Docstoc

qh-gdl-295-1-1

Document Sample
qh-gdl-295-1-1 Powered By Docstoc
					                                                                 Document Number # QH-GDL-295-1-1:2012

The Guide to Fraud and Corruption Control (The Plan)
 Custodian/Review       Officer:    Chief   1.      PURPOSE
 Governance Officer
                                            This Guideline guides implementation of the Fraud
                                            Control Policy and Implementation Standard for Fraud
 Version no: 20
                                            Control Governance, Prevention, Detection and
                                            Response (The Standard).
 Applicable To: Queensland         Health
 corporate     divisions     and     the
 commercialised business units
                                            2.      SCOPE
 Approval Date: 20/12/2012
                                            This Guideline applies to all staff within the Queensland
                                            Health corporate divisions and the commercialised
 Effective Date: 10/01/2013                 business units (including contractors and consultants).

 Next Review Date: 20/12/2015
                                            3.      RELATED DOCUMENTS
 Authority:                                 3.1 Related Queensland Health polices or documents
                                                 Code of Conduct – Workplace Ethics, Conduct and
 Approving Officer: DDG SSS
                                                 Behaviour HR Policy E1 (QH-POL-113:2011)
 Name: Susan Middleditch                         Criminal History Checking HR Policy B40 (QH-POL-
                                                 122)
                                                 Discipline HR Policy E10 (QH-POL-124)
 Supersedes:
                                                 Financial Management Practice Manual (FMPM)
 Fraud Control and Prevention Guidelines
 2008                                            Fraud Control Policy (QH-POL-295:2012)
 Key Words: fraud, corruption, awareness,
 training, ethical culture, prevention,
                                                 Implementation Standard for Fraud Control
 detection, response                             Governance, Prevention, Detection and Response
                                                 (QH-IMP-295-1:2012)
 Accreditation References:                       Integrated Risk Management Policy (QH-POL-070)
                                                 Integrated Risk Management Implementation Standard
                                                 for use of the Risk Analysis Matrix (Standard QH-IMP-
                                                 070-2:2011)
                                                 Procurement Policy (QH-POL-044:2009)
                                                 Procurement Procedure (QH-PCD-044-1:2011)
                                                 Public Interest Disclosure HR Policy I5 (QH-POL-


                                            Version No.: <20>                                       Page 1 of 31


                                                                                   Printed copies are uncontrolled
                                       Guide to Fraud and Corruption Control (The Plan)

  202:2011)
  Recruitment and Selection Policy HR Policy B1 (QH-POL-212:2011)
  Requirements for Reporting Official Misconduct HR Policy E9 (QH-POL-218:2008)


3.2    Related legislation, standards and guidelines
  Australian Standard Fraud and Corruption Control AS 8001-2008
  Crime and Misconduct Commission “Facing the Facts”
  Crime and Misconduct Commission “Fraud and Corruption Control – Guidelines for best
  practice 2005”
  Crime and Misconduct Commission, Queensland Ombudsman, and Public Service
  Commission “Managing a Public Interest Disclosure Program. A Guide for Public Sector
  Organisations 2011”
  Crime and Misconduct Act 2001
  Code of Conduct for the Queensland Public Service 2011
  Criminal Code Act 1899
  Criminal Proceeds Confiscation Act 2002
  Financial Accountability Act 2009
  Financial and Performance Management Standard 2009
  Hospital and Health Boards Act 2011
  Public Interest Disclosure Act 2010
  Public Service Act 2008
  Public Service Commission: Public Interest Disclosure Standard No.1 2011
  Public Service Commission: Discipline Guidelines 2009
  Public Service Commission: Directive 22/09 Gifts and Benefits
  Public Service Commission: Guidelines Gifts and Benefits 2009
  Public Service Ethics Act 1994


3.3    Roles and Responsibilities
Roles and responsibilities for fraud control are detailed within the Implementation Standard
for Fraud Control Governance, Prevention, Detection and Response. These include:
Executives – Ensure integrated approach to fraud control, oversee a fraud working group,
provide assurance statements, maintain fraud risk profile, audit, and respond to reports.
Managers – Manage fraud risks within areas of responsibility.
All employees – participate in training (ethical awareness, induction/refresher), report
suspicions of fraud and/or corruption.


                                 Version No.: 20                                          Page 2 of 31


                                                                         Printed copies are uncontrolled
                                                          Guide to Fraud and Corruption Control (The Plan)

TABLE OF CONTENTS

 The Guide to Fraud and Corruption Control (The Plan) ................................................................ 1
1.         PURPOSE ........................................................................................................................ 1
2.         SCOPE ............................................................................................................................. 1
3.         RELATED DOCUMENTS ................................................................................................. 1
     3.1         Related Queensland Health polices or documents ........................................... 1
     3.2         Related legislation, standards and guidelines ................................................... 2
     3.3         Roles and Responsibilities ................................................................................ 2
 TABLE OF CONTENTS ................................................................................................................ 3
4.         INTRODUCTION .............................................................................................................. 5
     4.1         Commitment to fraud control............................................................................. 5
     4.2         Four major components of the Guide to Fraud and Corruption Control ............ 5
     4.3         Review of the Guide to Fraud and Corruption Control ...................................... 5
     4.4         What is fraud and corruption ............................................................................. 6
5.         ETHICAL CULTURE ......................................................................................................... 6
     5.1         Understanding why people commit fraud – The Fraud Diamond ...................... 6
     5.2         Embedding an ethical culture............................................................................ 7
     5.3         Education and training program ........................................................................ 7
     5.4         Tasks for improving an ethical culture .............................................................. 8
6.         PREVENTION .................................................................................................................. 8
     6.1         Internal controls ................................................................................................ 9
     6.2         Fraud and corruption risk assessment .............................................................. 9
     6.2.1       Fraud and corruption risk identification ............................................................. 9
     6.2.2       Fraud and corruption risk analysis .................................................................. 15
     6.2.3       Fraud and corruption risk evaluation ............................................................... 15
     6.3         Fraud risk register ........................................................................................... 16
     6.4         Fraud and corruption risk treatment ................................................................ 16
     6.5         Monitor and review of fraud and corruption risks ............................................ 16
     6.6         Pre-employment screening ............................................................................. 17
     6.7         Fraud alerts..................................................................................................... 18
     6.8         Contractor and supplier due diligence............................................................. 18
     6.9         Tasks for fraud prevention .............................................................................. 18




                                                  Version No.: 20                                                                 Page 3 of 31


                                                                                                               Printed copies are uncontrolled
                                                         Guide to Fraud and Corruption Control (The Plan)

7.          DETECTION ................................................................................................................... 19
      7.1        Communicating the Guide to Fraud and Corruption Control ........................... 19
      7.2        Reporting instances of fraud ........................................................................... 19
      7.3        Protection for persons making a public interest disclosure
                 (formerly referred to as a whistle-blower)....................................................... 19
      7.4         Identification of early warning signs (red flags) .............................................. 20
      7.5        Data analysis program .................................................................................... 21
      7.6        Post-incident review ........................................................................................ 21
      7.7        Procurement contract review .......................................................................... 21
      7.8        The role of internal audit ................................................................................. 21
      7.9        External audit .................................................................................................. 22
      7.10       Fraud Control Officers..................................................................................... 22
      7.11       Tasks for fraud detection ................................................................................ 22
8.          RESPONSE, OUTCOMES AND RECOVERY ................................................................ 22
      8.1        Assessing and managing complaints of suspected fraud ............................... 22
      8.2        External investigation procedures ................................................................... 23
      8.3        Reviewing systems and procedures (post-fraud) ............................................ 23
      8.4        Provision of information to external agencies ................................................. 24
      8.5        Disciplinary action ........................................................................................... 24
      8.6        Recovery of losses ......................................................................................... 24
9.          DEFINITION OF TERMS ................................................................................................ 24
10.         CONSULTATION............................................................................................................ 24
11.         GUIDELINE REVISION AND APPROVAL HISTORY ..................................................... 25
Appendix 1 Compliance Schedule AS 8001 - 2008 ....................................................................... 26
Appendix 2 Compliance Schedule – CMC Guidelines for Best Practice ........................................ 30




                                                 Version No.: 20                                                              Page 4 of 31


                                                                                                            Printed copies are uncontrolled
                                         Guide to Fraud and Corruption Control (The Plan)



4.       INTRODUCTION
4.1      Commitment to fraud control
Queensland Health has zero tolerance for corrupt conduct, fraudulent activities or
maladministration. This is supported by a hierarchy of governance and controls which will
continue to build an ethical organisational culture.
Queensland Health has adopted a structured governance framework and an integrated
approach to the development, implementation and regular review of fraud prevention and
detection, monitoring, reporting and response strategies. The framework is based on the
Australian Standards Fraud and Corruption Control (AS 8001-2008) and the Crime and
Misconduct Commission Fraud and Corruption Control Guideline for Best Practice (2005).
Refer to Appendix 1 and 2 for the compliance schedule.
The Queensland Health Fraud Control Policy and Implementation Standard has been
endorsed by EMT and approved by Deputy Director-General, System Support Services
(DDG SSS) for implementation. DDG SSS maintains ongoing custodianship of the Policy,
Standard and Guide.


4.2      Four major components of the Guide to Fraud and Corruption Control
The four essential elements of fraud and corruption control are contained in Table 1.

Table 1 Components of the Guide to Fraud and Corruption Control



 1. Ethical Culture         Increasing levels of ethical awareness by embedding and implementing
                            initiatives to deter and minimise the opportunities for fraud.

 2. Prevention              Reducing instances of fraud by strengthening the systems of control and
                            risk management.
 3. Detection               Implementing initiatives to detect fraud as soon as possible after it occurs.

 4. Response, Outcomes      Implementing initiatives to deal with detected or suspected fraud in
                            accordance with relevant policies and legislation. Ensuring appropriate
     and Recovery
                            outcomes (disciplinary, civil, systemic or criminal justice system), thereby
                            helping to deter and prevent fraud from occurring. Recovery of losses
                            maximised as far as possible, thereby limiting the financial impact and
                            helping to deter and prevent reoccurrence.



4.3      Review of the Guide to Fraud and Corruption Control
This Guideline shall be reviewed at least every two years but a review can be triggered at
any time by changes in the Fraud Control Policy and/or Standard.




                                   Version No.: 20                                                  Page 5 of 31


                                                                                   Printed copies are uncontrolled
                                                 Guide to Fraud and Corruption Control (The Plan)

4.4      What is fraud and corruption
The definitions of fraud and corruption are provided in the Fraud Control Policy. For some
examples of fraud and corruption, refer to Table 2 below.


Table 2 Examples of fraud

 Internal                               External                              (Joint) Collusion
      False claims for travel, petty       Hacking into, or interfering          Certification for goods or
      cash, overtime and                   with a computer system                services as being delivered
      expenses                             Charging for goods or                 when they are not
      Misuse of corporate credit           services that are incomplete          Unlawful or unauthorised
      cards and cab charge                 or not delivered                      release of information
      Falsifying invoices for goods        Fraudulently inflating invoices.      Knowingly making or using
      or services                                                                forged or falsified
      Dishonestly using purchase                                                 documentation
      or order forms to gain a                                                   Collusion with external
      personal benefit                                                           vendors (e.g. kickbacks and
      Dishonest use of intellectual                                              providing insider information
      or confidential property                                                   etc.)
      Falsifying hours on
      timesheet
      Working elsewhere without
      permission whilst on leave
      (e.g. sick leave)
      Creating false entries in the
      Dangerous Drugs Register to
      obtain non-prescribed drugs
      Financial statement fraud
      (fraudulent inflation of assets
      to give an inaccurate
      representation of profit)
      Creating false bank accounts
      to siphon money.
      False CV.



5.       ETHICAL CULTURE
5.1      Understanding why people commit fraud – The Fraud Diamond
The Fraud Diamond describes the four key contributing elements to fraud within the
department. Fraud is more likely to occur when:
     A person has an incentive or pressure to commit fraud
     Weak controls provide a person with opportunities to commit fraud
     The person has the capability to recognise the opportunity to commit fraud and takes
     advantage of it
     The person can rationalise committing the fraudulent behaviour.




                                           Version No.: 20                                                 Page 6 of 31


                                                                                          Printed copies are uncontrolled
                                        Guide to Fraud and Corruption Control (The Plan)

Raising awareness of the above four contributing elements (including through fraud
awareness training) can support an ethical culture and assist staff in recognising early
warning signs of fraudulent activity (red flags).


Figure 1 – The Fraud Diamond




          Pressures                                       Capabilities
                                      FRAUD
         Opportunities                                    Rationalisation

Adapted from The Fraud Diamond: Considering the Four Elements of Fraud, David Wolfe and Dana
Hermanson (2004)


5.2    Embedding an ethical culture
The Fraud Control Policy and Standard establishes a fundamental strategy in controlling
the risk of fraud and corruption is the development and maintenance of a sound ethical
culture across Queensland Health. Raising awareness of ethical behaviours will assist in
minimising the risk of fraud across the organisation.
The organisation’s expectations on ethical behaviour are outlined in the Code of Conduct
which describes its commitment to creating and maintaining an environment which is
professional, client responsive, safe and free of any form of unlawful or inappropriate
behaviour. This commitment supports the expectations of the people of Queensland that
all activities of Queensland Health are conducted with efficiency, impartiality and integrity.


5.3    Education and training program
Fraud and corruption often goes undetected because of staff’s lack of knowledge in
recognising the early warning signs of fraudulent activity. Furthermore staff may be
unaware of how to report their suspicions or have a lack of confidence in the integrity of
the reporting system or investigation process. Accordingly, Queensland Health has
introduced mandatory ethical awareness training to assist in raising the general awareness
of fraud and corruption among staff and how they should respond should this type of
activity be suspected or detected.
Ethical awareness training sessions introduce the concept of fraud within Queensland
Health and provide training on the following:
  What is fraud
  Queensland Health and Crime and Misconduct Commission’s attitude towards fraud
  Examples of fraud
  Fraud statistics


                                  Version No.: 20                                          Page 7 of 31


                                                                          Printed copies are uncontrolled
                                         Guide to Fraud and Corruption Control (The Plan)

     Profile of a fraud offender
     How to prevent, detect and respond to fraud.
Ethical awareness training is available through the Ethical Standards Unit, Governance
Branch, System Support Services Division. Managers or executives may commission
additional training specifically related to their area of business operations.


5.4      Tasks for improving an ethical culture
Additional best practice tasks for improving an ethical culture include the following:
     Fraud and corruption control responsibilities form part of the performance management
     framework for staff
     Ensuring all staff receive information on the Fraud Control Policy, Standard and the
     Code of Conduct upon induction
     Ensuring updates and changes to relevant policies and procedures are effectively
     communicated to all staff
     Confirming that all staff have participated in relevant training including Code of Conduct
     training
     Communicating de-identified outcomes of investigations as appropriate in order to deter
     further incidents of fraud occurring
     Conducting meetings with branch heads to discuss the ongoing effectiveness of this
     Guideline and to ascertain whether messages are being delivered to staff effectively
     Regular liaison between Executives and key branches, including HR, Internal Audit,
     Finance, Payroll and the Ethical Standards Unit
     Regular discussion of ethical standards or behaviours at team /unit meetings
     Utilisation of all available media to disseminate fraud awareness materials, including
     newsletters, intranet information, emails, leaflets
     Roll-out of the e-Learning package across the department
     Measurement of awareness levels through an ethical culture survey to staff
     Regular liaison with Communication staff to ensure that key messages are
     disseminated effectively.
These initiatives should be supported by effective and continuous communication and
example-setting by management (tone from the top approach).


6.       PREVENTION
Key aspects of preventing fraud include ensuring internal controls are in place to manage
potential fraud risks, identifying control weaknesses and implementing measures to
address these weaknesses. Regular fraud risk assessments are vital in identifying
potential risks and control weaknesses and appropriate treatments.



                                   Version No.: 20                                         Page 8 of 31


                                                                          Printed copies are uncontrolled
                                        Guide to Fraud and Corruption Control (The Plan)

6.1    Internal controls
Internal controls are often the first line of defence against fraud. Queensland
Health maintains a strong internal control system and promotes and monitors the use of
effective internal controls. The Financial Management Practice Manual describes key
elements of the internal control system including governance/committee structures,
reporting pathways, delegations, and procedures for monitoring the performance of, and
accounting for, departmental investment.
Effective internal controls are developed and maintained through the cooperation of
multiple work areas within the department including the governance, internal audit and
finance units.


6.2    Fraud and corruption risk assessment
Queensland Health adopts a formal identification, analysis and evaluation of fraud and
corruption risks through a periodic assessment of risks of fraud and corruption within the
Department of Health.


       6.2.1 Fraud and corruption risk identification
Fraud and corruption risk identification is the process of finding, recognising and recording
risks. To be effective in identifying fraud and corruption risks a variety of methods will be
used such as:
  Annual audit reports, report results and/or physical inspections
  Relevant Crime and Misconduct Commission investigation reports
  Records of prior losses
  Complaints by Queensland Health staff, clients or stakeholders
  Using the expert knowledge and judgement of colleagues if they know of how the
  existing controls could be bypassed i.e. identifying flaws in the existing governance
  arrangements
  Directly observing workplace activities that are of concern and checking the
  corresponding Queensland Government or Queensland Health policy and/or procedure
  that relates to your observations
  Analysing specific scenarios to understand what may constitute a fraud or corruption
  risk
  Consulting with Queensland Health areas that are responsible for managing a particular
  policy or procedure
  Using the internet and visiting relevant agency sites like the Crime and Misconduct
  Commission’s website.


Fraud risk identification is an important part of business risk identification processes in the
following areas:


                                  Version No.: 20                                          Page 9 of 31


                                                                          Printed copies are uncontrolled
                                       Guide to Fraud and Corruption Control (The Plan)

Correspondence and information management
All Queensland Health employees must ensure confidential information and information
relating to individuals’ own privacy is securely held and only used for the purpose for which
it was collected.
The following points represent some examples of fraud and corruption risks:

      A former employee obtaining confidential information and providing it to a new
      employer to aid their dealings with Queensland Health

      An employee providing private information contained on a secure Queensland
      Health computer network to a third party to gain an advantage when dealing with
      Queensland Health

      An employee leaking politically sensitive information obtained through the
      performance of their work to a member of the public or another stakeholder, such
      as the media

      An employee using private and personal information obtained through the
      performance of their work for private purposes such as debt collection, intimidation
      or stalking.


Delegations
Delegation of authority within Queensland Health establishes who is empowered to make
decisions and to take action on behalf of Queensland Health. The Queensland Health
Delegations Policy and Implementation Standard identify requirements, roles and
responsibilities in relation to delegating decisions, authority or power.

Queensland Health staff may exercise their delegation through actions such as approving
expenditure, signing requisitions or purchase orders, approving appointments or leave
applications, or signing a contract that commits Queensland Health to significant
expenditure.

The following points represent some examples of fraud and corruption risks:

      Using delegated authority to make a decision for corrupt purposes (for example, the
      wrongful dismissal of an employee or taking unlawful disciplinary action)

      Acting outside their delegation for fraudulent or corrupt purposes, such as:
      -   Wrongfully influencing a building corridor development which will benefit the
          employee, relative, or someone with whom they are otherwise connected
      -   Awarding a contract to a contractor without proper due consideration of
          alterative suitable providers that comply with Queensland Health procurement
          policy and procedure.

      A manager who signs off on fraudulent overtime claims.


                                 Version No.: 20                                        Page 10 of 31


                                                                        Printed copies are uncontrolled
                                        Guide to Fraud and Corruption Control (The Plan)

Facilities and public resources
All Queensland Health employees are accountable for resources they use or have access
to in the course of performing their duties. The Code of Conduct for the Queensland Public
Service Section 4.3 requires all employees to be economical, avoid waste and
extravagance when using public resources for their proper purposes and use any public
resource in accordance with Queensland Government and agency policy.

The poor management and misuse of public resources can undermine the integrity and
operational efficiency of Queensland Health as a Queensland Government agency thereby
not providing the public with value for money.
The following points represent some examples of fraud and corruption risks:

       Regularly taking resources, such as office supplies, stationery or Queensland
       Health equipment, home for their own personal use, or to sell for their own personal
       benefit

       Unauthorised use of a motor vehicle

       Unauthorised negotiating of substantial contracts

       Responsibility for arranging for the disposal of goods directing the contractor to
       make the payments directly to them instead of an approved Queensland Health
       account

       Destroying financial or administrative written or electronic records pertaining to the
       disposal of Queensland Health goods or resources to cover their own corrupt
       activities

       Deliberately over-ordering resources to use the surplus for personal gain.


Finance
Queensland Health’s Financial Management Practice Manual (FMPM) provides policy
statements, practice statements and guidelines regarding significant accounting and
financial management issues. It is fundamentally based on the Financial Accountability Act
2009 and the Financial and Performance Management Standard 2009.
It encompasses all requirements imposed upon the public sector such as the Code of
Conduct for the Queensland Public Sector, and incorporates all legislative requirements,
whole of government requirements and generally held notions of best practice.
Compliance with the FMPM is mandatory for all employees. Managers of non-finance
operational units should be aware of the sections of this manual that affect their particular
area of operation. All staff directing and undertaking financial operations should appraise
themselves against the requirements of the FMPM which are relevant to their operations.
The following points represent some examples of fraud and corruption risks:




                                  Version No.: 20                                        Page 11 of 31


                                                                         Printed copies are uncontrolled
                                      Guide to Fraud and Corruption Control (The Plan)

      Manipulating the financial system to make payments to a non-existent supplier, and
      indirectly to their own financial account

      Colluding with a supplier to produce an invoice price that is higher than necessary
      in order to receive a payment or some other benefit from the transaction

      Approving invoices for private expenses or colluding to do so for others

      Submitting a false travel or petty cash claim and receiving a benefit to which they
      are not entitled by contravening a relevant Queensland Health Policy or Procedure

      Purchasing goods or services by using Queensland Health resources for private
      use

      Senior management inflating balance sheet values to cover up poor performance or
      mistakes

      Failing to record purchases properly to misappropriate cash

      Being bullied, harassed or threatened to misappropriate cash or avoid proper
      payment for a good or service by a third party

      Charging personal expenses to a Queensland Health corporate credit card

      Falsifying, destroying or damaging receipts and other financial records

      Misusing Cabcharge vouchers for personal use or alternatively profit

      Seeking to allocate a grant outside the terms of the agreement and conditions for
      personal benefit

      Improperly disclosing personal or banking details to third parties.


Human resource management
Human resource management in Queensland Health is governed by departmental policies
and industrial awards and directives that are issued by the Queensland Government’s
Public Service Commission.
The following points represent some examples of fraud and corruption risks:

      Manipulating recruitment and selection procedures to secure the appointment of a
      close friend or family member or associate

      Management promoting, engaging or giving an employee advantage over others for
      personal reasons

      Management unfairly disadvantaging, bullying, intimidating or discriminating against
      employees for personal reasons (for example, unlawful use of power in personal
      conflicts)


                                Version No.: 20                                         Page 12 of 31


                                                                        Printed copies are uncontrolled
                                       Guide to Fraud and Corruption Control (The Plan)

      A selection committee appointing members to the selection panel whom they can
      influence in order to ensure their favoured and less meritorious candidate will be
      selected

      Management taking detrimental action against employees who report official
      misconduct or maladministration

      An employee or an applicant for a Queensland Health advertised position falsifying
      qualifications or employment history or references to enhance their prospects of
      securing the position

      Management knowingly concealing the corrupt conduct of subordinate employees.


Information management and information technology
Queensland Health possesses a range of information management and technology
policies and standards regarding the department’s information resources. Compliance
with these information policies and standards is mandatory for all employees in corporate
divisions and commercialised business units.
Queensland Health is reliant on information management and information technology
systems to perform its operational functions. It is imperative that information maintained on
these systems is accurate, complete and uncorrupted. It is critical for the efficient and
productive operation of Queensland Health that the information contained on Queensland
Health systems is easily accessible for its use in legitimate purposes while being protected
from any misuse.
The following points represent some examples of fraud and corruption risks:

      Electronically creating fraudulent documentation and providing it to a member of the
      public to gain a benefit (e.g. Medicare card)

      Altering or deleting electronic data held on the Queensland Health information
      system to prevent evidence of other wrongdoing from being detected or to aid a
      third party

      Taking advantage of temporarily inoperative (or partially operative) information
      technology systems to act in a corrupt way

      Placing malware (for example, viruses, spyware) on Queensland Health’s
      information technology system in an attempt to damage software or information
      held on the system

      Using another employee’s computer and/or log-in

      An IT contractor providing information about Queensland Health’s information
      technology system to a third party who uses the information to launch a successful
      attack on Queensland Health’s systems

      Gaining access to electronic records without proper authority or approval


                                 Version No.: 20                                        Page 13 of 31


                                                                        Printed copies are uncontrolled
                                       Guide to Fraud and Corruption Control (The Plan)

      An IT contractor building a ‘back door’ into information technology systems that
      enable inappropriate secret access to alter or delete Queensland Health’s electronic
      data and records.


Legal and contractual compliance
Queensland Health enters into legal contracts (for example, agreements, deeds, service
contracts, memorandums of understanding,) to meet the department’s work obligations.
The following points represent some examples of fraud and corruption risks:

      Fails to declare a conflict of interest but continues to deal with a close associate in
      exercising their functions (for example, recruitment of an employee)

      Solicits or accepts a bribe in order to exercise, or not exercise, their authority in a
      certain way

      Accepting or soliciting a bribe or secret commission from a tenderer to give partial
      consideration to them

      Identifying too closely with the interests of a joint venture partner subsequently
      leading to a failure to properly monitor the quality of the work performed.


Regulatory compliance
There are two main areas of risks associated with regulatory compliance in Queensland
Health. First, the department is subject to legislation. Therefore, there may be risks
associated with breaching the requirements of legislation (as covered in the previous
sections). Second, Queensland Health acts as a regulator and as such, risks may be
present regarding the appropriate or inappropriate use of power in this role as regulator.
The following points represent some examples of fraud and corruption risks:

      Issuing a license to an individual or business based on factors other than objective
      assessment criteria (e.g. personal relationship)

      Deciding or recommending not to pursue prosecution because of a personal
      relationship with the person or business in breach of legislation

      Choosing not to audit a person or business because of a relationship with that
      person or business.


Procurement
Queensland Health must comply with its Procurement Policy to ensure that processes and
procedures uphold the integrity of procurement decision making.
The following points represent some examples of fraud and corruption risks:



                                 Version No.: 20                                          Page 14 of 31


                                                                          Printed copies are uncontrolled
                                        Guide to Fraud and Corruption Control (The Plan)

       Providing commercial-in-confidence information to a tenderer resulting in them
       obtaining an unfair advantage over other tenderers in the tender process

       Knowingly making payments on fraudulent procurement related claims

       Colluding with a supplier of goods or services to Queensland Health for personal
       gain

       Splitting an order to avoid obtaining competitive quotes in the tending process or to
       circumvent Queensland Health’s established delegation limits for procurement
       transactions

       Obtaining kickbacks by organising preferential treatment

       Not declaring an existing relationship or secondary employment with a tenderer for
       that contract and seeking to unfairly influence the decision making process.


       6.2.2 Fraud and corruption risk analysis
Analysing fraud and corruption risks is a key component for creating an effective ethical
culture. The analysis phase involves developing an understanding of the risk. It provides
input into risk evaluation and to decision-making on whether risks need to be treated.
Subsequently, the information gathered will determine the most appropriate risk treatment
options and methods.
Fraud and Corruption risks will be identified through workshops and meetings with staff
and scored accordingly. The risk analysis process as per the Queensland Health
Implementation Standard for the Use of the Risk Analysis Matrix (QH-IMP-070-2:2011)
shall be used to:
  Determine the possible outcome should a risk occur and the likelihood of the risk
  occurring using the Consequence and Likelihood tables
  Determine the level of risk rating (using the Queensland Health Risk Analysis Matrix)
  Determine the initial, current and projected level of risk


       6.2.3 Fraud and corruption risk evaluation
Risk evaluation involves comparing the level of risk identified during the risk analysis
process with risk criteria established when the context was considered.
Evaluating fraud and corruption risk against Queensland Health’s risk criteria matrix takes
into account the impact of the risk on Queensland Health, and the existing, available
governance controls.

The risk evaluation process (Guideline for Risk Management) assists Queensland Health
to decide on the responsible courses of action to take an integrated approach to fraud and
corruption risk management and it can include the following evaluation considerations:



                                  Version No.: 20                                        Page 15 of 31


                                                                         Printed copies are uncontrolled
                                        Guide to Fraud and Corruption Control (The Plan)

  Whether a fraud and corruption risk needs a formal treatment plan, or appropriate
  additional controls
  Whether resources should be dedicated towards undertaking an activity (a course of
  action)
  Priorities for the treatment of identified risks linked to the areas of fraud and corruption.


6.3   Fraud risk register
All fraud risks that are identified within the Department of Health should be documented in
QHRisk (Implementation Standard for the Integrated Risk Management System QH-IMP-
070-3:2011) or an appropriate risk register. The Chief Risk Officer maintains a centralised
fraud risk register and risk profile for the department. Managers are responsible for
assessing and recording fraud risks within their areas of responsibility. Managers may
maintain a unit, branch or divisional risk register for this purpose.


6.4   Fraud and corruption risk treatment
In treating the risks, decisions are made on the most appropriate treatment (additional
controls) to be pursued for each fraud or corruption risk. Consideration of treatments
should consider both positive and negative outcomes that may arise from implementing
each fraud and corruption treatment option.
The key objective in completing risk treatments for high fraud or corruption risks is to
provide specific actions to be developed, processes implemented and timeframes
assigned to appropriate Queensland Health employees. This will assist in formally
managing, monitoring, reducing or eliminating the identified risk associated with fraud and
corruption.


6.5   Monitor and review of fraud and corruption risks
Risk registers and risk treatment become reference material during the monitor and review
phase. The monitoring and review process should encompass the following elements:
  Ensuring that controls are effective and efficient in design, implementation and
  operation
  Obtaining further information (such as issue clarification) to improve the risk
  assessment
  Analysing and learning lessons from events (including near-misses), changes, trends,
  successes and failures
  Detecting changes in the external, internal and individual context, including changes to
  risk criteria and the risk itself which can require revision of risk treatments and priorities
  Identifying emerging risks.




                                  Version No.: 20                                          Page 16 of 31


                                                                           Printed copies are uncontrolled
                                        Guide to Fraud and Corruption Control (The Plan)

Decisions undertaken for review, evaluation and treatment of risk should consider the total
cost of the fraud or corruption risk under consideration, including increases or reductions in
spending on controls as a result of the proposed treatment options, such as:
  Direct and collateral losses arising should the risk occur
  Costs of existing anticipatory controls and proposed treatment options, such as:
       -   On-going risk assessment
       -   Prevention
       -   Deterrence
       -   Detection.
  Reactionary costs of responding to risk should it eventuate, such as:
       -   Investigation of the fraud or corruption event(s)
       -   Recovery of value lost as a result of the risk eventuating, including any legal
           costs incurred
       -   Reputational cost – e.g. media attention
       -   Cost of time taken by staff dealing with the fraud for example interviews
       -   Restoration of the capacity and capability of the department to its pre-event
           levels.


6.6    Pre-employment screening
The Queensland Health Criminal History Checking Policy is committed to maintaining
public confidence in the integrity of all staff and as such all persons to be engaged in
general Queensland Health employment, permanently or when the period of employment
is expected to exceed three months, are required to have a criminal history check.
Pre-employment screening is one effective means of preventing fraud. For example, pre-
employment screening may detect falsified qualifications or employment history. Criminal
history checking may identify previous criminal convictions for offences within Australia.
Selection panels, delegates for appointments, recruitment units and human resources
managers shall ensure employees, prospective employees and other persons have the
requisite criminal history check prior to appointment.
Queensland Health will undertake the following as a minimum:
  Verification of identity
  Verification of right to work in Australia
  Police criminal history check / blue card
  Reference check
  Verification of formal qualifications.




                                  Version No.: 20                                        Page 17 of 31


                                                                         Printed copies are uncontrolled
                                         Guide to Fraud and Corruption Control (The Plan)

6.7    Fraud alerts
Fraud alerts will be disseminated in relation to current scams and fraud committed
externally. The Principal Prevention Officer will liaise with the Chief Risk Officer and the
alerts will be disseminated to Queensland Health managers and/or staff (as deemed
appropriate) to prevent further instances of fraud and to raise awareness of fraud trends.


6.8    Contractor and supplier due diligence
Queensland Health will perform effective due diligence on contractors and suppliers which
may include the following:
  Search on company register
  ABN confirmation
  Verification of personal details of directors
  Director bankruptcy search
  Disqualified Director search
  Assessment of credit rating
  Search of legal proceedings pending and judgements entered
  Telephone listing verification
  Trading address verification
  Media search such as Google etc.


Queensland Health will consider ongoing commercial relationships and reassess a future
working relationship if it is found that there is an increased risk of fraud or corruption. For
example, there is a heightened propensity of fraud within the procurement area such as
when a potential supplier of goods or services manipulates the procurement process by
offering secret payments (bribes) to secure a contract.


6.9    Tasks for fraud prevention
Additional best practice tasks for fraud prevention include the following:
  The Chief Governance Officer in conjunction with the Fraud and Corruption Working
  Group may request audits/reviews of specific areas of concern.
  Monitoring of actions taken following recommendations made by the Crime and
  Misconduct Commission as a result of proactive reviews and investigations.
  Routinely identifying possible conflicts of interest particularly in high risk areas such as
  finance, procurement and human resource management.




                                   Version No.: 20                                         Page 18 of 31


                                                                           Printed copies are uncontrolled
                                         Guide to Fraud and Corruption Control (The Plan)

7.       DETECTION
Despite prevention activities, fraud and corruption may still occur. Therefore it is important
specific strategies are in place to detect fraud as soon as possible if it has occurred.


7.1      Communicating the Guide to Fraud and Corruption Control
This Guideline will be communicated by way of:
     Creating and implementing a communications plan for the Fraud Control Policy and
     Standard
     Availability of the Fraud Control Policy and Standard on the Queensland Health intranet
     (QHEPS) and internet
     This Guideline should be accessible to all personnel, particularly those with specific
     fraud and corruption accountabilities.


7.2      Reporting instances of fraud
As per the Standard and HR Policy E9 (Requirements for Reporting Official Misconduct)
all Queensland Health staff who become aware of suspected fraudulent or corrupt conduct
have an obligation to report the matter and must do so immediately.
It is recommended that suspected fraud be reported through line management in the first
instance, who will arrange for the matter to be referred to the Ethical Standards Unit.
However, for instances where this is not appropriate, a staff member may report the matter
directly to the Ethical Standards Unit (om_complaints@health.qld.gov.au) or the Crime and
Misconduct Commission (complaints@cmc.qld.gov.au).
Staff should endeavour to manage information confidentially and, once a report is made,
take no further action until advised by the Ethical Standards Unit.
Queensland Health will ensure complaints and disclosures are managed impartially and
provide support and protection from reprisals to disclosers, in accordance with the Public
Interest Disclosure Act 2010 and Public Interest Disclosures HR Policy.


7.3      Protection for persons making a public interest disclosure (formerly referred
         to as a whistle-blower)
The Public Interest Disclosure Act 2010 supports the disclosure of improper conduct or
wrongdoing and it has powerful provisions for the protection of people who make a public
interest disclosure.
Queensland Health is committed to creating and maintaining a work environment that
encourages and facilitates the disclosure of wrongdoing by:
     Promoting the public interest by facilitating complaints and disclosures of wrongdoing
     that relate to Queensland Health




                                   Version No.: 20                                         Page 19 of 31


                                                                           Printed copies are uncontrolled
                                              Guide to Fraud and Corruption Control (The Plan)

  Ensuring that complaints and disclosures, including those made anonymously, are
  properly assessed and where appropriate, dealt with, reviewed or investigated
  thoroughly and impartially
  Affording support and protection from reprisals to disclosers or those who are the
  subject of a public interest disclosure
  Ensure confidentiality in relation to all information relating to the public interest
  disclosure and the identity of the discloser so as to protect internal witnesses against
  reprisals

7.4       Identification of early warning signs (red flags)
Identifying and acting on warning signs (red flags) is paramount to the early detection of
fraud. Fraud awareness training workshops support early warning capabilities and an
understanding of red flags amongst all staff.
Red flags do not indicate guilt or innocence, but they provide warning signs of possible
fraud. There are two types of red flags: behavioural and transactional. Transactional red
flags refer to unusual or out of the ordinary exchanges related to common business
activities or transactions. Behavioural red flags refer to unusual actions behaviours or
traits exhibited by a person. Some examples are provided in the table below.


Table 3 Early Warning Signs (Red Flags)

 Transactional Red Flags

      Transaction occurring at an unusual time (of day, week, month, year or season)
      Frequency of the transaction is unusual (too many or few)
      Place of transaction is unusual (e.g. invoice not usually received from a country or region)
      Amount of the transaction is unusual (too high, too low, too alike, too different)
      Unusual relationships between persons (related parties, perceived strange relationship between
      parties, management performing clerical functions).

 Behavioural Red Flags

      Employee lifestyle changes: expensive cars, jewellery, homes, clothes
      Exorbitant/excessive lifestyle, personal circumstances or purchases not matched with income (e.g.
      significant gambling addiction may increase the likelihood of committing fraud)
      Significant personal debt and credit problems
      Creditors or collectors appearing at the workplace
      Refusing vacations, sick leave or promotions – may have a fear of detection
      Lack of a strong code of personal ethics
      A strong desire to beat the system
      Criminal history
      Persistent and/or unnecessary taking control of records
      Insisting on working unusual or non-standard business hours
      Avoiding or delaying provision of documentation when requested by Auditors.




                                        Version No.: 20                                             Page 20 of 31


                                                                                    Printed copies are uncontrolled
                                        Guide to Fraud and Corruption Control (The Plan)

7.5   Data analysis program
Data analysis is a powerful means of detecting fraud and other improper behaviour. It is a
process of uncovering patterns and relationships in datasets that appear unrelated and it
can also highlight discrepancies which may indicate fraud and irregular behaviour.
The Chief Governance Officer is responsible for ensuring that the data analysis program
focuses on key risk areas including key fraud risks. The data analysis program is aimed at
strategic use of computer systems in the identification of fraud indicators. Using data
analytic techniques, trends can be examined and investigated which may be indicative of
fraudulent conduct.


7.6   Post-incident review
Queensland Health, through the Fraud and Corruption Working Group, will ensure an
effective review process following a critical incident. This includes a broader assessment
of the issue/s and putting into practice the feedback from lessons learned.


7.7   Procurement contract review
Fraud can be minimised through good contract management which can include conducting
periodic reviews of contracts with external providers. These reviews may focus on:
  Deliverables
  Performance reviews
  Appropriate documentation and record-keeping
  Ongoing supplier due diligence
  Value for money
  Opportunity/capability for conflict of interest
  Verification of invoices.


7.8   The role of internal audit
Internal audit supports management's efforts to establish a culture that embraces ethics,
honesty, and integrity. Internal audit assist management with the evaluation of internal
controls used to detect or mitigate fraud, and may be involved in fraud investigations.
Internal audit is the appropriate process for assessing the effectiveness of internal
controls. The Internal Audit unit may receive directives from management, the Fraud and
Corruption Working Group or the Audit and Risk Committee. Therefore, the Internal Audit
unit may play a variety of consulting, assurance, advisory, and investigative roles in
Queensland Health’s fraud management process.




                                  Version No.: 20                                      Page 21 of 31


                                                                       Printed copies are uncontrolled
                                          Guide to Fraud and Corruption Control (The Plan)

7.9      External audit
Queensland Health will take a proactive approach and will liaise with the external auditor
to facilitate the exchange of information in relation to the prevention and detection of fraud.
Queensland Health will respond quickly to concerns identified during the course of external
audit work.


7.10     Fraud Control Officers
There are three Fraud Control Officers who work together to lead fraud and corruption
control policy, planning and programs within Queensland Health: Chief Governance
Officer, Chief Risk Officer, Principal Prevention Officer. For example:
     Chief Governance Officer works together with the Chief Risk Officer and Principal
     Prevention Officer to develop and maintain departmental policies and standards
     The Principal Prevention Officer will ensure current best practice in fraud control is
     integrated into training and development programs
     The Chief Risk Officer will work with the relevant risk owners to manage the
     department’s exposure to fraud risk.


7.11     Tasks for fraud detection
Additional best practice tasks for fraud detection include the following:
     The Chief Governance Officer in conjunction with the Fraud and Corruption Working
     Group may request audits/reviews of specific areas of concern.
     Ongoing publicity regarding Public Interest Disclosure Act 2010 which encourages staff
     to report improper conduct or wrong doing.
     Workshops which include training on transactional and behavioural red flags.


8.       RESPONSE, OUTCOMES AND RECOVERY
8.1      Assessing and managing complaints of suspected fraud
The Director, Ethical Standards Unit shall respond to reports of suspected fraud or
corruption according to authorised procedures by:
     Assessing each matter to determine whether or not it meets the thresholds for official
     misconduct or public interest disclosures.
     If the matter could amount to official misconduct, making appropriate referrals to the
     Crime and Misconduct Commission.
     If the matter is assessed as a public interest disclosure, making appropriate referrals to
     the Queensland Ombudsman’s Office.
     Where appropriate, referring serious allegations of fraud or corruption to the
     Queensland Police Service on behalf of the department.



                                    Version No.: 20                                         Page 22 of 31


                                                                            Printed copies are uncontrolled
                                        Guide to Fraud and Corruption Control (The Plan)

  Conducting investigations according to the principles of natural justice and in
  accordance with the Crime and Misconduct Commission Guideline.
  Reporting system weaknesses to the Crime and Misconduct Commission.


8.2    External investigation procedures
In Queensland’s public sector there are a number of independent agencies which are
responsible for promoting governance, accountability, integrity and to provide law
enforcement:
  The Crime and Misconduct Commission
  The Queensland Audit Office
  The Queensland Ombudsman
  The Queensland Police Service.
The Director-General of Queensland Health has a duty to notify the Crime and Misconduct
Commission of official misconduct as per Section 38 of the Crime and Misconduct Act
2001. The Director-General delegates this function to the Director Ethical Standards Unit.
If assessed as official misconduct, the Crime and Misconduct Commission will advise the
appropriate action which may include:
  Assume responsibility for the investigation.
  Jointly manage the investigation with Queensland Health.
  Refer the matter back to Queensland Health to deal with as it sees fit, with outcome
  advice to be provided to the Crime and Misconduct Commission.
  Refer the matter back to the Ethical Standards Unit for investigation. If so, the Ethical
  Standards Unit may recommend the appointment of an external independent
  investigator.
Queensland Health will ensure that investigators are appropriately trained and/or
accredited.
In all cases of suspected official misconduct, including alleged fraud, the Queensland
Police Service will inform the initial assessment process by advising Queensland Health
whether or not it is in the public interest for the Queensland Police Service to investigate or
follow up a matter.


8.3    Reviewing systems and procedures (post-fraud)
As part of their close-out reporting, the Ethical Standards Unit need to work with relevant
process owners to reassess the adequacy of the internal control environment (particularly
those controls surrounding the fraud incident) and actively plan and implement
improvements where required.




                                  Version No.: 20                                        Page 23 of 31


                                                                         Printed copies are uncontrolled
                                        Guide to Fraud and Corruption Control (The Plan)

8.4        Provision of information to external agencies
Queensland Health shares relevant information with external agencies (e.g. the Crime and
Misconduct Commission, Queensland Police Service) as identified in the Standard.


8.5        Disciplinary action
Action taken in response to allegations of fraud and corruption will be in accordance with
relevant legislation, policies and the principles of natural justice.
The management of discipline in Queensland Health is contained in Discipline HR Policy.
Queensland Health will consider reasonable management and/or disciplinary action
against staff resulting from substantiated allegations of fraud or corruption. Action may
include, but is not limited to: reprimand, reduction of the level of remuneration, transfer or
redeployment or termination of employment.
Queensland Health may still undertake disciplinary action against the employee regardless
of the outcome at criminal or civil court.


8.6        Recovery of losses
Queensland Health is committed to quantifying fraud losses and maximising the recovery
of losses incurred from fraud and corruption activities and will pursue every possible
avenue in doing so through the Criminal Proceeds Confiscation Act 2002 or through civil
recovery. The recovery of losses will help to limit any reputational damage Queensland
Health may suffer and the financial impact this may have on Queensland Health’s
objectives.


9.         DEFINITION OF TERMS
Definitions of key terms are provided in the Fraud Control Policy.


10.        CONSULTATION
Key stakeholders who were consulted during the development of this Guideline include:


Title                                               Division/Branch/Unit
Chief Governance Officer                            Risk and Governance Unit
Principal Advisor HR Policy                         People and Culture Corporate
Director                                            Ethical Standards Unit
Director                                            Audit and Operational Review Unit

Principal Project Officer                           Ethical Standards Unit
Acting Director                                     Financial Strategy and Policy Coordination
Director                                            Financial Strategy and Policy Coordination



                                  Version No.: 20                                            Page 24 of 31


                                                                             Printed copies are uncontrolled
                                 Guide to Fraud and Corruption Control (The Plan)

Assistant Risk Advisor                       Risk and Governance Unit
Principal Policy Officer                     Performance and Policy Service
Chief Risk Officer                           Risk and Governance Unit



11.     GUIDELINE REVISION AND APPROVAL HISTORY

Version      Modified by          Amendments authorised by     Approved by
No.




                           Version No.: 20                                           Page 25 of 31


                                                                     Printed copies are uncontrolled
                                               Guide to Fraud and Corruption Control (The Plan)



Appendix 1 Compliance Schedule AS 8001 - 2008
Compliance with Australian Standards AS 8001 – 2008 Fraud and Corruption Control
Appendix A – Suggested Framework for a Fraud and Corruption Control Plan

AS8001 – 2008          QLD Health             QLD Health Implementation    QLD Health Guide to Fraud
Suggested              Fraud Control          Standard for Fraud Control   and Corruption Control
Framework              Policy                 Governance, Prevention,
                                              Detection and Response

 1. Executive Summary

1.1 Introduction       Intent of this         1. Purpose                   1. Purpose
                       policy                                              4.1 Commitment to fraud
                                                                           control

1.2 Definition of      Definitions of         Refer to Policy/Guideline    4.4 What is fraud and
Fraud                  terms used in                                       corruption (definitions are
                       this policy and                                     provided in the Fraud Control
                       supporting                                          Policy, however examples of
                       documents                                           fraud and corruption are
                                                                           provided)
1.3 Definition of      Definitions of         Refer to Policy/Guideline    4.4 What is fraud and
Corruption             terms used in                                       corruption (definitions are
                       this policy and                                     provided in the Fraud Control
                       supporting                                          Policy, however examples of
                       documents                                           fraud and corruption are
                                                                           provided)
1.4 Statement of       Policy statement       5.1.1 Executive              4.1 Commitment to fraud
entity’s attitude to                          responsibilities             control (statement of attitude
fraud and                                                                  to fraud and corruption)
corruption
1.5 Code of            Principles             5.2.2 Fraud awareness and    3. Related documents
Conduct                                       training (5.2.2.3)           5.2 Embedding an ethical
                       Related policies                                    culture
                       or documents
1.6 Relationship       Related policies       3. Supporting documents      3. Related documents
with the entity’s      or documents
                                              4. Related documents
other plans
                       Supporting
                       documents
1.7 Roles and          Refer to               8. Responsibilities          3.3 Roles and Responsibilities
accountabilities for   Standard/
fraud control          Guideline


2. Planning and Resourcing


2.1 Program for        Review                 6. Review                    4.3 Review of the Guide to
Fraud Control                                                              Fraud and Corruption Control
planning and
review



                                         Version No.: 20                                          Page 26 of 31


                                                                                  Printed copies are uncontrolled
                                              Guide to Fraud and Corruption Control (The Plan)

AS8001 – 2008           QLD Health           QLD Health Implementation       QLD Health Guide to Fraud
Suggested               Fraud Control        Standard for Fraud Control      and Corruption Control
Framework               Policy               Governance, Prevention,
                                             Detection and Response
2.2 Appointment of      Refer to             5.1.1 Executive                 7.10 Fraud Control Officers
a Fraud Control         Standard/            Responsibilities
Officer and other       Guideline            8. Responsibilities
dedicated fraud
control resources
2.3 External            Refer to             5.4.1 Assessment of matters     8.1 Assessing and managing
assistance to the       Standard/            8. Responsibilities (External   complaints of suspected fraud
Fraud Control           Guideline            agency responsibilities)
Officer

2.4 Fraud control       Refer to             5.1.1 Executive                 3.3 Roles and Responsibilities
responsibilities        Standard/            responsibilities
                        Guideline            8. Responsibilities
2.5 Internal audit      Refer to             5.1.2 Reporting and             7.8 The role of internal audit
activity in fraud and   Guideline            monitoring (5.1.2.3)
corruption control

3. Fraud and Corruption Prevention


3.1 Implementing        Refer to             Refer to Guideline              5. Ethical culture
and maintaining an      Guideline
integrity framework

3.2 Ensuring senior     Refer to             5.1.1 Executive                 4.1 Commitment to fraud
management              Standard             responsibilities                control
commitment to
controlling the risk
of fraud and
corruption
3.3 Line                Refer to             5.2.1 Fraud risk assessment     3.3 Roles and Responsibilities
management              Standard             and fraud risk register
accountability for                           (5.2.1.5)
controlling fraud                            8. Responsibilities
and corruption
within their
business unit
3.4 Maintaining a       Refer to             5.1.3 Financial internal        6.1 Internal controls
strong internal         Standard/            controls – legislative          6.5 Monitor and review of
control system and      Guideline            requirement                     fraud and corruption risks
internal control
culture
3.5 Fraud and           Refer to             5.2.1 Fraud risk assessment     6.2 Fraud and corruption risk
corruption risk         Standard/            and fraud risk register         assessment
assessment              Guideline                                            6.3 Fraud risk register
                                                                             6.4 Fraud and corruption risk
                                                                             treatment
                                                                             6.5 Monitor and review of
                                                                             fraud and corruption risks




                                        Version No.: 20                                              Page 27 of 31


                                                                                     Printed copies are uncontrolled
                                               Guide to Fraud and Corruption Control (The Plan)

AS8001 – 2008           QLD Health            QLD Health Implementation       QLD Health Guide to Fraud
Suggested               Fraud Control         Standard for Fraud Control      and Corruption Control
Framework               Policy                Governance, Prevention,
                                              Detection and Response
3.6 Communication       Refer to              Refer to Guideline              5.3 Education and training
and awareness of        Guideline                                             program
fraud and                                                                     6.7 Fraud alerts
corruption                                                                    7.1 Communicating the Guide
                                                                              to Fraud and Corruption
                                                                              Control
3.7 Employment          Refer to              5.2.3 Employment screening      6.6 Pre-employment
screening (pre-         Standard/             and criminal history checking   screening
employment and on       Guideline
internal promotion
or transfer)
3.8 Policy dealing      Related policy or     Refer to Policy/Guideline       3. Related documents
with taking annual      documents
leave and job
rotation
3.9 Supplier and        Refer to              Refer to Guideline              6.8 Contractor and supplier
customer vetting        Standard /                                            due diligence
                        Guideline

3.10 Specific           Refer to the          Refer to Guideline              The Guide to Fraud and
initiatives aimed at    Guide to Fraud                                        Corruption Control. For best
controlling the risk    and Corruption                                        practice tasks refer to 5.4, 6.9,
of corruption           Control                                               7.11 and 8.7

4. Fraud and Corruption Detection


4.1 Fraud and           Refer to              Refer to Guideline              7. Detection
corruption detection    Guideline
program

4.2 Defining the        Refer to              Refer to Guideline              7.9 External audit
external auditor’s      Guideline
role in the detection
of fraud
4.3 Mechanisms for      Refer to              5.1.2 Reporting and             7.2 Reporting instances of
reporting suspected     Standard/             monitoring                      fraud
fraud and               Guideline             5.3.1 Recognising and
corruption incidents                          reporting suspected fraud or
                                              corruption
4.4 Implementing a      Refer to              5.3.2 Public interest           7.3 Protection for persons
whistleblower           Standard/             disclosure                      making a public interest
protection program      Guideline                                             disclosure (formerly referred to
                                                                              as a whistle-blower)

5. Responding to detected fraud and corruption incidents


5.1 Procedures for      Refer to              5.4.1 Assessment of matters     8.1 Assessing and managing
the investigation of    Standard/                                             complaints of suspected fraud
detected or             Guideline                                             8.2 External investigation
suspected incidents                                                           procedures



                                         Version No.: 20                                              Page 28 of 31


                                                                                      Printed copies are uncontrolled
                                             Guide to Fraud and Corruption Control (The Plan)

AS8001 – 2008          QLD Health           QLD Health Implementation      QLD Health Guide to Fraud
Suggested              Fraud Control        Standard for Fraud Control     and Corruption Control
Framework              Policy               Governance, Prevention,
                                            Detection and Response
5.2 Internal           Refer to             5.1.2 Reporting and            7.2 Reporting instances of
reporting and          Standard/            monitoring                     fraud
escalation             Guideline            5.3.1 Recognising and
                                            reporting suspected fraud or
                                            corruption
                                            5.4.1 Assessment of matters
5.3 Disciplinary       Refer to             5.4.2 Management and           8.5 Disciplinary action
procedures             Standard/            disciplinary action
                       Guideline
5.4 External           Refer to             5.4.1 Assessment of matters    8.2 External investigation
reporting (Police,     Standard/                                           procedures
ASIC)                  Guideline                                           8.4 Provision of information to
                                                                           external agencies
5.5 Policy for civil   Refer to             Refer to Guideline             8.6 Recovery of losses
proceedings to         Guideline
recover the
proceeds of fraud
or corruption
5.6 Internal control   Refer to             5.1.3 Financial internal       7.6 Post-incident review
review following       Standard/            controls – legislative         8.3 Reviewing systems and
discovery of fraud     Guideline                                           procedures (post-fraud)

5.7 Maintaining and    Queensland           Queensland Health is covered   Queensland Health is covered
monitoring             Health is covered    under the Queensland           under the Queensland
adequacy of            under the            Government Insurance Fund      Government Insurance Fund
Fidelity Guarantee     Queensland
insurance and other    Government
insurance relative     Insurance Fund
policies dealing
with fraudulent or
improper conduct




                                       Version No.: 20                                            Page 29 of 31


                                                                                  Printed copies are uncontrolled
                                             Guide to Fraud and Corruption Control (The Plan)

Appendix 2 Compliance Schedule – CMC Guidelines for Best Practice
Compliance with Crime and Misconduct Commission Fraud and Corruption Control
Guidelines for Best Practice (10-element model)

CMC 10-element           QLD Health Fraud             QLD Health                 QLD Health Guide to
model                    Control Policy               Implementation             Fraud and Corruption
                                                      Standard for Fraud         Control
                                                      Control Governance,
                                                      Prevention, Detection
                                                      and Response
1. Agency-wide           QLD Health Fraud             Refer to Policy            Refer to Policy
   integrated policy     Control Policy
2. Risk assessment       Refer to Standard/           5.2.1 Fraud risk           6.2 Fraud and corruption
                         Guideline                    assessment and risk        risk assessments
                                                      register                   6.3 Fraud risk register
                                                                                 6.4 Fraud and corruption
                                                                                 risk treatment
                                                                                 6.5 Monitor and review
                                                                                 of fraud and corruption
                                                                                 risks
3. Internal controls     Refer to Standard/           5.1.3 Financial internal    6.1 Internal controls
                         Guideline                    controls – legislative
                                                      requirement
4. Internal reporting    Refer to Standard/           5.1.2 Reporting and        7.2 Reporting instances
                         Guideline                    monitoring                 of fraud
                                                      5.3.1 Recognising and
                                                      reporting suspected
                                                      fraud and corruption
                                                      5.4.1 Assessment of
                                                      matters
5. External reporting    Refer to Standard/           5.4.1 Assessment of        8.1 Assessing and
                         Guideline                    matters                    managing complaints of
                                                                                 suspected fraud
                                                                                 8.4 Provision of
                                                                                 information to external
                                                                                 agencies
6. Public interest       Refer to Standard/           5.3.2 Public interest      7.3 Protections for
   disclosures           Guideline                    disclosure                 persons making a public
                                                                                 interest disclosures
                                                                                 (formerly referred to as
                                                                                 a whistle-blower)
7. Investigations        Refer to Standard/           5.4.1 Assessment of        8.1 Assessing and
                         Guideline                    matters                    managing complaints of
                                                                                 suspected fraud
                                                                                 8.2 External
                                                                                 investigation procedures
8. Code of conduct       Principles                   5.2.2 Fraud awareness      3. Related documents
                         Related policy or            and training (5.2.2.3)     5.2 Embedding an
                         documents                                               ethical culture
9. Staff education and   Refer to Standard/           5.2.2 Fraud awareness      5.2 Embedding an
   awareness             Guideline                    and training               ethical fraud culture
                                                                                 5.3 Education and
                                                                                 training program



                                    Version No.: 20                                                Page 30 of 31


                                                                                   Printed copies are uncontrolled
                                  Guide to Fraud and Corruption Control (The Plan)

CMC 10-element   QLD Health Fraud             QLD Health              QLD Health Guide to
model            Control Policy               Implementation          Fraud and Corruption
                                              Standard for Fraud      Control
                                              Control Governance,
                                              Prevention, Detection
                                              and Response
10. Client and   Refer to Guideline           Refer to Guideline      7.1 Communicating the
    community                                                         Guide to Fraud and
    awareness                                                         Corruption Control




                            Version No.: 20                                             Page 31 of 31


                                                                        Printed copies are uncontrolled

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:3/16/2013
language:Latin
pages:31