On 28 August 2017 the Federal Government released the first national risk assessment for the not-for-profit (NFP) sector. AUSTRAC's Australia's non-profit organisation sector: money laundering and terrorism financing risk assessment (the Report) focused on fraud and theft especially in NFP organisations involved in providing services like education. The Report is a reminder that schools and NFP organisations generally require the same fraud and corruption prevention and accountability controls as other businesses. And given that the viability of a school can depend on its reputation in the community or its relationships with funding providers, there is a case to be made that fraud and corruption prevention programs are even more important in schools than in other organisations.
The Report evaluated approximately 257,000 registered NFP organisations and analysed the results of 735 investigations between 2012-2016. The Report looked at the threats, vulnerabilities and consequences of particular risks and provided an overall risk rating for the NFP sector. The Report identified a 'medium' risk level for NFP organisations, and the key threats facing schools in this sector are fraud and theft of resources, with a low level of money laundering and tax evasion. Importantly, the Report identified that offences were occurring at all levels of the organisation and that offences were usually opportunistic.
Factors identified by the Report which increase a NFP school's risk of fraud and theft offences include:
The Report also identified that schools were at higher risk if they were small (with a low annual turnover), were based mainly in NSW, or were relatively newly established.
Fraud involves dishonest activity causing actual or potential financial loss to a school where deception is used at the time, immediately before, or immediately following the activity. Some examples of fraud in NFPs like schools highlighted by the Report are:
The Report also highlighted the substantial risk of cyber-enabled fraud. For example, attacks to school software systems with the goal of accessing funds or sensitive information held by the school. For more information about how to minimise the risk of cyber-attacks, refer to Schools in the digital era: 5 things schools need to know about cyber security.
The Report identified two types of warning signs for NFPs to watch out for:
Procedural Warning Signs
Personality and Behavioural Warning Signs
The regulators who prepared the Report identified that the main ways to safeguard against fraud in schools are having up to date corporate governance, and adequate financial and other reporting.
To help achieve these outcomes, schools need a strong ethical culture including:
Schools also need strong management of financial controls including:
To help manage the risks of fraud or theft which can include reputational damage (loss of public trust, confidence or government funding), regulatory or law enforcement action, increased costs for IT security or administration, or a breakdown in the relationship with financial institutions, a school should have strong fraud and corruption and whistleblower programs in place as part of its risk-management framework.