IPART Fraud & Corruption Control Charter...The Fraud and Corruption Control Charter (FCCC) outlines...

IPART Fraud & Corruption Control Charter

Policy IPART

March 2018

i IPART IPART Fraud & Corruption Control Charter

© Independent Pricing and Regulatory Tribunal of New South Wales 2018 This work is copyright. The Copyright Act 1968 permits fair dealing for study, research, news reporting, criticism and review. Selected passages, tables or diagrams may be reproduced for such purposes provided acknowledgement of the source is included.

Inquiries regarding this document should be directed to a staff member: Fiona Towers Chief Audit Executive (02) 9290 8420 Anthony Wallis Principal Risk Officer (02) 9290 7741

IPART Fraud & Corruption Control Charter IPART ii

From the CEO

IPART has zero tolerance for corrupt conduct, fraudulent activities or maladministration.

IPART will continue to promote a culture of honesty and integrity within our organisation and is committed to:

Minimising the opportunities for fraud and corrupt conduct to take place.

Implementing a robust, risk based approach to identify and manage opportunities for fraudulent activities to occur.

Detecting, investigating and disciplining fraud and corrupt conduct.

Reporting fraud and corrupt conduct to ICAC, the NSW Ombudsman or other external parties where appropriate.

Hugo Harmstorf

iii IPART IPART Fraud & Corruption Control Charter

Contents From the CEO ii

Contents iii

1 Introduction 4

2 Ethical framework 5 2.1 Ethical behaviour policies 5

3 Fraud and corruption control 7 3.1 Responsibility structures 7 3.2 Prevention systems 9 3.3 Fraud awareness 12 3.4 Third party management systems 14 3.5 Notification Systems 15 3.6 Detection Systems 18 3.7 Investigation Systems 19

IPART Fraud & Corruption Control Charter IPART 4

1 Introduction

Fraud typically occurs when a person undertakes wrongful or unlawful behaviour with the intention of achieving a financial or personal benefit. Similarly, corrupt conduct is typically associated with unlawful or unethical behaviour undertaken for personal benefit by a person in a position of power or influence.

The Fraud and Corruption Control Charter (FCCC) outlines IPART’s policies and procedures to manage the risks of fraud and corruption occurring within the organisation. The policies and procedures are proportional to the fraud and corruption risks relevant to IPART.

This document applies to all staff, including permanent and temporary employees, contractors and consultants. Information specific to Tribunal members’ obligations is also provided in the Disclosure of pecuniary interests and conflicts of interest – Protocol for Tribunal members.

5 IPART IPART Fraud & Corruption Control Charter

2 Ethical framework

IPART’s ethical framework is built around the following three key values: We act with integrity We earn trust We deliver excellence

Staff are expected to undertake their work in a way that upholds these values at all times. In addition to IPART’s core values, it is a requirement of the Government Sector Employment Act 2013 (GSE Act) that all government sector employees act ethically and in the public interest. All IPART staff should be familiar with the four government sector core values of Integrity, Trust, Services and Accountability, and the 18 principles that guide their implementation, as specified in Part 2 of the GSE.1

2.1 Ethical behaviour policies Additional policies that outline IPART’s ethical framework are available on the intranet include:

Code of Ethics and Conduct Conflict of Interest and Gifts and Benefits policies Public Interest Disclosures – Internal Reporting policy

2.1.1 Induction process

At induction the following documents are provided to new staff and contractors: Code of Ethics and Conduct Public Interest Disclosures – Internal Reporting policy IPART security policy

All new staff and contractors must provide the following sign-offs during the induction process:

Non-disclosure agreement Code of Ethics and Conduct IT security statement Restricted Companies and Conflict of Interest Disclosure

1 Further information about the government sector core values is available from:

http://www.psc.nsw.gov.au/workplace-culture---diversity/workplace-culture/the-ethical-framework/ethical-framework

http://jyn:82/IPARTTrimFileDownload.aspx?RecordNumber=D18/3257

http://rebel-new:82/IPARTTrimFileDownload.aspx?RecordNumber=D18/2253








2.1.2 Annual staff attestation

All IPART employees are required to annually attest that they have read and understood each of these documents:

Code of Ethics and Conduct IPART information security policy



3 Fraud and corruption control

IPART’s Fraud and Corruption Control Charter is based on Standards Australia AS8001-2008 Fraud and Corruption Control and incorporates the ten attributes of fraud control contained in the NSW Auditor-General Better Practice Guide Fraud Control Improvement Kit (2015).

IPART’s Fraud and Corruption Control Charter has the following key attributes built around the following themes:

Table 3.1 IPART Fraud and Corruption Control Charter attributes

Planning Prevention Detection Response

Leadership

Fraud control policy

Ethical framework

Responsibility structures

Prevention systems

Fraud awareness

Third party management systems

Notification systems

Detection systems

Investigation systems

IPART’s Fraud and Corruption Control Charter will be reviewed, at a minimum every 2 years, or in response to material changes in the operating environment.

3.1 Responsibility structures All staff have a role to play in fraud and corruption control.

IPART have designated the Principal Risk Officer as the Fraud Prevention Manager.

The Core Executive, Principal Risk Officer (PRO), Internal Audit and the Audit & Risk Committee must all understand the fraud and corruption risks facing IPART.

Specific responsibilities of staff include: Chief Executive Officer (CEO)

o Promote a culture of honesty and integrity within the organization.

o Demonstrate commitment and compliance to fraud and corruption control charter.

o Report to each Audit & Risk Committee (ARC) meeting about any incidents of actual or suspected fraud.

Senior Executives

o Promote an ethical culture.

o Implement and monitor the fraud and corruption control charter within their operations of the organisation.


ICT, Contracts and Procurement Manager

o The IT, Contracts and Procurement Manager is responsible for monitoring and reporting on IPART’s compliance with NSW procurement requirements.2

Audit and Risk Committee 3

o Review IPART's Fraud & Corruption Control Charter.

o Monitor the effectiveness of IPART’s processes and systems in place to capture and effectively investigate fraud related information.

Chief Audit Executive, Director Corporate Services and HR Manager

o Provide support to the PRO to undertake projects or investigations relating to fraud and corruption.

Principal Risk Officer (PRO) / Fraud Prevention Manager

o Provide leadership in risk management and fraud and corruption prevention.4

o Maintain IPART’s fraud control framework and undertake projects to implement the framework within the organisation.

o Deliver risk management across IPART including fraud and corruption risks.

o Provide advice and assistance to staff and managers. Internal audit plays a key role in the detection and prevention of fraud and

corruption by:

o Conducting risk-based internal audit planning including areas of high fraud risk.

o Risk-based audit approach.

o Evaluating the potential for the occurrence of fraud and how the organisation manages fraud risk.4

o Assisting management to investigate fraud, identify the risks of fraud and develop fraud prevention and monitoring strategies.5

All staff, consultants and contractors

o Act within IPART’s ethical framework.

o Comply with policies and procedures.

o Act within their delegations.

o Report suspected incidences of fraudulent or corrupt behaviour.

o Provide assistance to investigations if requested.

2 IPART Procurement Manual – June 2016 3 IPART’s Audit and Risk Committee Charter 4 IPART Role Description – Principal Risk Officer 5 IPART’s Internal Audit Charter


3.2 Prevention systems

3.2.1 Fraud and Corruption Risk Assessment

Managing the risk of fraud and corruption is managed in line with IPART’s enterprise risk management (ERM) processes:

IPART’s senior management is committed to identifying and mitigating fraud and corruption risks.

Risk incidents are reported to the Principal Risk Officer for consolidation and review of risk ratings, controls and control effectiveness ratings. Suspected and actual fraud incidents will be retained separately in a confidential register.

IPART’s Risk Register is reviewed quarterly by senior management which quantifies the level, nature and form of the risks to be managed.

Improvements to internal control systems (including policies and procedures) are made to mitigate risks identified in risk assessments and are monitored for effectiveness over time.

A key role of the Audit and Risk Committee is to monitor risk, including risk of fraud and corruption and provide independent advice directly to the CEO where a risk is assessed as too high or too long running.

The risk register forms the basis of our annual internal audit program and of a range of other risk treatments including improved fraud and corruption controls.


Based on fraud and corruption risks contained in the risk register the following internal controls on Table 3.2 have been identified that prevent, detect and correct fraud:

Table 3.2 internal controls that prevent, detect and correct fraud

Governance Purpose, values and principles Tribunal, Committees & Executive Policies, systems & procedures Conflicts of interest Code of Ethics and Conduct Conflict of Interest and Gifts and Benefits policies Public Interest Disclosures – Internal Reporting

policy Pricing, Regulatory and licensing functions Multi-layer review and approval Quality assurance Public consultation Audit policies and guidelines Human resources Multi-layer review and approval Public sector recruitment process Selection panels Qualification, police and reference checks Leave policy and monitoring excessive recreation

leave Review of the fortnightly payroll (PITT) report

Expenses Multi-layer review and approval Timesheet & payroll exception reporting Credit card policy & procedure Procurement / contract management NSW Government Procurement framework Procurement manual e-Tendering process Tender evaluation panel Multi-layer review and approval Probity checks Prequalified procurement panels Contract Management Plan Service Level Agreements Information Information Security Management System Physical and logical security Password management System monitoring Records management Auditing and logging Finance Segregation of duties Financial delegations Monthly review of budget to actuals Treasury reporting Audit trails

These controls will be reviewed at least every 2 years or on substantial change.


3.2.2 Monitoring and reporting

A confidential register of all suspected fraud and corrupt conduct complaints is maintained by the IPART Principal Risk Officer.

3.2.3 Ethical workforce

IPART employs staff who will be able to undertake their role in accordance with our ethical framework. We undertake the following employment screening prior to making an offer of employment to prospective staff:

National Police Check Application Consent Form. State Criminal Record Check form. Qualification Information form. 5 year Employment History (if applicable).

3.2.4 Information Security Management System (ISMS) Framework

IPART is committed to implementing and maintaining an ISMS Framework to manage and optimise the information security threats and risks it faces. This is achieved through the establishment, implementation, maintenance and improvement of our ISMS.

Managing information security risk is managed in line with IPART’s enterprise risk management processes (ERM).


3.3 Fraud awareness This Fraud and Corruption Charter is to be communicated to all employees via the IPART Intranet, incorporated into the induction process for new staff and contractors and made available to external parties via IPART’s website.

3.3.1 Education and awareness program

IPART will run annual fraud and corruption awareness sessions for staff. The purpose of these sessions is to:

Maintain continued awareness of fraud and corruption risks in the public sector. Ensure that staff responsibilities regarding fraud and corruption and ethical

behaviour are understood and regularly communicated. Provide training to all staff about specific IPART policies and procedures relating to

fraud and corruption.

The policy documents listed in section 3 clearly communicate IPART’s expected standards of ethical conduct. All IPART employees are required to annually attest that they have read and understood each of these documents.

3.3.2 Staff awareness

All IPART employees are responsible for notifying management of any perceived fraud or corruption by other employees, contractors, consultants or suppliers.

The IPART Code of Ethics and Conduct, and Public Interest Disclosures – Internal Reporting Policy are provided to make clear to all employees the expected standards of ethical conduct.

The Public Service Commission surveys all employees to assess the ethical culture and level of awareness.

IPART actively manages any potential conflict of interest (see Code of Ethics and Conduct) and maintains a conflict of interest register.


3.3.3 Community awareness

IPART is committed to ensuring that our employment practises are fair and ethical and that employees act with integrity and efficiency in meeting our obligations to the community, customers and stakeholders.

IPART has published the following on its website: Purpose and values. Guiding principles. The review process. Pecuniary Interests Register (for current Tribunal members). Employment opportunities via iworkfor.nsw.gov.au Tenders and contracts for contracts above $150k (including GST).

IPART stakeholder survey is conducted every two years and includes feedback on independence from both Government and regulated industries.


3.4 Third party management systems IPART is committed to ensuring that our procurement practises are fair and ethical and that our suppliers and our contractors act with integrity and efficiency in meeting our obligations to the community, customers and stakeholders.

3.4.1 Awareness

IPART regularly runs compulsory fraud and corruption awareness sessions for staff and makes this Fraud and Corruption Charter available to internal and external parties – refer section 4.3.

3.4.2 Due diligence

IPART’s procurement processes are outlined in our procurement manual, which is available from the intranet. The document outlines our risk based procurement processes which include escalating oversight and checks and balances based on the value of an engagement. The procurement process ensures that IPART’s procurement of goods and services results in value for money, promotes competition, and avoids conflict of interest. All staff involved in the procurement of goods and services should contact the Procurement Manager for information and training about the procurement process. A quarterly report on procurement activities will be provided to the Core Executive.

3.4.3 Third party controls

Contracts should consider the following clauses where outsourced processes have an element of fraud or corruption risk:

Relevant controls per table 3.2 (eg employee screening, quality assurance, multi-layer review and approval).

Notification of fraud or corruption affecting IPART. Right to audit or attestation of controls (self or by independent body).

Whole-of-government contracts, prequalification schemes and panels schemes include the following requirements related to business ethics and code of conduct:

Standard / statement of business ethics is required by ICT Service Scheme.

General compliance with “NSW Government policies, guidelines and codes of conduct” is included in Performance and Management Services Scheme.

Contingent Workforce Scheme requires that suppliers to ensure that Contingent Workers comply with the Customer's Code of Conduct.

Board and committee members must conduct themselves per M2013-06 NSW Government Boards and Committees Guidelines.

Audit and risk committee chairs and members must comply with their Code of Conduct, and the relevant agency’s Code of Conduct.

https://www.procurepoint.nsw.gov.au/documents/audit-and-risk-code-conduct.docx


3.4.4 Staff disclosure of conflicts of interest and secondary employment

All IPART staff are required to disclose conflicts of interest and secondary employment. HR is responsible for IPART’s policies that cover conflicts of interest and secondary employment.

3.5 Notification Systems All suspected or detected fraud and corruption must be reported.

3.5.1 Internal notification channels

Staff must report all allegations and matters of concern regarding alleged fraud and / or corruption to one or more of the following position holders (refer table 3.5 internal notification channels and table 3.5.2 external notification channels).

For a report to be a ‘protected disclosure’ it must be made to a nominated official in accordance with IPART’s disclosure procedures (see the Public Interest Disclosures – Internal Reporting Policy):

Table 3.5.1 Internal notification channels

Their immediate manager / director or any executive director

Principal Officer Chief Executive Officer, IPART Hugo Harmstorf Phone: 9290 8491 Email: [email protected] Address: Level 15, 2-24 Rawson Place, Sydney NSW 2000

Chief Audit Executive Executive Director, Energy & Transport, IPART Fiona Towers Phone: 9290 8420 Email: [email protected],) Address: Level 15, 2-24 Rawson Place, Sydney NSW 2000

Nominated Disclosures Officer Executive Director, Water, IPART Matthew Edgerton Phone: 9290 8414 Email: [email protected] Address: Level 15, 2-24 Rawson Place, Sydney NSW 2000

Internal Audit

Principal Risk Officer, IPART

Anthony Wallis Phone: 9113 7741 Email: [email protected] Address: Level 15, 2-24 Rawson Place, Sydney NSW 2000

Nominated Disclosures Officer Manager, Human Resources, IPART Marissa Duncan Phone: 9290 8416 Email: [email protected] Address: Level 15, 2-24 Rawson Place, Sydney NSW 2000

mailto:[email protected]




mailto:@ipart.nsw.gov.au


3.5.2 Reporting system

Our Public Interest Disclosures Internal Reporting Policy gives a complainant the opportunity to report the suspected fraud or corrupt conduct anonymously. IPART will not tolerate any reprisal action against employees who report wrongdoing.

The Public Interest Disclosures Act 1994 imposes penalties, including criminal penalties, on people who take detrimental action on a person who has reported suspected wrongdoing. The IPART Public interest Disclosure Policy enables managers, employees, contractors, consultants, customers, stakeholders and suppliers to notify the organisation of suspected fraud and corrupt conduct. A confidential register of all suspected fraud and corrupt conduct complaints is maintained by the IPART Principal Risk Officer.

3.5.3 Feedback and follow-up

Feedback and follow-up to staff who report wrong doing see the Public Interest Disclosures – Internal Reporting Policy.

A confidential register of all suspected fraud and corrupt conduct complaints is maintained by the IPART Principal Risk Officer. All risk incidents result in a new risk or review of existing risk ratings, controls and the control effectiveness rating.

The CEO will report to each ARC meeting about any incidents of actual or suspected fraud.


3.5.4 External Notification Systems

Staff can also make a report to a number of investigating authorities in NSW:

Table 3.5.1 External notification channels6

For disclosures about corrupt conduct: Independent Commission Against Corruption (ICAC) Phone: 02 8281 5999 Toll free: 1800 463 909 Tel. typewriter (TTY): 02 8281 5773 Facsimile: 02 9264 5364 Email: [email protected] Web: www.icac.nsw.gov.au Address: Level 21, 133 Castlereagh Street, Sydney NSW 2000

For disclosures about maladministration: NSW Ombudsman Phone: 02 9286 1000 Toll free (outside Sydney metro): 1800 451 524 Tel. typewriter (TTY): 02 9264 8050 Facsimile: 02 9283 2911 Email: [email protected] Web: www.ombo.nsw.gov.au Address: Level 24, 580 George Street, Sydney NSW 2000

For disclosures about serious and substantial waste: Auditor-General of the NSW Audit Office Phone: 02 9275 7100 Facsimile: 02 9275 7200 Email: [email protected] Web: www.audit.nsw.gov.au Address: Level 15, 1 Margaret Street, Sydney NSW 2000

For disclosures about breaches of the GIPA Act: Information Commissioner Toll free: 1800 472 679 Facsimile: 02 8114 3756 Email: [email protected] Web: www.ipc.nsw.gov.au Address: Level 11, 1 Castlereagh Street, Sydney NSW 2000

For disclosures about local government: Office of Local Government Phone: 02 4428 4100 Tel. typewriter (TTY): 02 4428 4209 Facsimile: 02 4428 4199 Email: [email protected] Web: www.olg.nsw.gov.au Address: 5 O’Keefe Avenue, Nowra, NSW 2541

6 Department of Premier & Cabinet Public Interest Disclosure Policy – October 2016



3.6 Detection Systems

3.6.1 Internal control

Based on fraud and corruption risks contained in the risk register the internal controls set out in table 3.2 have been identified that prevent, detect and correct fraud.

Multi-layer review and approval, quality assurance, transaction exception reporting, budget to actual reporting, and system monitoring are in place and are regularly monitored to ensure that irregularities and warning signals are identified at an early stage and flagged for further review.

3.6.2 Control attestation

IPART receives regular attestation of controls from GovConnectNSW which are monitored by the Executive and the Audit & Risk Committee.

3.6.3 Internal Audit

Internal audits / reviews regularly examine samples of medium and high risk processes, with mandatory coverage of fraud prevention controls, across IPART to detect irregularities.

Outcomes of audit/reviews are reported to the Audit and Risk Committee, which then advises the CEO.

The status of Internal Audit recommendations are reported quarterly to the Audit and Risk Committee.

3.6.4 External audit

The Audit Office performs an annual external audit of IPART which includes reasonable assurance the financial statements are free from material misstatement, whether due to fraud or error. In undertaking their role, the Audit Office assesses the components of IPART’s internal control environment relevant to their audit of the financial statements, and reports issues to management and those charged with governance.


3.7 Investigation Systems IPART will investigate complaints of alleged or suspected fraud and corrupt conduct using the Principal Risk Officer, senior management, internal audit contractor or an independent investigator, only where:

The investigator possesses a minimum level of competency. The Chief Executive Officer, or delegate, has formally authorised the investigation. The investigations are conducted in accordance with the following guidelines:

o Receive and record – complaints are forwarded to the Principal Risk Officer and / or Chief Audit Executive who will determine who should make initial evaluation, timeframes, and access to relevant information.

o Evaluate – the evaluation summarises the matter, legislative requirements, risks, conflicts of interest, options and recommendations.

o Acceptance of matters for investigation.

o Communication of status back to person who reported potential fraud where appropriate including ‘being evaluated’, ‘investigation started & timeframe’ or ‘will not proceed’.

Note: Decisions must be in accordance with laws and regulations, be transparent and accountable, take action where necessary, and operate efficiently, effectively and ethically within IPART’s resources.

o Investigation management:

Plan

• Objectives & scope, potential contraventions of conduct to be investigated, and possible outcomes.

• Risk management.

• Resolution options.

• Resources and work phases.

Implementation

• Record activity (interviews, document reviews, meetings, etc).

• Status reporting to CAE on budget, timeframe and deliverables.

• Review and supervision.

• Document management – stored in RM8 as ‘Sensitive: Personal’ and restricted to investigation team.

• Critical decisions documented.

Closure

• Brief preparation - Outcomes relating to IPART employees or contractors is provided to the CEO.


• Referral to outside agencies if required by relevant legal and policy requirements.

Where appropriate, investigations consider what improvements can be made to policies, procedures and systems within IPART to prevent a reoccurrence or close a risk gap.

3.7.1 Conduct and Disciplinary Systems

The Code of Ethics and Conduct is provided to assist IPART employees in understanding the expected standards of ethical conduct. This policy also sets out disciplinary standards relevant to IPART and how each breach will be dealt with.

Issue No Date Issued Reason/s for Amendment

FCCC /1 July 2015 First release. FCCC /2 March 2016 First annual review after NSW Treasury policy Internal Audit

and Risk Management Policy for the NSW Public Sector (TPP15-03) commenced

FCCC/3 March 2017 Annual review. Internal Audit and Risk Management Policy for the NSW Public Sector (TPP15-03) remains current.

FCCC/4 March 2018 Annual review


IPART Fraud & Corruption Control Charter...The Fraud and Corruption Control Charter (FCCC) outlines...

Documents

Transcript of IPART Fraud & Corruption Control Charter...The Fraud and Corruption Control Charter (FCCC) outlines...