Fraud Policy
Date: July 2021
Version: 3.1

Fraud Policy Ver 3.1
Purpose
To ensure that the assets and reputation of the Of ice of the Privacy Commissioner are
protected from fraudulent misconduct.
Definition
Fraud is defined as wilful theft, embezzlement, violation of the Of ice of the Privacy
Commissioner (OPC) policies relating to employment, finance, equipment, property and
other assets, or any other action in relation to those matters likely to bring the Of ice of the
Privacy Commissioner into disrepute.
Corporate governance and corruption and fraud control:
Corruption and fraud control and management is an integral component of effective
corporate governance which builds upon the requirement for transparent and accountable
processes consistent with sound business practices and organisational standards of
compliance.  Embedding these requirements into the day-to-day operations of the OPC
wil  enhance the OPC’s profile as a good citizen, and reduce the likelihood that it wil  suffer
financial loss or damage to its reputation as a result of misconduct by staff and others.
Corruption
Corruption is defined as behaviour that may involve fraud, theft, the misuse of position or
authority or other acts that are unacceptable to an organisation and which may cause loss
to the organisation, its clients or the general community.  It may also include other
elements such as breaches of trust and confidentiality.  The behaviour need not
necessarily be criminal.  Further definition is ‘dishonest activity in which an OPC employee
or contractor of an entity acts contrary to the interests of the OPC  and abuses his/her
position of trust in order to achieve some personal gain or advantage for him or herself or
for another person or entity.’
Fraud
Fraud can be seen as a major subset of corruption and is a deliberate, intentional and
premeditated dishonest act or omission acted out with the purpose of deceiving to gain
advantage from a position of trust and authority.  It includes amongst others, acts such as
theft, making false statements/representation, evasion, manipulation of information,
criminal deception and abuse of OPC property or time. Further definition ‘fraud as
dishonest activity causing actual or potential financial loss to any person or entity including
theft of moneys or other property by employees or person external to the entity and
whether or not deception is used at the time, immediately before or immediately following
the activity.  This also includes the deliberate falsification, concealment, destruction or use
of falsified documentation used or intended for use for a normal business purpose or the
improper use of information or position.’

Page 2 of 6

Fraud Policy Ver 3.1
Objectives
  To ensure senior management’s commitment for its responsibility for identifying risk
exposures to corrupt and fraudulent activities and for establishing controls and
procedures for prevention and detection of such activities
  To reinforce the requirement for all staff to refrain from corrupt conduct, fraudulent
activities, and maladministration and encourage the reporting of any instance of fraud,
corrupt conduct or maladministration
  To ensure that all staff are aware of their responsibilities in relation to the ethical conduct
of themselves and staff that they may be responsible for
  To ensure that regular assessment of the risks of corruption and fraud is undertaken,
and all suspected corrupt and fraudulent activity is dealt with appropriately.

The Privacy Commissioner and the management team are responsible for the
implementation of this policy.
Policy
The Of ice of the Privacy Commissioner:
  Is committed to development and maintenance of best practices processes and
procedures to prevent and detect fraud, and that demonstrate appropriate stewardship
of OPC property and assets
  Whilst the Privacy Commissioner has ultimate responsibility for ensuring that adequate
controls are in place to prevent and detect fraud, each manager has responsibility for
ensuring that appropriate controls are in place at all levels to ensure safeguards against
fraudulent activity, and take appropriate action to implement and maintain these controls
  The OPC wil  not countenance fraudulent activity, and wil  investigate all reported
incidents of alleged fraud involving the of ice whether committed by staff or other
persons not being staff members
  Staff who may consider there are grounds for enquiry into fraudulent activity, must
advise their manager, the General Manager or the Privacy Commissioner immediately.
Alternatively, disclosure may be made under the Protected Disclosures Act 2000 and
associated OPC procedures
  Al  suspected fraudulent activity wil  also be communicated to the Minister under the ‘no
surprises rule’ and to the external auditors (Audit New Zealand).
  Al  disclosures of dishonest or fraudulent practices wil  be treated seriously and
investigated by way of internal investigation or disciplinary as authorised by the Privacy
Commissioner.  Al  proven incidents of fraud wil  be pursued through every means
available and appropriate disciplinary action taken
  The recovery of lost money or other property wil  be pursued wherever possible and
practical
  Other action may include where appropriate referral of the evidence to the Police with a
view to prosecution
Page 3 of 6

Fraud Policy Ver 3.1
Legal Compliance
The Protected Disclosures Act 2000 provides for the facilitation of disclosure and
investigation of serious wrongdoing in or by and organisation and protects the individual who
report allegations of serious wrong doing.  Persons who make disclosure under the Act are
protected from dismissal or punishment, legal action or disclosure of their own private
information.

Relevant Legislation: Protected Disclosures Act 2000
Executive and management commitment
The Privacy Commissioner and management at all levels of the OPC need to be commit ed
to the pro-active prevention of corrupt or fraudulent activities in a systematic way in order to
enhance the operation and reputation of the OPC.

Al  managers should ensure there are mechanisms in place within their area of control to:
  Assess the risk of corruption and fraud
  Promote employee awareness of ethics, and
  Educate employees about corruption and fraud prevention and detection.

Managers should ensure that they display an appropriate attitude towards compliance with
laws, rules and regulations.  They should ensure that they are aware of indicators/symptoms
of fraudulent and corrupt conduct, or other wrongful acts (e.g. by participating in relevant
staff training) and respond appropriately to such indicators.  Most importantly they should
establish and maintain adequate internal controls that provide for the security and
accountability of OPC resources and prevent/reduce the opportunity for such activities.
Applicable internal controls include:
  Suitable recruitment procedures
  Segregation of duties
  Security (physical and information systems)
  Consideration of risk and mitigation strategies
  Supervision and internal checks
  Approvals within delegated authority
  Reconciliations
  Budget control
  Regular review of management reports, and
  Clear reporting lines.
Page 4 of 6

Fraud Policy Ver 3.1
In addition to the general controls identified above, the OPC wil  specifically carry out an
annual review of its active supplier listing on the accounting system to ensure that it is stil
current.  Old accounts wil  be archived.
Internal control structure
The Privacy Commissioner is ultimately responsible for the establishment of a cost-effective
internal control structure for the OPC.  Financial, administrative, information systems and
academic internal controls are all essential requirements for corruption and fraud prevention.
Individual managers are responsible for daily operations and for maintaining cost-effective
internal control structures within their organisational responsibility.
Environment and culture
Al  staff have the responsibility to report suspected corrupt and/or fraudulent activity.  Any
staff member who suspects such activity must immediately notify his/her supervisor or the
General Manager.  In situations where the Manager is suspected of involvement in corrupt
and fraudulent activity, the matter should be notified to the Privacy Commissioner.
Dealing with complaints
Al  complaints of suspected corrupt and/or fraudulent behaviour should be reported for
appropriate managing while also providing for the protection of those individuals making the
complaint and natural justice to those individuals being subject of such complaint.
Recruitment of staff
Recruitment policy and practices underpin corruption and fraud prevention, which include:
  Verifying transcripts, qualification, publications and other certification or documentation,
and
  Avoiding entering into recruitment of individuals that could potentially lead to conflicts of
interest
  Criminal background and security checks on employees where the position warrants it
contacting referees
Staff development and training
Course / seminars and presentations on the topics of ethics, corruption and fraud prevention
and detection and compliance obligations of individual staff members wil  be embedded into
the OPC’s ongoing staf  development, training and awareness programs.

Page 5 of 6

Fraud Policy Ver 3.1
Procedure for the disclosure of serious wrongdoing
  Refer to the Protected Disclosures Act 2000
  Protected Disclosures Act – OPC Internal Procedures
Further Information
Related Policies
•  Conflicts of Interests Policy
•  Credit Card Policy
•  Gifts and Hospitality Policy
•  OPC Code of Conduct
•  Procurement Policy
•  Protected Disclosures Policy
•  Sponsorship / Partnership Policy

RESPONSIBILITIES
Persons/ Areas Af ected
ALL OPC Staff & Contractors
Contact
General Manager
Approval Authority
Senior Leadership Team
Last Review Date
July 2021

Page 6 of 6

Document Outline