Fraud Policy
Governance Policy
Policy Owner
Legal Audit and Risk Group Manager
Adopted by
Thames-Coromandel District Council
Description of policy
States the Council's zero tolerance position on fraud against the
Council and sets out the guidelines and procedures for the prevention,
detection and investigation of suspected fraud or attempted fraud.
Keywords
Fraud, corruption, misconduct, crime, conduct, investigation, theft,
bribery, dishonesty.
ECM doc set number
Date policy first adopted
25 October 2006
Date this version adopted: 12 March 2019
This version effective from:
12 March 2019
Date of next review:
1 March 2022
Objectives
The objectives of the Fraud Policy are to:
•
Protect the integrity of the Thames-Coromandel District Council's financial systems,
assets and reputation from fraudulent and corrupt conduct;
•
Ensure an environment in which fraud or corruption are not tolerated and any
suspected incidents are reported on;
•
Ensure that adequate processes are in place to enable detection of such conduct;
•
Ensure that any instances of fraud or suspected fraud are properly investigated and
acted upon appropriately to mitigate any damage caused and avoid recurrence;
•
Ensure clear accountability by allocating responsibilities for fraud prevention and
response.
Background
This document supersedes the previous version adopted by the Thames-Coromandel District
Council on 7 August 2013.
Legal requirements
The Local Government Act 2002, s101(1) requires that a local authority must manage its
revenues, expenses, assets, liabilities, investments and general financial dealings prudently.
Section 111 also requires that:
“all information that is required by any provision of this Part or of Schedule 10 to be included
in any plan, report, or other documentation must be prepared in accordance with generally
accepted accounting practice if that information is of a form or nature for which generally
accepted accounting practice has developed standards.”
The auditing standard “The Auditor’s Responsibilities Relating to Fraud in an Annual Report"
(AG ISA (NZ) 240) falls within the definition of “generally accepted accounting practice”. This
standard state that the primary responsibility for the prevention and detection of fraud rests
with both those charged with governance of the entity and management. It also states that
Doc set:
1
every public entity is expected to have an appropriate policy in place to address fraud and
how to minimise it. This policy should include, as a minimum, the following key elements:
• a system for undertaking regular reviews of transactions, activities, or locations that may
be susceptible to fraud;
• specifications for fully documenting what happened in a fraud and how it is to be
managed;
• the means for ensuring that every individual suspected of committing fraud (whether they
are an employee or someone external to the entity) is dealt with consistently and fairly;
and
• the principle that recovery of the lost money or other property will be pursued wherever
practicable and appropriate.
Under the Local Government Act 2002, Council is also required to have various financial
statements and plans audited.
Policy framework
The Council has in place several other key policies that link to the fraud policy. These are:
Code of Conduct Policy
This policy is required under Schedule 7 of the Local Government Act 2002 and provides
standards of general behaviour for elected members and how breaches should be
addressed.
Misconduct and Disciplinary Policy
This policy deals with breaches to expected standards of conduct for staff and specifies
investigation procedures and disciplinary measures that may be taken where misconduct is
found to have occurred.
Protected Disclosures Policy
This policy is mandatory under the Protected Disclosures Act 2000. The policy provides
procedures to ensure protection for employees (including elected members, contractors,
former employees, volunteers and persons on secondment to the organisation) in disclosing
information about serious wrongdoing in or by the organisation.
Procurement Policy
Details the correct procedures for procurement and includes sections on conflicts of interest
and ethics prohibiting a number of activities meeting the definition of fraud under this policy.
Sensitive Expenditure Policy
Provides business processes to control sensitive expenditure. The policy does not cover
breaches with the exception of unauthorised use of a credit card and refers to the Fraud
Policy for such breaches.
Implementation
All staff and elected members will be notified of this revised policy and where to access a
copy.
All new staff and elected members will be provided with a copy of the policy upon
commencement of employment or term of office.
Implementation will include the development and maintenance of, and adherence to, a Fraud
Control Plan as per the Policy.
Recognising fraud and corruption risks
Council recognises that generally there are three particular conditions often associated with
fraud and corruption:
Doc set:
2
•
Incentives/pressures: Management, other employees or external parties have an incentive
or are under pressure, which motivates them to commit fraud, or act in a corrupt manner
(for example, personal financial trouble), or revert to bribery for preferential treatment by
council staff.
•
Opportunities: Circumstances exist that allow employees to commit fraud or act in a
corrupt manner, such as an organisation not having appropriate fraud and corruption
controls in place, or bribe council staff who are able to get around or override ineffective
controls (for example, managers being able to approve and authorise their own sensitive
expenditure, or health and safety inspectors issue compliance certificates instead of failing
the applicant).
•
Attitudes: Employees can rationalise committing fraud (for example, holding attitudes or
beliefs such as “everybody else is doing it nowadays” or “they made it so easy for me”) or
acting corruptly.
In performing its duties, the Council is responsible for the careful management of public
funds. Failure to have an effective fraud policy in place or to implement it may jeopardise
public money and assets.
Any adverse publicity surrounding an internal fraud places the Council’s reputation and
credibility at risk, which can negatively impact on relationships with regulators, business
partners and the general public. Without a clear policy and procedures for dealing with
suspected or confirmed fraud, there is a risk to the Council of a public perception of lack of
transparency and accountability. If serious action is not taken in instances of fraud, staff
confidence in managers is also likely to erode, and there is an increased risk of further fraud.
Factors that may impede the implementation of the Policy include lack of awareness of the
Policy by appropriate staff, elected members or other parties, non-compliance with Council's
systems, or inadequate procedures to anticipate and provide controls against deliberate
attempts to bypass the system (for instance, the ability of managers to override controls, lack
of independent checks/authorisations of transactions).
Policy statement
The Thames-Coromandel District Council requires all staff, elected members and parties
doing business with the Council to act honestly and with integrity and to safeguard any public
resources for which they are responsible. The Council will not tolerate any fraud or corruption
or any condoning or attempt to disguise such activities. All employees and elected members
are responsible for promptly reporting instances of suspected fraud using the procedures
outlined in this policy.
Implementation
1.
Application
This policy applies to any attempted, suspected or confirmed fraud or corruption involving
employees, elected members, consultants, vendors, contractors, members of the public and
outside agencies doing business with the Thames-Coromandel District Council.
2
Prevention
Responsibility
2.1
Written procedures and checks will be developed and maintained for
People &
the recruitment or promotion of employees to sensitive positions,
Capability
including thorough and independent checks of the potential employee’s
Manager
employment history to ensure the applicant is suitable for the position.
2.2
Due diligence checks will be carried out on all suppliers, contractors
Legal Audit and
and consultants prior to commencement of any business arrangement.
Risk Group
Manager
2.3
All staff will be provided with a copy of the Fraud Policy as part of their
People &
staff induction.
Capability
Manager
Doc set:
3
2.4
All elected members will be provided with a copy of the Fraud Policy on
Governance and
the commencement of their term in office.
Strategy Group
Manager
2.5
Accounting systems and procedures will be in accordance with
Corporate
generally accepted accounting principles.
Services group
Manager
2.6
A Fraud Control Plan including a register of fraud risk and internal
Chief Executive
controls for each area of the organisation will be developed within one
year of the adoption of this policy.
2.7
The Fraud Control Plan will include provisions to ensure an annual
Chief Executive
review of transactions, activities or locations that may be susceptible to
fraud is incorporated into the Audit and Risk Committee audit
programme.
2.8
For each fraud risk identified, the Fraud Risk Register will detail the
Chief Executive,
following:
All members of
Leadership Team
•
The area of business involved
•
Position responsible for managing the risk
•
General aims/policies relating to the issue
•
Preventive actions and controls
•
Any particular circumstances that would trigger an early review
•
Appropriate details to ensure the actions are implemented
effectively (such as roles responsible, timeframes)
•
Dates of last audit
2.9
The Fraud Risk Register will be reviewed for each area of the business
Chief Executive,
at least every two years.
All members of
Leadership Team
2.10
The appropriate manager will implement changes to procedures and
Relevant
systems as required by revisions of the Fraud Risk Register.
manager of
Leadership Team
2.11
Except for access to separate sections as required for the above
purposes by relevant managers, access to the Fraud Risk Register will
be restricted to the Chief Executive, Legal Audit and Risk Group
Manager and the Audit Director appointed by Audit New Zealand.
2.12
The Chief Executive will report to the Audit and Risk Committee
Chief Executive
annually on any updates to the Fraud Risk Register.
2.13
Subject to any legal constraints, staff and elected members will be
Chief Executive
notified of any cases of confirmed fraud and the actions taken in such
cases.
Doc set:
4
3
Detection
3.1
All staff and elected members will be encouraged to report any
Chief Executive
incidents of suspected fraud or corruption.
3.2
All staff and elected members in positions most likely to be able to
Line Managers,
detect fraud will receive training on warning signs and areas of risk.
Human Resource
Manager
3.3
The Council may implement covert mechanisms and/or surprise
Chief Executive
internal audits to detect fraud as appropriate with approval of the Chief
Executive.
3.4
A periodic review of expenditure approved by employees in sensitive
Chief Executive
positions will be carried out by the Internal Auditor.
4
Reporting and notification
4.1
Any person may report suspected or attempted fraud.
4.2
Disclosures may be made under the provisions of the Protected
Disclosures Act 2000 as applicable by following the procedures
contained in the Council’s Protected Disclosures Policy.
4.3
While complainants reporting incidents or suspicions will be
encouraged to identify themselves, anonymous reports will be
accepted.
4.4
A Fraud Complaint Manager will be appointed by the Chief Executive
to receive complaints and coordinate the response. The Legal Audit
and Risk Group Manager has been appointed Fraud Complaint
Manager from the date of this policy until such time as a new
appointment is made.
4.5
Any fraud that is detected or suspected must be reported immediately
to the Fraud Complaint Manager.
4.6
If it is believed that the Fraud Complaint Manager may be involved in
the suspected fraud, the fraud shall instead be reported to the Chief
Executive, who will take over the role of Fraud Complaint Manager
from that point.
4.7
If it is believed that the Chief Executive may also be involved in the
suspected fraud, the fraud shall instead be reported to the Mayor, who
will take over the role of Fraud Complaint Manager from that point.
4.8
If it is believed that the Mayor may also be involved in the suspected
fraud, the fraud shall instead be reported to the External Advisor. The
contact details of the External Advisor shall be provided on the
Council's Intranet site.
4.9
Any person wishing to report a suspected fraud is entitled to address
their concerns directly to the Police, the Office of the Auditor-General
or other appropriate agency if they believe it appropriate.
4.10
If there is any question as to whether an action constitutes fraud, the
Fraud Complaint Manager should be contacted for guidance.
4.11
On receiving information about a suspected fraud, the Fraud Complaint
Fraud Complaint
Manager will open a fraud investigation file which will contain a written
Manager
summary of the complaint, investigation findings and action/s taken.
Doc set:
5
4.12
In the case of an allegation against a staff member, the Fraud
Fraud Complaint
Complaint Manager will notify the Chief Executive and the People &
Manager
Capability Manager of the information received unless either is
believed to have been involved in the alleged fraud. If it is considered
the People & Capability Manager may be involved, the Fraud
Complaint Manager will notify only the Chief Executive.
4.13
If it is considered the Chief Executive may have been involved in the
alleged fraud, the Mayor and the External Advisor will be notified
instead.
4.14
In the case of an allegation against the Mayor or any other Elected
Member of Council or a Community Board, the Fraud Complaint
Manager will notify the Chief Executive and the External Advisor.
4.15
In the case of an allegation against a contractor appointed by the Chief
Executive, the Mayor and the External Advisor will be notified instead
of the Chief Executive.
4.16
The Fraud Complaint Manager will not disclose the identity of the
complainant unless requested or agreed to by the complainant.
4.17
Any attempt to deter or impede a suspected fraud being reported or
Fraud Complaint
investigated or any false or malicious allegation of fraud by any staff
Manager,
member will be treated as a serious misconduct under the Misconduct
People &
and Disciplinary Policy.
Capability
Manager
4.18
Any attempt to deter or impede a suspected fraud being reported or
Fraud Complaint
investigated or any false or malicious allegation of fraud by any elected
Manager,
member will be treated as a serious offence under the elected
Audit and Risk
members Code of Conduct.
Committee
4.19 Upon receiving information about a suspected fraud, the Fraud
Complaint Manager will as soon as possible notify the External Advisor
and Chairperson of the Audit and Risk Committee.
Doc set:
6
Reporting and notification process
5
Investigation
5.1
No complainant, member of staff or elected member shall attempt to
conduct an investigation, except as provided for in this policy.
5.2
No aspect of an investigation or allegation may be discussed by any
party with any other person except where necessary for the purposes
of carrying out the investigation or as otherwise provided for under
this policy.
5.3
In any case of an allegation involving the Chief Executive or a
contractor or consultant appointed by the Chief Executive, an
investigation will be coordinated by the Mayor and the External
Advisor following the procedures in this policy.
5.4
In any case of an allegation involving the Mayor or any other Elected
Member of Council or a Community Board, the investigation will be
coordinated by the Chief Executive and the External Advisor.
5.5
In any case of an allegation involving the Mayor and the Chief
Executive, the investigation will be coordinated by the Fraud
Complaint Manager and the External Advisor.
5.6
In any case of an allegation involving the Fraud Complaint Manager,
the investigation will be coordinated by the Chief Executive.
5.7
In all other cases, the investigation will be coordinated by the Fraud
Complaint Manager.
5.8
Where appropriate, the person undertaking the investigation will seek
Investigator
appropriate legal counsel or other professional advice before the
investigation begins.
5.9
Where appropriate and practicable, the person undertaking the
Investigator
investigation will make discreet enquiries to ascertain fundamental
Doc set:
7
facts to determine the seriousness and validity of the allegations.
5.10
If preliminary findings suggest further investigation is warranted the
Investigator
investigator may establish an Investigation Team including, as
appropriate the People & Capability Manager and/or an external
investigator. In the case of an allegation against a staff member, this
decision will be taken in consultation with the Chief Executive or
Mayor as appropriate.
The external investigator may be an external forensic investigator,
specialist fraud investigator and/or the External Advisor and/or other
specialist as needed.
The investigation team will investigate whether there is sufficient
evidence that a crime has been committed.
5.11
Members of the investigation team shall have free and unrestricted
access to all Council records and premises, and the authority to
examine, copy and/or remove all, or any portion of, the contents of
files, desks, cabinets, computers and other storage facilities on the
premises without prior knowledge or consent of any individual who
may use or have custody of any such items or facilities, when it is
within the scope of their investigation.
5.12
The investigation team shall be responsible for ensuring that all
Investigation team
relevant evidence is collected and secured in accordance with legal
requirements.
5.13
Where an external investigator is contracted, a letter of engagement
Fraud Complaint
shall be provided detailing the investigator’s powers and obligations.
Manager
5.14
If surveillance is proposed to be undertaken, advice shall be obtained
Fraud Complaint
from the Police or Council’s solicitors.
Manager
5.15
Legal advice will be sought where appropriate to determine the
Fraud Complaint
strength of the evidence obtained.
Manager
5.16
At any time during the investigation, the Chief Executive in
Chief Executive,
consultation with the People & Capability Manager may, when of the
People &
opinion that an employee may have been guilty of a serious
Capability Manager
misconduct, suspend an employee from work in accordance with
Council's Collective and Individual Employment Agreements.
Suspension is appropriate where there is a risk that evidence may be
tampered with or coercion of witnesses may occur.
5.17
When sufficient evidence of criminal activity has been obtained, a
Fraud Complaint
complaint against the individual/s involved will be laid before the
Manager
Police, Serious Fraud Office or other appropriate law enforcement
agency. The Council will continue to investigate any misconduct as
appropriate.
5.18
The fraud file notes must clearly state whether the information has
Fraud Complaint
been provided to a law enforcement agency and, if not, the reasons
Manager
for the decision.
5.19
At any stage of an investigation into a staff or elected member, if the
Human Resource
Fraud Complaint Manager or investigation team considers there may
Manager,
have been misconduct involved, the matter will be pursued under the
Chief Executive,
employee Misconduct and Disciplinary Policy or the Elected
Audit and Risk
Members Code of Conduct as appropriate. Information obtained from
Committee
the investigation into a possible criminal offence may be used for the
investigation into misconduct.
5.20
The Fraud Complaint Manager will advise the complainant of the
Fraud Complaint
Doc set:
8
outcome of the investigation, unless the complaint was anonymous.
Manager
5.21
The Mayor and Audit and Risk Committee will be advised of the
Chief Executive
outcome of any investigation.
5.22
Post-investigation assessments will be carried by the Fraud
Fraud Complaint
Complaint Manager in coordination with relevant managers to identify
Manager
and rectify any weaknesses of fraud controls and to update the Fraud
Control Plan as appropriate.
Investigation Process
Cost recovery
Evidence provided
Crime
to appropriate
enforcement agency
Yes
Investigation under
Preliminary
Misconduct and
Complaint
verification of facts
Investigation
Staff
Disciplinary Policy
received and
Investigation
Sufficient
and legal advice by
Team
relevant parties
Conducted
evidence?
Complainant
Investigation
Established
notified
Who?
advised of
Coordinator/s
Misconduct
outcome
Investigation under
Elected Members
No
Elected
Code of Conduct
Elected
Member
Policy
Member
6
Disciplinary and remedial actions
6.1
Where a criminal investigation has been carried out and information
provided to a law enforcement agency, any criminal action shall be
determined by that agency.
6.2
Where any misconduct or fraud has resulted in a loss of public funds
Chief Executive,
or resources, the Council will attempt to recover such loss from the
perpetrator whenever possible and practicable. Any penalty arising
from a law enforcement agency’s investigation will not preclude the
Council from seeking to recover any loss arising from the fraud from
the perpetrator.
6.3
Where recovery from the responsible party is not possible, recovery
Legal, Audit and
from Council’s insurers wil be sought.
Risk Manager
6.4
The Council shall cease doing business with and terminate any
Chief Executive,
contractual arrangement with any consultant, contractor, vendor or
Legal, Audit and
other party found to have attempted to defraud the Council unless
Risk Manager
there are compelling reasons not to do so. Any such reasons shall
be recorded in the Fraud Investigation File and reported to the Audit
and Risk Committee.
Doc set:
9
7
External Communications
7.1
The Fraud Complaint Manager shall notify the fraud, or suspected
Fraud Complaint
fraud, to Council’s external auditors and insurers.
Manager
7.2
With the approval of the Fraud Complaint Manager and the Chief
Chief Executive
Executive, all statements to the media or public regarding fraud shall
be made by the Communications Manager or Chief Executive.
Measurement and review
Measurement of the effectiveness of this policy will be undertaken through analysis of fraud
complaints. This policy will be reviewed every three years.
Definitions
Corrupt practice
The intentional offering, giving or soliciting, directly or indirectly, of
anything of value to influence improperly the actions of another party.
The purpose of corruption is generally for personal gain (not always
financial) by the individual.
Due diligence
The undertaking of reasonable verifications and precautions to identify
or prevent foreseeable risks.
External Advisor
The independent member appointed to the Council's Audit and Risk
Committee.
Fraud
Fraud is an intentional act by one or more individuals among
management, those charged with governance, employees or third
parties, involving the use of caption to obtain an unjust or illegal
advantage for themselves or any other person, or to evade a liability to
the Council.
Fraud is not restricted to monetary or material benefits. It includes
intangibles such as status and information.
Examples of fraud covered by this policy include, but are not limited to,
the following:
• Theft, including cash, consumables and intangible assets;
• Forgery or alteration of a cheque, bank draft, financial or any other
document;
• Misappropriation of funds, securities, supplies, or other assets or
abuse of Council facilities for personal usage;
• Impropriety in handling the reporting of money or financial
transactions;
• Intentional misstatement of financial information or other reporting
of Council performance;
• Claiming pay or reimbursement of expenses not incurred for
legitimate Council purposes;
• Profiteering as a result of insider knowledge of Council activities;
• Disclosing confidential and proprietary information to outside
parties;
• Accepting or seeking anything of material value from contractors,
vendors or persons providing services, goods or materials to
Council;
Doc set:
10
• Using a false identity to obtain some benefit;
• Employing acts of bribery, corruption or coercion to benefit oneself;
• Unauthorised destruction, removal or inappropriate use of records,
information systems, furniture, fixtures, and equipment.
Corruption
means the lack of integrity or honesty (especially susceptibility to
bribery) or the use of a position of trust for dishonest gain. It includes
foreign and domestic bribery, coercion, destruction, removal or
inappropriate use or disclosure of records, data, materials, intellectual
property or assets, or any similar or related inappropriate conduct.
Within this definition, corrupt conduct includes but is not limited to:
• any person who has a business involvement with Council,
improperly using, or trying to improperly use, the knowledge,
power or resources of their position for personal gain or the
advantage of others, for example, fabrication of business travel
requirements to satisfy personal situations,
• knowingly providing, assisting or validating in providing false,
misleading, incomplete or fictitious information to circumvent
Council procurement processes and procedures to avoid further
scrutiny or reporting,
• disclosing private, confidential or proprietary information to outside
parties without implied or expressed consent, and
• accepting or seeking anything of material value from contractors,
vendors, or persons providing services or materials to Council (see
Council’s Sensitive Expenditure Policy).
Misconduct
Refers to any misconduct or serious misconduct as defined in the
Council's Misconduct and Disciplinary Policy.
Sensitive Positon
Position held involving handling of stock, assets, money, information,
financial or treasury functions and/or influence over significant
decisions.
Doc set:
11