We found that entities could make their organisations more fraud resistant if they raise staff awareness of risks, improve how they manage conflicts of interests, and better screen employees and suppliers.
The Standard describes building a strong anti-fraud culture as a key strategy for managing the risk of fraud. Messaging to staff can help entities build and maintain fraud resistant cultures. Entities should commit to a program to raise staff awareness of integrity policies. By tracking participation they can be sure staff are aware of risks, the controls that are in place, and their responsibilities.
We found entities have not established regular programs to raise and maintain staff awareness of fraud risks. None of the entities we reviewed had established a regular training program, or had kept records of staff participation. The questionnaire provided similar results, with 54% of entities advising they did not train staff in fraud risks and controls.
Some of the entities we reviewed have made efforts to raise staff awareness of fraud risks and integrity policies. We found:
- 3 entities had used training, forums, or newsletters to engage staff in managing fraud risks (Figure1)
- 2 entities had tailored the language in their Codes to make them easier for staff to understand. To explain conflicts of interest, Serpentine-Jarrahdale used plain English rather than text from legislation, and Katanning included “real world” examples.
All the entities we reviewed provided employees with key integrity policies at induction. However, none required staff to revisit the policies. The Standard recommends all employees confirm they understand and follow the Code, and other integrity policies, on a yearly basis. Results from our questionnaire suggest this is an issue across the sector, as 89% of entities told us they do not require staff to do this. Recording annual compliance would give entities a level of assurance that staff are regularly engaging with integrity policies and messages.
Three of the entities we reviewed did not capture all the conflicts of interest their staff may face. In line with legislation, entities record conflicts of staff and elected members on matters discussed by council. Entities also document financial, proximity and impartiality interests of elected members and senior staff.
However, processes are not in place to capture, assess and manage any other interests staff have that may conflict with their daily duties. Entities cannot be sure they appropriately manage all conflicts of interest (actual, potential or perceived), as they rely on individual business units to handle operational issues with no formal guidance or process. Staff need to be aware that they have a responsibility to declare any interests that could conflict with performing their public duties. Entities then need to capture and manage those declarations.
|Vincent and Serpentine-Jarrahdale have recently implemented processes to better capture all conflicts of interest. Both entities have developed registers to capture the conflict, and require a manager or executive to approve the management plan. During the audit, both entities provided staff with guidance on how and when to make a declaration.|
The entities we reviewed did not have adequate policies to screen staff or suppliers. Good screening controls would give entities some assurance of the identity, integrity and credentials of employees and suppliers.
None of the entities we reviewed had policies in place to screen staff. These findings are similar to those in our 2019 audit Verifying Employee Identities and Credentials.
Despite the lack of policy, 4 entities did retain copies of qualifications and identification. However, none consistently confirmed that qualifications were authentic or checked work histories. One entity did not engage in any police checks or do any checks beyond calling referees. Entities need consistently applied processes to confirm the identity, integrity and academic credentials of potential employees. The Standard also recommends entities screen all new employees and any employee transferring to an executive or high-risk area.
None of the entities we reviewed routinely screened their suppliers. Our questionnaire returned similar results, with less than 30% of respondents conducting media searches, police clearances or verifying directors’ details. Purchases over $150,000 are subject to tender which include some checks, including an ABN confirmation and receiving information on the financial position of the supplier. However, smaller purchases are not subject to this process.
To reduce fraud risks, the Standard recommends that entities verify the credentials of suppliers. Entities that have a large number of suppliers should consider a risk-based approach to screening to ensure appropriate use of resources.
 Our audit found only 3 of the 8 entities reviewed had policies to verify employee identities and credentials.