Investigation summaries

Operation Franklin

IBAC investigated allegations an employee of Victoria University (VU) stole gift cards and falsified invoices to fraudulently obtain gift cards to the value of more than $650,000.

In November 2018, IBAC commenced an investigation into alleged corrupt conduct by an administrative employee of VU. It was alleged the employee used VU funds for the unauthorised purchase of EFTPOS-type gift cards.

Outcome

IBAC's investigation found the employee used university funds to obtain property by deception, namely EFTPOS gift cards, Coles Myer, Bunnings and iTunes gift cards, Cab charges, movie tickets and a mobile phone belonging to the University with a total value of over $650,000.

The employee was prosecuted by the Office of Public Prosecutions following IBAC's investigation and was sentenced in March 2020 to three years and six months imprisonment after pleading guilty to offences of misconduct in public office and obtaining property by deception and theft.

  • Operation Franklin identified a number of corruption vulnerabilities that enabled the employee to conceal her corrupt conduct, including issues related to supervision and oversight, finance systems and processes and staff awareness of corruption vulnerabilities.

    IBAC identified opportunities for VU to reduce the risk of fraud and corruption by reviewing and revising its policies, procedures and practices concerning procurement, financial performance management, as well as its corruption awareness training, complaints handling system, leadership and supervision.

    In March 2020, VU provided an initial response to IBAC, outlining the key actions it had taken and would take to address the corruption vulnerabilities identified in Operation Franklin. In October 2020, VU provided an update to IBAC regarding further progress made.

    IBAC publishes responses to our investigations to inform the community about actions agencies advise they are taking, and to share learnings that may help other agencies improve their systems and practices to prevent corruption and misconduct.

  • Procurement policies, systems and controls

    The University has reviewed its fraud and corruption control framework, the Compliance and Audit Risk Committee has endorsed the new policy and procedure, and it will be formally enacted and implemented. The University is confident that this will create greater clarity and accountability.

    The University's Director of Procurement has implemented new processes for use of gift cards, purchasing, approval, recording and reporting their purchase use and disposal. Procurement operating work instructions have been refined to include additional fraud detection checklists. The Purchasing Policy is being reviewed to incorporate additional improvements from the Fraud and Risk Assessment Review and Cyber Security Audit.

    Budget management and record keeping

    The University’s Director of Strategic Financial Solutions has updated the Credit Card Policy to forbid the purchase of gift cards in support of the changes outlined above, implemented by the Director of Procurement.

    The University has reviewed and implemented improvements for other forms of cash value cards, including phasing out of cab charges by June 2020.

    Financial Code of Conduct and Financial Delegation policies are already accessible to staff, and the University is implementing finance training for new starters on their financial responsibilities, which will also be available for existing staff. The approach will ensure that new starters do not get access to finance systems or credit cards and are not awarded a financial delegation until training is undertaken. Modules are being developed for incorporation into compulsory online training.

    Corruption awareness training and education

    Following the University's own investigation into this matter, a training workshop has been conducted for senior staff to assist them in identifying and dealing with incidents of fraud, corruption and other improper conduct, together with advice as to how such conduct can be minimised. The materials developed from this workshop are being incorporated into an online training module which will be compulsory for all staff.

    Complaints handling

    The University has procedures and guidelines which are designed to assist staff in identifying rights and obligations under the Public Interest Disclosure Act 2012. Aside from this, the University's formal complaints handling system was, prior to Operation Franklin, primarily designed to address complaints against staff which were behavioural in nature (bullying, harassment etc). The University has now amended its Fraud and Corruption Control Procedure to make it clear to staff and to others dealing with the University that the complaints handling system relates to any form of complaint, including complaints of corruption or other improper conduct. If a member of the University community has a suspicion of fraud or corruption, they must make a report via their immediate supervisor or the University's Fraud and Corruption Control Officer.

    Leadership and supervision arrangements, including reporting lines and accountability measures

    While it is not uncommon for the University to share staffing resources between areas, in the situation investigated by IBAC the supervision arrangements were inadequate. The University has updated its Financial Code of Conduct Policy to specify that authentication credentials used to validate an individual’s identity, such as passwords, private keys or tokens, must not be shared or provided to any other person.

    Purchase orders can only be approved by a financial delegate, through their own work email and/or finance system account. Executive Assistants are unable to approve purchase orders by having shared access to an Executive’s email account. Executives cannot delegate responsibility unless it adheres to what the University's systems and policies enable.

    Management Financial Reports incorporate both budgeted and actual performance. The reports are very comprehensive and provide sufficient detail to identify line item purchases. They are provided through the University ERP system with ‘real time’ data availability. The primary issue raised in this instance has been the use by management of this financial information. Further financial training will be made available to managers to assist them in utilising this information. Monthly and quarterly financial reporting and analysis is also provided by the finance team to assist managers with their fiduciary duties.

    A Fraud and Corruption Risk Audit was conducted in respect of the University's Financial Services Group by PricewaterhouseCoopers. The audit made, and the University accepted, five recommendations which related to:

    • Management of conflicts of interest
    • Ongoing identification, assessment and monitoring of fraud risks
    • Tracking of P2P compliance testing outcomes
    • System enhancements to improve audit trail and approvals
    • Enhanced training on fraud risks specific to procurement and finance.

    The University has selected a fraud risk continuous monitoring solution that meets the University's requirements. Implementation is expected to start in late October 2020 and be operational by January 2021.