Fraud and Corruption Control Framework 2024-26

NHMRC is serious about preventing, detecting and responding to fraud and corruption and is committed to high ethical, moral and legal standards.

 A key focus of this framework is to raise awareness of fraud and corruption among NHMRC employees and other people who deal with NHMRC, and to assist in the prevention, detection and reporting of suspected fraud and corrupt conduct.

Go to downloads

1. Introduction

The National Health and Medical Research Council (NHMRC) is serious about preventing, detecting and responding to fraud and corruption and is committed to high ethical and legal standards. All officers of the NHMRC are expected to act with honesty and integrity and uphold the values of the Australian Public Service (APS) in their dealings with stakeholders.

1.1 Objectives of this Fraud and Corruption Control Framework

The NHMRC Fraud and Corruption Control Framework 2024–2026 (the Framework) has been developed to assist in the prevention, detection, and reporting of suspected fraud and corruption. In doing so, it:

establishes and defines responsibility structures for identifying and managing fraud and corruption risks and a regime of regular related risk assessments
reduces the opportunities for fraud and corruption to occur within or against the NHMRC
increases awareness and vigilance, and promotes a culture of integrity
ensures that appropriate action is taken when fraud, corruption or other misconduct is detected, including referral to authorities when warranted.

1.2 Definitions of fraud and corruption

Fraud

The Commonwealth Fraud and Corruption Control Framework 2024 defines fraud against the Commonwealth as:

Dishonestly obtaining (including attempting to obtain) a gain or benefit, or causing a loss or risk of loss, by deception or other means. The conduct does not need to represent a breach of criminal law.

A benefit or loss is not restricted to a material benefit or loss, and may be tangible or intangible. A benefit may also be obtained by a third party.

Fraud requires intent. It requires more than carelessness, accident or error. When intent cannot be shown, an incident may be non‑compliance rather than fraud.

Examples of fraud against the Commonwealth include (but are not limited to):

theft or misuse of information (including procurement information and personal records)
accounting fraud (for example, false invoices, misappropriation)
misuse of Commonwealth credit cards
unlawful use of, or unlawful obtaining of, property, equipment, material or services
causing a loss, or avoiding and/or creating a liability
providing false or misleading information to the Commonwealth, or failing to provide information when there is an obligation to do so
misuse of Commonwealth assets, equipment or facilities
making or using, false, forged or falsified documents
wrongfully using Commonwealth information or intellectual property.

Corruption

For the purposes of the Commonwealth Fraud and Corruption Control Framework 2024, corruption in relation to an entity is defined broadly consistently with the NACC Act and is:

Any conduct that does or could compromise the integrity, accountability or probity of public administration. This includes:

any conduct of any person (whether or not a staff member of a Commonwealth agency) that adversely affects, or that could adversely affect, either directly or indirectly:
- the honest or impartial exercise of any staff member’s powers as a staff member of a Commonwealth agency; or
- the honest or impartial performance of any public official’s functions or duties as a public official;
any conduct of a staff member of a Commonwealth agency that constitutes or involves a breach of public trust;
any conduct of a staff member of a Commonwealth agency that constitutes, involves or is engaged in for the purpose of abuse of the person’s office;
any conduct of a staff member of a Commonwealth agency, or former staff member of a Commonwealth agency, that constitutes or involves the misuse of information or documents acquired in the person’s capacity as a staff member of a Commonwealth agency.

Corruption may be criminal or non-criminal in nature and may affect any aspect of public administration. For example, an official being offered or accepting a bribe, or engaging in fraud against the entity.

Examples of corruption include:

breach public trust – for example, a decision-maker exercises a delegation for an improper purpose to benefit a friend
abuse of office – for example, providing sensitive information to facilitate external fraud committed by others; biased decision-making by NHMRC officials (including committee members)
misuse of information – for example, changing or disclosing official information on NHMRC’s IT system when they are not supposed to, and
conduct adversely affecting the honesty or impartiality – for example, offering a bribe to an NHMRC official to make a decision in your favour.

The benefits referred to in the above definitions are not limited to material assets, but can also be intangible, such as the misuse of privileged information.

Fraud and corruption can be perpetrated by NHMRC staff (internal) or by people external to NHMRC (external). It may also be committed jointly between a staff member and an outsider. Offences of fraud and corruption against the Commonwealth can also constitute offences under the Criminal Code Act 1995 or the Crimes Act 1914.

Non-compliance

Non-compliance is a broad term for any failure to comply with legal requirements. These requirements may be in the form of legislation, regulation, funding agreements, administrative rules, and licensing conditions. One example is the requirement for all APS employees to act in accordance with the APS Code of Conduct, which is set out in section 13 of the Public Service Act 1999. Non-compliance includes where parties try to comply but make mistakes (accidental non-compliance) or where parties exploit ambiguities or opportunities that are non-compliant (opportunistic non-compliance).

1.3 NHMRC’s exposure to fraud and corruption

NHMRC has assessed its exposure to fraud and corruption as most likely to arise from actions of staff, actions by members appointed to Council and NHMRC committees, and actions taken by people seeking or receiving research funding from NHMRC.

Assessment of areas of fraud and corruption risk have identified that the controls and measures outlined in the Plan, have created low to high levels of risk of incidents occurring.

1.4 The legislative framework

Fraud and corruption are both considered as criminal offences under chapter 7 of the Criminal Code. Section 10 of the Public Governance, Performance and Accountability (PGPA) Rule provides a legislative basis for the Commonwealth’s fraud and corruption control arrangements and sets out fraud and corruption control requirements to assist Accountable Authorities to meet their obligations under the PGPA Act. Breaches of the Rule may attract a range of criminal, civil, administrative, and disciplinary remedies (including under the PGPA Act, the Public Service Act 1999, the Criminal Code Act 1995 and the Crimes Act 1914). A number of other relevant pieces of legislation, external standards, NHMRC policies and procedures should be read in conjunction with this Framework (detailed in Table 1).

Table 1: Fraud and Corruption – associated legislation, policies and procedures
Key Legislation	External Standards and Guides	Policies and Procedures
National Health and Medical Research Council Act 1992 Public Governance, Performance and Accountability Act 2013 (particularly PGPA Rule s10) Public Service Act 1999 - APS Values and APS Code of Conduct Privacy Act 1988 Public Interest Disclosure Act 2013 Crimes Act 1914 Criminal Code Act 1995 National Anti-Corruption Commission Act 2022	Commonwealth Fraud and Corruption Control Framework 2024¹ Australian Government Investigation Standards Prosecution Policy of the Commonwealth Australian Government Protective Security Policy Framework ASNZ ISO 31000:2018 Risk Management – Guidelines AS 8001:2021 – Fraud and Corruption Control	NHMRC Fraud and Corruption Control Framework (the Framework) NHMRC Fraud and Corruption Control Plan (the Plan) Australian Code for the Responsible Conduct of Research Human Resource policies and procedures NHMRC Risk Management Policy Accountable Authority Instructions Human Resource and Financial Delegations Internal Control Framework ICT policies

1.5 Review of the Fraud and Corruption Control Framework and Fraud and Corruption Control Plan

NHMRC will review both this Framework and its Plan at least once every two years to ensure it identifies and manages the issues most likely to contribute to fraud and corruption at NHMRC. The review will cover:

a review of changes in NHMRC’s operations and environment since the previous review (including, for example, risk assessments conducted on new projects, both internal and external audit findings and recommendations, initiatives, or investments)
changes in Government policy and external standards (refer Table 1)
primary objectives of the agency as described in the Corporate Plan
considerations of the findings of the most recent fraud and corruption risk assessments and review of controls
consideration of new fraud and corruption control strategies and the cost/benefit of implementing such strategies.

2. NHMRC’s approach to fraud and corruption control

The NHMRC fraud and corruption control strategy is built around the three basic principles of prevention, detection, and response, which are underpinned by foundations of both internal and external controls.

NHMRC actively pursues improvements, such as strengthening internal controls, enhancing reporting mechanisms, and improving training and awareness, to minimise risk, promote transparency, and safeguard integrity. The performance of a regular fraud and corruption risk assessment also provides the opportunity to assess our progress in managing fraud and corruption and to identify the effectiveness of our strategy.

All staff need to be aware of fraud and corruption control issues and actively implement fraud and corruption reduction strategies in the execution of their day-to-day activities. NHMRC promotes various learning and development initiatives, including fraud awareness, Code of Conduct and risk management training, to cultivate a knowledgeable and vigilant workforce dedicated to preventing, detecting, and addressing fraud and corruption.

Further information about NHMRC’s main control strategies for prevention, detection and response are in sections 3-5 below.

2.1 Responsibilities

All NHMRC officials have a shared responsibility to detect, report and prevent fraud and corruption. Senior management has a significant role in the development of an effective anti-fraud and corruption culture at NHMRC.

NHMRC officials will incorporate fraud and corruption risk consideration when planning, designing, implementing or delivering high-risk projects, government initiatives or significant new investments, demonstrating NHMRC’s commitment to continuously and proactively reviewing its fraud and corruption control arrangements.

Specific responsibilities are described in Table 2.

Table 2: Fraud related roles and responsibilities
Role	Responsibilities
Chief Executive Officer (CEO) (NHMRC’s Accountable Authority)	Implement NHMRC’s Fraud and Corruption Control Framework in accordance with section 10 of the PGPA Rule and reporting on fraud and corruption control to the Minister for Health and Aged Care. Certify in NHMRC’s Annual Report that they are satisfied that the agency has appropriately assessed its fraud and corruption risk and has a fraud and corruption control plan in place to help prevent, detect and investigate fraud and corruption occurrence. Name the Fraud and Corruption Control Officer. Decide on matters to be referred to law enforcement agencies. Foster an environment that makes active fraud and corruption control a responsibility of all staff.
Executive Board	Provide advice to the CEO on fraud and corruption control and make decisions, subject to the agreement of the CEO.
Audit and Risk Committee	Advise the CEO on the appropriateness of NHMRC’s system of risk oversight and management, including process for developing and implementing the entity’s fraud and corruption control arrangements consistent with the Commonwealth Fraud and Corruption Control Framework. Satisfy itself that NHMRC has adequate processes for detecting, capturing and effectively responding to fraud and corruption risks, and managing cases of suspected internal and external fraud and corruption.
Program Management Committee (PMC) and Portfolio Investment Committee (PIC)	PMC/PIC will consider whether targeted fraud and corruption risk assessments should be undertaken when considering: project investment cases or new (or amended) policies, programs (PIC) or initiatives for NHMRC’s grant program and grant hub delivery (PMC).
Fraud and Corruption Control Officer (FCCO)	Reporting to the General Manager, oversee day to day implementation of NHMRC’s Fraud and Corruption Control Framework, including: Facilitate a review of strategies as documented in the Framework and Plan and ensure that they are implemented. Educate staff on the expectations of the Framework and how to manage suspected fraud and corruption, including delivery of annual mandatory training(s). Provide a referral point for allegations of fraud and corruption and maintain NHMRC’s Fraud and Corruption Incident Register. Undertake preliminary assessment of suspected fraud and corruption and determine next steps in accordance with the Plan. Refer matters, where appropriate, to the CEO, Audit and Risk Committee and/or an external investigation service providers (for example, NACC) or the Australian Federal Police. Make recommendations to Executive Board on proposed modifications to the internal control environment as a consequence of a fraud or corruption occurring.
General Manager and Executive Directors	Foster an environment that makes active fraud and corruption control a responsibility of all staff and support a culture of integrity, including by demonstrating the highest level of integrity. Identify, manage and control fraud and corruption risks within areas of responsibility on an ongoing basis, including embedding fraud and corruption risk management into day-to-day processes and planning. Report any concern, suspicion, or information of any suspicion of fraudulent, corrupt or improper conduct to the FCCO (or CEO).
Other NHMRC Officials, including Directors responsible for risks and controls (for example, APS and non-APS staff)	Act in a professional and ethical manner, in good faith and for proper purposes, follow legal requirements and in a manner that enhances the reputation of NHMRC. Participate in annual mandatory training(s) and be aware of what constitutes fraud and corruption, and responsibilities in managing it. Identify, manage, and control fraud and corruption risks within areas of responsibility on an ongoing basis. Raise any concern, suspicion (red flag), or information of any suspicion of fraudulent, corrupt or improper conduct to the FCCO (see section 8, for information on how to report).

2.2 Consultation and collaboration

As part of its commitment to integrity and accountability, NHMRC will consult with other entities where fraud and corruption risks or incidents are likely to impact on the responsibilities of the other entity. This may include sharing data, information and intelligence in accordance with relevant legislation, policies and protocols. By consulting with other entities, the NHMRC aims to enhance its fraud and corruption prevention, detection and response capabilities and contribute to the protection of public resources and trust in government. NHMRC will also participate in relevant inter-agency networks, forums or training, with opportunities to learn and share information on common fraud and corruption risks and trends.

3. Prevention

Prevention strategies include actions taken to prevent fraud and corruption through the promotion of a high level of ethics and accountability in relation to fraud and corruption control. At NHMRC, prevention activities include those listed below.

3.1 Integrity and organisational culture

The principal influence on organisational culture is ethical conduct by management, and in particular by the Chief Executive Officer (CEO). A fundamental strategy in controlling the risk of fraud and corruption is the development and maintenance of a culture of integrity, underpinned by effective and continuous communication of the expectations of employee conduct within NHMRC, including examples set by management.

3.2 Fraud and corruption control planning

To maintain better practice in its fraud and corruption risk management strategies, NHMRC is committed to the following:

a consistent approach is applied across NHMRC, with each official required to understand their responsibilities for fraud and corruption control
accessibility to the Framework, with documents accessible to all officials, including those externally engaged
regular review of the Framework, Plan, risks, and controls, and
policy and process development considers fraud and corruption risks and builds-in prevention activities by design.

3.3 Fraud and corruption awareness training

Fraud and corruption can go undetected because of the inability of officials to recognise ‘red flags’, or other early warning signs of fraudulent and corrupt activity, or alternatively, because they are unsure how to communicate or report their suspicions. Accordingly, NHMRC will conduct mandatory training annually to assist in raising the general level of awareness of fraud and corruption and to promote a culture of integrity.

Examples of red flags include:

Unwilling to share duties or take leave.
Replacing existing suppliers with suppliers that they have a close connection with.
Refusal to implement internal countermeasures.
Skipping approval steps.
Living a lifestyle above their means or lavishing gifts on colleagues.
Failing to keep appropriate or accurate records/receipts.
Bullying or harassing colleagues.
Seeking access to areas which they should not be able to access.
Long term shortage of cash/financial hardship.
Consistently seeking loans or advances.
Past legal/compliance problems.
Addiction problems.
Gambling problems.
Significant personal stress.
Strong sense of entitlement.
Unhappy with employer.

The existence of one of these red flags does not necessarily mean that fraud or corruption has occurred or is likely to occur. For example, in the vast majority of cases, there are no fraud or corruption concerns associated with staff working excessive hours and not taking holidays. However, particularly when a number of the above red flags are present together, the risk of fraud occurring may be increased.

3.4 Internal controls

Internal controls are often the first line of defence against fraud and corruption. NHMRC will ensure the maintenance of a strong internal control system and the promotion and monitoring of a robust internal control culture.

NHMRC promotes an internal control culture through a process of:

documenting key internal controls and control policies
example setting by management, including disclosures of interests
regular communication of the importance of internal controls to all employees
management of internal controls as part of staff responsibilities
internal audit programs (see section 3.6 ‘NHMRC Internal Audit’).
adherence to legislative requirements such as PGPA Act, Code of Conduct, finance laws etc.

Further information about NHMRC’s internal controls are set out in the Plan.

3.5 Fraud and corruption risk assessment

NHMRC will conduct an assessment of fraud and corruption enterprise risk every two years and at times of significant change, as required by the Commonwealth Fraud and Corruption Control Framework 2024. Additionally, the CEO, General Manager, or Audit and Risk Committee may request that fraud and corruption risk assessments be updated at any time.

The fraud and corruption risk assessment will be contained within the Enterprise Risk Register and the Plan, which will contain more targeted fraud and corruption risks. All NHMRC Branches ensure that the strategies developed during the assessment process are reviewed for effectiveness and additional risk treatments included in the Plan, as needed.

3.6 Internal audit program

The NHMRC internal audit program is an important element in reviewing risk management strategies and the effectiveness of the governance controls, policies, and procedures in place. The primary purpose of the internal audit program is to provide an independent and objective review and assurance to the CEO and the Audit and Risk Committee that NHMRC’s internal controls are designed to manage the organisation’s risks and achieve the entity’s objectives, and that they are operating in an efficient, effective and ethical manner.

3.7 Employee screening and supplier vetting

NHMRC will apply screening procedures in accordance with the Protective Security Policy Framework for APS Officials. Supplier vetting procedures will be included in contractual documentation, where appropriate.

3.8 Declaration of interests

NHMRC maintains vigilance over its employees’ declaration of interest (DOI) process; staff are required to complete the DOI on an annual basis and within 30 days of commencing with NHMRC or changing roles within the agency.

4. Detection

Detection strategies include actions taken to detect fraud and corruption early and to limit exposure where it does occur. NHMRC may use any or all of these techniques in detecting or investigating potential fraud or corruption.

4.1 Fraud and corruption reporting channels

All officials have a responsibility to advise the CEO, via the FCCO, of any concern, suspicion, or information of any suspicion of fraudulent, corrupt or improper conduct, and to encourage others to do the same. This includes all actions that may appear, or may be an attempt, to dishonestly obtain a benefit or cause a loss, by deception or other means, or which may be an abuse of office or a breach of public trust.

NHMRC has a range of reporting channels that support staff, stakeholders and the public to report suspected fraud and corruption. Allegations are received in various forms, including reports from staff or committee members, information sharing with other government departments, complaints from stakeholders or members of the public (anonymous tip-offs, whistleblowers (including Public Interest Disclosures, see below), routine work processes and monitoring activities.

These reports are assessed by the FCCO to determine if a formal investigation and/or compliance action is required or if fraud or corruption prevention strategies need to be applied. Any person (including members of the public and public officials) can voluntarily refer a corruption issue, or provide information about a corruption issue, to the NACC. Allegations involving the CEO should be reported to the FCCO or an NHMRC Public Interest Disclosure (PID) Authorised Officer.

Further information about reporting mechanisms is in section 8 below.

4.2 Whistleblower reports and Public Interest Disclosures

People who are prepared to speak up about suspected wrongdoing in the Commonwealth public sector are vital in ensuring its integrity and accountability. Whistleblowing is the act of reporting suspected wrongdoing or risk of wrongdoing.

The Public Interest Disclosure (PID) scheme provides a legislative framework for reporting and investigation of allegations of serious wrongdoing in the Commonwealth public sector. NHMRC has PID procedures that apply to the disclosure, assessment, investigation, and response.

The PID Act has provisions that provide protection for employees who make whistleblower reports of suspected misconduct, which are reflected in NHMRC’s PID procedures. Employees who report a suspected wrongdoing to a person authorised to receive the report must not be victimised, or discriminated against because they made such a report.

4.3 Complaints management

The NHMRC Complaints Policy sets out NHMRC’s formal procedures for responding to complaints about its activities, policies or decision-making. Complaints can be made anonymously. Complaints that may relate to fraud or corruption are reported to the FCCO for initial review.

4.4 Grants compliance monitoring

Provision of grant funds is a key fraud and corruption risk area for NHMRC. Active monitoring of grant funds expended can be effective in identifying fraudulent activity by internal actors or external providers and ensuring accountability for the use of Commonwealth funds.

It is the responsibility of the CEO, the Executive, with advice of the Audit and Risk Committee, to determine which monitoring procedures may be required to manage the fraud and corruption risks associated with the provision of grant funds.

NHMRC also receives notifications from Administering Institutions about institutional investigations of potential breaches of the Australian Code for the Responsible Conduct of Research, in line with the requirements of the NHMRC Research Integrity and Misconduct Policy. Members of the public, peer reviewers and other stakeholders also sometimes raise concerns with NHMRC about research integrity matters or make allegations of research misconduct. While NHMRC is not responsible for investigating allegations of research misconduct or potential breaches of the Australian Code for the Responsible Conduct of Research, some breaches may include behaviours that fall within the definition of potential fraud or corruption (for example, data falsification, misuse of grant funds or provision of false or misleading information to NHMRC). If this occurs, it should be reported and considered in accordance with this Framework.

4.5 Data mining analysis

Data mining is a process of uncovering patterns and relationships in datasets that are not otherwise apparent. Data mining uses databases to search for accounting anomalies or unusual relationships between numbers, people, and entities. For example, this might include such tests as searching accounts payable data for repeated invoice numbers to identify duplicate payments or analysing payments of claims for milestone payments by grant recipients.

4.6 Post-transaction reviews

A review of transactions after they have been processed can be effective in identifying fraudulent activity. Such a review may uncover altered or missing documentation, falsified, or altered authorisation or inadequate documentary support. In addition to the possibility of detecting fraudulent transactions, a review can also have a significant fraud prevention effect as the threat of detection may be enough to deter an employee who would otherwise be motivated to engage in fraudulent or corrupt conduct.

4.7 Management accounting reporting review

Using relatively straightforward techniques in analysing NHMRC’s management accounting reports, trends that may be indicative of fraudulent conduct can be identified and investigated.

4.8 External audit

External audit function is an important control in the detection of fraud and corruption, which impacts on the financial statements. The CEO and CFO may consider discussions with the Australian National Audit Office (ANAO) to ensure that due consideration is given by the auditors to their consideration of fraud in the Financial Statements audit.

4.9 ICT systems audit

NHMRC uses a range of sophisticated software tools to monitor all activities on the NHMRC ICT system. The tools are capable of detecting a range of potentially fraudulent and corrupt behaviours, including misuse of ICT resources and wrongful use of Commonwealth information. ICT systems used to apply for and deliver research funding are also monitored, and particular transactions or modifications are logged and audited.

5. Response

NHMRC takes all allegations of fraud and corruption seriously. The primary objective of NHMRC’s response to possible incidents of fraud and corruption is to ensure perpetrators are identified and appropriate remedies are applied, to achieve a deterrent effect and to recover losses.

The process for considering and responding to possible incidents of fraud or corruption is outlined in the Plan.

5.1 Consideration of fraud and corruption reports and allegations

All potential fraud and corruption incidents are considered to determine the appropriate response, which may include:

investigation
referral to the Australian Federal Police (AFP), National Anti-Corruption Commission (NACC) or Commonwealth Director of Public Prosecutions (CDPP), or
civil or administrative actions.

Note: All responses to fraud and corruption incidents must be coordinated through the FCCO, unless the allegation is about the FCCO. Staff may only take action related to the area in which fraud and corruption is suspected as a normal part of their duties in consultation with the FCCO. Officials of NHMRC are not authorised to investigate fraud and corruption unless directed by the FCCO. Failure to follow proper procedures could result in evidence being lost or not accepted by the courts, the denial of natural justice, defamation, or poor control over the collection of evidence.

5.2 Investigations

Investigations would be taken where the potential fraud or corruption is significant. If the FCCO (in consultation with the CEO) determines that an investigation is required, the following may occur:

investigation undertaken internally, either with the use of external expert resources or internal resources (the latter only if NHMRC had a qualified official available)
for potentially serious or complex fraud against the Commonwealth – mandatory referral to the AFP
for potentially serious or systemic corruption – mandatory referral to the NACC
for possible criminal prosecutions following an investigation – referral to the Commonwealth Director of Public Prosecutions (CDPP).

If an allegation of fraud or corruption is investigated, the FCCO will be responsible for overseeing the investigation, having regard for the Australian Government Investigations Standard (AGIS), except for those matters referred to the AFP or NACC.

Further information about how NHMRC approaches investigations is included in the Plan.

5.3 Referrals

5.3.1 Referral to the Australian Federal Police

The AFP has the primary law enforcement responsibility for investigating criminal offences against Commonwealth laws. Under the Commonwealth Fraud Control Framework 2024, agencies must refer all instances of potential serious or complex fraud offences to the AFP. If the FCCO determines that serious or complex fraud is likely to have been committed, they will brief the CEO who may refer the matter to the AFP for investigation.

5.3.2 Referral to the National Anti-Corruption Commission (NACC)

Consistent with the NACC Act, the NACC holds the power to investigate suspected cases of either serious, or systemic corruption that involves, or could involve, a public official.² NHMRC complies with mandatory referral obligations under the NACC Act to refer conduct that could be either serious or systemic corrupt conduct to the NACC Commissioner.

5.3.3 Referral to the Commonwealth Director of Public Prosecutions (CDPP)

The Office of the Commonwealth Director of Public Prosecutions (CDPP) is an independent prosecution service established to prosecute alleged offences against Commonwealth law. Where an investigation gathers enough evidence to substantiate a criminal charge, NHMRC will consider referring the matter to the CDPP to consider taking prosecution action.

5.4 Civil and administrative remedies

There are numerous civil and equity law remedies and administrative processes available to NHMRC to deal with people who engage in unethical or unlawful behaviour (be it fraud, corruption or misconduct).

Internal fraud and corruption

As well as prosecution under the Criminal Code, APS officials who commit fraud and corruption are in breach of the APS Code of Conduct. For this internal fraud and corruption, NHMRC may take administrative action under the Public Service Act 1999. Remedies available include, but are not limited to:

reprimand
suspension from employment
transfer / reassignment of duties
demotion
termination
penalty
financial recovery
counselling
loss of privileges, and greater scrutiny / increased controls.

External fraud and corruption

For external fraud and corruption, NHMRC may take action against individual researchers, Administering Institutions, contractors, or other third parties. This may include, but is not limited to:

recovery, suspension or termination of funding pursuant to a grant agreement or contract
restrictions from participation in peer review
restrictions in relation to the receipt of NHMRC funding
other civil remedies.

Fraud and research misconduct

Action taken under the Funding Agreement with Administering Institutions may occur as a result of an allegation of a breach of the Code.

As outlined in section 4.4 above, NHMRC Administering Institutions are required, under the Funding Agreement, to provide NHMRC with information relating to actual or alleged breaches of the Code in line with the requirements of the NHMRC Research Integrity and Misconduct Policy. This policy specifies that Administering Institutions must also notify NHMRC if they have received an allegation of fraud and corruption that relates to NHMRC funding (as defined in the policy). This requirement is also in NHMRC’s Funding Agreement with Administering Institutions. Allegations about misconduct may overlap with allegations of fraud or corruption for example, where it is alleged that falsified data was used in a grant application.

5.5 Post-incident reviews

At the conclusion of a fraud and corruption investigation, incidents will be reviewed to identify risk, control or program deficiencies. The relevant risk assessment will be reassessed and amended as needed. Similarly, the circumstances that allowed the fraud and corruption to occur will be considered in the context of the wider NHMRC operations, and additional risk assessments conducted or amended as required.

In each instance where fraud and corruption is detected, NHMRC will reassess the adequacy of the internal control environment (particularly those controls directly impacting on the fraud and corruption incident and potentially allowing it to occur) and consider whether improvements are required. If so, they should be implemented as soon as practicable.

The details of the circumstances that allowed the fraud and corruption to occur will be reported back to the Executive.

In addition, for internal fraud or corruption, exit interviews and exit checklist procedures should be performed in the event of dismissal from NHMRC for fraud, corruption or misconduct. This is necessary to ensure those factors that contribute to the dismissal can be managed as a process of mitigating fraud and corruption risk.

5.6 Insurance

NHMRC will continue to maintain annual insurance policies issued through Comcover.

5.7 Crisis and media management

NHMRC is committed to preserving its reputation in the event of a fraud or corruption allegation concerning NHMRC entering the public domain. Should fraud and corruption be detected, the FCCO, in conjunction with the CEO, should assess communication needs in relation to the fraud and corruption. This may involve notifying the Minister if it is a significant fraud or corruption event and undertaking communication activities with the research sector or media, as appropriate. Where external investigative agencies are involved, NHMRC will consult those agencies in relation to the communication activities.

In all other circumstances, the receipt of a fraud or corruption allegation, or conduct of a fraud or corruption investigation, will be treated in the strictest confidence to ensure procedural fairness and the integrity of the investigation.

5.8 Reporting

Regular reporting and monitoring provides assurance over the effectiveness of NHMRC’s control arrangements in preventing, detecting and responding to fraud or corruption.

NHMRC’s reporting includes:

internal reporting – quarterly to NHMRC’s Audit and Risk Committee and annually to Executive Board, or more regularly as needed, and
external reporting – annually to the Australian Institute of Criminology (AIC) and annual certification of fraud control arrangements in the Annual Report.

6. Recording-keeping

All NHMRC fraud and corruption management activities are to be recorded according to NHMRC record-keeping policies and procedures, ensuring appropriate security classification is applied to fraud and corruption-related documents which may contain personal or sensitive material.

7. Fraud and corruption risks and control actions

NHMRC identifies specific fraud and corruption control actions that will be implemented to reduce fraud and corruption risk. These specific actions align with NHMRC’s general objectives for the prevention and detection of fraud and corruption, including:

General Prevention objectives (ongoing)

maintain awareness of the risk of fraud and corruption, including conflicts of interest and the importance of security (physical and IT)
foster a culture of integrity and high ethical standards
ensure a strong and appropriately targeted post-award compliance regime to ensure the appropriate use of public funds by funded institutions and researchers
ensure effective conflict of interest management through active conflict checking
ensure adequate safeguards and post payment monitoring is undertaken to mitigate the risk of fraud and corruption.

General Detection objectives (ongoing)

encourage reporting of potential fraud by staff and external stakeholders through dedicated reporting mechanisms
maintain a program of pro-active data analysis over the accounts payable function to identify potential duplicate payments, unauthorised payments, or other accounts payable anomalies
regular monitoring of electronic logs for unauthorised activity to increase the ability of the NHMRC to detect inappropriate access and minimise the extent of fraud or corruption
strong contract management and compliance with the Commonwealth Procurement Guidelines
monitor Administering Institutions via the Institutional Annual Compliance Report.

General Response objectives (as needed)

apply appropriate remedies, including recover monies, to deter research misconduct and fraud and corruption
apply Funding Rule provisions, and
conduct Code of Conduct processes, as appropriate, to deter internal fraud.

8. How to report suspected fraud or corruption

NHMRC staff, committee members, contractors and Administering Institutions must report incidents of suspected fraud and corruption. Reports remain confidential. NHMRC also provides for anonymous reporting and supports the PID scheme to offer further protections and support.

Allegations or suspicions of fraud and corruption should be reported as soon as practicable.

The details below show the ways that suspected fraud or corruption can be reported.

8.1 Reporting if you are staff or a contractor

Staff wanting to report suspected fraud or corruption can discuss the matter with their manager in the first instance. If you do not wish to report to your manager, then please use one of the following means of alerting the Fraud and Corruption Control Officer.

Phone: Call the Fraud and Corruption Control Officer (see intranet for contact details)
Email: Complete the Fraud and Corruption Incident Report (Appendix Ai) and email it to governance@nhmrc.gov.au

If you do not feel comfortable with these channels, you can make a Public Interest Disclosure.

Email: publicinterestdisclosure@nhmrc.gov.au
Mail: GPO Box 1421, CANBERRA ACT 2601 – envelope should be marked – ‘Confidential - NHMRC PID’
Phone: ring one of the Authorised Officers

Or you can make an Anonymous tip-off online via the Contact us page.

8.2 Reporting as a member of the community

If you would like to report an instance (or suspicion) of fraud or corruption at NHMRC or concerning NHMRC funding, please use one of the following methods:

Email: Complete the Fraud and Corruption Incident Report (Appendix Aii) and email it to governance@nhmrc.gov.au
Phone: Call (02) 6217 9000 and ask to be transferred to the Fraud and Corruption Control Officer
Mail: GPO Box 1421, CANBERRA ACT 2601
Envelope should be marked – ‘Confidential - NHMRC PID’

Anonymous tip-offs can be made online via Contact us.

9. Fraud and Corruption Control Officer (FCCO)

The NHMRC FCCO is the Director, Governance and Legal. To contact the FCCO, please email governance@nhmrc.gov.au.

Support for this function is provided by the Governance and Legal Section.

¹ The Commonwealth Fraud and Corruption Control Framework 2024, which includes the Fraud and Corruption Rule, the Fraud and Corruption Policy and Resource Management Guidance (RMG) 201, came into effect on 1 July 2024.

² Under the NACC Act ‘Public Officials’ are: members of the Australian Parliament and ministers in the Australian Government, and the people who work for them and staff members of Commonwealth agencies including employees of Commonwealth government agencies, Commonwealth companies and statutory bodies and contracted service providers.