fraud control framework in ambulance sop control framework, a… · sop2012–007 page 1 of 3...

SOP2012–007 of 3

Standard Operating Policy

FRAUD CONTROL FRAMEWORK IN AMBULANCE SOP Document No. SOP2012-007

File No. 12/114 (D12/4851)

Date issued 11 April 2012

Contents Policy Statement Fraud Control Framework in Ambulance

Attachments 1. Fraud Control Framework – Ambulance Service of NSW – Version 2012/01

2. Attachment 1 – Fraud Control Work Plan – 2012/12 – Ambulance Service of NSW – Version 2011/06

3. Fraud Risk Assessment 2010-2012

Author Branch Professional Standards and Conduct Unit

Branch Contact (02) 9320-7785

Division Professional Standards and Conduct Unit

Summary The purpose of this policy is to provide staff with information as to how fraud control is managed within Ambulance.

Applies to All Ambulance Service of NSW staff All Operational staff All Administration staff All Headquarters staff Division staff (Aero Medical, Metropolitan and Regional) Operation Centres

Review Date 1 November 2013

Previous Reference 1. Ambulance Service of NSW – Fraud Policy (Extracted and Modified from the NSW Health Website http://www.health.nsw.gov.au/pubs/1997/pdf/annual_report_97.pdf) NSW Health Annual Report 1996/97 – Appendix 28, pg. 146 (Excerpt from Circular 93/70 and PD2005_059)

2. Fraud Control Strategy – Department of Health NSW – PD2007_070

Status Active

Approved by Chief Executive

Related Documents

• NSW Health Policy Directive – PD2007_070 Fraud Control Strategy • SOP2007-012 Code of Conduct

Revision History

Version (Circular) Amendment notes

11 April 2012 (SOP2012-007)

Fraud Control Framework and Fraud Control Work Plan approved by Audit and Risk Committee and A/Chief Executive.

25 January 2012 (SOP2012-001)

SOP covering Fraud Control Framework and Fraud Control Work Plan approved by the A/Chief Executive.

http://www.health.nsw.gov.au/pubs/1997/pdf/annual_report_97.pdf

http://www.health.nsw.gov.au/policies/pd/2007/pdf/PD2007_070.pdf

http://www.health.nsw.gov.au/policies/pd/2007/pdf/PD2007_070.pdf

http://intranet/asintranet/forms/SOPs/trimdocs/_extdocuments/TRIM_Rozelle/Code%20of%20Conduct%20-%20SOP2007-012.PDF?trimid=128872

SOP2012–007 of 3


Revision History – continued

Version (Circular) Amendment notes 16 December 2005 (IC05/30) 1996/97

Fraud Policy (Extracted and Modified from the NSW Health Website) http://www.health.nsw.gov.au/pubs/a/ar9697/a2800.html) NSW Health Annual Report 1996/97 – Appendix 28 (excerpt from Circular 93/70 and PD2005_059)

Compliance with this policy directive is mandatory

SOP2012– 007 of 3


Fraud Control Framework in Ambulance Policy Statement Statement of Attitude to Fraud

Ambulance has a zero tolerance approach to fraud.

Fraud Control in Ambulance

Ambulance has established a Fraud Control Framework which underpins the Ambulance Fraud Control Work Plan. All employees are to comply with the guidance provided under the Fraud Control Framework. The Fraud Control Framework is consistent with the Ambulance Code of Conduct. The Ambulance Fraud Control Work Plan outlines specific program risks which have been identified in the bi-annual risk assessment. Program Managers are required to maintain an awareness of and implement specific risk management strategies covered in the work plan which relate to their program areas.

Definition of fraud

For the purposes of this SOP, fraud is defined as any false representation or concealment of fact with the necessary criminal intent to permanently deprive someone or to induce someone to part with something of value. Benefits that are obtained by deception or other means can be either tangible or intangible.

Responsibilities of Staff in Fraud Control

Responsibility for fraud control includes prevention, detection, deterrence and response and is a shared responsibility across all levels of the Service. The Chief Executive has overall responsibility for ensuring that the strategic aims of the Fraud Control Framework and Work Plan are complied with across Ambulance. Director/s Operations/Corporate and General Managers have delegated responsibility to ensure that allocated elements of the plans risk assessment are managed and reported upon as required. The Chief Finance Officer, Director, Professional Standards and Conduct Unit and Manager, Risk Management have responsibility to conduct two yearly reviews of the Ambulance Risk Management Assessment and Fraud Control Work Plan. The review of the planning documents should also be undertaken when any new function/service or major structural change occurs within Ambulance. All employees have a responsibility to report suspected incidents of fraud to either the Chief Executive, Director, Professional Standards and Conduct Unit, Director, Operations/Corporate, Chief Finance Officer or General Managers as appropriate. All employees of Ambulance have a responsibility to comply with the risk management strategies that are applicable to their respective work place environments or level of decision making as outlined in the Fraud Control Framework and Fraud Control Work Plan. All employees have a responsibility to comply with the Code of Conduct and Organisational Values. Employees may be called to account for their actions or non-action in compliance with that code. Note: Failure of an employee to take reasonable action to report suspected fraud may amount to misconduct and may be dealt with in accordance with the Health Services Regulation 2008 and supporting Ambulance Procedural Guidelines for Dealing with Misconduct.

Review of the Fraud Control Work Plan

The Plan will be reviewed every two years on completion of the Risk Management Assessment review.

1

FRAUD CONTROL FRAMEWORK

AMBULANCE SERVICE OF NSW

VERSION 2012/01

Hierarchy of review

Delegated officer Date

Version (1) 2011/01 - 24/05/11 Version (2) 2011/02 - 02/06/11 Version (3) 2011/03 – 24/06/11 Version (4) Version (5) 12/10/11

Stephen Murphy, Investigation Officer, Professional Standards & Conduct Unit (PSCU) Incorporating comments by Director PSCU – Ms Marian O’Connell (MOC) Incorporating comments by Director Executive Support Joanna Clark Incorp changes by MOC Incorp changes by Chief Finance Officer (CFO) Incorp changes by CFO and General Manager (GM), Corporate Services

25/5/11 30/05/11 24/6/11 12/10/11 04/11/11

Review – Director PSCU

Marian O’Connell

18/10/11

Review – CFO

Stephen O’Malley

18/10/11

Review – Risk Management

Natasha Hallifax

Review - GM, Corporate Services

Michael Landsbergen

19/10/11

Approval - Chief Executive (CE)

Mike Willis

19/12/11

Endorsement Audit and Risk Management Committee Version 2012/01

19/3/12

Ambulance Service of NSW – Fraud Control Framework - p2

Table of Contents Pg 1. BACKGROUND TO THE AMBULANCE SERVICE OF NSW 3 1.1 Statement of Attitude to Fraud

3

2. WHY FRAUD CONTROL? 4 2.1 Definition of fraud 4 2.2 Definition of Corruption

5

3. RESPONSIBILITIES OF STAFF IN FRAUD CONTROL 5 3.1 The Chief Executive 5 3.2 The Chief Finance Officer (CFO), Director, Professional Standards and Conduct Unit

(PSCU) and Manager, Risk Management 5

3.3 Management 6 3.4 All employees 6 3.5 Fraud Control Responsibility – Implementation

6

4. FRAUD RISK ASSESSMENT 7 4.1 Qualitative Risk Analysis Matrix Utilised

7

5. FRAUD RISK MANAGMENT 7 5.1 Managing Fraud Risk associated with outsource functions/consultancies/contractors

7

6. FRAUD INVESTIGATION CASE REFERRAL STANDARDS AND TRAINING 7 6.1 Fraud Awareness Training 7 6.2 Fraud Control Work Plan Training 8 6.3 Prosecution of Fraud 8 6.4 Reporting of Corruption or Maladministration 8 6.5 Fraud Investigation Standards

8

7. RELATIONSHIP WITH OTHER AMBULANCE PLANS 8 7.1 Corporate Plan 8 7.2 Strategic and Annual Internal Audit Plans

8

8. REVIEW OF THE FRAUD CONTROL WORK PLAN 9 Attachments Pg 1 Fraud Control Work Plan - Ambulance 10 2 Fraud Control Strategy – Ministry of Health PD2007_070 3 Fraud Risk Management Assessment 2010-12 4 Ambulance Code of Conduct 5 Ambulance Service Values Chart


1. BACKGROUND TO THE AMBULANCE SERVICE OF NSW

The Ambulance Service is committed to providing high quality clinical care and health related transport services to the people of NSW. In the 2010/11 year, the Ambulance responded to 1149820 emergency and non-emergency incidents requiring Ambulance response. For the same period 837070 Emergency Triple Zero calls were also managed. The Ambulance employs over 4 300 people, with 90% being operational staff involved in the front line delivery of services. This includes Paramedics, Patient Transport Officers and specialised areas such as Intensive Care and Extended Care Paramedics, Special Operations, Counter Disaster, Aero Medical and Medical Retrieval. The remaining 10% of the workforce are corporate, clinical and other support staff that assist in the delivery of services.

1.1 Statement of Attitude to Fraud

Ambulance has a zero tolerance approach to fraud

Fraud damages the reputation of Ambulance in the wider community and impacts negatively on the resources available to promote and deliver Ambulance objectives. Ambulance is committed to minimising the incidence of fraud through the identification of risks and the development, implementation and regular review of a range of fraud prevention and detection strategies. Where there is substantial change in the structure or functions of Ambulance, or a transfer of functions (such as the result of outsourcing), Ambulance will undertake to reassess fraud risk by undertaking a Fraud Risk Management Assessment specifically in relation to the change and update the Fraud Control Work Plan accordingly. Each fraud prevention and detection strategy is designed to contribute to an environment based upon risk management, sound internal controls, monitoring and improvement to systems and proper ethical practices. Specifically they cover monitoring of the effective controls and new initiatives for high residual risk events. To achieve this Ambulance:

• reviews its Fraud Risk Management Assessment every two years and updates its Fraud Control Work Plan

• encourages and promotes professional and ethical business practice by staff and external service providers

• clearly defines the hierarchical reporting and decision making process with respect to suspected instances of fraud

• uses all available avenues to recover money or property lost through fraudulent activity

• where appropriate, prosecutes persons and/or organisations for fraud offences, should they occur

• implements arrangements for the provision of information, to the Professional Standards and Conduct Unit (PSCU) on all suspicions of/or a prima-facie case of fraud

• provides assurance to the probable identification of fraud through regular reviews and scrutiny of operations


To achieve this through its employees Ambulance: • facilitates fraud awareness training for all employees trains selected employees in initial investigation techniques, including the

recognition of fraud risk indicators and how they can implement measures and procedures to assist in the detection of fraud

clearly articulates standards and procedures to encourage the minimisation and deterrence of fraud

2. WHY FRAUD CONTROL?

Fraud and corruption risks exist within all NSW Government Agencies. Fraud risk, as a category of corporate risk, presents any organisation with the greatest threat in respect to financial loss and damage to reputation. The nature of fraud and corruption means they are pervasive risks which constantly change and require ongoing monitoring. For these reasons, the NSW Independent Commission Against Corruption (ICAC) and Audit Office of NSW both recommend agencies assess their fraud and corruption risks on a regular basis, and ensure that steps are taken to effectively manage and prevent fraud and corruption from occurring. Ambulance has a requirement and a commitment to actively support the NSW Ministry of Health’s Fraud Control Policy – PD2007_070 (Attachment 1). This Fraud Control Framework and Work Plan provides for an effective tool to ensure that Ambulance meets its compliance obligations to the NSW Ministry of Health and relevant Health Policy in the areas of fraud control. The platforms of an effective fraud and corruption control framework are deterrence through strategies that manage:

• Prevention • Detection and • Investigation.

This Fraud Control Framework and Work Plan and the supporting risk assessment are key components of the fraud prevention and detection strategies that will be adopted by Ambulance. Fraud awareness training and an investigative response capability are key components of the fraud deterrence strategy.

2.1 Definition of fraud

For the purposes of this plan, fraud is defined as any false representation or concealment of fact with the necessary criminal intent to permanently deprive someone or to induce someone to part with something of value. The definition includes events or incidents involving:

• theft • obtaining property, financial advantage or any other benefit by deception • causing a loss, or avoiding or creating a liability by deception • providing false or misleading information to the Ambulance, or failing to

provide information where there is an obligation to do so • making, using or possessing forged or falsified documents • bribery, corruption, abuse of office or maladministration


• unlawful use of Ambulance computers, vehicles, telephones and other property or services

• any offence of a like nature to those listed above.

Benefits that are obtained by deception or other means can be either tangible or intangible. Some examples include:

• hacking into or interfering with an Ambulance computer system • using Ambulance systems to gain access to other systems without authority • charging Ambulance for goods or services that are incomplete or not

delivered • making false/fraudulent statements of claim against advertised positions

2.2 Definition of Corruption

Corrupt conduct is defined under the Independent Commission against Corruption Act 1988 as the dishonest or partial exercise of public official functions. It may also involve the conduct of non-public officials which adversely affects the honest and impartial exercise of a public official’s functions. Public officials include people working in government departments, statutory authorities and local councils in NSW, as well as judges and magistrates and elected officials. For conduct to be considered corrupt under the ICAC Act definition it has to be serious enough to involve a criminal or disciplinary offence or be grounds for dismissal. However, at the point a report is made to ICAC, the reporting officer need not know with any certainty that this seriousness test can be satisfied as this will often only be known after a full investigation. Some examples of corrupt conduct by public officials that fall within this definition include:

• A company wants to do business with the government and pays a public official to choose that company for the job

• A public official bypasses recruitment procedures to employ friends or family members

• A public official accesses confidential information as a favour to a friend • A public official takes office petty cash to pay for personal items • A public official extorts money from a client in their care • A public official uses a work computer and e-mail address to run a private

internet business

3. RESPONSIBILITIES OF STAFF IN FRAUD CONTROL

Responsibility for fraud and corruption control which includes prevention, detection, deterrence and response is a shared responsibility across all levels of Ambulance. 3.1 The Chief Executive has overall responsibility for ensuring that the strategic aims

of the Fraud Control Framework and Work Plan are complied with across Ambulance Operational and Corporate. Director/s and General Managers have delegated responsibility to ensure that allocated elements of the plans risk assessment are managed and reported upon as required.

3.2 The Chief Finance Officer, Director, PSCU, Manager, Risk Management have

responsibility to conduct two yearly reviews of the Ambulances Risk Management Assessment and Fraud Control Work Plan.


The review of the planning documents should also be undertaken when any new function/service or major structural change occurs within the organisation.

3.3 All employees have a responsibility to report suspected incidents of

fraud/corruption to either the Chief Executive, Director, PSCU, Operational / Corporate Directors or General Managers as appropriate.

3.4 All employees have a responsibility to comply with the risk management strategies

that are applicable to their respective work place environments or level of decision making.

All employees have a responsibility to comply with the Code of Conduct and Ambulance Service Values. Employees may be called to account for their actions or non-action in compliance with that code.

Note: Failure of an employee to take reasonable action to report suspected fraud/corruption may amount to misconduct and may be dealt with in accordance with the Health Services Regulation 2008 and supporting Procedural Guidelines for Dealing with Misconduct.

3.5 Fraud Control Responsibility – Implementation

Responsibility

Responsible Officer/Area Finish date

Overall responsibility for ensuring compliance with the Fraud Control Framework and Work Plan.

• Chief Executive Ongoing

Coordinating the conduct of a risk assessment to ensure the ultimate delivery of a Fraud Control Work Plan every two years.

• Chief Finance Officer • Director PSCU • Manager, Risk Management

Ongoing

Providing a central reporting point for allegations of incidents of fraud, ensuring that matters are appropriately recorded, investigated, referred (when and where appropriate) and reported.

• Director PSCU

Ongoing

Coordination of training, including fraud awareness training.

• Director PSCU Ongoing

Prevention and detection of fraud within program areas through the strategic implementation of the internal control system and any other effective means.

• All Ambulance program areas

Ongoing

Assisting with implementation of the Fraud Control Framework and Work Plan.

• All staff Ongoing


4. FRAUD RISK ASSESSMENT

Ambulance managers are responsible and accountable for understanding the potential risk areas that relate to their areas/program responsibilities. The Fraud Risk Management Assessment is a key document to aid managers in gaining an understanding of the range of fraud risk categories that the Ambulance is exposed to (Attachment 3).

4.1 Qualitative Risk Analysis Matrix Utilised

The Fraud Risk Management Assessment has been developed in accordance with Australian/New Zealand Risk Management Standard 4360. Fraud risk identified as part of the preparation of this assessment have been categorised as high, medium or low in accordance with the following Qualitative Risk Analysis Matrix:

CONSEQUENCE

LIKELIHOOD Insignificant Minor Moderate Major Severe Rare Low Low Medium Medium High Unlikely Low Medium Medium Medium High Possible Low Medium Medium High Extreme Likely Medium Medium High High Extreme Almost Certain Medium High High Extreme Extreme

5. FRAUD RISK MANAGMENT

5.1 Managing Fraud Risk associated with outsource functions / consultancies / contractors

Ambulance may use external service providers to enhance service delivery functions. To ensure the risk of fraud and corruption associated with external service providers is managed, when selecting service providers Ambulance provides assurance that the following issues are considered:

• the necessity for the service provider to meet and comply with procurement guidelines that may be instigated by Ambulance

• he depth of experience of the service provider including the outcomes of past work

• the solvency of the external service provider • the potential for conflict of interest where the external provider is a client or

provides other services to Ambulance • the commitment of the service provider to comply with Information Privacy

Principles as outlined in relevant Health policies, Acts or Regulations • the need to meet the relevant levels of competency

6. FRAUD INVESTIGATION CASE REFERRAL STANDARDS AND TRAINING

6.1 Fraud Awareness Training

Ambulance recognises that the primary purpose of education and training in the area of fraud control is it to contribute to the prevention and control of fraud by raising the level of awareness amongst staff. The objective is to aid staff in identifying fraudulent practices and to make it very clear that such practices will not be tolerated by the Ambulance.

Fraud awareness training will be incorporated into the Code of Conduct Training delivered to employees by the Professional Standards and Conduct Unit.


6.2 Fraud Control Work Plan Training

To facilitate internal review and modification of the Fraud Control Work Plan Line Managers undertaking the Ambulance Management Qualification course will be provided with training on fraud and corruption control arrangements within Ambulance. Senior Ambulance Program Managers will be provided with specific training on an as needs basis. Training development and delivery will be coordinated through the PSCU.

6.3 Prosecution of Fraud

Ambulance has a policy to act on all instances of reported fraud. Prosecution or referral for prosecution will be assessed by the Chief Executive on advice from the Director PSCU, General Manager, Corporate Services or the Chief Finance Officer.

6.4 Reporting of Corruption or Maladministration

In accordance with ICAC guidelines all instances of reported corruption or maladministration will be reported to ICAC.

6.5 Fraud Investigation Standards

An investigation conducted by both employees of Ambulance and external contractors or consultants will be conducted in accordance with Ambulance Procedural Guidelines for Dealing with Misconduct. The guidelines are available on the Intranet link to the Professional Standards and Conduct Unit. When notified of suspected fraud the Director PSCU will consult with the Chief Executive to determine an appropriate course of action in relation to investigation and/or referral of the matter to the NSW Police or other relevant agency. The Chief Executive or delegated officer has the final determination on a decision to refer the matter to another agency, with the exception of mandatory reporting requirements to ICAC in relation to corruption and/or maladministration which rests with the Chief Executive as the Principal Reporting Officer.

7. RELATIONSHIP WITH OTHER ASNSW PLANS

7.1 Corporate Plan

The Ambulance Fraud Control Framework and Work Plan are key corporate documents and sit underneath the Ambulance Risk Management Assessment and Corporate/Operational Plans.

7.2 Strategic and Annual Internal Audit Plans

The Ambulance Audit and Risk Management Committee are responsible for endorsing the strategic planning in fraud risk management.

Internal audit services are provided under contract and are coordinated by the General Manager, Corporate Services on behalf of the Chief Executive.


8.1 REVIEW OF THE FRAUD CONTROL WORK PLAN

The Plan will be reviewed every two years on completion of the Risk Management Assessment review. The plan will also require review upon any major change to organisational structure, role or function of Ambulance. The Ambulance Audit and Risk Management Committee have responsibility for endorsing the Fraud Control Work Plan through the Chief Executive.

10

FRAUD CONTROL WORK PLAN

2010/12

AMBULANCE SERVICE OF NSW

VERSION 2012/01

Hierarchy of review

Delegated officer Date

Version (1) 2011/01 - 24/05/11 Version (2) 2011/02 - 02/06/11 Version (3) 2011/03 – 24/06/11 Version (4) 2011/04 – 29/09/11 Version (5) 2011/05 – 12/10/11

Stephen Murphy (PSCU) Incorporating comments by Director PSCU – Ms Marian O’Connell Incorporating comments by Director Executive Support Joanna Clark Incorporating comments from Director PSCU to move bulk of document to SOP Incorp comments from CFO and D-PSCU Incorp comments from GM-Corporate Services

25/5/11 30/05/11 24/6/11 29/9/11 12/10/11

Review – Director PSCU

Marian O’Connell

18/10/11

Review – Chief Finance Officer

Stephen O’Malley

18/10/11

Review – Risk Management

Natasha Hallifax

Review - General Manager – Corporate Services

Michael Landsbergen

19/10/11

Approval - Chief Executive

Mike Willis

19/12/11

Endorsement – Audit and Risk Management Committee Version 2012/01

19/3/12

11

Identified Fraud Risk Areas – Allocation of Responsibility The following table highlights the current risk areas that have been targeted for review within the 2010/12 Services Fraud Risk Management Assessment. The table identifies areas of responsibility across Ambulance for development and implementation of relevant fraud risk control strategies. Note: Further detail of the relevant risk areas can be found within the Deloitte Risk Assessment (Attachment 1). Risk Descriptor Deloitte Fraud Risk Assessment 2010-12 – TAB 2

Responsible Officer/ Program Area

Strategies/tasks

Finish Date

R1 - Raise awareness of secondary employment requirements.

Director PSCU through code of conduct training

All line managers

Publish articles in sirens.

Re-enforce during code of conduct training

Incorporate into on-line code of conduct training Include in induction training and AMQ

Ongoing

R2 – Update Award and address the lack of clarity in respect to On Call arrangements for employees.

Director Workforce

Incorporate on-call arrangements into Award

Completed 25/1/11 with publication of Administrative Bulletin AB2011-003 -Memorandum of Understanding (MOU) and Variation to Operational Awards

R3 – Update Fraud Control Policy to reflect corrupt conduct more clearly and link to the Code of Conduct.

Director PSCU

Incorporate definition into the Ambulance fraud control plan Incorporate into code of conduct training for new employees Incorporate into on-line training package for code of conduct

July 2011

12

Risk Descriptor Deloitte Fraud Risk Assessment 2010-12 – TAB 2


Strategies/tasks

Finish Date

R4 – Introduce annual sign off of all staff to abiding by the Code of Conduct.

Director PSCU

Incorporate into on-line code of conduct training and assessment.

September 2011

R5 – Strengthen processes over clinical and pharmaceutical supplies.

Director Operations (each region) General Manager Operations Manager Clinical Education Director PSCU

Conduct routine audits of drug registers as per policy. Review Ambulance Policy on management of S4 and S8 drugs. Develop process for managing breaches of drug policy in a consistent manner. Incorporate process training into relevant in service courses – drug management.

To be identified

R6 – Implementation of Rostering automated software.

Director Workforce General Manager Operations Director Operations Divisions Director Service Improvement Office

Note: a number of

projects currently underway. Further info to be provided by project managers.

2013 (Scheduled delivery and implementation of E-Rostering – Service wide)

R7 – To consult with Internal Audit in respect to the process being undertaken to re-evaluate how Schedule 8 drugs could be better managed.

General Manager Operations Manager Clinical Education Director PSCU

Implement internal audit report 2011/15 recommendations.

As detailed in the audit report.

13



Strategies/tasks

Finish Date

R8 – To continue lines of communication with the NSW Ministry of Health over the importance of obtaining enhanced reporting and controls over human resource related transactions.

Director Workforce Planning.

To be identified

R9A – To continue lines of communication with the NSW Ministry of Health over the importance of obtaining enhanced reporting and controls over accounts payable related transactions by DHHS.

Chief Finance Officer

To be identified

R9B – To reassess certain SOP’s and update as appropriate to support transition to DHSS

Chief Finance Officer Director Workforce

To be identified

R10 – To revisit the Code of Conduct in respect to clarification on value of gifts so that they are consistent with ICAC requirements.

Director PSCU

Incorporate into on-line code of conduct training. Incorporate into revised Ministry Code of Conduct.

To be identified.

14



Strategies/tasks

Finish Date

Fraud awareness training

Director PSCU

Facilitates fraud awareness training for all employees. Train selected employees in initial investigation techniques, including the recognition of fraud risk indicators and how they can implement measures and procedures to assist in the detection of fraud. Clearly articulates standards and procedures to encourage the minimisation and deterrence of fraud.

Ongoing Ongoing February 2012 on acceptance of the fraud control framework.

1

Liability limited by a scheme approved under Professional Standards Legislation.

Member of Deloitte Touche Tohmatsu Limited

1

Ambulance New South Wales Fraud Risk Assessment 2010 – 2012 November 2010

Distribution

Party Title

Mr Greg Rochford Chief Executive

Mr Michael Landsbergen General Manager, Corporate Services

Mr Stephen O’Malley Chief Finance Officer

Mr Harvey Christophers Partner, Risk Services, Deloitte

Ms Linda Waugh Account Director, Risk Services, Deloitte

Ms Petra Koziollek Account Director, Risk Services, Deloitte

Mr Lakshman Gunaratnam Account Director, Risk Services, Deloitte

AMBULANCE NSW

FRAUD CORRUPTION RISK ASSESSMENT NOVEMBER 2010

SECTION ONE: EXECUTIVE SUMMARY

Ambulance Service NSW – Fraud Risk Assessment 2010 - 2012 1

Contents 1. EXECUTIVE SUMMARY ............................................................................................................................................................. 2

2. BACKGROUND AND CONTEXT ............................................................................................................................................. 10

3. KEY FINDINGS .......................................................................................................................................................................... 16

4. AREAS FOR INTERNAL AUDIT CONSIDERATION ............................................................................................................. 20

APPENDIX A: FRAUD AND CORRUPTION RISK MATRICES ............................................................................................... 22

APPENDIX B: LEGAL DEFINITION OF CORRUPT CONDUCT .............................................................................................. 50

APPENDIX C: FRAUD RATING DEFINITIONS .......................................................................................................................... 53

APPENDIX D: INTERVIEW AND WORKSHOP PARTICIPANTS ............................................................................................ 55

AMBULANCE NSW




1. Executive Summary 1.1 Background As part of the 2009/10 Internal Audit Plan agreed with the Ambulance Service of NSW (“the Service”), Deloitte Touche Tohmatsu (“Deloitte”) undertook an organisation-wide fraud and corruption risk assessment (FCRA). The engagement was performed in accordance with the agreed Terms of Reference dated 5 May 2010.

Fraud and corruption risks exist within all NSW Government Agencies and are frequently the areas which present greatest threat in respect of financial loss and

damage to reputation. The nature of fraud and corruption means they are pervasive risks which constantly change and require ongoing monitoring. For these

reasons, the NSW Independent Commission Against Corruption (ICAC) and Audit Office both recommend that agencies assess their fraud and corruption risks on a regular basis, and ensure that steps are taken to effectively manage and prevent fraud and corruption from occurring.

The platforms of an effective fraud and corruption control framework are prevention, detection and investigation. To achieve prevention and detection objectives,

an agency must have a comprehensive and detailed understanding of its fraud and corruption risks and overall profile. It is this understanding that allows agencies to

tailor their Audit Program and other risk management activities to ensure that high and emerging fraud and corruption risk areas are addressed appropriately. The

incorporation into the Internal Audit Program fulfils proactive and detective objectives as recommended by both the ICAC and the Audit Office. A fraud and

corruption risk assessment also serves to identify where fraud and corruption controls are absent, dated, inadequate or no longer effective, and where proactive

strategies need strengthening to improve the fraud and corruption control environment. The Service has not previously undertaken a FCRA but has an established fraud and corruption risk framework which includes the Service’s Code of Conduct (2007) and a Fraud Policy (2005).

1.2 Objective and Scope

The key objectives of this engagement were to conduct an assessment of fraud and corruption risks and associated controls across all key business processes of the

Service. The agreed deliverable was a Fraud and Corruption Risk Assessment report which includes fraud and corruption risk matrices, key considerations for the

three year internal audit plan as well as a recommendations table for management’s consideration on the top ten fraud risks. The methodology followed can be found in Section Two – Background and Context.

The scope included coverage of key business processes in the following areas:

Professional Standards and Conduct

Finance and Data Services Public Affairs Operations Corporate Services

In discussion with Management it was agreed that the assessment would not cover Clinical Development as this was a specialised area and had alternate review

mechanisms in place. The scope did include the Service’s control requirements for providers of out-sourced services. The assessment was conducted as a consulting

engagement and in accordance with our Inherent Limitations. For the avoidance of doubt, the procedures that we performed as part of this engagement do not

constitute an assurance engagement in accordance with Australian Standards for Assurance Engagements, nor does it represent any form of audit under Australian Standards on Auditing, and consequently no assurance conclusion or audit opinion has been provided.

AMBULANCE NSW




1.3 Key Findings and Recommendations

1.3.1 Overall Comments The Ambulance Service in the last decade has seen major expansion of demand for its services and has responded with major investment in staff and in operational capability. These have included:

large increases in operational (and support) staff numbers and expansion in clinical and management training

new clinical equipment, new vehicles (including fixed wing and rotary); new radio and computer-aided despatch systems

new operational procedures, including better triage of calls (and more non-emergency response resources) new clinical protocols and less-fatigue-inducing shift systems (with shorter shifts).

Through our interviews and workshops it became evident that a number of the critical issues that the Service has, both from a fraud risk and area for audit consideration have arisen due to the proportionately less development in administrative support systems at the Service and the heavy reliance on manual controls and paper based systems. As a result, the efficiency of administrative processes is reduced and the risk of fraud is higher than in other agencies of similar size. That is the major finding from this Fraud and Corruption Risk Assessment. Without significant investment into the enabling underlying systems, such as a Payroll system for support services, the Ambulance will continue to bear significant inherent payroll related risks, including undetected fraud and error surrounding areas such as the processing and approval of timesheets, leave, and overtime. In addition to considerably reducing the likelihood and consequence of fraud risks, there are many other benefits to Ambulance were the payroll system upgraded or replaced, these include:

savings that would arise through efficiencies from automated processes

enhanced management reporting which would assist scheduling the rosters as well as monitoring allocation of overtime

enhanced leave management. We have seen many NSW government entities and State Owned Corporations, with much smaller growth and less complex processes, invest more heavily in their back office systems over the last 5 years to gain such efficiencies. They include new integrated financial systems and human resource systems, plus new payroll systems with integrated employee kiosks. Such systems provide staff with the flexibility to manage their working hours, leave requests and banking changes online. They free up the employer’s administration staff to undertake higher value tasks as well as assist in managing headcount. Ambulance NSW is one of a few larger agencies, along with other health services, where such systems have not been widely introduced and existing processes/controls are substantially manual. We understand this is not just a matter of resources. For administrative systems, the Ambulance Service is heavily dependent on developments at NSW Health and, because Ambulance is one of the smaller and non-standard health services, is often one of the last to see such systems implemented. Its differences from other health services also mean that often (as with patient records, rostering, payroll and billing) the standard systems need to be adjusted for the ambulance context. These delays and adjustments add to the risk of control weaknesses and of fraud unless carefully managed.

AMBULANCE NSW




We understand that a number of NSW Health administrative systems are now under development: payroll, human resources, rostering, asset management. We support such developments, provided they recognise the particular characteristics of awards and processes in the Service. In the meantime, the risks remain high due to the complexity of the many of the processes and despite well-developed manual controls. They may continue to be high after the initial implementation of new administration systems, as the Service has found with the recent replacement of SUN Financials with ORACLE, until the controls are fully understood and bedded-down. Our second general observation is with those particular characteristics of the Ambulance Service context that contribute to the risk of fraud. Some of these are unavoidable because of the trust that members of the public place in this most respected of services. Some are due to the highly dispersed operations of the Service across the State and staff’s need for rapid access to everything from petty cash funds, to medical supplies, to transport and to local suppliers. Some of them are more a reflection of long-established local practices, or interpretations of complex awards, in particular those associated with on-call and call-out; with rostering, overtime and resource allocation; and with private use of vehicles. The Service has taken some significant steps to reduce such complexity and to agree consistent definitions and interpretations, for example around meal break allowances and private usage of ambulance vehicles. The current industrial case around the definition of on-call start and finish time is another. To the extent that such ambiguities continue, so too do the risks of fraud, or the perceptions of fraud. Our third general observation is about staff awareness of fraud risk, which appears from the workshops and discussions to be relatively low for an organisation where the risks are relatively high. This may in part be a reflection of recent priorities to build awareness around other aspects of culture and conduct (in relation to healthy workplace). The Fraud Control policy dates from 2005 and the Code of Conduct from 2007. Staff’s understanding of them in relation to fraud matters, particularly of the former, was limited. We suggest a refresh of these, and closer links between them, to help bolster fraud risk awareness, particularly in those functions exposed to high risks. Many of the findings raised in this report have been raised in prior reports, albeit from differing perspectives. The key report whose findings include those highlighted in this FCRA, is the Auditor General’s Follow Up (2007) of the 2001 Performance Audit. This report indicates that whilst significant investment and resources have been deployed to improve clinical enabling systems (Computer Aided Despatch Systems) and interfaces with key stakeholders such as hospitals (emergency departments) as well as simplifying the governance structure of the Service, little has been done in respect of the workforce flexibility recommendations. It is these recommendations1 which if addressed would assist in strengthening the control environment which at present is conducive to fraud and errors remaining undetected in a timely manner or at all.

1 See Auditor General’s Follow Up Report p44 2.8 Workforce flexibility

AMBULANCE NSW




1.3.2 Fraud & Corruption Control As a result of the risk assessment process, the following high level areas were identified as those where enhancements could be made to the fraud and corruption control environment and framework within Ambulance NSW. Further details can be found in Section 3 - Key Findings.

R1 Raise awareness of secondary employment requirements

R2 Update Award and address the lack of clarity in respect to the On Call matter

R3 Update Fraud Control Policy to reflect corrupt conduct more clearly and link to Code of Conduct

R4 Introduce annual sign off of all staff to abiding by Code of Conduct

R5 Strengthen processes over clinical and pharmaceutical supplies

R6 Implementation of Rostering automated software

R7 To consult with Internal Audit in respect to the process being undertaken to re-evaluate how section 8 drugs could be better

managed

R8 To continue lines of communication with the Department over the importance of obtaining enhanced reporting and controls

over human resource related transactions

R9A To continue lines of communication with the Department over the importance of obtaining enhanced reporting and controls

over accounts payable related transactions processed by DHHS.

R9B To reassess certain SOP’s and update as appropriate to accommodate the transition to DHSS

R10 To revisit the Code of Conduct in respect to clarification on value of gifts so that they are consistent with ICAC requirements.

AMBULANCE NSW




1.3.3 Areas for Internal Audit Consideration One of the two key deliverables arising from the fraud risk assessment was the identification of areas for consideration in the development of the Service’s Three Year Internal Audit Plan. Tabled below are the categories in which we have recommended such audits. Further details can be found in Section 4 – Areas for Internal Audit Consideration.

Contract Management – outsourced services such as fixed wing and rotary, fleet leasing, property management – assessing the robustness of controls over compliance to key clauses.

OHS – examining the processes in place which ensure that key OHS risks for Ambulance are appropriately managed.

Information Management & Access Controls - assessing the processes in place to manage access to certain information and the way in which key information is categorised and restricted.

Payroll Management – Timesheet Accuracy – examining the efficiency of controls in place over the veracity of declared time worked including on-call, call-out and overtime worked.

IT Project Management – examining project management processes and their implementation, particularly on development of specifications and user testing.

Shared Support Services – examining the robustness of controls in place to gain assurance that the financial transactions being processed on behalf of the Service are complete, accurate and valid.

Fleet Leasing – reviewing the processes in place which monitor key vehicle costs to determine if they are in line with expected costs such as fuel usage, general maintenance and tyres.

Gifts and Benefits – NSW Health’s Gifts & Benefits Policy (PD2010_010) requires the Internal Audit Manager to review and sign off on the Registers at least every 2 years to ensure all actions have been completed and identify any trends and or incidents that require further actions.

AMBULANCE NSW




1.4 Overall Residual Risk Profile

The following table summarises, for each key area, the total number of risk scenarios examined and their associated breakdown of residual risk ratings ranging from low to very high. The residual risk rating has been collated from risk ratings obtained from discussion with five members of the executive and from holding two workshops in which a subset of these scenarios were covered. These 52 scenarios are illustrated on a risk map below. The details of the each scenario can be found in the matrices located in Appendix A: Fraud and Corruption Risk Matrices.

Table 1 – Fraud and Corruption Risks by area/business process

Area or Business Process Number of Risks

Residual Risks

Very High High Moderate Low

Organisation Wide (Generic Risk Areas) [1.1 - 1.3] 3 2 1 0 0

Financial Management (Petty Cash, Accounts Payable & Accounts Receivable) [2.1 – 2.9] 8 2 1 2 3

Procurement and Contract Management [3.1 – 3.9] 9 0 3 5 1

Assets and Supplies [4.1 – 4.7] 7 0 2 1 4

Information and Records [5.1 – 5.5] 5 1 2 1 1

Payroll, Allowances and Expenses [6.1 – 6.7] 7 1 4 1 1

Operations [7.1 – 7.3] 3 0 1 0 2

Events, Sponsorship and Branding [8.1-8.5] 5 0 2 1 2

Human Resources [9.1 – 9.5] 5 0 2 3 0

Total for the Service 52 6 18 14 14

AMBULANCE NSW




1.4.1 Fraud Risk Profile

The risk profile below represents the scores obtained from workshops and interviews, however the top ten themes are based on the risk profile and further discussion

with senior management.

Top 10 Areas/Themes of Concern

1. Validity of ‘On call’ payments

2. Level of awareness of Fraud & Corruption related policies

3. Integrity of Accounts Payable

4. Payroll – Timesheet and rostering integrity

5. Management of clinical and pharmaceuticals supplies

6. Human Resources – Secondary employment

7. Human Resources – Leave management

8. Data integrity

9. Human Resources – Recruitment

10. Misuse of private usage – Motor vehicles

Control Effectiveness

Inh

ere

nt

Ris

k (

lik

eli

ho

od

+ C

on

se

qu

en

ce

)

Very

High

8

LOW

3

Low

1

GOOD

1

LOWMODERATE

VERY HIGH

HIGH

1.1

1.2

1.3

2.1

2.2

2.3

2.4

2.52.6

2.72.8

3.1

3.2

3.3

3.4

3.5

3.63.7

3.8

3.9

4.14.2

4.3

4.4

4.5

4.6

4.7

5.1

5.3

5.4

5.2

5.5

6.1

6.2

6.3

6.4

6.5

6.6

6.7

7.1

7.2

7.3

8.1

8.2

8.3

8.4

8.5

9.1

9.2

9.3

9.4

9.5

AMBULANCE NSW




1.5 Acknowledgement We wish to place on record our appreciation of the assistance and co-operation received from executive management and other staff at the Service in undertaking this assessment.

Harvey Christophers Partner November 2010

AMBULANCE NSW

FRAUD RISK ASSESSMENT NOVEMBER 2010

SECTION TWO: BACKGROUND AND CONTEXT


2. Background and Context As part of the 2009/10 Internal Audit Plan agreed with the Ambulance Service of NSW (“the Service”), Deloitte Touche Tohmatsu (“Deloitte”) has undertaken an organisation-wide fraud and corruption risk and controls assessment. Fraud and corruption risks exist within all NSW Government Agencies and are frequently the areas which present greatest threat in respect of financial loss and damage to reputation. The nature of fraud and corruption means they are pervasive risks which constantly change and require ongoing monitoring. For these reasons, the NSW Independent Commission Against Corruption (ICAC) and Audit Office both recommend that agencies assess their fraud and corruption risks on a regular basis, and ensure that steps are taken to effectively manage and prevent fraud and corruption from occurring.

The platforms of an effective fraud and corruption control framework are prevention, detection and investigation. To achieve prevention and detection objectives, an agency must have a comprehensive and detailed understanding of its fraud and corruption risks and overall profile. It is this understanding that allows agencies to tailor their Audit Program to ensure that high and emerging fraud and corruption risk areas are incorporated where appropriate. The incorporation into the Internal Audit Program fulfils proactive and detective objectives as recommended by both the ICAC and the Audit Office. A fraud and corruption risk assessment also serves to identify where fraud and corruption controls are absent, dated, inadequate or no longer effective, and where proactive strategies need strengthening to improve the fraud and corruption control environment.

The assessment was conducted as a consulting engagement. For the avoidance of doubt, the procedures that we performed as part of this engagement do not constitute an assurance engagement in accordance with Australian Standards for Assurance Engagements, nor does it represent any form of audit under Australian Standards on Auditing, and consequently no assurance conclusion or audit opinion has been provided.

AMBULANCE NSW




2.1 What are Corruption and Fraud Risks?

The ICAC has provided commentary and a lay-person definition of corruption as follows:

Corruption risks can exist in relation to almost all functions and activities of an agency. Unmanaged corruption risks can expose an agency to the possibility of an employee engaging in corrupt conduct. Corrupt conduct is defined in section 8 and 9 of the Independent Commission Against Act 1988 [ICAC Act] but, ordinarily speaking, it is the dishonest or partial behaviour, misuse of information or breach of public trust by a NSW public sector employee which, if proved, could amount to a crime or disciplinary offence. The term also refers to the conduct of any person (whether or not that person is a public official) that adversely affects or could adversely affect the exercise of official functions by public officials and could constitute or involve a criminal or disciplinary offence. (Corruption risk management – Tip sheet for NSW Public Officials, ICAC, February 2008, p.1).

The full legal definition of corrupt conduct (s 7-9, ICAC Act) can be found in Appendix B. Fraud falls within section 8 and 9 of the ICAC Act and is a particular type of corrupt conduct.

Fraud involves the use of deceit or secrecy to obtain an unjust advantage or to injure the rights or interests of others (fraud is a form of theft). It involves the intent to deceive, unlawful action and/or receipt of money or a benefit.

The Service applies the following definition(s) within its Fraud Policy (2005):

The term ―fraud‖ is used in many contexts and the following are two general definitions:

Fraud, briefly stated, is a false representation or concealment of a material fact to induce someone to part with something of value.

Fraud is dishonesty, generally in the context of a false representation made by means of a statement or conduct, with the intention of gaining a material advantage.

AMBULANCE NSW




2.2 Methodology

The methodology adopted for the Fraud and Corruption Risk Assessment aligns with key elements of AS/NZ 4360:2004 and ISO31000:2009. It also has regard to

relevant guidelines and reports issued by the Independent Commission Against Corruption and the NSW Audit Office, and the Australian Standard on Fraud and

Corruption Control (8001:2008). An outline of our methodology and approach is provided in the following diagram, with further detail provided in Appendix C: Fraud Rating Definitions.

Planning and

Document

Analysis

Risk

Identification

Risk

Assessment

Reporting

Approach

Review existing documentation (including all

policies and procedures).

Develop and consult on risk assessment

methodology

Consult on interviewee list and workshop

participants.

Approach

Review existing documentation

Define scope

Approach

Populate preliminary risk matrices with

existing business knowledge

Identify and document risk scenarios

Identify and document controls

Approach


Define scope

Approach

Conduct fraud risk assessment interviews

to:

Assess Control Effectiveness

Evaluate Likelihood & Consequence

Conduct 2 x staff workshops

Approach


Define scope

Approach

Collate results and draft report

Re-appraise results with key staff

Confirm risk and control ratings

Identify areas for Internal Audit Plan

Develop Action Plans as required

Output

Sound knowledge of fraud and corruption

risk environment and documented controls

Final list of interviewees and workshop

groupings and participants.

Output

Fraud and corruption risk scenarios

identified

Documented controls identified

Fraud and corruption risk matrices

completed ready for discussion with

management

Preparation of interview kits

Prepare workshop methodology

Output

Fraud and corruption risk matrices

Output

Final report with risk matrices and

recommendations for Internal Audit Plan and

fraud and corruption risk management

control enhancement.

Co

mm

un

ica

tio

n w

ith

Ma

na

ge

me

nt

Stage I

Stage II

Stage III

Stage IV

AMBULANCE NSW




The following phases shown below were undertaken for this engagement.

Stage 1: Planning and Document Analysis

The focus of our activity during Stage 1 was on the assessment and analysis of Ambulance Service NSW documentation and internal control processes including but not limited to:

Relevant policies and procedures Internal registers if applicable (conflicts of interest, gifts and benefits etc.) and management systems

Risk assessment and management processes and associated documents (e.g. business risk assessment)

Training and education program and activities, and internal communication strategies and processes

Organisational structures and position/function reporting and supervision

Recent internal audit reports and audit committee processes

Code of Conduct Employment contracts and conditions

Instrument or policies on delegations (both financial and non-financial)

Issue management processes and reporting.

Access to these documents was provided through the Service’s Records Management Office. Access to management and staff for information and interviews were organised through the office of the General Manager Corporate Services (Merinda Breen and Robyne Stewart). During Stage 1 we developed and finalised the risk assessment definitions and categories (e.g. likelihood, consequence and controls assessment), and finalised list of interviewees and workshop attendees (Rozelle and Dubbo).

Stage 2: Risk Identification

In Stage 2 we developed and populated preliminary fraud and corruption risk matrices, setting out the details of existing fraud and corruption controls identified during Stage 1. This process in stage 2 was limited to identifying control weaknesses based on our desk review and detail specific questions to be directed to the five executives interviewed. Interview kits were developed and distributed. Workshop methodology was developed and finalised.

Stage 3: Risk Assessment

This stage was limited to holding two workshops and conducting interviews with:

Greg Rochford, Chief Executive Mike Willis General Manager Operations

Michael Landsbergen, General Manager Corporate Services Marian O’Connell Director Professional Standards & Conduct.

Stephen O’Malley Chief Finance Officer

Interviewees (excluding the Chief Executive officer) were asked to do some planning and preparation before the interview (i.e. complete interview kit ratings and review of control descriptions). They were also encouraged to bring direct-report managers with expertise in the areas being covered to the interview. We note that interviewees attended the meetings singularly. The two workshops were with a cross-section of staff and management, the first from Sydney and surrounds and was held in Rozelle offices, the second with a cross-section of staff and management from regional NSW which was held in Dubbo. Due to the limited number of key interviews, in some instances the extent of details, insights and controls obtained was limited.

AMBULANCE NSW




Stage 4: Reporting

During Stage 4 we consolidated the information collected during stages 1 – 3 into the fraud and corruption matrices and drafted the Fraud and Corruption Risk and Controls Assessment Report, this included:

Identifying areas for consideration for the 3 year Internal Audit Plan

Suggesting actions to improve the fraud and corruption control environment.

In summary, the following diagram illustrates the general process followed to develop the deliverables for this review.

Policy and Procedure Review

Conducted 5 Interviews with 52 Fraud Risk

Scenarios

Staff Workshop-

Rozelle with 17

Fraud Risk

Scenarios

Other

Comments

and Findings

Staff Workshop-

Dubbo with 17

Fraud Risk

Scenarios

Fraud Risk

Areas of Concern

Areas for

Internal Audit Consideration

Fraud

Risk Profile

AMBULANCE NSW




2.3 Risk Ratings The risk ratings used by management and the workshop participants to assist in developing a fraud risk profile of the Ambulance Service of NSW can be found in Appendix D. In the case of fraud and corruption risks the consequence rating (even in consideration of existing controls) will push many risks into the medium or high category. This is particularly the case for the NSW Government agencies which are subject of significant media scrutiny and to ICAC jurisdiction (which potentially equates to significant media exposure). A series of media reports on fraud or corruption within a public sector agency will have a significant consequence in respect of damage to reputation and community confidence.

Fraud and corruption risks with a medium to high residual risk rating need to be considered individually – some at this level can be tolerated with routine (medium) or active (high) monitoring process; others may require additional controls to be put into place, and/or enhancement of existing controls.

The degree of risk which can be tolerated or accepted is a matter for the Service to decide, however this report makes recommendations in areas where it is considered appropriate given the nature of the particular risk in the context of the Service.

A residual risk is the level of risk that remains within an organisation after consideration of all existing controls. The residual risk rating provides information about areas where management attention and/or action is required.

In the risk matrices below we indicate whether controls are adequate or whether further enhancements should be considered.

Ref. Fraud/Corrupt Scenario

Relevant Policies Control Descriptions Assessment of Controls 1 (Good) to 3

(Needs Improvement)

Likelihood

A (Rare) to D (Almost Certain)

Impact

1 (Insignificant) to 4 (Major)

Residual Risk Rating

Risk Reference

Description of

the fraud or

corruption risk scenario

If covered by a

Policy, the name

of the Policy and

the date the

Policy was last

reviewed by the Service

A description of the control or strategy to

reduce the likelihood of the risk occurring or

the impact of the risk should it occur. This

may also include activities that monitor the

fraud and corruption risk environment. Where

relevant, a reference the applicable Service Policy has been included

The

assessment of

the control environment

The

consequence

of the risk occurring

The

likelihood of

the risk occurring

Calculated

risk rating

determined

as a function

of the

likelihood rating

AMBULANCE NSW


SECTION THREE: KEY FINDINGS


3. Key Findings

3.1 Fraud Risk Profile The risk profile below represents the residual risks of the Service based on numerical data and insights from the Service, these were sourced through:

1. Scores obtained from the Interviews with senior management (scores on Likelihood, Consequence of the scenario and the Control Effectiveness of the controls in place to mitigate the risk of the scenario)

2. Scores obtained from the workshops held at Dubbo and Rozelle (scores on Likelihood, Consequence of the scenario and the Control Effectiveness of the controls in place to mitigate the risk of the scenario)

3. Insights provided by staff from the interviews and workshops.

Table Two – Definitions of Ratings

Very High Risk: Risks where treatment options require preparation, active review and management. Immediate action required – introduction or enhancement of controls.

Moderate Risk: Risk is tolerable – continuous monitoring through normal processes (e.g. audit, management/supervisory oversight etc).

High Risk: Continuous monitoring required and/or management action required (i.e. introduction or enhancement of controls or governance processes).

In the case of fraud and corruption risks the consequence rating (even in consideration of existing controls) will push many risks into this category. This is particularly the case where an agency such as the ICAC exists. Public inquiries conducted by ICAC are high profile and attract significant media attention so reputation damage to an organisation named at an ICAC inquiry is often significant. For this reason consequence ratings are elevated because a single ICAC exposure can have a significant consequence for organisational reputation.

Fraud and corruption risks with this residual risk rating need to be considered individually – some at this level can be tolerated with continuous and active monitoring; others may require additional controls to be put into place, and/or enhancement of existing controls.

The degree of risk which can be tolerated or accepted is a matter for Ambulance management.

Low Risk: Risks where systems and processes managing the risks are adequate. Risk is acceptable – monitoring through normal processes.

AMBULANCE NSW




Control Effectiveness

Inh

ere

nt

Ris

k (

lik

eli

ho

od

+ C

on

se

qu

en

ce

)

Very

High

8

LOW

3

Low

1

GOOD

1

LOWMODERATE

VERY HIGH

HIGH

1.1

1.2

1.3

2.1

2.2

2.3

2.4

2.52.6

2.72.8

3.1

3.2

3.3

3.4

3.5

3.63.7

3.8

3.9

4.14.2

4.3

4.4

4.5

4.6

4.7

5.1

5.3

5.4

5.2

5.5

6.1

6.2

6.3

6.4

6.5

6.6

6.7

7.1

7.2

7.3

8.1

8.2

8.3

8.4

8.5

9.1

9.2

9.3

9.4

9.5

AMBULANCE NSW




The review was a fraud risk assessment and as such key issues of a business risk nature were not examined in detail other than to consider those areas for audit plan inclusion. The following table identifies those key findings that arose from the interviews and workshops that have a fraud risk element and suggested recommendations to address such potential risks.

Table Three – Key Findings from a Fraud Risk Perspective

Area Risk Category Key Findings Rating Recommendations

Human Resources

Secondary Employment

Many senior staff members believe there is insufficient awareness amongst staff members about the important of declaring any secondary employment being undertaken. We understand that the most likely reason for not declaring the secondary employment has been the fear that it will not be approved.

R1: Management should create more awareness around the risks of conflicts of interest with secondary employment and the importance of declaring any secondary employment. Staff members also need to be aware, that in most instances, where a conflict of interest does not exist, that their secondary employment will be approved. This can be done through an article in the monthly newsletter, “Sirens” and/or by conducting short workshops with practical examples.

Governance Fraud Control

Policy

The fraud control policy is dated 2005 and is a high level document that does not detail corruption matters.

It was noted that a large number of staff members were unaware the Service has a Fraud Control Policy. However many were very clear and familiar with the Code of Conduct.

R2: We suggest a refresh of both documents and closer links between them, to help bolster fraud risk awareness, particularly in those functions exposed to high risks.

Human Resources/

Payroll On Call

The current industrial case around the definition of on-call start and finish time remains an issue. To the extent that such ambiguities continue, so too do the risks of fraud, or the perceptions of fraud.

R3: Revisit the issue through appropriate industrial channels.

Human

Resources/ Payroll

Timesheets

Whilst the process is manual there is a higher risk of error or intention abuse of declared actual time worked not being detected.

R4: Continue liaison with the Department to seek future investment in an online system to support efficient and effective enhanced control mechanisms.

Human

Resources/ Payroll

Rostering

Whilst the process is manual there is a higher risk of rosters being developed that do not provide fairness and equity in overtime allocation and meeting employee needs.

R5: To continue lines of communication with the Department about enhanced reporting and controls. We understand that there are plans in place to address this matter.

AMBULANCE NSW




Area Risk Category Key Findings Rating Recommendations

Consumables Clinical Supplies

Discussion with staff indicated that little control was in place to minimise the theft of supplies.

R6: Statistical Analysis of Ambulance stations to determine if the usage rate at any station is significantly different – then to determine what appropriate controls would be reasonable.

Consumables Pharmaceutical

Supplies

Discussion with staff indicated that whilst there were some controls in place that the system could still be abused.

R7: We understand that a large project is currently underway to re-evaluate how section 8 drugs could be better managed. We would welcome providing comment to the processes being considered from a risk and internal audit perspective.

Human Resources

Leave management

Concerns were raised about the difficulty of managing sick leave and other leave given the lack of adequate reporting.

R8: To continue lines of communication with the Department about obtaining enhanced reporting and controls. We understand that there are plans in place to address this matter.

Financial Management

Accounts Payable

The lack of adequate reporting by DHSS raises concerns that there it is not feasible to have complete oversight of all changes to the vendor masterfile or of all invoices processed. There remains the risk of fraudulent transactions being processed and remaining undetected.

R9A: To continue lines of communication with the Department about obtaining enhanced reporting and controls. We understand that there are plans in place to address this matter.

R9B: To reassess certain SOP’s and update as appropriate to accommodate the transition to DHSS.

Receipt of Gifts and Benefits

Gifts and Benefits

The Service follows the NSW Health’s directive PD2010-010 Policy Directive PW2010-010 which provides a broad value of token gifts and moderate acts of hospitality to be under $75. The document is not clear on distinguishing between token and nominal value and what needs to be registered. Currently there is a risk that a token gift of a pen or box of chocolates will need to be registered.

Generally token gifts are not registered but those of nominal value are.

R10: We recommend that management re-examine this matter and add clarification so that when this Policy Directive is rolled out there is adequate clarity on what does have to be reported and what does not.

AMBULANCE NSW


SECTION FOUR: AREAS FOR INTERNAL AUDIT CONSIDERATION


4. Areas for Internal Audit Consideration The following table summarises the key areas identified during the FCRA which are suggested for consideration in the development of the three year internal audit plan for the Service. These areas may not be directly related to a fraud matter.

Table Four – key areas for audit consideration

Area Why? High level Objectives/ Scope/Comments

Contract Management

Inherent risks in this area due to: high dollar value of the outsourced service contracts

controversial aspects arose from some tenders – Australian v Canadian company bidding for work

limited number of employees with oversight of key compliance requirements

limited checks and balances

no prior independent audit examination

high reputational implications.

Review of RFDS and CHC Contracts

To assess the level of compliance with the RFDS and CHC contracts, particularly in respect to:

penalty costs for offline time (Rotary and Fixed Wing)

key safety aspects (e.g. Servicing)

veracity of fixed (standing) costs and variable (hourly flying) costs.

Review of other outsourced services e.g. fleet leasing.

The recent New South Wales Auditor-General’s Performance Report (September 2010) was focused on the Helicopter Emergency Medical Service Contract and covered the tender process and the management of the delivery of the service per the contract.

OHS

The Service has a number of different environments and conditions under which staff have to operate – a number of comments have been made about safety of clothing and its suitability.

To assess the adequacy of health and safety risk controls currently in place over selection of uniforms.

Payroll

The key inputs to the payroll system used by Ambulance are highly manual in nature. Such manual have an inherently high risk. These processes include:

Paper based timesheets

Paper based leave requests

Manual approval of leave

Manual approval of timesheets

Manual approval of overtime.

Timesheet Accuracy: To assess the accuracy of timesheets and ensure appropriate approval is given.

On–Call - To examine the efficiency of controls in place over the veracity of declared time worked including on call, call-out and overtime worked.

Overtime Management: To assess the processes over overtime management.

AMBULANCE NSW


SECTION FOUR: AREAS FOR INTERNAL AUDIT CONSIDERATION


Area Why? High level Objectives/ Scope/Comments

IT Project management

Management have noted that there is significant room for improvement in developing specifications and in user tested of systems.

IT Project management: Assess recent project and review current IT project management protocols.

Information Management

Currently there are few restrictions to key information at the Service. It would be prudent to have a framework which categories the sensitivity of information and that the framework then determines level of access.

To examine how access is allocated and how information security is maintained.

Share Services Currently there is no Memorandum of Understanding or Contract between the Dept of Health for agreed levels of service.

Concern over the level of robust controls DHSS has in place.

Examining the robustness of controls in place to gain assurance that he financial transactions being processed on behalf of the Service are complete accurate and valid.

AMBULANCE NSW


APPENDIX A: FRAUD AND CORRUPTION RISK MATRICES


Appendix A: Fraud and Corruption Risk Matrices The following information was obtained from:

reviewing current Standard Operating Procedures (SOP’s)

holding five interviews with senior management

facilitating two workshops.

Due to the limited number of key interviews and workshops held, the robustness of the insights obtained, and in some instances the extent of details obtained has been limited and may be incomplete. It should be noted that due to the recent move to DHSS a large number of previously relevant policies and procedures and the underlying embedded controls, are no longer as robust or relevant.

1. Organisation Wide

Ref No.

Business Process

Fraud/Corruption Scenario

Relevant Ambulance

Documents (e.g. Policies, SOPS

etc)

Controls

Ratings

Assessment of controls

1 (Good)

2 (Adequate)

to 3 (Needs

Improvement)

Likelihood

A (Rare -1),Unlikely B -

2, Possible C -

3 to D (Almost

Certain - 4)

Impact

1 (Insignificant)

2 (Minor), 3

(Moderate) to 4 (Major)

Residual

Risk Rating

1.1 Secondary Employment

Undertaking unapproved outside employment with a competitor or supplier; undertaking outside employment that presents an actual conflict with work requirements at Ambulance.

SOP2007-028 Ambulance Service Employees and other Employment

SOP2007-012 Code of Conduct

The Policy (2007-028) requires employees to obtain written authorisation from a supervisor to undertake secondary employment (can only be authorised if assessed as not creating a conflict of interest with Ambulance duties).

The Code (2007-012) states any employment outside of the Ambulance service will:

be performed outside normal working hours

not conflict with Ambulance Service

not adversely affect work performance

not affect safety or the safety of colleagues, patients or the public

3 D 2

C

AMBULANCE NSW




Ref No.

Business Process


Relevant Ambulance


etc)

Controls

Ratings


1 (Good)

2 (Adequate)

to 3 (Needs

Improvement)

Likelihood

A (Rare -1),Unlikely B -

2, Possible C -

3 to D (Almost

Certain - 4)

Impact

1 (Insignificant)

2 (Minor), 3

(Moderate) to 4

(Major)

Residual

Risk Rating

not involve the use of Ambulance Service resources.

1.2 Staff Awareness

Minimal awareness of fraud and corruption related policies and procedures (risk of non-compliance and failure to report)


1C05/30 Fraud Policy

The Code (2007-012) is a very comprehensive document which includes amongst other things conditions and procedures for staff to disclose fraud or corruption issues.

The Policy (1C05/30) establishes conditions and procedures for staff to disclose fraud or corruption issues. Responsibilities for CEO, general managers and sector managers and directors.

3 D 3

1.3 Receipt of gifts and benefits

Inappropriate gifts and benefits causing a conflict of interest


SOP2010-019 Conflicts of Interest and Gifts and Benefits

The Code (2007-012) summarises information on acceptance of gifts and benefits by staff (includes all staff working in any permanent, temporary, casual or termed appointment). Token gifts (under the value of $75) may be accepted but permission from supervisor must be granted in order to keep token gift. Non-token gifts will not be accepted.

The Policy (2010-019) states a Conflict of Interest Register and a Gifts and Benefits Register have been established and will be maintained by the Professional Standards and Conduct Unit. All staff should record and report the receipt of the gifts or benefits of token value and/or any perceived or actual conflict of interest and forward these to Divisional Managers or Unit Directors for assessment.

2 C 3

C

H

AMBULANCE NSW




2. Financial Management (Petty Cash, Accounts Payable and Accounts Receivable)

Ref No.

Business Process


Relevant Ambulance


etc)

Controls

Ratings


1 (Good) to 3 (Needs

Improvement)

Likelihood

A (Rare - 1) to D (Almost Certain -

4)

Impact


Residual Risk

Rating

2.1 Petty Cash Expenditure

Theft and Unauthorised use

SOP2006-057 Petty Cash

Financial Handbook - Section 2: Accounts Payable

The Petty Cash Officer maintains an Expense Account Book for all Petty Cash payments. This must be reconciled to the recoupment value at month end by an independent officer.

The Policy (2006-057) states float should be kept in a container that can be locked and kept in a locked safe or other secure area. The key to the container should be under the control of one person.

1 A 1

2.2 Petty Cash Expenditure

False claims

SOP2006-057 Petty Cash

Financial Handbook - Section 2: Accounts Payable

Expenditure on any single item must not exceed $100 and delegated personnel (Station Officers, Assistant Operations Managers, and Managers) must authenticate all claims for Petty Cash reimbursement. Supporting documentation is required.

1 A 1

2.3 Cab Charge False claims

SOP2007-089 Travel Reimbursement

DTT Report - Internal Audit of the Management of Cab and Employee Expenditure 2008

Legitimate expenditure whilst travelling is refundable only if receipts/ tickets for bus/ taxi fares are submitted with each claim stating the purpose of the trip and signed by the individual.

The key controls in relation to the management of cab and employee expenditure noted during our internal audit were as follows:

- The Accounting Manual for Department of Health and Ambulance Service, September 2007

- The Review of Meal, Travelling and Related Allowances, Circular No. 2006-07

- Out of Pocket Expenses, Circular No. 96/42

1 A 2

L

L

L

AMBULANCE NSW




Ref No.

Business Process


Relevant Ambulance


etc)

Controls

Ratings



Improvement)

Likelihood


4)

Impact


Residual Risk

Rating

- The Official Travel Policy, dated September 2005

- Delegations of Authority (“DOA”) matrices located on the Service intranet, HRM-47and FM-13.

2.4 Cab Charge Theft and unauthorised use

SOP2007-089 Travel Reimbursement

DTT Report - Internal Audit of the Management of Cab and Employee Expenditure 2008

Legitimate expenditure whilst travelling is refundable only if receipts/ tickets for bus/ taxi fares are submitted with each claim with each claim stating the purpose of the trip and signed by the individual.

The key controls in relation to the management of cab and employee expenditure noted during our internal audit were as follows:

- The Accounting Manual for Department of Health and Ambulance Service, September 2007

- The Review of Meal, Travelling and Related Allowances, Circular No. 2006-07

- Out of Pocket Expenses, Circular No. 96/42

- The Official Travel Policy, dated September 2005

- Delegations of Authority (“DOA”) matrices located on the Service intranet, HRM-47and FM-13.

1 B 2

2.5 Accounts Payable

Manipulation of the vendor master file for gain

None available from DHSS

Financial control over the masterfile has been outsourced to DHSS in March 2010 – there is currently no visibility by the Service on all changes processed to the vendor masterfile.

3 C 4

M

C

AMBULANCE NSW




Ref No.

Business Process


Relevant Ambulance


etc)

Controls

Ratings



Improvement)

Likelihood


4)

Impact


Residual Risk

Rating


Introduction of fictitious invoices


Financial control over processing of invoices has been outsourced to DHSS in March 2010 – there is currently no visibility by the Service on all controls in place by DHSS to mitigate the introduction of fictitious invoices.

3 C 4


Overcharging or provision of false accounts by suppliers


Financial control over processing of invoices has been outsourced to DHSS in March 2010 – there is currently no visibility by the Service on all controls in place by DHSS to mitigate the introduction of fictitious invoices.

It is possible that some such matters could be identified by staff at an Ambulance Station if goods noted on a delivery docket are not received.

2 C 3

2.8 Accounts Receivable

Managing Bad Debts- unpaid invoice is written off without proper authorisation

DTT Report - Statement of Corporate Governance

2006/2007 - Financial Management Review 2006

That internal audit report found:

- Write offs are processed on a monthly basis

- An extract is prepared from the SUN finance system, showing all proposed write offs older than 6 months (similar reports are provided now that data is on the DHSS)

- All significant transactions (over $500) are reviewed to check whether the charge relates to a pensioner or private health fund patient (who do not have to pay themselves)

- For Sydney-related write offs a summary is prepared which is sent to Director Finance and Data Services for review and approval for all write offs below $4000 (as per delegation). For Regional related write offs, approval is done via email. Approved summaries, emails and lists of

2 B 2

H

C

M

AMBULANCE NSW




Ref No.

Business Process


Relevant Ambulance


etc)

Controls

Ratings



Improvement)

Likelihood


4)

Impact


Residual Risk

Rating

write offs are filed and stored at each location

- If during the month there were write offs larger than $4000, the summary is forwarded to Chief Executive for approval of up to $10000.

AMBULANCE NSW




3. Procurement and Contract Management

Ref No.

Business Process


Relevant Ambulance


etc)

Controls

Ratings



Improvement)

Likelihood


4)

Impact


Residual Risk

Rating

3.1 Procurement

and Purchasing Unauthorised purchases

SOP2010-014 General Guidelines for Purchasing and Supplies

The new SOP (March 2010) provides the key processes and controls for procuring stock and non stock items.

All purchase requests are to be authorised by three staff:

a) Requesting Officer

b) Funds Control Officer

c) Approving Officer.

However financial processing and the establishment of necessary controls has been transferred to DHSS and there is currently no visibility on what these controls are.

2 B 2

3.2 Procurement

and Purchasing Purchases for private use


The new SOP (March 2010) provides the key processes and controls for procuring stock and non stock items.

All purchase requests are to be authorised by three staff:

a) Requesting Officer

b) Funds Control Officer

c) Approving Officer.

However financial processing and the establishment of necessary controls has been transferred to DHSS and there is currently no visibility on what these controls are.

1 A 2

L

M

AMBULANCE NSW




Ref No.

Business Process


Relevant Ambulance


etc)

Controls

Ratings



Improvement)

Likelihood


4)

Impact


Residual Risk

Rating

3.3 Procurement

and Purchasing

Invoices are paid for goods and services which are not received or are partially received

SOP2006-044 Receiving Goods and Services Policy


The new SOP (March 2010) provides the key processes and controls for procuring stock and non stock items. The Guidelines (2010-014) state the invoice should be signed off or noted appropriately for the receipt of goods and services.

However, financial processing and the establishment of necessary controls has been transferred to DHSS and there is currently no visibility on what these controls are.

2 B 2

3.4 Procurement

and Purchasing

Bias to particular suppliers (e.g. IT companies, consultants, contract staff and service providers) through bribes/secret commissions, gifts/benefits, hospitality

SOP2010-019

Conflicts of Interest and Gifts and Benefits

A Conflict of Interest Register and a Gifts and Benefits Register have been established and will be maintained by the Professional Standards and Conduct Unit. All staff should record and report the receipt of the gifts or benefits of token value and/or any perceived or actual conflict of interest and forward these to Divisional Managers or Unit Directors for assessment.

2 B 3

3.5 Procurement

and Purchasing Unauthorised receipting of goods/services


When goods/services are supplied, the officer receiving the good/services is to check to ensure the accuracy/condition prior to signing the delivery docket. When signing docket, employee number must be included. The delivery docket/ invoice is to be given to the Officer in Charge.

Extract from revised SOP 2010-014 indicates that A copy of the Non Stock Purchasing Request (NSPR) should be retained as a basic record, and this should be used to mark off goods subsequently received and passed for

2 B 2

H

M

M

AMBULANCE NSW




Ref No.

Business Process


Relevant Ambulance


etc)

Controls

Ratings



Improvement)

Likelihood


4)

Impact


Residual Risk

Rating

payment.

Copies of purchase orders will not be supplied therefore it is imperative that all relevant details are carefully included, including contact name and phone number.

The purchase order will be sent directly to the supplier.

3.6 Procurement

and Purchasing Processing of invoice knowing supplier has overcharged



OLD control: The Policy (40) states the officer receiving the goods/services is to check to ensure the accuracy/condition prior to signing the delivery docket. The delivery docket/invoice is to be given to the Officer in Charge.

NEW: With the move to DHSS there are still some controls in the raising of requests and matching to PO’s, however the details and controls in place at DHSS are at this point unclear by management.

2 B 2

3.7 Tendering/ Contracting

Bias to tender proponents, i.e. in decision making (having solicited or knowing gifts and benefits will arise)


This SOP is limited in detail and advises staff re Tenders and contracts cannot be entered into prior to seeking advice from the CFO. No further detail on committees and processes for tenders ins noted in this SOP.

2 B 3

3.8 Tendering/ Contracting

Release of confidential tender information in exchange for gifts/benefits

(From time to time it is possible that staff may be approached by organisations and or members of the community with an offer(s)

SOP2007-098 Disclosure of pecuniary interests

The SOP provides guidance to assist staff in identifying conflicts of interest which involve pecuniary interests and to provide general procedures in relation to disclosing and dealing with any actual or potential conflict

Depending on the significance of the conflict, a range of options are available including:

2.5 A 3

M

M

H

AMBULANCE NSW




Ref No.

Business Process


Relevant Ambulance


etc)

Controls

Ratings



Improvement)

Likelihood


4)

Impact


Residual Risk

Rating

of reward for information that could be supplied through the course of their official duties.)

recording the detail and taking no further action because the potential conflict is minimal

relinquish the private interest

restrict access of information to the staff member with the conflict that is sensitive or confidential

ensure the staff member with the conflict is not involved in considerations or discussions and does

not have a vote on any questions relating to the matter

remove the conflicted staff member from the project and reallocate responsibility to make decisions

to a staff member who does not report to the person with the conflict

transfer the staff member (at no disadvantage in term of conditions) to another area of work.

3.9 Contract

Management Inducement to ignore poor performance of contractor


SOP2007-023 Internal Reporting Policy for Making Protected Disclosures

The Code (2007-012) sets ethical standards for staff including acting honestly and fairly in a consistent and impartial manner. Staff are encouraged to report any misconduct that they become aware of or suspect (and has protected disclosures policy in place). Staff are prohibited from soliciting gifts or benefits and can generally only accept gifts of a nominal value (up to $75). Any gifts or benefits >$75 must be entered onto the gift

2.5 B 3

H

AMBULANCE NSW




Ref No.

Business Process


Relevant Ambulance


etc)

Controls

Ratings



Improvement)

Likelihood


4)

Impact


Residual Risk

Rating

SOP2010-019

Conflicts of Interest and Gifts and Benefits

register and approval must be sought to accept gift/benefit.

AMBULANCE NSW




4. Assets and Supplies

Ref No.

Business Process


Relevant Ambulance


etc)

Controls

Ratings



Improvement)

Likelihood


4)

Impact


Residual Risk

4.1

Managing Corporate Supplies (Photocopier/ Mail/Faxes/ Telephone/ Stationery)

Unauthorised/excessive use of corporate resources such as Photocopier/Mail/Faxes/ Telephone/Stationery, (e.g. running private business from work)

SOP2007-042 Usage of Mobile Phones

Private calls made on Ambulance owned telephones/mobiles must be paid for by individual (1.38.8 Private calls made on Service owned telephones must be paid for as per Operational Procedure 1.9) which requires itemisation of calls.

2 C 1

4.2 Managing Property and Assets

Theft/damage of assets/property (e.g. laptops, Ambulance Fleet, fuel, Navman, stretchers, blankets)

SOP2006-067 Minimum Equipment Checks

SOP2006-018 Equipment Loss/ Replacement

SOP2006-020 Fuel Records

SOP2009-047 Portable Satellite Navigation Unit: Navman 150S

Any high costs or accountable items found missing from Ambulance Fleet must be reported to Officer in Charge.

If equipment is lost, matter must be reported to Officer in Charge.

Where bowsers located at the station are still used, fuel consumption must be entered into the Bowser Fuel Record Book and at the end of each month the record book is reconciled and a tank dip is to be taken to ensure accuracy of the recorded entries. Any significant discrepancies between recorded usage and tank dip are to be reported to Sector Manager on a Fuel Loss/Gain request to Write Off Form.

Staff issued with Navman are responsible for safety and security of the device, and loss or theft must be reported to manager/district manager prior to complete of shift.

1 B 1

M

L

AMBULANCE NSW




Ref No.

Business Process


Relevant Ambulance


etc)

Controls

Ratings



Improvement)

Likelihood


4)

Impact


Residual Risk

4.3

Managing Ambulance Service Vehicles

Misuse of private usage entitlements

SOP2009-041 Private Usage of Ambulance Service Vehicles

SOP2008-020 Motor Vehicle Policy

The Chief Executive has sole authority to approve the allocation of Ambulance Service vehicles for private use. Running sheets must be kept and all journeys undertaken must be recorded and must specify business and private usage kilometres. Running sheets are regularly audited. Mobile data terminals including terminals in each Ambulance including GPS tracking.

2 C 3

4.4 Managing Clinical Supplies

Theft/damage/misuse of clinical equipment and medical supplies from Ambulances or station (e.g. medication, bandages, drugs, oxygen etc.)

SOP2010-003 Medications Management

SOP2010-003 Medications Management Q&A

Logs must be kept at the start (Section 8 drugs are only accessible and issued to highly trained paramedics) and end of a shift. This includes records of the quantity of medications in store, the quantity signed out, balance of medications and number and signature of authorised clinician.

Any loss/discrepancy in medications must be reported then forwarded to District manager. The appropriate delegate will commence appropriate investigative procedures and organise referral of incident to PSCU and NSW Police.

2 C 3

4.5 Disposing of Assets

Disposal of assets to 3rd party for less than market value

NSW Health Policy Directive - Procurement and Disposal of Goods and Services

NSW Health has an Agreement with its preferred supplier to provide a disposal service. Disposals arranged under this Agreement preclude the need for staff to obtain additional quotations as the service provider will undertake that task on behalf of the Health System.

While it is expected that all disposals will be arranged through the service provider there

1 A 2

H

H

L

AMBULANCE NSW




Ref No.

Business Process


Relevant Ambulance


etc)

Controls

Ratings



Improvement)

Likelihood


4)

Impact


Residual Risk

may be circumstances where disposals are undertaken directly. In these cases the delegations of authority apply.


Kickbacks received from disposal of assets

NSW Health Policy Directive - Procurement and Disposal of Goods and Services

NSW Health has an Agreement with its preferred supplier to provide a disposal service. Disposals arranged under this Agreement preclude the need for staff to obtain additional quotations as the service provider will undertake that task on behalf of the Health System.

While it is expected that all disposals will be arranged through the service provider there may be circumstances where disposals are undertaken directly. In these cases the delegations of authority apply.

Goods valued up to $3,000

Goods valued up to $3,000 may be disposed of by negotiated sales and verbal quotes.

Goods valued over $3,001 but not exceeding $250,000

Goods valued over $3,001 but not exceeding $250,000 may be disposed of by auction, written quotes or tenders.

Goods valued over $250,001

If the estimated value of the goods exceeds $250,001, the disposal must be referred to Department of Commerce (NSW Procurement Contracting Services) for the invitation of tenders/auction approval action. Area Health Services, Children’s Hospital Westmead and Ambulance Service of NSW have been granted

1 A 2

L

AMBULANCE NSW




Ref No.

Business Process


Relevant Ambulance


etc)

Controls

Ratings



Improvement)

Likelihood


4)

Impact


Residual Risk

interim accreditation and may undertake disposal activities of goods (excluding real property such as land and buildings) up to a value of $100 million without reference to Department of Commerce. Affiliated health organisations can tender to dispose of surplus or unserviceable goods themselves.


Theft of assets prior to disposal from Ambulance


SOP2007-053 Purchase, Allocation, Disposal and Reallocation of Vehicles

Disposal is restricted by delegation and policy.

1 A 2

L

AMBULANCE NSW




4. Information and Records

Ref No.

Business Process


Relevant Ambulance

Documents (e.g. Policies, SOPS,

etc)

Controls

Ratings



Improvement)

Likelihood


4)

Impact


Residual Risk

5.1 IT System (Network)

Destruction/modification/theft/ corruption of data (e.g. personnel data, financial data, patient)

SOP2007-094 Information technology Security Policy

The Policy (2007-094) states private information, including personal client details is often stored on computer systems and applications. It may only be used for intended purposes which have been authorised. Data should not be shared via a communication link, or on computer storage media, with an external organisation, without the written approval of the Senior Officer in the area responsible for the data.

3 B 3

5.2 IT System (Network)

Theft of software


The Policy (2007-094) states that in all cases, any staff member using Ambulance software must adhere to copyright conditions, i.e. making unauthorised copies for business and/or private use is strictly prohibited.

1.5 B 1

5.3 Managing Information (Hard Copy)

Theft/unauthorised use of information (e.g. Ambulance data, tender and contract information)

SOP2006-073 Records Management Policy

The Policy (2006-073) states all records should be stored securely by locking cabinet doors. Confidential records should always be kept in locked cabinets in a controlled environment, i.e. an authorised office.

2 C 3

5.4

Managing Information (Electronic Copy)

Theft/unauthorised use of information (e.g. copyright breaches, employee data, patient data, contract information)


The Policy (2007-094) states private information, including personal client details is often stored on computer systems and applications. It may only be used for intended purposes which have been authorised. Data should not be shared via a communication link, or on computer storage media, with an external organisation, without the written approval of the Senior Officer in the area responsible for the data.

2 B 2

H

C

M

M

AMBULANCE NSW




Ref No.

Business Process


Relevant Ambulance


etc)

Controls

Ratings



Improvement)

Likelihood


4)

Impact


Residual Risk

5.5 Managing Patient Data

Falsify patient status to “Pensioner” to avoid fee where patient is not covered by health fund or fee is simply waived for a friend/ relative

SOP2009-025 Patient Health Care Record SOP Version 4.0

The Policy (2009-025) states Station managers and/or their delegates are responsible for auditing the report forms. Incomplete PHCRs and PTO PHCRs are to be returned to the attending Paramedics for immediate rectification.

The Pension/ Concession Number field is to be filled if the patient is a pension/health care card holder. Card must not be expired. If no pension number is available, then the field should be left blank.

Even if the status is put to pensioner, if no number is noted, an invoice is still sent to the Patient who most likely would have to prove they are a pensioner to obtain an exemption.

Both Ambulance officers attending to patients must sign PHCR to ensure accuracy.

2 B 3

H

AMBULANCE NSW




6. Payroll, Allowances and Expenses

Ref No.

Business Process


Relevant Ambulance


etc)

Controls

Ratings



Improvement)

Likelihood


4)

Impact


Residual Risk

6.1

Processing Salaries/ Allowances/ Overtime

Employee processes a fraudulent payment in excess of legal entitlement

SOP2007-081 Sustenance and Living Away from Home Allowances

SOP2007-037 Timesheets

All claims by Officers below Manager level must be made and authorised on a standard time sheet.

Employee salary rates are loaded into the Supero system and any amendments require a formally authorised salary rate change notification.

Employees acting in another position are required to submit a separate form which includes formal authorisation to receive Higher Duties Allowance.

2.5 C 2

6.2


Duplicate payments processed for personal gain by employee

DTT Report - Payroll and Accounts Payroll Review 2009

Key controls for Payroll are in operation through a formal approval process in place for all changes to payroll records by delegated authorities and the payroll department.

Payroll user’s work is actioned then checked by another payroll staff member; no changes are allowed without supporting paperwork signed by a delegated authority.

As part of the fortnightly payrun process a suite of reports are produced and checked by payroll staff including:

exception report detailing employees earning > $5K in a period

masterfile change report detailing key changes such as additions to the payrun and changes in bank accounts.

1 B 2

H

L

AMBULANCE NSW




Ref No.

Business Process


Relevant Ambulance


etc)

Controls

Ratings



Improvement)

Likelihood


4)

Impact


Residual Risk

6.3


Payments made to ‘ghosts’ for personal gain


Key controls for Payroll are in operation through a formal approval process in place for all changes to payroll records by delegated authorities and the payroll department.

Segregation of duties over key tasks - Payroll user’s work is actioned then checked by another payroll staff member; no changes are allowed without supporting paperwork signed by a delegated authority.

As part of the fortnightly payrun process a suite of reports are produced and checked by payroll staff including:

exception report detailing employees earning > $5K in a period

masterfile change report detailing key changes such as additions to the payrun and changes in bank accounts.

In addition, a Staff Establishment Report is produced and distributed to each Cost Centre Manager which details all salary costs allocated to their Cost Centre during the period.

1 B 3

M

AMBULANCE NSW




Ref No.

Business Process

Fraud/ Corruption Scenario

Relevant Ambulance


etc)

Controls

Ratings

Assessment of

controls

1 (Goods) to 3

(Needs Improvement)

Likelihood

A (Rare- 1)

to D

(Almost Certain- 4)

Impact

1 (Insignificant

to 4 (major)

Residual

Risk

6.4


Continuing to process payments to individuals that have ceased employment with the Ambulance or redirecting such payments to another bank account of choice.


Key controls for Payroll are in operation through a formal termination process requiring authorisation by delegated personnel as approval for final termination payment.

2 C 2

6.5


Fraudulent overpayment/ duplicate payment or allocation/ of an allowance or leave credit (allowances e.g. Community language, sustenance, living away from home, meal) or overtime

SOP2007-081 Sustenance and Living Away from Home Allowances

All claims by officers below manager level must be authorised on a standard time sheet.

Employee salary rates are loaded into the Supero system and any amendments require a formally authorised salary rate change notification.

Actual v Budget overtime analysis is regularly performed which provides insight to which areas are going over budget and this can be drilled down if needed as to which employee if necessary.

A separate form is required to be completed and submitted by employees to claim any allowances and a register is maintained to detail meal, sustenance and travel allowances claimed by employees.

Line managers have the ability to request a Leave Taken Report detailing all leave processed for their subordinates during the period.

Payroll user’s work is actioned then checked by another payroll staff member; no changes are allowed without supporting paperwork signed by a delegated authority.

2 C 2

H

H

AMBULANCE NSW




Ref No.

Business Process

Fraud/ Corruption Scenario

Relevant Ambulance


etc)

Controls

Ratings

Assessment of

controls

1 (Goods) to 3

(Needs Improvement)

Likelihood

A (Rare- 1)

to D

(Almost Certain- 4)

Impact

1 (Insignificant

to 4 (major)

Residual

Risk

6.6


Abuse of on call/rostering through either Dispatch or not calling in a job being completed at the completion of a job – there by obtaining an advantage of addition salary.

SOP 2007-043 Rural on call policy

There are long standing local definitions of when a call starts and finishes – issue is lack of consistency across the Service. Time “on call” refers to that period of off duty during which Ambulance Officers are required to hold themselves in readiness to answer a call. This period of time is not considered to be time worked unless the Officer is recalled to duty.

3 D 4

6.7 Workers Compensation Claims

Employee claims Workers Compensation for an injury not caused at work.

DTT Report - Workers Compensation Review 2008

Details of controls noted from prior review:

- Draft policies and procedures for the management of the Return to Work process

- Segregation of duties between Return to Work procedures, claims management and weekly benefit calculations, payments and reimbursements.

Also advised that Station Managers keep close monitoring on.

2 C 2

H

C

AMBULANCE NSW




7. Operations

Ref No.

Business Process


Relevant Ambulance


etc)

Controls

Ratings

Assessment of

Controls

1 (Good) to 3

(Needs Improvement)

Likelihood

A (Rare - 1)

to D

(Almost Certain - 4)

Impact

1 (Insignificant)

to 4 (Major)

Residual Risk

7.1 Management of Patient Belongings

Theft of patient belongings by Ambulance staff (e.g. jewellery, money)

SOP2008-010 Security of Patient Belongings

Wherever possible officers shall ensure any belongings such as wallets, handbags and jewellery are retained by the patient or handed to a relative/friend/NSW Police Officer.

In the event the patient is incapacitated and/or unaccompanied during transport, the same process of securing items which were removed to facilitate treatment should occur and as part of the handover process the items are to be given to the nursing staff immediately upon being triaged or admitted to a facility.

The process of handover should be clearly documented on the PHCR (Patient Health Care Record) at the earliest opportunity.

1 B 2

M

AMBULANCE NSW




Ref No.

Business Process

Fraud / Corruption Scenario

Relevant Ambulance


etc)

Controls

Ratings

Assessment of

Controls

1 (Good) to 3

(Needs Improvement)

Likelihood

A (Rare- 1)

to D

(Almost Certain- 4)

Impact

1 (Insignificant)

to 4 (Major)

Residual

Risk

7.2 Dispatch and Patient Care

Dispatching ambulance and/or providing preferential patient care family and friends

SOP2010-016 Dispatch- Emergency Response Standards


SOP2007-098 Conflict of Interest- Disclosure of Pecuniary Interests

The Standards (2010-016) states in all cases Emergency (hot) Responses should be immediate.

The Code (2007-012) states that all Ambulance staff must perform duties fairly and ensure that any decisions are not influenced by self- interest or personal gain.

The Policy (2007-098) states:

“If a family member/ partner becomes a patient of the service, I will report this to my immediate supervisor so she can assess any conflict of interest issues”

All staff are obliged to report any instances of conflict of interest to either Ambulance or direct to ICAC.

Dispatch process calls as they come in and are unable to provide preferential care – the system logs calls as they come in and are required to be allocated on that basis.

1 A 1

7.3 Rostering of Staff

There is inequity in rostering; overtime is always allocated to one person (who might be a friend/relative). There is collusion between Ambulance staff and Call Centre staff so overtime is unfairly allocated.

SOP2006-050 Roster Preparation

SOP2006-047 Shift Changes

Lists of staff willing to work overtime are retained and used in rotation to allocate overtime opportunities in rotation.

Roster audits undertaken.

Changes in shifts (or overtime worked) worked must be approved by Office in Charge.

2 D 2

H

L

AMBULANCE NSW




8. Events, Sponsorship and Branding

Ref No.

Business Process

Fraud / Corruption Scenario

Relevant Ambulance


etc)

Controls

Ratings

Assessment of Controls


Improvement)

Likelihood


4)

Impact


Residual Risk

8.1 Provisions for Special Events

Discounted services are provided for special events in exchange for bribes/gifts/hospitality (e.g. Free grand final tickets in exchange for free Ambulance services)

SOP2006-075 Major and Sporting Events

General Manager, Operations has authority to waive or reduce charges for events. Applications are assessed and concession/exemption based on operational requirements and advice from within the Premiers Department.

2 C 3

8.2

Official Ambulance Stationery Management

Ambulance staff members use official stationery (letterheads/ logos/headers/footers) for personal gain

SOP2006-027 Official Stationery

Official stationery can only be used with permission of CEO. Logo approval is to be obtained through Public Affairs Director. Official stationery must not be stored on privately owned computers.

1 A 1

8.3

Management of Sponsorship, Fundraising and Donations

Ambulance staff members take money from sponsorship/ fundraising/donations for personal use

SOP2006-028 Sponsorship, Fundraising and Donations Guidelines

SOP2009-004 Approved Items for Purchase from Special Project Fund


Principle 6: Staff should not receive a personal benefits arising from a donation, sponsorship or fundraising activity.

Donations may only be accepted by employees who hold the position of Station Manager and above.

Any funding received should be used in accordance to the agreement or conditions of donation.

Special Projects Funding- Only equipment listed in policy guidelines can be purchased with this funding.

2 A 4

H

L

H

AMBULANCE NSW




Ref No.

Business Process


Relevant Ambulance


etc)

Controls

Ratings



Improvement)

Likelihood


4)

Impact


Residual Risk

8.4

Management of Sponsorship, Fundraising and Donations

Ambulance staff members take money from sponsorship/ fundraising/donations for personal use

SOP2006-028 Sponsorship, Fundraising and Donations Guidelines

SOP2009-004 Approved Items for Purchase from Special Project Fund


Principle 6: Staff should not receive a personal benefits arising from a donation, sponsorship or fundraising activity.

Donations may only be accepted by employees who hold the position of Station Manager and above.

Any funding received should be used in accordance to the agreement or conditions of donation.

Special Projects Funding - Only equipment listed in policy guidelines can be purchased with this funding

1 A 1

8.5 Ambulance Uniform and Logo

Improper use of Ambulance uniform/logo or attendance at events as Ambulance representative without approval

Ambulance Services Regulation 2005 (467)

Regulation (467) states an employee must not wear a uniform issued by the Ambulance Service except when on duty or when travelling to or from duty or with the permission for the Ambulance Service. There is a police charge for impersonating an ambulance officer. Police also can interview people if they find a uniform.

1 B 3

L

M

AMBULANCE NSW




9. Human Resources

Ref No.

Business Process Fraud/Corruption

Scenario

Relevant Ambulance


etc)

Controls

Ratings



Improvement)

Likelihood

A (Rare - 1) to D (Almost Certain - 4)

Impact


Residual Risk

9.1 Engagement of Temporary Staff

Unauthorised employment of contract/casual staff or engagement of contract/casual staff who have a criminal or poor employment record

SOP2009-060 Casual Employment

During the recruitment interview, applicants are requested to authorise Ambulance to conduct probity screening - National Criminal Record Check 2 A 2

9.2 Recruitment Process

Favouritism in the process - employee obtains position due to relative or friend who is part of the recruitment process

SOP2007-080 Guidelines for Staff Selection Panels

Positions should be open to all people on the basis of merit and merit only.

Committee has the responsibility to ensure that no candidate is unfairly excluded from an opportunity for interview and that all recommendations are made on the basis of merit related to the job.

2 A 2

M

M

AMBULANCE NSW




Ref No.


Scenario

Relevant Ambulance


etc)

Controls

Ratings



Improvement)

Likelihood


Impact


Residual Risk

9.3 Recruitment Process

Applicant is employed, yet he/she has a false or CV or false certifications

The identification of a candidate cannot be falsely provided as Ambulance requires original documentation be provided for the 100 point check.

It is possible for a candidate to provide a false CV or qualifications however it is likely that this will be realised during the interview process as questions are asked about employment history and during the referee check with previous employers.

The mandatory Criminal Record Check and 100 point identification check would pick up any potential issues in terms of previous offences before the candidate was able to gain employment.

2 C 2

9.4 Leave Management

An employee provides false/misleading information to obtain leave (e.g. sick, special) and takes such leave

SOP2007-063 Sick Leave Procedure

For sick leave, medical certificates only need to be provided if three or more days of leave are taken.

Where attendance records indicate unreasonable sick leave balances, the manager/ supervisor should interview the employee. Further actions determined depending on outcome of interview.

2 C 2

H

H

AMBULANCE NSW




Ref No.


Scenario

Relevant Ambulance


etc)

Controls

Ratings



Improvement)

Likelihood


Impact


Residual Risk

9.5 Leave Management

An employee takes leave and either doesn’t record the leave taken or under records it, thereby maintaining a larger leave credit than entitled

SOP2007-064 Leave Management Process

The Policy (153) states:

- Application for leave is completed then forwarded to Officer in Charge of the station/sector for sighting and appropriate recommendation (compliance with SOPs and Award/Agreement requirements is essential)

- Once application is verified to be correct, the Officer in Charge is to ensure prompt dispatch to the Area Office or Payroll Office in Sydney.

Officers in Charge/Section Heads cannot recommend their own leave requests. This task will be carried out at the Sector Office.

1 B 2

M

AMBULANCE NSW


APPENDIX B: LEGAL DEFINITION OF CORRUPT CONDUCT


Appendix B: Legal Definition of Corrupt Conduct Section 7 – 9 of the Independent Commission Against Corruption Act 1988 provides the definition of corrupt conduct:

7 Corrupt conduct

(1) For the purposes of this Act, corrupt conduct is any conduct which falls within the description of corrupt conduct in either or both of subsections (1) and (2) of section 8, but which is not excluded by section 9.

(2) Conduct comprising a conspiracy or attempt to commit or engage in conduct that would be corrupt conduct under section 8 (1) or (2) shall itself be regarded as corrupt conduct under section 8 (1) or (2).

(3) Conduct comprising such a conspiracy or attempt is not excluded by section 9 if, had the conspiracy or attempt been brought to fruition in further conduct, the further conduct could constitute or involve an offence or grounds referred to in that section.

8 General nature of corrupt conduct

(1) Corrupt conduct is: (a) any conduct of any person (whether or not a public official) that adversely affects, or that could adversely affect, either directly or indirectly, the honest or impartial exercise of official functions by any public official, any group or body of public officials or any public authority, or (b) any conduct of a public official that constitutes or involves the dishonest or partial exercise of any of his or her official functions, or

(c) any conduct of a public official or former public official that constitutes or involves a breach of public trust, or

(d) any conduct of a public official or former public official that involves the misuse of information or material that he or she has acquired in the course of his or her official functions, whether or not for his or her benefit or for the benefit of any other person.

AMBULANCE NSW




(2) Corrupt conduct is also any conduct of any person (whether or not a public official) that adversely affects, or that could adversely affect, either directly or indirectly, the exercise of official functions by any public official, any group or body of public officials or any public authority and which could involve any of the following matters:

official misconduct (including breach of trust, fraud in office, nonfeasance, misfeasance, malfeasance, oppression, extortion or imposition),

fraud, election bribery,

bribery, theft, election funding offences,

blackmail, perverting the course of justice, election fraud,

obtaining or offering secret commissions, embezzlement, treating,

currency violations, tax evasion, revenue evasion,

illegal drug dealings, obtaining financial benefit by vice engaged in by others,

bankruptcy and company violations,

illegal gambling, forgery, harbouring criminals,

treason or other offences against the Sovereign,

homicide or violence matters of the same or a similar nature to any listed above,

any conspiracy or attempt in relation to any of the above.

(3) Conduct may amount to corrupt conduct under this section even though it occurred before the commencement of this subsection, and it does not matter that some or all of the effects or other ingredients necessary to establish such corrupt conduct occurred before that commencement and that any person or persons involved are no longer public officials.

(4) Conduct committed by or in relation to a person who was not or is not a public official may amount to corrupt conduct under this section with respect to the exercise of his or her official functions after becoming a public official.

(5) Conduct may amount to corrupt conduct under this section even though it occurred outside the State or outside Australia, and matters listed in subsection (2) refer to:

(a) matters arising in the State or matters arising under the law of the State, or (b) matters arising outside the State or outside Australia or matters arising under the law of the Commonwealth or under any other law.

(6) The specific mention of a kind of conduct in a provision of this section shall not be regarded as limiting the scope of any other provision of this section.

9 Limitation on nature of corrupt conduct

(1) Despite section 8, conduct does not amount to corrupt conduct unless it could constitute or involve:

AMBULANCE NSW




(a) a criminal offence, or

(b) a disciplinary offence, or

(c) reasonable grounds for dismissing, dispensing with the services of or otherwise terminating the services of a public official, or

(d) in the case of conduct of a Minister of the Crown or a member of a House of Parliament—a substantial breach of an applicable code of conduct.

(2) It does not matter that proceedings or action for such an offence can no longer be brought or continued, or that action for such dismissal, dispensing or other termination can no longer be taken.

(3) For the purposes of this section:

applicable code of conduct means, in relation to:

(a) a Minister of the Crown—a ministerial code of conduct prescribed or adopted for the purposes of this section by the regulations, or

(b) a member of the Legislative Council or of the Legislative Assembly (including a Minister of the Crown)—a code of conduct adopted for the purposes of this section by resolution of the House concerned.

criminal offence means a criminal offence under the law of the State or under any other law relevant to the conduct in question.

disciplinary offence includes any misconduct, irregularity, neglect of duty, breach of discipline or other matter that constitutes or may constitute grounds for disciplinary action under any law.

(4) Subject to subsection (5), conduct of a Minister of the Crown or a member of a House of Parliament which falls within the description of corrupt conduct

in section 8 is not excluded by this section if it is conduct that would cause a reasonable person to believe that it would bring the integrity of the office concerned or of Parliament into serious disrepute.

(5) Without otherwise limiting the matters that it can under section 74A (1) include in a report under section 74, the Commission is not authorised to include

a finding or opinion that a specified person has, by engaging in conduct of a kind referred to in subsection (4), engaged in corrupt conduct, unless the Commission is satisfied that the conduct constitutes a breach of a law (apart from this Act) and the Commission identifies that law in the report.

(6) A reference to a disciplinary offence in this section and sections 74A and 74B includes a reference to a substantial breach of an applicable requirement of

a code of conduct required to be complied with under section 440 (5) of the Local Government Act 1993, but does not include a reference to any other breach of such a requirement.

AMBULANCE NSW


APPENDIX C: FRAUD RATING DEFINITIONS


Appendix C: Fraud Rating Definitions The risk assessment methodology adopted is based on the Australian/New Zealand Risk Management Standard (AS/NZS 4360:2004). This assessment was used to

qualitatively measure the likelihood and consequence, and the inherent and residual risk of each potential fraud risk.

The following table shows how the consequence of each fraud risk was measured in terms of damage to reputation, integrity, competence, credibility, and financial

loss.

Table Five – Measuring Consequence/Impact

Level Descriptor Examples of Consequences/Impact

1 Insignificant An INSIGNIFICANT risk rating will indicate that a fraud/corruption risk will only have an immaterial financial or administrative impact on Ambulance.

2 Minor A MINOR risk rating will indicate that a fraud/corruption risk will only have a small financial or administrative impact on Ambulance. Financial losses are

not likely to exceed $10,000 (including costs of investigation and disruption to management and staff). Only minor damage to reputation.

3 Moderate A MODERATE risk rating will indicate that a fraud/corruption risk has the potential to moderately impact on Ambulance. Potential consequences may

include some or all of the following:

Financial losses are not likely to exceed $50,000 (including costs of investigation, legal costs and disruption to management and staff)

Ambulance’s integrity and reputation are likely to suffer

Some criticism from the Government and media are likely

An ICAC investigation may result.

4 Major A MAJOR rating will indicate that a fraud/corruption risk has the potential to seriously impact on Ambulance. Potential consequences may include some or

all of the following:

Financial losses resulting from fraud are likely to exceed $100,000 (including costs of investigation, legal costs and disruption to management and staff)

Possible ICAC inquiry

Ambulance’s integrity and competence may be challenged by the Government

May result in criminal proceedings

The media are likely to severely criticise Ambulance and Ambulance staff

severe public embarrassment and damage to reputation

may impact on Ambulance’s insurance coverage.

AMBULANCE NSW


APPENDIX C: FRAUD RATING DEFINITIONS


The following tables show how the likelihood of each corruption and fraud risk was measured.

Table Six – Measuring Likelihood

Rating Likelihood of Occurrence

A Rare The event will only occur in exceptional circumstances or as a result of a combination of unusual events (e.g. once every 10 years)

B Unlikely The event may occur at some time but not likely to occur in the foreseeable future (i.e. within the next 5 years)

C Possible The event may occur within the foreseeable future or medium term (i.e. within 3 years)

D Almost Certain The event will occur in most circumstances (i.e. within 1-2 years)

Table Seven – Control Effectiveness

Control Rating Descriptor Definition

1 Good Controls are highly effective in minimising the fraud risk

2 Adequate Controls are adequate for Ambulance in controlling the fraud risk

3 Needs improvement Enhancing one or more of the controls will result in the fraud risk being better controlled for Ambulance’s purpose

Table Eight – Residual Risk Ratings

GOOD Control Effectiveness NEEDS

IMPROVEMENT

4360

:2004

1 1.5 2 2.5 3

Co

nseq

uen

ce +

Lik

elih

oo

d

= In

here

nt

Ris

k

8 Very High Risk High High Critical Critical Critical

7 High High Critical Critical Critical

6 High High High High Critical

5 Medium High High High Critical

4 Medium Medium Medium Medium High

3 Low Medium Medium Medium High

2 Low Risk Low Low Low Low Medium

AMBULANCE NSW


APPENDIX D: INTERVIEW AND WORKSHOP PARTICIPANTS


Appendix D: Interview and Workshop Participants

Interviewees Workshop Participants- Rozelle Workshop Participants - Dubbo

Name Title Name Title Name Title

Michael Landsbergen GM, Corporate Services Anne Mathews A/Divisional Human Resources Manager

Greg Parrey Western Divisional Human Resources Manager

Kathryn Wood Director, Public Affairs Karen Evtushenko Manager – Management Accounting Unit

Leanne Abernethy Southern Divisional Human Resources Manager

Mick Willis GM, Operations Padraic Hoban Manager Financial Services Sam Cowell Western Divisional Finance Manager

Marian O’Connell

Director, Professional Standards and Conduct Unit

Giles Buchanan A/Inspector (Sydney) Kylie Moroney Southern Divisional Finance Manager

Stephen O’Malley Chief Finance Officer Steve Murphy PSCU representative Michael Bray Deputy Director Operations Illawarra/South Coast Sector

Graeme Field Manager, Aeromedical and Retrieval Services

Mishkaa Griffiths Manager, Recruitment Trevor Hannan Inspector (Western)

Mike Lloyd Manager, Property Services Chris Patrick Inspector (Western)

Murray Traynor Inspector (Sydney) Brad Porter A/Operational Support Manager (Western)

Shane Whittaker Inspector (Sydney) Tracy Riley DOCO/SOCO (Western)

Graeme Field Manager, Aeromedical and Retrieval Services

Jed Gollan Clinical Support Manager

Mary-Anne Saba Pharmacist Greg Parrey Western Divisional Human Resources Manager

Brett Standaloft Control Centre representative (DOCO/SOCO)

www.deloitte.com.au