On 28 August 2017 the Federal Government released the first national risk assessment for the not-for-profit (NFP) sector. AUSTRAC's Australia's non-profit organisation sector: money laundering and terrorism financing risk assessment (the Report) focused on fraud and theft especially in NFP organisations involved in providing services like education. The Report is a reminder that schools and NFP organisations generally require the same fraud and corruption prevention and accountability controls as other businesses. And given that the viability of a school can depend on its reputation in the community or its relationships with funding providers, there is a case to be made that fraud and corruption prevention programs are even more important in schools than in other organisations.

Report background and areas of concern

The Report evaluated approximately 257,000 registered NFP organisations and analysed the results of 735 investigations between 2012-2016. The Report looked at the threats, vulnerabilities and consequences of particular risks and provided an overall risk rating for the NFP sector. The Report identified a 'medium' risk level for NFP organisations, and the key threats facing schools in this sector are fraud and theft of resources, with a low level of money laundering and tax evasion. Importantly, the Report identified that offences were occurring at all levels of the organisation and that offences were usually opportunistic.

Factors identified by the Report which increase a NFP school's risk of fraud and theft offences include:

• poor due diligence on key personnel, volunteers, partners and beneficiaries
• inexperienced staff
• lack of formalised training and ongoing professional development
• poor record keeping
• weak internal controls
• poor transparency and accountability within the funding cycle
• beneficiaries or operations in dispersed ethnic communities in Australia with strong links to high risk countries.

The Report also identified that schools were at higher risk if they were small (with a low annual turnover), were based mainly in NSW, or were relatively newly established.

Fraud and theft in schools

Fraud involves dishonest activity causing actual or potential financial loss to a school where deception is used at the time, immediately before, or immediately following the activity. Some examples of fraud in NFPs like schools highlighted by the Report are:

• false documentation like invoicing, accounts or financial reports
• forged or false qualifications
• theft of property (including intellectual property), funds or cash belonging to the school
• collusion among tenderers or false quotes submitted during the tender process
• release of confidential information to unauthorised people
• altering payee or payment amounts on cheques to aid financial crimes.

The Report also highlighted the substantial risk of cyber-enabled fraud. For example, attacks to school software systems with the goal of accessing funds or sensitive information held by the school. For more information about how to minimise the risk of cyber-attacks, refer to Schools in the digital era: 5 things schools need to know about cyber security.

Fraud and theft warning signs

The Report identified two types of warning signs for NFPs to watch out for:

Procedural Warning Signs

• Unauthorised changes to systems or work practices.
• Missing documentation relating to client or organisational financial transactions.
• The same employee or a single senior staff member performing an excessive number of duties e.g. both processing and approving the same transaction.
• Alterations to documents such as log books and time sheets.

Personality and Behavioural Warning Signs

• Refusal of a staff member to take leave, or taking leave rarely.
• Staff member undergoes a 'character change', or possible problems with drugs, alcohol or gambling.
• Unusual events or actions for which an employee gives implausible reasons.
• An employee who has access to organisational funds appearing to live beyond their means.

What schools need to do to minimise fraud and theft

The regulators who prepared the Report identified that the main ways to safeguard against fraud in schools are having up to date corporate governance, and adequate financial and other reporting.

To help achieve these outcomes, schools need a strong ethical culture including:

• effective pre-employment screening
• employment contracts which set out expectations of ethical behaviour and open channels of communication and a whistleblower program to encourage staff, suppliers and other third parties to report signs of fraud or theft. For more information on whistleblowing programs, please refer to Whistleblowing Protection: Report shows schools need to improve.
• insisting that employees in high-risk areas take leave regularly
• rotation of employees where the potential for corrupt behaviour exists
• check of contractors, partners or beneficiaries against Australia's list of terrorist organisations
• fraud and corruption awareness training within a comprehensive HR program
• robust staff performance reviews
• consistent managerial action when faced with unethical behaviour.

Schools also need strong management of financial controls including:

• the introduction of a fraud and corruption program
• internal scrutiny of cash flows
• regular external audits
• separation of approvals from expenditure
• clear financial delegations and limits
• regular review of transactions involving suppliers that are identified as being high risk (e.g. frequently engaged contractors regularly submitting small invoices).

Lessons for schools

To help manage the risks of fraud or theft which can include reputational damage (loss of public trust, confidence or government funding), regulatory or law enforcement action, increased costs for IT security or administration, or a breakdown in the relationship with financial institutions, a school should have strong fraud and corruption and whistleblower programs in place as part of its risk-management framework.