training and awareness-raising campaigns to protect RMIT against cyber fraud. 

Identifying fraud and corruption risks

(11) RMIT recognises that fraud and corruption threats may be generated by third parties such as research collaborators, contractors and service providers.

(12) RMIT conducts fraud and corruption risk assessments in accordance with the Risk Management Policy and framework to identify responsible officers and assess the level and type of risks that require controls. Risk assessments include consideration of the early warning signs of a fraud and corruption event.

(13) As part of their risk planning, responsible officers must prepare a response and recovery plan which includes protocols for decision-making in response to fraud and corruption incidents, communicating clearly with relevant employees and RMIT’s senior executive, and providing timely referral or notifications to relevant law enforcement or regulatory authorities. 

Prevention

(14) Risks for fraud and corruption identified as part of RMIT’s risk management framework have associated controls (prevention strategies). For controls that are below the target state required for that risk, a treatment plan is prepared, with agreed management actions.

(15) Some of the controls in place to prevent fraud and corruption include:

1. pre-employment screening checks by the People team to review employment history, criminal history and reference checks to help identify potential issues that may be indicative of fraud risk, such as prior criminal convictions or dismissals for dishonesty
2. risk-based due diligence checks and periodic review of the credentials of new suppliers, vendors and international education partners
3. physical asset protection from theft such as building access controls and alarms, security personnel, CCTV surveillance
4. application of information security standards to help prevent technology-enabled fraud
5. conflict of interest reporting requirements
6. processes for accepting and reporting gifts, benefits and hospitality
7. delegations of authority embedded in workflow processes.

Detection

(16) RMIT has measures in place to uncover incidents of fraud and corruption when they occur. These include:

1. data mining and analysis by Central Complaints and Investigations to identify suspicious transactions or potential integrity risks
2. checking by Central Finance Operations if a vendor has the same address or bank details as an employee
3. internal auditing of transactions to identify activities, trends and risks which could provide evidence of fraudulent or corrupt conduct
4. analysis of management accounting reports by cost centre managers.

(17) Employees and third parties who detect potential fraud or corruption must report the matter promptly to the Central Complaints and Investigations Unit through RMIT’s Complaints Portal, or through the Complaints page on the RMIT Vietnam website for activities at RMIT Vietnam. Investigators take all reasonable steps to protect disclosers from harm for lodging a complaint.

Reporting suspected fraud or corruption

(18) Staff investigating employee misconduct must notify Central Complaints and Investigations through the Complaints Portal if there is a financial element to the misconduct as this aspect needs to be investigated by Central Complaints and Investigations, this includes cases of misuse of research funding.

(19) Any concerns about suspected fraud or corruption must be reported to the Central Complaints and Investigations unit through the Complaints Portal. An initial assessment is made by the unit to determine if the complaint is a public interest disclosure that must be referred for investigation to the Independent Broadbased Anti-Corruption Commission (IBAC). Further details about lodging an allegation of fraud or corruption to IBAC are in the Whistleblower Procedure.

(20) The Vice-Chancellor has delegated the General Counsel the authority to refer matters to the Independent Broad-based Anti-Corruption Commission (IBAC), police or other external agency.

Investigations

(21) Allegations of fraudulent or corrupt conduct are thoroughly and objectively investigated by appropriately trained and skilled employees, in accordance with:

1. the Code of Conduct, Workplace Behaviour Policy, Managing Conduct Procedure, Privacy Policy, and Complaints Governance Policy
2. enterprise agreements
3. applicable country law and regulations
4. advice from Legal Services
5. the Fraud and Corruption Investigation Instruction.

(22) RMIT investigates suspected fraudulent or corrupt conduct confidentially, although there may be some instances where the disclosure of personal information may be required by law.

(23) Complete and accurate records are kept of all investigations of suspected fraud or corruption in accordance with the Information Governance Policy and relevant legislation.

(24) RMIT has in place measures, including an appropriate level of supervision, to mitigate personal risk to investigators, including risk of physical, emotional or psychological harm.

(25) Occasionally RMIT may employ an external investigator for an investigation of suspected fraudulent or corrupt conduct. The external investigator will be appointed by the General Counsel and University Secretary and Central Complaints and Investigations and advised of RMIT’s obligations under the Public Interest Disclosure Act 2012 (Vic) and other relevant legislation and regulations.

(26) Investigations by RMIT or external investigators determine if fraud or corruption has occurred. RMIT’s response to a finding and the consequences for the person being investigated are determined by the senior officer with delegated authority in accordance with the Delegation of Authority Schedule 3 – People Delegations and any relevant legislation. Disciplinary procedures are outlined in enterprise agreements and the Managing Conduct Procedure.

(27) The investigation report provides insight for the senior executive to address failures to prevent or detect the fraud or corruption. Senior executives then work with the Enterprise Risk Management team to ensure the risk treatment plan is updated to document corrective measures to eliminate or minimise the risk. 

Protecting Whistleblowers

(28) Persons who disclose fraud or corruption may qualify for protection under the PPublic Interest Disclosures Act 2012 or the Corporations Act 2001. Refer to the Whistleblower Procedure and Schedule 1 – Types of Disclosures. This is sometimes referred to as protection from detriment or detrimental action. 

(29) Protections may be lost if the person disclosing the fraud or corruption is found to have engaged in misconduct, or did not have reasonable grounds for making a disclosure (e.g. making a vexatious claim), or disclosed information to someone who should not have received it.

(30) RMIT has no tolerance for any form of reprisal against a person disclosing fraud or corruption. Any person who threatens or carries out reprisals will be subject to disciplinary action in accordance with the Workplace Behaviour Policy, and in some cases may also be subject to criminal liability.

Reporting to the Audit and Risk Management Committee

(31) The Audit and Risk Management Committee receive reports from Central Complaints and Investigations on the incidences of fraud and corruption.