View Document

Fraud and Corruption Control Policy

This is the current version of this document. You can provide feedback on this policy document by navigating to the Feedback tab.

Section 1 - Purpose

(1) The purpose of this policy is to encourage the highest level of integrity in organisational culture as an essential part of RMIT’s management and corporate governance framework.

(2) The policy aims to promote a culture of honesty, integrity and professionalism, and reflects RMIT’s commitment to effectively prevent, detect and respond to fraud and corruption risks.

(3) The policy supports RMIT’s legislative obligations, including:

  1. Public Interest Disclosures Act 2012 (Vic)
  2. Victorian Independent Broad-based Anti-corruption Commission (IBAC) Act 2011 (Vic)
  3. Corporations Act 2001 (Cth)
  4. Crimes Legislation Amendment (Combatting Foreign Bribery) Act 2024.

(4) This policy supports RMIT’s commitment to the United Nations Sustainable Development Goals (SDG), particularly SDG 16 – Peace, Justice and Strong Institutions by reducing organisational risk and strengthening measures against fraud and corruption.

Top of Page

Section 2 - Overview 

(5) RMIT’s fraud and corruption control system aligns with the Australian Standard for Fraud and Corruption Control (AS8001:2021) and is comprised of:

  1. this policy suite, including the Fraud and Corruption Control Procedure, Whistleblower Procedure and Fraud and Corruption Investigation Instruction
  2. Code of Conduct
  3. Conflict of Interest Policy
  4. Risk Management Policy and Framework
  5. Gifts, Benefits and Hospitality Policy
  6. Workplace Behaviour Policy
  7. Student Conduct Policy
  8. Research Policy
  9. Procurement and Expenditure Policy
  10. Business Expenses Policy
  11. Delegations of Authority Policy.

(6) This policy defines the illegal or unacceptable, high-risk behaviours that constitute fraud and corruption. It outlines the principles guiding the prevention, detection and management of fraud and corruption at RMIT, and lists the responsibilities of those in its scope.

(7) RMIT uses the definitions of fraud and corruption published in Australian Standard 8001-2021 Fraud and Corruption Control (refer to Section 6 – Definitions below).

Top of Page

Section 3 - Scope

(8) This policy applies to RMIT University Council and committee members, and RMIT employees, students and contractors of the RMIT Group, and any other persons working with or on behalf of the RMIT Group who are notified of the need to comply with this policy (hereafter referred to as ‘employees’ for brevity). The RMIT Group includes RMIT University and its controlled entities.

(9) The provisions in this policy take precedence over other RMIT policies when it comes to improper conduct if there is the potential that the matter may need to be investigated by the police, the Independent Broad-based Anti-Corruption Commission (IBAC), or other external regulatory agency.

Top of Page

Section 4 - Policy

Principles

(10) RMIT expects, encourages and supports employee ethical behaviour, and does not tolerate fraud or corruption.

(11) RMIT maintains trust with the public by exhibiting the highest standards of integrity in its operations and decision making. It recognises that fraud and corruption can create reputational and financial damage to RMIT which undermines public confidence, employee and student productivity and morale.

(12) RMIT takes a risk-based approach to managing fraud and corruption through the Risk Management Framework which requires all risks relating to fraud and corruption to be identified, assessed, responded to and monitored on an ongoing basis.

(13) The effectiveness of the mechanisms used to control fraud and corruption risks are evaluated and reported to the Audit and Risk Management Committee on a biennial basis.

Identifying fraud and corruption risks

(14) ‘Fraud and corruption’ is a risk domain in RMIT’s risk management framework.

(15) Senior managers in high-risk areas apply RMIT’s risk management tools and activities to identify potential opportunities for fraud and corruption in their area of responsibility. Examples of high-risk areas and activities are included in Schedule 1 – Examples of Corrupt Conduct, Fraud, Public Interest Disclosures and High-Risk Activities.

(16) Identified fraud and corruption risks are recorded in the enterprise risk management system. Identified risks inform the development of prevention, detection and response strategies. 

Prevention

(17) RMIT prevents fraud and corruption through:

  1. transparent, accountable and responsible decision making
  2. strong governance practices and policies
  3. training and awareness raising for employees and business areas, particularly around high-risk activities
  4. effective risk management and reporting
  5. security of physical assets and facilities to protect from theft
  6. an effective information security management system. 

Detection

(18) RMIT undertakes activities that recognise whether fraud or corruption has occurred or is occurring. These include:

  1. monitoring and regularly reviewing systems and accounting reports for suspicious or unusual activity
  2. post-transactional reviews
  3. monitoring and reviewing approval processes to ensure alignment with the Delegations of Authority Policy
  4. appropriately resourced internal and external audit capabilities
  5. mechanisms to enable confidential reporting of suspected fraud or corruption.

(19) Staff investigating other types of complaints, such as employee or student misconduct, are trained in recognising complaints about fraud and corruption. They are also advised to notify Central Complaints and Investigations if there is a financial element to the misconduct they are investigating. Any matters relating to student fraud are managed under the Student Conduct Policy

Response

(20) RMIT ensures procedural fairness when dealing with fraudulent or corrupt conduct allegations as set out in the Fraud and Corruption Investigation Instruction.

(21) Investigations of potential fraud and corruption are handled by specific and suitably qualified and trained employees or contractors, and in accordance with the relevant legislation, enterprise agreement and RMIT policies and procedures.

(22) The preliminary assessment of an allegation may determine that the matter needs immediate referral to the police or IBAC for them to conduct the investigation.

(23) The outcome for employees found to have engaged in fraud or corruption is determined:

  1. in accordance with the relevant enterprise agreement, the Managing Conduct Procedure, and any other relevant policies
  2. by the relevant senior officer as defined in the Delegation of Authority Schedule 3 – People Delegations.

(24) RMIT may take legal or administrative action to reclaim any resources misappropriated through fraud or corruption, where appropriate.

(25) RMIT complies with the laws of the countries in which it operates. Where a conflict arises between legislative requirements that apply to RMIT operations relating to fraud and corruption control and public interest disclosure, RMIT adopts the more onerous requirement.

Where to report suspected fraud or corruption

(26) RMIT’s Complaints Portal enables Australian-based employees, students and third parties to report suspected fraud or corruption to the Central Complaints and Investigations Unit. For RMIT Vietnam, go to Complaints on the RMIT Vietnam website.

(27) Disclosures of suspected fraud or corruption can also be made to an independent third party, such as Stopline or integrity agencies such as IBAC, depending on the scale and significance of the allegation.

(28) Persons disclosing suspected fraud and corruption can request whistleblower protections in accordance with the Public Interest Disclosures Act. Refer to the Whistleblower Procedure for details about what can be disclosed as a ‘public interest disclosure’, to whom, and the protections provided by the Public Interest Disclosures Act 2012.

Responsibilities

(29) RMIT University Council has overall accountability for monitoring RMIT’s fraud and corruption risks and receives an annual report on fraud and corruption matters through the Audit and Risk Management Committee.

(30) The Audit and Risk Management Committee is responsible for:

  1. overseeing the fraud and corruption prevention framework
  2. assisting internal and external auditors in understanding the fraud and corruption control framework and the importance RMIT places on fraud detection as part of an external audit
  3. monitoring the response to detected fraud and corruption cases via the report from Central Complaints and Investigations.

(31) The University Executive Committee is responsible for:

  1. understanding RMIT’s fraud and corruption risks
  2. demonstrating a high-level commitment to the prevention of fraud and corruption
  3. fostering a workplace culture where it is safe to disclose suspected fraud or corruption
  4. reviewing reports prior to submission to the Audit and Risk Management Committee.

(32) The Chief People Officer is responsible for:

  1. ensuring pre-employment screening
  2. escalating all matters of potential fraudulent or corrupt conduct to Central Complaints and Investigations.

(33) The Chief Information Security Officer is the delegated information security management and system officer responsible for:

  1. ensuring RMIT has an effective information security management system to mitigate the risks of cyber fraud
  2. training and awareness raising on preventing cybercrime across the RMIT Group.

(34) The Executive Director, Governance, Legal and Strategic Operations is the delegated Whistleblower Protection Coordinator, and is responsible for:

  1. maintaining, implementing, monitoring compliance with and reviewing this policy suite in accordance with the Policy Governance Policy to ensure currency and effectiveness
  2. determining how suspected fraud or corruption is handled, including directing people to IBAC if they wish to make a public interest disclosure
  3. receiving confidential communications that are not public interest disclosures under the Public Interest Disclosures Act
  4. internal and external mandatory reporting, as required.

(35) The Associate Director, Central Complaints and Investigations is responsible for:

  1. the proper conduct of investigations, including ensuring procedural fairness
  2. the appropriate handling of information relating to suspected fraud or corruption, regarding the requirements for reporting to law enforcement agencies, privacy, and confidentiality
  3. reporting the incidences of fraud and corruption
  4. ensuring training and awareness-raising is regularly conducted across the RMIT Group.

(36) The Director, Risk Management is responsible for:

  1. managing the risk profiles related to fraud and corruption
  2. recording the controls and, where necessary, treatment plans for identified fraud and corruption risks
  3. improvement opportunities related to fraud and corruption prevention.

(37) The Internal Audit team are responsible for:

  1. biennial review of RMIT’s fraud and corruption risks and controls, and providing assurance to the Audit and Risk Management Committee as to the effectiveness of those controls in preventing, detecting and reporting fraud
  2. identifying significant fraud risks while conducting audit planning and projects.

(38) All employees are responsible for:

  1. conducting their duties with the utmost regard for the expected standards of behaviour and integrity in accordance with this policy and policies relating to people, financial management, travel, ITS, procurement and expenditure
  2. reporting any fraud or corruption concerns to their manager, or the Associate Director, Central Complaints and Investigations, or lodging a complaint via the RMIT Complaints Portal or IBAC for public interest disclosures (refer to the Whistleblower Procedure)
  3. cooperating with any investigation into possible fraud or corruption.

(39) The Academic Registrar (or delegate) is responsible for:

  1. management and investigation of student misconduct as stipulated in the Student Conduct Policy

Compliance

(40) Members of RMIT’s senior executive are responsible for ensuring compliance with this policy within their area of responsibility.

(41) Fraud and corrupt conduct may result in disciplinary action, including summary termination of employment, enrolment or engagement, and referral to law enforcement agencies. Penalties are determined in accordance with the Code of Conduct, Workplace Behaviour Policy and the Student Conduct Policy.

Top of Page

Section 5 - Procedures and Other Policy Documents

(42) Refer to the following documents which are established in accordance with this policy:

  1. Fraud and Corruption Control Policy Schedule 1 – Examples of Fraud, Corruption, Public Interest Disclosures and High-Risk Activities
  2. Fraud and Corruption Control Procedure
  3. Whistleblower Procedure
  4. Whistleblower Procedure Schedule 1 – Types of Disclosures
  5. Fraud and Corruption Investigation Instruction.
Top of Page

Section 6 - Definitions

Term
Definition
Corruption
(adapted from Australian Standard 8001-2021 Fraud and Corruption Control)
 Dishonest activity in which a person associated with RMIT acts contrary to the interests of RMIT and abuses their position of trust in order to achieve personal advantage or advantage for another person or organisation. This can also involve corrupt conduct by RMIT or a person purporting to act on behalf of and in the interests of RMIT in order to secure some form of improper advantage for RMIT, either directly or indirectly.
Detrimental action
(defined by the Public Interest Disclosures Act 2012)
Action causing:
injury, loss or damage
intimidation or harassment
discrimination, disadvantage or adverse treatment in relation to a person’s employment, career, profession, trade of business, including the taking of disciplinary action.
It does not include management action in relation to an employee whistleblower taken for a substantial reason other than the employee having made a public interest disclosure. See the Whistleblower Procedure.
Fraud
(adapted from Australian Standard 8001-2021 Fraud and Corruption Control)
a. Dishonest activity causing actual or potential financial gain or loss to RMIT, including theft of money or other property by employees or persons external to RMIT.
b. Deliberate falsification, concealment, destruction or use of falsified documentation.
c. Improper use of information or position for financial benefit or benefit of others.
Improper conduct
Conduct that is corrupt, a substantial mismanagement of public resources, or conduct involving substantial risk to public health or safety or to the environment. The conduct must be serious enough to constitute a criminal offence or reasonable grounds for dismissal, if proved.