Part 2: Detailed results for tertiary education institutions
Preventing fraud
Having the right framework to prevent fraud means having a code of conduct and policies about fraud, protected disclosures, receiving gifts, and using credit cards. It means making it safe and easy for staff to talk about fraud and raise any concerns or suspicions. It also means having fraud controls that are reviewed regularly, carrying out due diligence checks of suppliers, doing pre-employment screening, and providing staff with fraud awareness training.
Code of conduct and policies
Most respondents said that their tertiary education institution had a fraud policy (88%) and a code of conduct (91%). The affirmative response rate for the fraud policy question was one of the highest in the survey. The percentages dropped when respondents were asked whether these were regularly communicated – 76% said they received regular communication about their fraud policy, and only 67% were regularly reminded about their code of conduct. Although tertiary education institutions could communicate their fraud policy more regularly, the 76% affirmative response rate was the highest in the survey for this question.
All public entities are required to have a protected disclosures policy. Most respondents (82%) said that their tertiary education institution had a protected disclosures policy. Again, this was one of the highest results for this question.
Most respondents (85%) said that their tertiary education institution had a clear policy on accepting gifts or services. However, this question in the survey still generated significantly more "free text" responses than any other question. It was clear to us that many respondents have unanswered questions, regardless of the clarity of their policy. In our view, the most important matter is the conflict of interest risk – tertiary education institution staff should always decline a gift if accepting it could influence, or be seen as influencing, their decision-making. And gifts need to be recorded in a gifts register.
Clear and consistent policies, and messages about those policies, can prevent inappropriate behaviour, provide guidance to all staff, and ensure that everyone understands their role in, and responsibility for, preventing fraud.
Most (80%) of the tertiary education institution respondents said that they have a designated person who is responsible for dealing with fraud. This is a higher percentage than the result for the central government sector and the public sector overall.
Environment receptive to conversations about fraud
Most respondents (87%) worked in an environment where staff were encouraged to raise concerns. A slightly higher percentage (90%) said that they could do so knowing that their concerns would be taken seriously and without fear of retaliation. The percentage answering "Yes" to this question was higher in the wider central government sector and the public sector overall (95%).
To build an effective anti-fraud culture, it is important that people have confidence in each other and in management to respond appropriately to any incidents. Respondents in tertiary education institutions were almost as likely as others in the public sector to have confidence that managers understood their responsibilities for preventing and detecting risks of fraud and corruption (84% for tertiary education institutions, 89% for the public sector overall).
However, respondents in tertiary education institutions were much less likely to have confidence in other employees. When presented with the statement, "I am confident that other employees understand their responsibilities for preventing and detecting the risks of fraud and corruption", only 58% chose "Yes". This was one of the lowest response rates to this question (for example, the rate for the wider central government sector was 70%, and for all respondents it was 73%).
Question 9: I am confident that other employees understand their responsibilities for preventing and detecting the risks of fraud and corruption.
Fraud controls
Fraud most commonly occurs when controls are inadequate and when staff do not comply with policies and procedures. Although entities should be able to trust their employees to do the right thing, having trusted employees is not a fraud control. The likelihood of being discovered is often a strong deterrent for those contemplating wrongdoing, so internal controls and culture play a critical role in preventing and detecting fraud.
The pace of change in many work environments means that the process of ensuring that fraud controls align with the business should be an ongoing exercise.
Nearly four-fifths of respondents said that their tertiary education institutions regularly reviewed their fraud controls. Although the percentage (79%) was higher than that of the wider central government sector (70%) and all public entities (67%), it could still mean that some of the fraud controls are no longer effective. Systems and processes change over time, so fraud controls need to be reviewed annually or every two years.
Due diligence checks and pre-employment screening
Many frauds occur through the use of fake suppliers and suppliers with a close personal relationship with an employee. Carrying out due diligence checks can help to mitigate the risk that suppliers can pose. Some examples of due diligence checks are:
- removing unused suppliers from the system;
- requesting references or credit checks; and
- regularly monitoring the changes to supplier details.
The proportion of tertiary education institution respondents who said that due diligence checks were carried out (56%) was higher than the result for the wider central government sector (51%) and the whole public sector (48%). In our view, all public entities should be carrying out due diligence checks on new suppliers.
Most often, it is trusted employees who commit fraud. Trusting employees is important, but to trust without first ensuring that it is appropriate to do so exposes tertiary education institutions to unnecessary risk.
Tertiary education institutions appear to be less cautious than other public entities, with a lower percentage of respondents (49%) saying that new employees undergo pre-employment screening that includes a criminal history check.
Fraud awareness training
Even the most diligent employees might not identify a fraud if they have not had training. Knowing where to look and what to look for can be difficult. Only 38% of tertiary education institution respondents had received fraud awareness training at their current workplace. For more than a quarter of those who had been trained, the training occurred more than two years ago.
By combining due diligence checks with awareness training and internal controls, any entity can foster a strong anti-fraud culture. Raising awareness of fraud helps build a culture that is receptive to fraud conversations and encourages employees to come forward if they suspect anything.
Greater risk during tougher economic times
We note that 69% of all respondents did not feel that their entity had a change in risk because of the current economic climate. Experience internationally generally confirms that recessionary economic climates – when staff feel less secure in their employment and increasingly under pressure – present a greater fraud risk. Fraud increases because of "need" rather than "greed".
At the time of our survey, tertiary education institution employees continued to feel secure in their job (92%), which is positive. However, the current economic climate has increased the pressure to perform, with 77% saying that they felt they needed to achieve higher targets with fewer resources. This was higher than other central government entities (73%) and higher than the public sector overall (66%).
Questions 1 to 15 in Appendix 1 set out the survey response data about fraud prevention.
Detecting fraud
Responding to risks
Survey participants were asked whether their entity takes proactive steps to reduce any risks when fraud or corruption risks are raised. The proportion of "Yes" responses was a little higher among tertiary education institution respondents (96%) than wider central government respondents (94%) and all public sector respondents (87%).
Monitoring credit card spending
Tertiary education institution respondents said that their organisation was closely monitoring credit card spending. The rate of "Yes" responses (96%) was slightly higher than it was for other central government respondents (94%) and all public sector respondents (90%).
Monitoring staff expenses
Most tertiary education institution respondents were also certain that their organisation closely monitored staff expenses. The rate of "Yes" responses (95%) was comparable to the rate of 97% for other central government respondents and for all public sector respondents.
Whistleblower hotlines
Nearly a quarter (24%) of the tertiary education institution respondents said that their organisation had a whistleblower hotline (such as a dedicated telephone number or other mechanism for staff to report unacceptable behaviour). This was a markedly higher percentage than that reported for the wider central government sector (15%) and for all public entities (12%).
Questions 16 to 22 in Appendix 1 set out the survey response data about fraud detection.
Responding to fraud
Telling staff about incidents of fraud
Only 13% of the tertiary education institution respondents said that their senior managers told all staff about incidents of fraud (compared with 28% and 29% for the wider central government sector and for all public entities). More than half said that senior managers did not do this, and a third of the respondents did not know.
Communicating with staff is vital in raising awareness about fraud. Greater awareness makes it easier for staff to be vigilant, can confirm the organisation's "zero tolerance" approach to fraud, and helps to maintain an environment where it is easy for staff to speak up about risks and raise any concerns.
Referring suspected fraud to the appropriate authorities
About three-quarters of respondents expected that suspected fraud would be reported to the appropriate authorities. In reality, only 39% of the most recent incidents of fraud were reported to the appropriate authorities.
We know that many entities are reluctant to bring criminal charges against their employees, because of materiality – but also because of the time and costs of preparing a case, resolving matters in the courts, and a perception that fraud is a low priority for the Police.
However, all public sector entities are expected to consider reporting fraud to the appropriate authorities. We encourage all tertiary education institutions to do this.
Any decision made not to report or respond to fraud can erode staff confidence in the senior management team. It can create a perception that managers are not committed enough to preventing fraud and discourage staff from reporting their concerns. Taking no action when fraudulent behaviour occurs also increases the risk that an employee suspected of committing fraud could move to another public entity and continue their dishonest behaviour.
Credit card and expense claim fraud
Respondents were confident that their tertiary education institution would take inappropriate credit card spending seriously and discipline the person involved (88%). This affirmative response rate was a little higher than that of respondents in the wider central government sector (86%) and the public sector overall (83%).
Tertiary education institution staff were asked whether inappropriate expense claims were taken seriously and resulted in disciplinary action. The affirmative response rate of 85% was very close to the 86% response rate of those in the wider central government sector and the public sector overall.
Most respondents (90%) were confident that their tertiary education institution would take action to recover any misappropriated funds. This positive response rate was similar to that of respondents in the wider central government sector (91%) and of all of the public sector (93%). A clear process to recover funds shows the seriousness with which fraud is taken. In our view, chief executives and senior managers need to send clear messages that they will seek to recover any misappropriated funds.
Questions 23 to 31 in Appendix 1 set out the survey response data about fraud responses.
page top