In December 2014, IBAC received a complaint alleging a Latrobe City Council employee was inflating the attendance records for an aged care community program. The program was used as the basis for funding from the Department of Health and Human Services. It was alleged this conduct amounted to obtaining a financial advantage by deception on behalf of the Council.
IBAC investigated allegations of:
- False records entered or otherwise altered in the Council's community program database
- Irregularities in the purchasing of foodstuffs and appliances that were designated for the program
- Misuse of a corporate purchasing card and handling of petty cash.
IBAC's investigation concluded that it was likely the Council employee deliberately overstated the services provided by the Council to obtain more than $900,000 in excess funding from the Department. It was also likely they used the community program's budget to obtain petty cash and groceries for personal use. However due to poor processes and systems, the lack of data quality assurance meant there was insufficient evidence for IBAC to proceed with a prosecution.
IBAC's investigation substantiated the allegation that the employee used Council funds to purchase several appliances for their personal use, and referred the matter to local police for prosecution. The employee was subsequently charged with three counts of theft. The matter was ultimately discharged on the basis that the accused had successfully completed a diversion plan.
IBAC identified a number of corruption vulnerabilities relating to internal reporting, purchasing procedures, asset management, cash handling and information security that contributed to this conduct continuing undetected by the Council for a number of years.
In March 2017, Latrobe Council provided a response to IBAC, outlining the key actions it had taken to address the corruption vulnerabilities identified in Operation Logan. These actions include:
- revising and strengthening its procurement policy
- developingtraining related to procurement policies and procedures
- reviewing procedures for purchasing cards and petty cash handling
- conducting a review of assets
- developing an independent record keeping system designed to identify and investigate irregularities
- strengthening information security processes and risk assessments
- strengthening protected disclosure procedures and Code of Conduct.
IBAC publishes responses to our investigations to inform the community about actions agencies advise they are taking, and to share learnings that may help other agencies improve their systems and practices to prevent corruption and misconduct.
The Council’s response is as follows:
Procurement procedures including purchase orders are raised prior to the issue of invoices, that the practice of using gift cards is reviewed, that expenditure on corporate cards is reconciled and that procurement decisions made by coordinators and managers are subject to appropriate oversight
An audit identified that a lack of oversight in purchasing and procurement allowed purchase orders to be raised after invoices were issued and a corporate credit card to be used to purchase supermarket gift cards for use by staff, without reconciliation of expenditure.
Council endorsed a revised Procurement Policy in September 2016 and the CEO endorsed an updated Procurement Operational Policy. All officers must comply with these documents when undertaking a procurement activity.
All requisitions are audited by the Procurement team, any non- compliance is registered on Council's non-compliance register and reported accordingly to the Executive team. The Procurement team also reports on purchase orders raised after an invoice is received. This report has been presented to Council's Executive team with the non-compliance register.
In addition, the Procurement team finalised a Procurement Fundamentals e-Learning platform. This training provides officers with the required training to undertake procurement activities on behalf of Council. The training is with the Learning & Development team for implementation. Additionally updates have been made to the requisition screen to enhance useability and to allow improved reporting access and compliance.
Link to ensuring purchase orders are being raised prior to standard reports have been developed around a range of procurement matters that are being produced for the Executive Team to review including tracking of purchase orders non-compliant and trending data.
A revised Purchasing Card Operational Policy has been developed and a process is in place that requires the approval of a General Manager before gift vouchers are purchased. The purchase of gift vouchers is still a requirement across the organisation and is often used for service awards. All individual purchase card statements are authorised by the next level of management and are collated and reconciled by the Finance Team where any compliance issues are identified and reported to the audit committee.
Petty cash handling
Petty cash handling protocols have changed significantly and the need for staff to handle cash has been reduced. However, it is important to ensure those changes are enforced and that cash handling procedures are monitored periodically to check for changes in practices.
Accounting Services to review petty cash procedures to ensure they adequately cover cash handling requirements. All petty cash custodians to be issued with the revised procedures.
A minor asset review was undertaken by the Finance Department in early 2016. The outcomes of the review identified there are two key areas within Council that have a higher volume of minor assets, these being IT and the Depot. It was also identified that both of these areas have current systems in place to record minor assets including a barcode/numbering system which enables identification and tracking of the assets and it was recommended that this be maintained. It was also recognised that the cost to maintain other asset registers and asset markings across the organisation for low value portable assets far outweighed the likely losses, concluding that the implementation of formal identification and marking of these assets was not recommended.
The outcomes of the review identified the need to develop a Minor Assets Operational Policy which will recommend the requirement that the costing of all minor assets purchased to one natural account to make it easier to identify purchased items and to undertake spot checks. Training has been implemented for the procurement team to identify asset purchases and to check that the correct allocation codes have been used, and a missing items register has been created to monitor possible losses for patterns and to identify the financial value.
Draft Minor Assets Operational Policy has been developed and is being reviewed by the Coordinator Accounting Services.
An audit identified that accurate record keeping practices and procedures could have allowed Council to detect irregularities in a timely manner.
An independent system has been implemented that will identify and investigate any irregularities. Whole-of-Department monthly reports are run and monitored by a Systems Officer, who is independent of the Direct Care Team (service delivery).
An audit identified sharing of passwords obviously compromises Council’s systems and the security and confidentiality of Council records.
In October 2016, Security Risk Assessment work was completed. Expecting to complete policy and procedures reviews and updates during November into December for endorsement by the Executive team. This will then enable the release to all existing staff via communications in January/February reminding people of their user obligations and getting all computer users to formally acknowledge that obligation. This will be accompanied by a full communication plan focusing on good security practice.
The card security components will be integrated with the staff termination process.
In February 2017, the action regarding password sharing is still outstanding. IT has a communications plan developed that will address a number of security risk elements including password sharing. A new security policy is being finalised following the recent Penetration Test which we aim to release before 31 March with a supporting communications campaign that will remind staff of their security obligations.
In February 2017, procedures relating to the issuing, tracking and recording of primary and temporary cards and their use, have been updated to address identified deficiencies and risks. The procedures will be tested quarterly to ensure officer compliance.
Will ramp up communication to address the password issue, highlighting obligation and risks staff present by breaching Policy.
Culture at Council
Organisational changes underway will provide staff with a better understand of complaint procedures, confident in the new management at Council, and willingness to report directly to more senior managers.
The Protected Disclosure Procedure was reviewed and approved by Council’s Executive team in July 2016. The updated procedure has been uploaded onto Council's website and intranet and promoted at the Senior Leader Team meeting to encourage sharing with their teams.
Contact details for the Protected Disclosure Coordinator have been updated on Council's website and intranet to reflect staff changes.
All staff that completed Fraud Training prior to October 2015 have been requested to complete the Fraud, Corruption & Protected Disclosure Awareness Training.
Protected Disclosure is also addressed as part of the Corporate Induction which is compulsory for all new staff.
A review of Latrobe's existing Code of Conduct was undertaken in the first quarter of 2016. The purpose of the review was to ensure the code was reflecting legislative requirements and was in a format that was easy to understand and comply with.
After a thorough consultation process, the code was approved by the Executive in May 2016 and published.
Latrobe's new values (accountable, trustworthy, collaborative, innovative) were launched by the Executive to the entire organisation in June 2016. The new code makes clear the organisation's expectation that employees must adhere to the new values. Furthermore, the new values form part of the organisation's performance management framework. During the employee's appraisal, the employee is required to demonstrate (via examples) how they have demonstrated each of the organisational values throughout the period of assessment. This then forms the basis of a conversation between employee and supervisor and the supervisor will provide the employee a rating.
Audit and risk management
An audit identified that appropriate risk and management strategies were not in place.
The Council's Risk Management Policy and Operational Policy have been endorsed and are now active. A high level Strategic Risk has been established "Council experiences a fraud or corruption event" and is currently rated as significant as assessed by the Executive Team, in accordance with Council's risk rating matrix.
In addition, each operational Business Unit will be developing an operational risk “ … Unit experiences a fraud or corruption event'”. These are being progressively established.
The fraud control plan and fraud policy will be presented to Council in March 2017 for adoption.
People and Culture are currently undertaking the business unit level risk assessment process. This will inform our fraud/corruption risks within the organisation.