IPART Fraud & Corruption Control Charter

Policy IPART

March 2020

i IPART IPART Fraud & Corruption Control Charter

Government Sector

Employment Act Part 2 Ethical Framework

Code of Ethics and Conduct for NSW government sector

employees

IPART Code of Ethics and Conduct

Conflicts of Interest Policy

Gifts and Benefits Policy

Public Interest Disclosure Policy

Fraud & Corruption Control

Charter

Fraud

Corrupt conduct Maladministration Serious and substantial waste Breach of GIPA

Discrimination, harassment and

bullying free workplace policy

Grievance Resolution Policy

Relationship to other Acts and policies for personal conduct or risk management

IPART Fraud & Corruption Control Charter IPART ii

© Independent Pricing and Regulatory Tribunal of New South Wales 2020 This work is copyright. The Copyright Act 1968 permits fair dealing for study, research, news reporting, criticism and review. Selected passages, tables or diagrams may be reproduced for such purposes provided acknowledgement of the source is included.

Inquiries regarding this document should be directed to a staff member: Ben Strate Chief Audit Executive (02) 9113 7745 Anthony Wallis Principal Risk Officer (02) 9113 7741

iii IPART IPART Fraud & Corruption Control Charter

From the CEO

IPART has zero tolerance for corrupt conduct, fraudulent activities or maladministration.

IPART will continue to promote a culture of honesty and integrity within our organisation and is committed to:

Minimising the opportunities for fraud and corrupt conduct to take place.

Implementing a robust, risk based approach to identify and manage opportunities for fraudulent activities to occur.

Detecting, investigating and disciplining fraud and corrupt conduct.

Reporting fraud and corrupt conduct to ICAC, the NSW Ombudsman or other external parties where appropriate.

Liz Livingstone

IPART Fraud & Corruption Control Charter IPART iv

Contents From the CEO iii

Contents iv

1 Introduction 5

2 Ethical framework 6 2.1 Ethical behaviour policies 6

3 Fraud and corruption control 8 3.1 Responsibility structures 8 3.2 Prevention systems 10 3.3 Fraud awareness 13 3.4 Third party management systems 15 3.5 Notification Systems 16 3.6 Detection Systems 19 3.7 Investigation Systems 20

5 IPART IPART Fraud & Corruption Control Charter

1 Introduction

Fraud typically occurs when a person undertakes wrongful or unlawful behaviour with the intention of achieving a financial or personal benefit. Similarly, corrupt conduct is typically associated with unlawful or unethical behaviour undertaken for personal benefit by a person in a position of power or influence.

The Fraud and Corruption Control Charter (FCCC) outlines IPART’s policies and procedures to manage the risks of fraud and corruption occurring within the organisation. The policies and procedures are proportional to the fraud and corruption risks relevant to IPART.

This document applies to all staff, including permanent and temporary employees, contractors and consultants. Information specific to Tribunal members’ obligations is also provided in the Disclosure of pecuniary interests and conflicts of interest – Protocol for Tribunal members.

IPART Fraud & Corruption Control Charter IPART 6

2 Ethical framework

IPART’s ethical framework is built around the following three key values: We act with integrity We earn trust We deliver excellence

Staff are expected to undertake their work in a way that upholds these values at all times. In addition to IPART’s core values, it is a requirement of the Government Sector Employment Act 2013 (GSE Act) that all government sector employees act ethically and in the public interest. All IPART staff should be familiar with the four government sector core values of Integrity, Trust, Services and Accountability, and the 18 principles that guide their implementation, as specified in Part 2 of the GSE.1

2.1 Ethical behaviour policies Additional policies that outline IPART’s ethical framework are available on the intranet include:

Code of Ethics and Conduct Conflicts of Interest Policy Gifts and Benefits Policy Public Interest Disclosure Policy

2.1.1 Induction process

At induction the following documents are provided to new staff and contractors:

Code of Ethics and Conduct

Public Interest Disclosure Policy User Security Awareness & Acceptable Use Policy

All new staff and contractors must provide the following sign-offs during the induction process:

Non-disclosure agreement Code of Ethics and Conduct Declaration Restricted Companies Declaration

1 Further information about the government sector core values is available from:

http://www.psc.nsw.gov.au/workplace-culture---diversity/workplace-culture/the-ethical-framework/ethical-framework

7 IPART IPART Fraud & Corruption Control Charter

2.1.2 Annual attestation

All Tribunal and Committee members, employees and contractors are required to annually attest that they have read and understood each of these documents:

Code of Ethics and Conduct Declaration Restricted Companies Declaration

IPART Fraud & Corruption Control Charter IPART 8

3 Fraud and corruption control

IPART’s Fraud and Corruption Control Charter is based on Standards Australia AS8001-2008 Fraud and Corruption Control and incorporates the ten attributes of fraud control contained in the NSW Auditor-General Better Practice Guide Fraud Control Improvement Kit (2015).

IPART’s Fraud and Corruption Control Charter has the following key attributes built around the following themes:

Table 3.1 IPART Fraud and Corruption Control Charter attributes

Planning Prevention Detection Response

Leadership Fraud control policy Ethical framework Responsibility structures

Prevention systems Fraud awareness Third party management systems

Notification systems Detection systems

Investigation systems

IPART’s Fraud and Corruption Control Charter will be reviewed, at a minimum every 2 years, or in response to material changes in the operating environment.

3.1 Responsibility structures

All staff have a role to play in fraud and corruption control.

IPART have designated the Principal Risk Officer as the Fraud Prevention Manager.

The Executive Leadership Team (ELT), Principal Risk Officer (PRO), Internal Audit and the Audit & Risk Committee must all understand the fraud and corruption risks facing IPART.

Specific responsibilities of staff include: Chief Executive Officer (CEO)

o Promote a culture of honesty and integrity within the organization.

o Demonstrate commitment and compliance to fraud and corruption control charter.

o Report to each Audit & Risk Committee (ARC) meeting about any incidents of actual or suspected fraud.

Senior Executives

o Promote an ethical culture.

o Implement and monitor the fraud and corruption control charter within their operations of the organisation.

9 IPART IPART Fraud & Corruption Control Charter

Executive Officer

o Public Interest Disclosure Coordinator ICT, Contracts and Procurement Manager

o Responsible for monitoring and reporting on IPART’s compliance with NSW procurement requirements2 and NSW Cyber Security Policy requirements.

Audit and Risk Committee3

o Review IPART's Fraud & Corruption Control Charter.

o Monitor the effectiveness of IPART’s processes and systems in place to capture and effectively investigate fraud related information.

Chief Audit Executive, Director Corporate Services and HR Manager

o Provide support to the PRO to undertake projects or investigations relating to fraud and corruption.

Principal Risk Officer (PRO) / Fraud Prevention Manager

o Provide leadership in risk management and fraud and corruption prevention.4

o Maintain IPART’s fraud control framework and undertake projects to implement the framework within the organisation.

o Deliver risk management across IPART including fraud and corruption risks.

o Provide advice and assistance to staff and managers. Internal audit plays a key role in the detection and prevention of fraud and

corruption by:

o Conducting risk-based internal audit planning including areas of high fraud risk.

o Risk-based audit approach.

o Evaluating the potential for the occurrence of fraud and how the organisation manages fraud risk.4

o Assisting management to investigate fraud, identify the risks of fraud and develop fraud prevention and monitoring strategies.5

All staff, consultants and contractors

o Act within IPART’s ethical framework.

o Comply with policies and procedures.

o Act within their delegations.

2 IPART Procurement Policy – May 2019 3 IPART’s Audit and Risk Committee Charter 4 IPART Role Description – Principal Risk Officer 5 IPART’s Internal Audit Charter

IPART Fraud & Corruption Control Charter IPART 10

o Report suspected incidences of fraudulent or corrupt behaviour.

o Provide assistance to investigations if requested.

3.2 Prevention systems

3.2.1 Fraud and Corruption Risk Assessment

Managing the risk of fraud and corruption is managed in line with IPART’s enterprise risk management (ERM) processes:

IPART’s senior management is committed to identifying and mitigating fraud and corruption risks.

Risk incidents are reported to the Principal Risk Officer for consolidation and review of risk ratings, controls and control effectiveness ratings. Suspected and actual fraud incidents will be retained separately in a confidential register.

IPART’s Risk Register is reviewed quarterly by senior management which quantifies the level, nature and form of the risks to be managed.

Improvements to internal control systems (including policies and procedures) are made to mitigate risks identified in risk assessments and are monitored for effectiveness over time.

A key role of the Audit and Risk Committee is to monitor risk, including risk of fraud and corruption and provide independent advice directly to the CEO where a risk is assessed as too high or too long running.

The risk register forms the basis of our annual internal audit program and of a range of other risk treatments including improved fraud and corruption controls.

11 IPART IPART Fraud & Corruption Control Charter

Based on fraud and corruption risks contained in the risk register the following internal controls on Table 3.2 have been identified that prevent, detect and correct fraud:

Table 3.2 internal controls that prevent, detect and correct fraud

Governance Purpose, values and principles Tribunal, Committees & Executive Policies, systems & procedures Conflicts of interest Code of Ethics and Conduct Conflict of Interest and Gifts and Benefits policies Public Interest Disclosures policy Pricing, Regulatory and licensing functions Multi-layer review and approval Quality assurance Public consultation Audit policies and guidelines Human resources Multi-layer review and approval Public sector recruitment process Selection panels Qualification, police and reference checks HR policies and monitoring using SAP-MSS and

HR dashboards Review of the fortnightly payroll (PITT) and

payroll master file audit reports Expenses Multi-layer review and approval Timesheet & payroll exception reporting Pcard policy & procedure

Procurement / contract management NSW Government Procurement framework Procurement manual e-Tendering process Tender evaluation panel Multi-layer review and approval Probity checks Prequalified procurement panels Contract Management Plan Service Level Agreements Procurement compliance reports Information Information Security Management System Physical and logical security Password management System monitoring Records management Auditing and logging Finance Segregation of duties Financial delegations Monthly review of budget to actuals Treasury reporting Audit trails

These controls will be reviewed at least every 2 years or on substantial change.

IPART Fraud & Corruption Control Charter IPART 12

3.2.2 Monitoring and reporting

Analytical processes for assessing and detecting fraud include (performance, risk and control) indicators and exception reporting in HR, Procurement, IT and Finance dashboards.

Risk-based risk, internal audit and external audit activities that include fraud risks and controls are planned, undertaken and reported to management, ELT and (where relevant) Tribunal.

A confidential register of all suspected fraud and corrupt conduct complaints is maintained by the IPART Principal Risk Officer.

3.2.3 Ethical workforce

IPART employs staff who will be able to undertake their role in accordance with our ethical framework. We undertake the following employment screening prior to making an offer of employment to prospective staff: National Police Check Application Consent Form. State Criminal Record Check form. Qualification Information form. 5 year Employment History (if applicable).

3.2.4 Information Security Management System (ISMS)

IPART is committed to complying with NSW Cyber Security Policy, part of which is implementing and maintaining an ISMS to manage and optimise the information security threats and risks it faces. This is achieved through the establishment, implementation, maintenance and improvement of our ISMS.

Managing Cyber Security risk is managed in line with IPART’s enterprise risk management processes (ERM).

13 IPART IPART Fraud & Corruption Control Charter

3.3 Fraud awareness This Fraud and Corruption Charter is communicated to all employees via the IPART Intranet, incorporated into the induction process for new staff and contractors and made available to external parties on IPART’s website via IPART’s statement of business ethics. A link to IPART’s statement of business ethics is also included in the Statement of Work template for procurement.

3.3.1 Education and awareness program

IPART fraud and corruption online training will be run as part of a program of mandatory compliance training commencing in 2020 through MyCareer. The purpose of this training is to: Maintain continued awareness of fraud and corruption risks in the public sector. Ensure that staff responsibilities regarding fraud and corruption and ethical

behaviour are understood and regularly communicated. Provide training to all staff about specific IPART policies and procedures relating to

fraud and corruption.

The policy documents listed in section 3 clearly communicate IPART’s expected standards of ethical conduct. All IPART employees are required to annually attest that they have read and understood each of these documents.

3.3.2 Staff awareness

All IPART employees are responsible for notifying management of any perceived fraud or corruption by other employees, contractors, consultants or suppliers.

The IPART Code of Ethics and Conduct, and Public Interest Disclosures – Internal Reporting Policy are provided to make clear to all employees the expected standards of ethical conduct.

The Public Service Commission surveys all employees to assess the ethical culture and level of awareness.

IPART actively manages any potential conflict of interest (see Code of Ethics and Conduct) and maintains a conflict of interest register.

IPART Fraud & Corruption Control Charter IPART 14

3.3.3 Community awareness

IPART is committed to ensuring that our employment practises are fair and ethical and that employees act with integrity and efficiency in meeting our obligations to the community, customers and stakeholders.

IPART has published the following on its website: Purpose and values. Guiding principles. The review process. Pecuniary Interests Register (for current Tribunal members). Employment opportunities via iworkfor.nsw.gov.au Tenders and contracts for contracts above $150k (including GST) IPART’s statement of business ethics.

IPART stakeholder survey is conducted every two years and includes feedback on independence from both Government and regulated industries.

15 IPART IPART Fraud & Corruption Control Charter

3.4 Third party management systems IPART is committed to ensuring that our procurement practises are fair and ethical and that our suppliers and our contractors act with integrity and efficiency in meeting our obligations to the community, customers and stakeholders.

3.4.1 Awareness

IPART makes this Fraud and Corruption Charter available to internal and external parties via mipart intranet and Statement of Business Ethics on www.ipart.nsw.gov.au. Also refer section 3.3 for mandatory compliance training through MyCareer commencing in 2020.

3.4.2 Due diligence

IPART’s procurement processes are outlined in our procurement policy, which is available from the intranet. The document outlines our risk based procurement processes which include escalating oversight and checks and balances based on the value of an engagement. The procurement process ensures that IPART’s procurement of goods and services results in value for money, promotes competition, and avoids conflict of interest. All staff involved in the procurement of goods and services should contact the Procurement Manager for information and training about the procurement process. A quarterly report on procurement activities is provided to the ELT.

3.4.3 Third party controls

Contracts should consider the following clauses where outsourced processes have an element of fraud or corruption risk: Relevant controls per table 3.2 (eg employee screening, quality assurance, multi-layer

review and approval). Notification of fraud or corruption affecting IPART. Right to audit or attestation of controls (self or by independent body).

Whole-of-government contracts, prequalification schemes and panels schemes include the following requirements related to business ethics and code of conduct:

Standard / statement of business ethics is required by ICT Service Scheme.

General compliance with “NSW Government policies, guidelines and codes of conduct” is included in Performance and Management Services Scheme.

Contingent Workforce Scheme requires that suppliers to ensure that Contingent Workers comply with the Customer's Code of Conduct.

Board and committee members must conduct themselves per M2013-06 NSW Government Boards and Committees Guidelines.

Audit and risk committee chairs and members must comply with their Code of Conduct, and the relevant agency’s Code of Conduct.

IPART Fraud & Corruption Control Charter IPART 16

3.4.4 Staff disclosure of conflicts of interest and secondary employment

In line with IPART’s Conflicts of Interest Policy: All IPART employees, contractors, consultants and suppliers are required to:

o Declare all actual, perceived and potential conflicts of interest. All IPART employees and contractors are required to:

o Confirm in writing on an annual basis that they do not hold an undeclared pecuniary interest in any of the Restricted Companies on IPART’s Restricted Companies list.

In line with IPART’s Code of Ethics and Conduct all employees are required to: Obtain formal written approval from the CEO (or delegate) before engaging in any

form of paid employment outside official duties

3.5 Notification Systems All suspected or detected fraud and corruption must be reported.

3.5.1 Internal notification channels

Staff must report all allegations and matters of concern regarding alleged fraud and / or corruption to one or more of the following position holders:

Fraud

Chief Audit Executive General Counsel, IPART Ben Strate Phone: 9113 7745 Email: ben_strate@ipart.nsw.gov.au Address: Level 15, 2-24 Rawson Place, Sydney NSW 2000

Audit and Risk Principal Risk Officer, IPART Anthony Wallis Phone: 9113 7741 Email: anthony_wallis@ipart.nsw.gov.au Address: Level 15, 2-24 Rawson Place, Sydney NSW 2000

Corruption – refer Public Interest Disclosure Policy

The Public Interest Disclosures Act 1994 imposes penalties, including criminal penalties, on people who take detrimental action on a person who has reported suspected wrongdoing. The IPART Public Interest Disclosure Policy enables managers, employees, contractors, consultants, customers, stakeholders and suppliers to notify the organisation of suspected fraud and corrupt conduct.

IPART’s Public Interest Disclosure Policy explains how staff may make public interest disclosures protected by the Public Interest Disclosures Act 1994:

o For a report to be a ‘protected disclosure’ it must be made to a nominated official in accordance with IPART’s disclosure procedures

17 IPART IPART Fraud & Corruption Control Charter

– refer PID Policy Appendix A - IPART Internal reporting lines (notification channels)

o Staff can also make a report to a number of investigating authorities in NSW – refer PID Policy Appendix B - External reporting lines (notification channels)

IPART Fraud & Corruption Control Charter IPART 18

3.5.2 Reporting system

Our Public Interest Disclosures Policy gives a complainant the opportunity to report the suspected fraud or corrupt conduct anonymously. IPART will not tolerate any reprisal action against employees who report wrongdoing.

A confidential register of all suspected fraud and corrupt conduct complaints is maintained by the IPART Principal Risk Officer.

The CEO will report to each ARC meeting about any incidents of actual or suspected fraud.

3.5.3 Feedback and follow-up

Feedback and follow-up to staff who report wrong doing is covered under ‘3.7 Investigation Systems’ or the Public Interest Disclosures Policy.

A confidential register of all suspected fraud and corrupt conduct is maintained by the IPART Principal Risk Officer. All risk incidents result in a new risk or review of existing risk ratings, controls and the control effectiveness rating.

19 IPART IPART Fraud & Corruption Control Charter

3.6 Detection Systems

3.6.1 Internal control

Based on fraud and corruption risks contained in the risk register the internal controls set out in table 3.2 have been identified that prevent, detect and correct fraud.

Multi-layer review and approval, quality assurance, transaction exception reporting, budget to actual reporting, and system monitoring are in place and are regularly monitored to ensure that irregularities and warning signals are identified at an early stage and flagged for further review.

3.6.2 Control attestation

IPART receives regular attestation of controls from GovConnectNSW which are monitored by the Executive and the Audit & Risk Committee.

3.6.3 Internal Audit

Internal audits / reviews regularly examine samples of medium and high risk processes, with mandatory coverage of fraud prevention controls, across IPART to detect irregularities.

Outcomes of audit/reviews are reported to the Audit and Risk Committee, which then advises the CEO.

The status of Internal Audit recommendations are reported quarterly to the Audit and Risk Committee.

3.6.4 External audit

The Audit Office performs an annual external audit of IPART which includes reasonable assurance the financial statements are free from material misstatement, whether due to fraud or error. In undertaking their role, the Audit Office assesses the components of IPART’s internal control environment relevant to their audit of the financial statements, and reports issues to management and those charged with governance.

IPART Fraud & Corruption Control Charter IPART 20

3.7 Investigation Systems IPART will investigate complaints of alleged or suspected fraud and corrupt conduct using the Principal Risk Officer, senior management, an internal audit contractor or an independent investigator, only where: The investigator possesses the required level of integrity, objectivity, competency, and

will maintain confidentiality. The Chief Executive Officer, or delegate, has formally authorised the investigation. The investigations are conducted in accordance with the following guidelines:

o Receive and record – complaints are forwarded to the Principal Risk Officer and / or Chief Audit Executive who will determine who should make initial evaluation, timeframes, and access to relevant information.

o Evaluate – the evaluation summarises the matter, legislative requirements, risks, conflicts of interest, options and recommendations.

o Acceptance of matters for investigation.

o Communication of status back to person who reported potential fraud where appropriate including ‘being evaluated’, ‘investigation started & timeframe’ or ‘will not proceed’.

Note: Decisions must be in accordance with laws and regulations, be transparent and accountable, take action where necessary, and operate efficiently, effectively and ethically within IPART’s resources.

o Investigation management:

Plan

• Objectives & scope, potential contraventions of conduct to be investigated, and possible outcomes.

• Risk management.

• Resolution options.

• Resources and work phases.

Implementation

• Record activity (interviews, document reviews, meetings, etc).

• Status reporting to CAE on budget, timeframe and deliverables.

• Review and supervision.

• Document management – stored in RM8 as ‘Sensitive: Personal’ and restricted to investigation team.

• Critical decisions documented.

Closure

• Brief preparation - Outcomes relating to IPART employees or contractors

21 IPART IPART Fraud & Corruption Control Charter

is provided to the CEO.

• Referral to outside agencies if required by relevant legal and policy requirements.

Where appropriate, investigations consider what improvements can be made to policies, procedures and systems within IPART to prevent a reoccurrence or close a risk gap.

3.7.1 Conduct and Disciplinary Systems

The Code of Ethics and Conduct is provided to assist IPART employees in understanding the expected standards of ethical conduct. This policy also sets out disciplinary standards relevant to IPART and how each breach will be dealt with.

Issue No Date Issued Reason/s for Amendment

FCCC /1 July 2015 First release.

FCCC /2 March 2016 First annual review after NSW Treasury policy Internal Audit and Risk Management Policy for the NSW Public Sector (TPP15-03) commenced

FCCC/3 March 2017 Annual review. Internal Audit and Risk Management Policy for the NSW Public Sector (TPP15-03) remains current.

FCCC/4 March 2018 Annual review

FCCC/5 March 2019 Contact detail update FCCC/6 March 2020 Annual review and alignment with PID Policy

1 IPART IPART Fraud & Corruption Control Charter