NSW Audit Office - Better Practice - 1994 - Fraud Control Volume 2: Strategy

Appendix 1: Guidelines for Auditors & Managers on Fraud Control

The Role and Responsibilities of External Audit

Responsibility for the prevention and detection of fraud is an important issue which needs to be addressed and articulated to management and auditors alike. Unfortunately, the matter of responsibility often seems to be raised only after the occurrence of fraud rather than being utilised as a method of prevention.

Research suggests that many users of financial reports misunderstand the auditor's role and are unaware of the limitations of the audit function. Many members of the community hold inappropriate and unrealistic expectations about the work performed by an auditor. This often leads to confusion about the responsibility of management and the auditor and is sometimes expressed as the "audit expectation gap".

Within the general accounting profession, guidance on the matter of responsibility is firmly established in the Australian Accounting Standards.

Statement of Auditing Standards AUS1 defines the auditor's responsibility as follows:

in forming an opinion on the financial information, auditors perform procedures designed to obtain reasonable assurance that the financial information is properly stated in all material aspects. Because of the test nature and other inherent limitations of an audit, together with the inherent limitations of any system of internal control, there is an unavoidable risk that even some material misstatement may remain undiscovered. However, any indication that some fraud or error may have occurred which could result in material misstatement would cause auditors to extend their procedures to confirm or dispel their suspicions.

More specific guidance can be found in the detailed Statements of Auditing Practice (AUP), and in particular from AUP 16 - The Auditor's Responsibility for Detecting and Reporting Irregularities including Fraud, Other Illegal Acts and Error.

AUP 16 (11) states that:

the auditor is not legally or professionally responsible for preventing irregularities. The responsibility for the prevention of irregularities rests with the governing body through the implementation and continued operation of an adequate internal control structure in order that it might derive there from reasonable assurance that irregularities are prevented as far as is possible, and detected should they occur. Such a structure reduces but does not eliminate the possibility of irregularities.

AUP 16 (12) further states:

the primary responsibility for the detection of irregularities rest with the governing body; its role in detection is an extension of its role in prevention.

AUP 16 firmly indicates that the responsibility to prevent and detect fraud lies with management and not the auditor. It is essential that managers, when carrying out their duties, be aware of possible irregularities because fraud prevention is an integral part of good management.

The auditor's duty does not require a specific search for fraud to be undertaken. However, an auditor will seek reasonable assurance that irregularities which may be material to the financial statements have not occurred or that, if they have occurred, the effect is properly recorded in the financial statements or corrected. This is highlighted in AUP 16 (13 & 19):

notwithstanding the responsibilities of the governing body, the auditor has a legal and professional duty to exercise reasonable skill and care with respect to the planning and conduct of the audit so as to have a reasonable expectation of detecting material misstatements arising as a result of irregularities. (13)

the auditor should plan and perform the audit to reduce audit risk, that is, the risk that an auditor may express an inappropriate opinion on financial information that is materially misstated. (19)

This defines the current standards as at the time of preparing this Guide. These standards have been revised in light of recent professional developments arising out of sources such as the 1992 case of AWA Ltd v. Daniels t/a Deloitte Haskins & Sells & Ors.

Clearly the responsibility for the prevention of fraud and irregularities rests with management, and management fulfils this responsibility through the implementation and continued operation of a suitable internal control structure.

The primary duty of the auditor is to determine the truth and fairness of the accounts with reference to materiality. In forming an opinion the auditor carries out procedures designed to obtain evidence that will provide reasonable assurance that the financial information is properly stated in all material respects. Auditors should plan the audit so that there is a reasonable expectation of detecting material misstatements in the financial information which may result from fraud or irregularity.

The Role and Responsibilities of Internal Audit

Depending on their professional affiliations an internal auditor may not belong to the same professional bodies as external auditors. Hence different professional standards may apply.

However, the Institute of Internal Auditors (Australia) Members' Handbook carries similar provisions. It states:

The principal mechanism for deterring fraud is control. Primary responsibility for establishing and maintaining control rests with management.

Internal auditors are responsible for assisting in the deterrence of fraud by examining and evaluating the adequacy and the effectiveness of control, commensurate with the extent of the potential exposure/risk in the various segments of the organisation's operations.

The possibility of material irregularities or non compliance should be considered whenever the internal auditor undertakes an internal auditing assignment.

In essence, on the aspect of responsibility to prevent fraud the Institute of Internal Auditors follows the Australian Accounting Standards and firmly places the responsibility to prevent fraud with management.

In relation to the prevention of fraud Public Accounts Committee report no. 71 titled Internal Audit in the NSW Public Sector (June 1993) recommended that fraud control strategies and systems should be made a top priority for review by internal audit. It becomes management's responsibility to ensure their fraud control strategy is regularly reviewed by having this task included in the agency's internal audit plan. The Committee also clearly stated that "the chief executive officer and line management have a responsibility to put in place systems to combat fraud and corruption."

None of this should suggest that audit (either internal or external) cannot and should not make significant contributions to the prevention and detection of fraud. Indeed they can, and should assist in this regard. Internal audit in particular is very well placed to play a major role in the agency's task of developing, implementing and maintaining an effective fraud control strategy.

However, it has been clearly established that management must take the lead and must ultimately take prime responsibility for ensuring that the agency has done all that is required.

Appendix 2: A Selection of Common Methods and Types of Fraud

payment for work not performed
forged endorsements
altering amounts and details on documents
collusive bidding
overcharging
writing off recoverable assets or debts
unauthorised transactions
selling information
altering stock records
altering sales records
cheques made out to false persons
false persons on the payroll
theft of official purchasing authorities such as order books
unrecorded transactions
transactions (expenditure/receipts/deposits) recorded for incorrect sums
cash stolen
supplies or equipment stolen or borrowed without authority
IOUs used in petty cash
substituting old goods for new
sales not recorded at all
false official identification used
damaging or destroying documentation
using copies of records and receipts
using imaging and desktop publishing technology to produce apparent original invoices
charging incorrect accounts with amounts stolen
transferring amounts between accounts frequently
delayed terminations from payroll
bribes
overclaiming expenses
skimming odd cents and rounding
running a private business with official assets
using facsimile signatures
false compensation and insurance claims
stealing of discounts
selling waste and scrap

Appendix 3: Possible Indicators of the Existence of Fraud

missing expenditure vouchers and unavailable official records
crisis management coupled with a pressured business climate
profitability declining
excessive variations to budgets or contracts
refusals to produce files, minutes or other records
related party transactions
increased employee absences
borrowing from fellow employees
an easily led personality
covering up inefficiencies
lack of Board oversight
no supervision
staff turnover is excessive
figures, trends or results which do not accord with expectations
bank reconciliations are not maintained or can't be balanced
excessive movement of cash funds
multiple cash collection points
remote locations
unauthorised changes to systems or work practices
employees with outside business interests or other jobs
large outstanding bad or doubtful debts
officers with excessively flamboyant characteristics
employees suffering financial hardships
placing undated/postdated personal cheques in petty cash
employees apparently living beyond their means
heavy gambling habits
signs of drinking or drug abuse problems
conflicts of interest
lowest tenders or quotes passed over with scant explanations recorded
employees with an apparently excessive work situation for their position
managers bypassing subordinates
subordinates bypassing managers
excessive generosity
large sums of unclaimed pay
large sums held in petty cash
lack of clear financial delegations
secretiveness
apparent personal problems
marked character changes
excessive ambition
apparent total lack of ambition
poor morale
excessive control of all records by one officer
poor security checking processes over staff being hired
unusual working hours on a regular basis
refusal to comply with normal rules and practices
personal creditors appearing at the workplace
non taking of leave
excessive overtime
large backlogs in high risk areas
lost assets
unwarranted organisation structure
absence of controls and audit trails

Appendix 4: Random Selection of Good Management Practices Which May Assist in Combating Fraud

all income is promptly entered in the accounting records with the immediate endorsement of all cheques.
regulations governing contracts and the supply of goods and services are properly enforced.
accounting records provide a reliable basis for the preparation of financial statements.
controls operate which ensure that errors and irregularities become apparent during the processing of accounting information.
a strong internal audit presence.
management encourages sound working practices.
all assets are properly recorded and provision is made for known or expected losses.
accounting instructions and financial regulations are available to all staff and are kept up to date.
effective segregation of duties exists, particularly in financial, accounting and cash/securities handling areas.
close relatives do not work together, particularly in financial, accounting and cash/securities handling areas.
creation of an agency climate to promote ethical behaviour.
act immediately on internal/external auditor's report to rectify control weaknesses.
review, where possible, the financial risks of employees.
set standards of conduct for suppliers and contractors.
maintain effective security of physical assets; accountable documents (such as cheque books, order books); information, payment and purchasing systems.
review large and unusual payments.
perpetrators should be suspended from duties pending investigation.
proven perpetrators should be dismissed without a reference and prosecuted.
query mutilation of cheque stubs or cancelled cheques.
store cheque stubs in numerical order.
undertake test checks and institute confirmation procedures.
develop well defined procedures for reporting fraud, investigating fraud and dealing with perpetrators.
maintain good physical security of all premises.
randomly change security locks and rotate shifts at times (if feasible and economical).
conduct regular staff appraisals.
review work practices open to collusion or manipulation.
develop and routinely review and retest data processing controls.
regularly review accounting and administrative controls.
set achievable targets and budgets, and stringently review results.
ensure staff take regular leave.
rotate staff.
ensure all expenditure is authorised.
issue accounts payable promptly and follow up any non-payments.
conduct periodic analytical reviews to highlight variations to norms.
take swift and decisive action on all fraud situations.
ensure staff are fully aware of their rights and obligations in all matters connected with fraud.

Appendix 5: Independent Commission Against Corruption

Effective Reporting of Corrupt Conduct Within Government Departments & Agencies

Introduction

Section 11 of the Independent Commission Against Corruption Act 1988 requires the principal officer of a government department or agency to report suspected cases of corrupt conduct to the Commission. Reporting is generally to be immediate, although recently issued guidelines provide for special reporting arrangements to be agreed between the Commission and individual departments or agencies. This duty cannot be delegated. As the principal officer can only report cases of which s/he is aware, s.11 implies an obligation to maintain an adequate internal reporting system which will ensure s/he becomes aware of these cases.

Good management practice would in any event impose such a requirement. However, the need for s.11 reports to be timely means that the principal officer must be notified more or less immediately even where, for example, the internal audit or investigation branch of the organisation is capable of taking appropriate action for an initial period without his or her involvement.

Each government department and agency should develop an internal reporting system appropriate to its particular structure and functions. To assist government departments and agencies in this task, the Commission has developed a suggested approach which it hopes will assist in the construction of effective internal reporting systems.

The approach is based upon several assumptions about the structure and internal dynamics of government departments and agencies, and likely obstacles to adequate internal reporting. These will now be briefly set out.

While this model may not apply to all government departments and agencies, particularly those employing relatively small numbers of people, it is useful to think in terms of a hierarchy with four levels.

Principal Officer (Head)
Senior Managers
Middle Managers and Supervisors
Staff

The work of many departments and agencies, especially those which provide a service to substantial numbers of people across the State, is organised regionally although ultimately controlled by the head. In these organisations, many at levels 3 and 4, and possibly level 2, work at regional sites geographically separated from the principal officer and most senior managers.

Corrupt conduct may occur at any level. It also may be syndicated - either on one level or across more than one level. The possible involvement of middle managers and supervisors, who may be the only "management" at a regional site, must not be overlooked.

There are organisational, cultural or systemic factors which inhibit the reporting of corrupt conduct or the timely referral of reports through the appropriate channels to the principal officer.

These include:

Cultural antipathy to "dobbing in your workmates".
A tendency at all levels of an organisation to accept long standing practices, even where they may involve or facilitate corrupt conduct. Examples include receipt of gifts, entertainment or favours, and procurement and tendering procedures.
Immediate supervisor's possible involvement or association with those involved.
Disinclination to report if past experience has shown that "nothing happens" and/or that those who report receive negative treatment, for example being labelled as "troublemakers".
Insulation of principal officer and senior management from level 4 employees.
Lack of clear and appropriate rules for referral and/or action where corrupt conduct is suspected.

Baseless complaints made to injure the person(s) implicated or to divert attention may be an additional problem.

An Effective Internal Reporting System

The Commission suggests that the following approach be taken into consideration when constructing an internal reporting system:

In small organisations, direct reporting to the principal officer may be appropriate. In large or decentralised organisations, a system of direct reporting to the principal officer may make excessive demands upon his or her time. Where the principal officer does not have regular operational contact with most sectors of the organisation, full and timely reporting may also be inhibited.

Where reporting is not to be direct to the principal officer, a senior manager with ready access to the principal officer (perhaps the Internal Audit Manager or equivalent, unless the organisation has a dedicated "anti-corruption coordinator") should be nominated as "collection point" for reports of suspected corrupt conduct. This person must have a complete understanding of the s.11 requirements as well as any special reporting arrangements which have been agreed with the Commission.

The principal officer must make appropriate arrangements to receive timely briefings from the nominated senior manager, bearing in mind that the s.11 duty cannot be delegated. Oral briefings should be accompanied by a written summary to ensure accurate transmission of complaints and enable appropriate records to be kept.

Complaints or reports by current employees should generally be made to the employee's immediate supervisor. Supervisors must be required to maintain confidentiality and in turn report the matter immediately to the nominated senior manager. Complainants should be encouraged to provide a written summary of the complaints. If the complainant is unwilling to do so, supervisors should be required to make complete written notes of the complaint.

Employees must have legitimate fears about reporting to an immediate supervisor, even where the complaint does not involve the supervisor. Therefore, there must be an alternative channel for confidential reporting direct to the nominated senior manager or, where the report involves the nominated senior manager, to the principal officer.

Employees should be encouraged not to make complaints anonymously. The most effective encouragement is likely to be an accurate perception by employees that confidentiality will be maintained. It should also be emphasised that anonymous complaints may be difficult to pursue if further information is required, and prevent report-back to the complainant. However, it must not be assumed that anonymous complaints are baseless. Section 11 requires reporting to the Commission of all matters which the principal officer "suspects on reasonable grounds" may involve corrupt conduct. As genuine complainants may have very good reasons for wishing to remain anonymous, anonymous complaints must receive due consideration.

Employees should be advised that a complaint of corrupt conduct may be made directly to the Commission where the employee does not wish to report the matter to their immediate supervisor, the nominated senior manager or the principal officer. There may well be legitimate reasons why an employee, particularly a junior employee, would prefer to make a complaint direct to the Commission. The Commission has received a number of complaints of substance, including anonymous complaints, from employees who have not reported the matter internally.

It is important that complainants recognise that their complaints have been considered and that appropriate action has been taken. This is particularly so in the case of complaints or reports by current employees due to the factors which may inhibit the making of these complaints. Complainants, unless anonymous, should be advised of the eventual outcome in all cases.

Where the complainant is not a current employee, the Commission would prefer that s/he not be advised of a referral to the Commission until the Commission reports back to the department or agency, thereby helping to avoid prejudice to investigation or undue hurt or embarrassment to persons whose involvement may ultimately not be established, or be benign. Where the complainant is a current employee, the Commission believes that the particular need to encourage such internal reporting warrants confidential advice to the employee that the matter has been referred, thereby avoiding the impression that no action has been taken on the matter.

A concise, accurate and readable summary of internal reporting arrangements should be prepared and distributed to all employees and should be regularly publicised; for example on noticeboards and in internal newsletters.

Perceptions by employees that they may be prejudiced in their employment or other wise by making genuine complaints or reports should be countered by emphasising the confidential treatment these will receive and the organisation's determination to minimise corrupt conduct. The summary should also contain a positive anti-corruption theme relevant to the organisation.

Appendix 6: NSW Privacy Committee

Data Protection Principles

The data protection principles endorsed by the Privacy Committee may be summarised as follows:

Principle 1: Collection of Information must be Lawful and Fair

Personal information should only be collected for a lawful purpose directly related to a function or activity of the agency.

Principle 2: Informed Consent

Personal information should normally be solicited directly from the individual concerned. At the time the information is collected, the individual should be advised why it is being collected, whether provision of the information is compulsory and what other parties will have access to the information.

Principle 3: Data Quality

Agencies should take reasonable steps to ensure that the personal information they collect is relevant, accurate, up-to-date and complete and does not intrude to any unreasonable extent upon the personal affairs of the individual concerned.

Principle 4: Data Security

Agencies should ensure that personal information is protected by appropriate security safeguards from loss, unauthorised access or misuse.

Principle 5: Openness

Any person has a right to know whether an agency holds personal information and, if so:

its nature and source
the main purposes for which it is used
the classes of persons about whom it is kept
the period for which the information is kept
the persons who are entitled to have access to it and
how to obtain access to it.

Principle 6: Access

A person has a right of access to personal information held by an agency, subject to exceptions provided in the Freedom of Information Act or other relevant law.

Principle 7: Correction of Records

Agencies should make any necessary corrections, deletions and additions to personal information to ensure it is accurate, up-to-date and complete. Agencies should, on request, add any reasonable statement a person wishes to see included in their record. Other recipients of the information should be informed about corrections.

Principle 8: Ensuring Data Quality Before Use

Agencies should take reasonable steps to ensure that information is relevant, accurate, up-to-date and complete before use.

Principle 9: Using Personal Information

Agencies should not use personal information for purposes other than for which it was collected except:

with the consent of the person
to prevent a serious threat to a person's life or health
as required or authorised by law.

Principle 10: Disclosing Personal Information

Agencies should not disclose personal information to other parties except:

with the consent of the person
to prevent a serious threat to a person's life or health
as required or authorised by law.

The recipient of the information can only use it for the purpose for which it was disclosed.

Principle 11: Sensitive Personal Information

Notwithstanding principles 9 and 10, information relating to ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership, health or sexual life should not be used for disclosure by an agency without the express written consent, freely given, of the individual concerned. Criminal history information may only be used and disclosed in accordance with the guidelines endorsed by the Privacy Committee.

A copy of the full text of the principles may be obtained from the Privacy Committee.

Appendix 7: Freedom of Information Act, 1989

Selected extracts relating to exemptions under the Act

Documents affecting law enforcement and public safety

4. (1) A document is an exempt document if it contains matter the disclosure of which could reasonably be expected:

(a) to prevent the investigation of any contravention or possible contravention of the law (including any revenue law) whether generally or in a particular case;

(b) to enable the existence or identity of any confidential source of information, in relation to the enforcement or administration of the law, to be ascertained;

(d) to prejudice the fair trial of any person or the impartial adjudication of any case;

(e) to prejudice the effectiveness of any lawful method or procedure for preventing, detecting, investigating or dealing with any contravention or possible contravention of the law (including any revenue law);

(f) to prejudice the maintenance or enforcement of any lawful method or procedure for protecting public safety;

(g) to endanger the security of any building, structure or vehicle;

(h) to prejudice any system or procedure for the protection of persons or property;

(i) to facilitate the escape from lawful custody of any person.

(2) A document is not an exempt document by virtue of subclause (1):

(a) if it merely consists of:

(i) a document revealing that the scope of a law enforcement investigation has exceeded the limits imposed by law; or

(ii) a document containing a general outline of the structure of a programme adopted by an agency for dealing with any contravention or possible contravention of the law; or

(iii) a report on the degree of success achieved in any programme adopted by an agency for dealing with any contravention or possible contravention of the law; or

(iv) a report prepared in the course of a routine law enforcement inspection or investigation by an agency whose functions include that of enforcing the law (other than the criminal law); or

(v) a report on a law enforcement investigation that has already been disclosed to the person or body the subject of the investigation; and

(b) if disclosure of the document would, on balance, be in the public interest.

(3) A document is an exempt document if it is a document that has been created by:

(a) the State Intelligence Group of the Police Service; or

(b) the Special Branch of the Police Service or the former Bureau of Criminal Intelligence.

(4) In this clause, a reference to the law includes a reference to the law of the Commonwealth, the law of another State and law of another country.

Document concerning operations of agencies

16. A document is an exempt document if it contains matter the disclosure of which:

(a) could reasonably be expected:

(i) to prejudice the effectiveness of any method or procedure for the conduct of tests, examinations or audits by an agency; or

(ii) to prejudice the attainment of the objects of any test, examination or audit conducted by an agency; or

(iii) to have a substantial adverse effect on the management or assessment by an agency of the agency's personnel; or

(iv) to have a substantial adverse effect on the effective performance by an agency of the agency's functions; or

(v) to have a substantial adverse effect on the conduct of industrial relations by an agency; and

(b) would, on balance, be contrary to the public interest.

Appendix 8: Independent Commission Against Corruption Act, 1988

Selected extracts relating to corrupt conduct

Corrupt conduct

7. (1) For the purposes of this Act, corrupt conduct is any conduct which falls within the description of corrupt conduct in either or both of subsections (1) and (2) of section 8, but which is not excluded by section 9.

(2) Conduct comprising a conspiracy or attempt to commit or engage in conduct that would be corrupt conduct under section 8(1) or (2) shall itself be regarded as corrupt conduct under section 8(1) or (2).

(3) Conduct comprising such a conspiracy or attempt is not excluded by section 9 if, had the conspiracy or attempt been brought to fruition in further conduct, the further conduct could constitute or involve an offence or grounds referred to in that section.

General nature of corrupt conduct

8. (1) Corrupt conduct is -

(a) any conduct of any person (whether or not a public official) that adversely affects, or that could adversely affect, either directly or indirectly, the honest or impartial exercise of official functions by any public official, any group or body of public officials or any public authority; or

(b) any conduct of a public official that constitutes or involves the dishonest or partial exercise of any of his or her official functions; or

(d) any conduct of a public official or former public official that involves the misuse of information or material that he or she has acquired in the course of his or her official functions, whether or not for his or her benefit or for the benefit of any other person.

(2) Corrupt conduct is also any conduct of any person (whether or not a public official) that adversely affects, or that could adversely affect, either directly or indirectly, the exercise of official functions by any public official, any group or body of public officials or any public authority and which involves any of the following matters:

(a) official misconduct (including breach of trust, fraud in office, nonfeasance, misfeasance, malfeasance, oppression, extortion or imposition)

(b) bribery

(d) obtaining or offering secret commissions

(e) fraud

(f) theft

(g) perverting the course of justice

(h) embezzlement

(i) election bribery

(j) election funding offences

(k) election fraud

(l) treating

(m) tax evasion

(n) revenue evasion

(o) currency violations

(p) illegal drug dealings

(q) illegal gambling

(r) obtaining financial benefit by vice engaged in by others

(s) bankruptcy and company violations

(t) harbouring criminals

(u) forgery

(v) treason or other offences against the Sovereign

(w) homicide or violence

(x) matters of the same or similar nature to any listed above

(y) any conspiracy or attempt in relation to any of the above.

(3) Conduct may amount to corrupt conduct under this section even though it occurred before the commencement of this subsection, and it does not matter that some or all of the effects or other ingredients necessary to establish such corrupt conduct occurred before that commencement and that any person or persons involved are no longer public officials.

(4) Conduct committed by or in relation to a person who was not or is not a public official may amount to corrupt conduct under this section with respect to the exercise of his or her official functions after becoming a public official.

(5) Conduct may amount to corrupt conduct under this section even though it occurred outside the State or outside Australia, and matters listed in subsection (2) refer to -

(a) matters arising in the State or matters arising under the law of the State; or

(b) matters arising outside the State or outside Australia or matters arising under the law of the Commonwealth or under any other law.

(6) The specific mention of a kind of conduct in a provision of this section shall not be regarded as limiting the scope of any other provision of this section.

Limitation on nature of corrupt conduct

9. (1) Despite section 8, conduct does not amount to corrupt conduct unless it could constitute or involve -

(a) a criminal offence; or

(b) a disciplinary offence; or

(c) reasonable grounds for dismissing, dispensing with the services of or otherwise terminating the services of a public official.

(2) It does not matter that proceedings or action for such an offence can no longer be brought or continued, or that action for such dismissal, dispensing or other termination can no longer be taken.

(3) For the purposes of this section -

"criminal offence" means a criminal offence under the law of the State or under any other law relevant to the conduct in question.

"disciplinary offence" includes any misconduct, irregularity, neglect of duty, breach of discipline or other matter that constitutes or may constitute grounds for disciplinary action under the law.

Appendix 9: Independent Commision Against Corruption

Guidelines for Reporting by Public Authorities of Possible Corrupt Conduct to the Commission

1. Introduction

Section 11(2) of the Independent Commission Against Corruption Act 1988 ("the Act") requires the Ombudsman, Commissioner of Police and heads of government departments and other agencies to report suspected corrupt conduct to the Commission. The requirement helps the Commission carry out its investigative work. It also helps the Commission carry out its corruption prevention and public education work by providing information on the range and extent of possible corrupt conduct.

Section 11(3) allows the Commission to issue guidelines on what matters need or need not be reported. Their purpose is to ensure that the reporting requirement assists the Commission to perform its functions as efficiently and effectively as possible.

While the Act makes the Commission the State's primary anti-corruption agency, the Commission is not solely responsible for detection, investigation and prevention of corruption. The Act does not modify obligations which may otherwise exist to report or refer matters to other bodies such as the police, the Department of Local Government or the Ombudsman. Reporting to such other bodies should not be delayed merely because suspected corrupt conduct has also been reported to the Commission, particularly where it may involve a criminal offence which should be reported to the police. It is equally important that reporting to the Commission not be delayed because a matter has been referred elsewhere, or for any other reason.

It is also important that reports to the Commission be made without advising the person(s) to whom the report relates, and without publicity. Confidential handling of reports helps avoid prejudice to investigations and hurt or embarrassment to persons whose involvement is ultimately not established, or is benign.

Where the complaint was originally received from outside the department or agency, the Commission would prefer that the complainant not be advised of the referral until the Commission reports back to the department or agency, or at some earlier time agreed with the Commission. Where the complaint is made by a current employee, however the Commission considers that the particular need to encourage such internal reporting warrants confidential advice to the employee that the matter has been referred, thereby avoiding the impression that no action has been taken on the matter.

Government departments and agencies must ensure that they have adequate internal systems for detection, preliminary investigation, reporting and prevention of corruption. The Commission itself cannot investigate every suspected instance of corrupt conduct. Whether the Commission becomes involved, and when, will depend upon a range of considerations including the capacity of the department or agency to deal effectively with the situation.

These guidelines are issued with this background in mind and on the basis of the Commission's experience to date. They are set out in four sections. These sections:

Explain the general reporting requirements in section 11(2);
Provide that some matters need not be reported to the Commission;
Explain how and when reports are generally to be made to the Commission; and
Explain special reporting arrangements which can be agreed between the Commission and the Ombudsman, Commissioner of Police, or head of a department or agency.

2. Explanation of the General Reporting Requirement in Section 11(2)

Whose duty to report?

Section 11(1) applies the duty to the Ombudsman, the Commissioner of Police, the "principal officer of a public authority" and "an officer who constitutes a public authority". "Public authority" is comprehensively defined in Section 3(1) of the Act to include all departments and agencies of state and local government. The "principal officer" is the person who heads the authority, its most senior officer or the person who usually presides at its meetings. The Commission should be contacted for advice if it is unclear who is the "principal officer".

Can the duty be delegated?

The duty to report belongs to the principal officer alone and cannot be delegated. Where another person is acting as principal officer during periods of leave or other absence, the duty applies to that person. The principal officer must ensure that there is an adequate internal reporting and referral system for him or her to find out about suspected instances of corrupt conduct.

While the details of this system are a matter for the principal officer, the Commission has prepared a separate document "Effective Reporting of Corrupt Conduct within Government Departments and Agencies" which it hopes will assist in its development.

What must be reported?

The section requires the reporting of:

"any matter that the officer suspects on reasonable grounds concerns or may concern corrupt conduct".

These matters must be reported to the Commission in spite of any duty of secrecy or other restriction on disclosure.

The words "suspects on reasonable grounds" can be understood as meaning that a matter must be reported if the officer has reason to consider there is a real possibility that "corrupt conduct" is or may be involved. Certainly proof is not necessary. Because a statutory duty is being performed, a good faith report is protected from defamation action, even if the suspicion on which it is based turns out to be groundless. See also Defamation Act 1984, s.17K.

What is "corrupt conduct"?

"Corrupt conduct" is defined in sections 7 to 9 of the Act. The definition is very broad and the essential elements set out below should not be regarded as a definitive statement. Reference should be made to the Act as indicated. Doubtful cases should be treated as if they involved "corrupt conduct", or advice should be sought from the Commission.

"Corrupt conduct" includes any dishonest or improper use of position by a public official and specifically includes misuse of information or material acquired in the course of official duties (even if the information or material is misused when the person is no longer a public official). "Corrupt conduct" also includes conduct by anyone which might lead directly or indirectly to the dishonest or improper use of position by a public official. These aspects of "corrupt conduct" are defined in section 8(1). "Public official" is defined in section 3(1) to include Ministers and others having public functions or duties as well as public sector employees.

"Corrupt conduct" also includes conduct by anyone which might directly or indirectly interfere with the carrying out by a public official of his or her functions where that conduct also involves any of a wide range of matters including for example official misconduct, bribery or violence. This part of the definition is in section 8(2).

Further points to note about "corrupt conduct" are:

"corrupt conduct" includes a conspiracy or an attempt to engage in "corrupt conduct";
"corrupt conduct" includes conduct which occurred before the Act commenced, on 13 March 1989;
it does not matter that a person or persons who were public official(s) at the time of the "corrupt conduct" are no longer public official(s); and
it may not matter that the conduct occurs outside New South Wales or Australia.

Relatively insignificant matters?

Relatively insignificant matters are excluded from the definition of "corrupt conduct" by section 9 of the Act. Conduct otherwise included in the definition is not "corrupt conduct" unless it could be or involve:

a criminal offence under New South Wales law or any other law which could apply in the particular circumstances; or
a disciplinary offence which could lead to disciplinary action under any law including regulations; or
reasonable grounds to dismiss or terminate the services of a public official.

It does not matter whether the passage of time, or changed circumstances such as resignation, mean that the person cannot now be charged with the criminal offence, disciplined or dismissed.

3. Matters which need not be reported

The general reporting requirement applies to matters no matter how old they are. However, the older a matter is the less likely that useful investigative work can be done or that the matter will help to understand current corruption problems. Nevertheless, the Commission may in some cases be able to take a matter further than other investigative agencies have been able to. "Serious" instances of past corrupt conduct will be of interest for corruption prevention and education work even if no further investigation is possible.

Therefore, the Commission has decided that matters which occurred before the commencement of the Act on 13 March 1989 should be reported only where each of the following circumstances applies:

the matter was handled without being referred to the police; and
the matter is "serious" because one of the following applies:

- The suspected conduct was part of an organised scheme.

- The suspected conduct was systematic or occurred over a long period.

- Any public official(s) involved were in senior or sensitive position(s).

- The suspected conduct could be or could have been a criminal offence or a disciplinary offence sufficient for dismissal.

- The person(s) involved obtained or expected to obtain money or other benefit or advantage which could not, in the particular circumstances, be regarded as merely token.

4. How and When to Report

Unless the Commission has consented to special reporting arrangements (see Part 5), these rules should be followed.

(a) The matter should be reported as soon as it comes to attention.

(b) If the matter is "serious" (see Part 3) or urgent, phone contact should be made with the Commission Secretary or the Senior Lawyer (Assessments). This can be followed by a conference if necessary.

(c) Otherwise, the report should be in writing. Where "serious" or urgent matters are reported by phone, a written report should follow as soon as possible unless otherwise agreed.

(d) The report should include, in relation to each matter:

- a short history and relevant documentation;

- details of action already taken and intended further action;

- if no further action is to be taken, the reasons for this; and

- details of any other bodies to which the matter has been or will be referred.

(e) A confidential means of transmission to the Commission should be used.

(f) Where further action is taken, the Commission should be kept informed of significant developments as they occur.

5. Special Reporting Arrangements

Particular instances of "corrupt conduct" may not require direct involvement or immediate action by the Commission. For example, "corrupt conduct" consisting of a minor disciplinary offence or an isolated incidence of theft will be adequately handled by the agency concerned or by the police. However, information about the conduct will still be useful for research and monitoring purposes and for corruption prevention work. Provided that a department or agency has adequate internal arrangements for detection, preliminary investigation and appropriate referral of corruption matters, the Commission may agree to abbreviated reporting at intervals for most matters covered by the general reporting requirements.

The Commission may, on request, agree to some or all of the following special reporting arrangements:

no requirement to report matters involving only a complaint or complaints considered to be frivolous, vexatious or not made in good faith;
no requirement to report matters which could only be or involve a disciplinary offence not serious enough to be grounds for dismissal;
the requirements of Part 4 to apply only to "serious" matters as defined in Part 3 above. In this case the remaining matters will be reported at agreed intervals and initially without documentation other than a short history. Where the Commission agrees to special reporting arrangements, it is highly desirable that these arrangements be published in the Annual Report of the department or agency. Such arrangements will be referred to in the ICAC Annual Report.

Requesting special reporting arrangements

Requests for special reporting arrangements should be made in writing to the Commission Secretary as set out in the attached Schedule. The full reporting requirements of Part 4 continue to apply while requests are assessed.

The Commission already has informal special reporting arrangements with a number of organisations. These arrangements continue pending review.

Assessment of requests

All requests will be acknowledged promptly and assessed in order of receipt. Request will not be rejected, or proposed arrangements substantially modified, without full consultation with the agency concerned. Should the Commission receive a large number of applications, assessment may be delayed. The Commission will endeavour to advise agencies when a substantial delay is expected.

Schedule 1 - Requests for Special Reporting Arrangements

Requests for special reporting arrangements should be in the following form:

Guidelines under Section 11(3)

Request for Special Reporting Arrangements

Name of Organisation

Background Information

Date of creation
Statutory basis, if applicable
Responsible minister, if applicable
Whether subject to Annual Reports (Departments) Act 1985 or Annual Reports (Statutory Bodies) Act 1984
Major functions and work undertaken
Number of employees and brief profile of workforce and management structure
Brief qualitative and quantitative description of any corrupt conduct detected in the past 5 years, including reference to:

- disciplinary action taken and outcome;

- referrals to other bodies such as the police or the ICAC and outcome;

- organisational areas and management levels involved;

- any patterns or systematic features of the corrupt conduct.

Detection and Internal Reporting of Corrupt Conduct

Description of arrangements for internal reporting of corrupt including copies of any relevant instructions or similar material provided to staff at various levels.

Preliminary Assessment and Investigation

Description of resources available for preliminary assessment and investigation of suspected corrupt conduct.

Corruption Prevention Strategy

Description of organisation's corruption prevention strategy or other standing arrangements for minimisation of corrupt conduct, and total budgetary expenditure on anti-corruption activity including assessment and investigation.

Proposed Special Reporting Arrangements

Description of special reporting arrangements proposed, including suggested reporting intervals and form of documentation for "non-serious" matters. Reference should be made to any organisational features relevant to the arrangements proposed.

NOTES

1. Requests should be personally signed and dated by the principal officer.

2. The request should include the name and telephone number of a contact officer able to provide further information and make appropriate arrangements for consultation if required.

3. The text of the request should stand on its own without use of annexures except where specified in these guidelines or otherwise absolutely necessary.