Fraud Risk Management Policy

Fraud Risk Management Policy

The Purpose

The Fraud Risk Management Policy is established to facilitate the development of controls that will aid in the detection and prevention of fraud against International Humanitarian Organisation Limited (“the Company”), also known as IHO Global.

The Intent

It is the intent of IHO Global to promote consistent organizational behaviour by providing guidelines and assigning responsibility for the development of controls and conduct of investigations.

The Objective

The objective of this policy is to detect and respond to fraud and corruption in order to protect the interests of clients, workers and other stakeholders while retaining a high ethical standing within the community.

Scope of the Policy

This policy applies to any irregularity, or suspected irregularity, involving all entities within IHO Global and to all directors, employees, volunteers, contractors and consultants in relation to their work with/for IHO Global.

Any investigative activity required will be conducted without regard to the suspected wrongdoer’s length of service, position/title, or relationship to the Company.

Policy Statement

Management is responsible for the detection and prevention of fraud, corruption, bribery, misappropriations, financial impropriety and other irregularities.

Management of IHO Global works to reduce the “taboo” in discussing fraud and corruption in humanitarian programs and promote greater transparency in reporting corrupt abuse of aid and relief. Management does this by providing leadership, changing staff incentives and setting up safe and effective complaint mechanisms.

Management will communicate to directors, employees, members etc. that preventing corruption is an important part of the current focus on program quality and accountability, not merely a program support issue, particularly through including the issue of corruption in induction and revision programs.

Management will communicate that corruption extends beyond fraudulent financial practices to “non-financial corruption” such as nepotism/cronyism, exploitation and abuse, intimidation and coercion of humanitarian staff and/or aid recipients for personal gain.

Management will ensure that Whistle-blower policies are effectively disseminated and implemented at field level and that standard policies are adapted for emergency contexts.

Management will provide a risk analyses in each country of campaign operation including Australia.

Each member of the management team will be familiar with the types of improprieties that might occur within his or her area of responsibility, and be alert for any indication of irregularity. Any irregularity that is detected or suspected must be reported immediately to the Director in-charge of Fraud Management, who coordinates all investigations and allegations, both internal and external.

The procedures relate to fraud control activities in particularly sensitive areas, where there is a high risk of significant impact to the entity if they are not appropriately maintained.  The procedures are also intended to ensure the necessary level of accountability.


The terms used in this policy are –

  1. Fraud is defined as ‘dishonestly obtaining a benefit or causing a loss by deception or other means’. This definition is based on the fraudulent conduct offences under part 7.3 of the Criminal Code Act 1995, in addition to other relevant offences under chapter 7 of the Criminal Code.
  1. Corruption as defined in the Independent Commission Against Corruption Act 1988 (“the ICAC Act”), is deliberate or intentional wrongdoing, not negligence or a mistake.
  1. Bribery It is an offence under the Criminal Code Act 1995 (Cth) to dishonestly provide or offer to someone (directly or indirectly) a benefit with the intention of influencing a Commonwealth public official in the exercise of their duties or where the receipt of the benefit would tend to influence a “Commonwealth public official” in the exercise of their duties.

Under the Criminal Code, it is an offence to provide or offer to someone (directly or indirectly) a benefit that is not legitimately due to that person. It is an offence to provide or offer a benefit to a foreign public official with the intention of influencing the exercise of their duties in order to obtain or retain business or a business advantage.

  1. “Benefit” is broadly defined to include any advantage and is not limited to money or property.
  1. “Commonwealth public official”

covers all employees of the Commonwealth and any Commonwealth authority. Australia implemented the OECD Convention on Combating Bribery of “Foreign Public Officials” in International Business Transactions in 1999 by enacting the anti-bribery and corruption provisions in the Criminal Code.

  1. “Foreign Public Official”

includes employees, contractors or officials of a foreign government department or agency, a foreign controlled company or public international organisation, members of a foreign military or police force or members of the executive, judiciary or magistracy of a foreign country.

  1. Reasonable basis for investigation

Reasonable basis: An objective test relates to whether a reasonable person in possession of the information would form the belief that the improper conduct occurred. It is important that there is evidence to support a person’s beliefs, other than their concerns. Evidence may include witnesses, documentation, or other     direct evidence.

Actions Constituting Fraud

The terms falsification, misappropriation, and other fiscal irregularities refer to, but are not limited to:

  • Any dishonest or fraudulent act;
  • Misappropriation of funds, securities, supplies, or other assets;
  • Impropriety in the handling or reporting of money or financial transactions;
  • Improper behaviour relating to accounting, internal accounting controls, actuarial, or audit matters;
  • Misusing charity banking facilities for personal expenditure (such as credit cards, debit cards or internet banking);
  • Misuse of Commonwealth assets (grants);
  • Providing false information to the Commonwealth;
  • Claiming non-existent, excessive or inappropriate expenses;
  • Creating false or inflated invoices or purchase orders to obtain payment for goods and services that have not been supplied;
  • Committing identity fraud, for example, hijacking a charity’s bank account;
  • Unauthorised fundraising in a charity’s name, such as setting up a fraudulent disaster appeal website;
  • Profiteering as a result of insider knowledge of company activities;
  • Disclosing confidential and proprietary information to outside parties;
  • Submitting false applications for grants or other charitable benefits;
  • Disclosing to other persons security activities engaged in or contemplated by the company;
  • Accepting or seeking anything of material value from contractors, vendors, or persons providing services/materials to the Company;
  • Creating non-existent beneficiaries or employees for the purposes of directing unauthorised payments;
  • Destruction, removal, or inappropriate use of records, furniture, fixtures, and equipment;
  • Altering documents;
  • Falsifying signatures;
  • Concealment of wrongdoing; and/or, any similar or related irregularity.

Other Irregularities

Irregularities concerning an employee’s moral, ethical, or behavioural conduct should be resolved by the Board of Directors rather than the Fraud Risk Management Committee.

If there is any question as to whether an action constitutes fraud, contact the head of the Fraud Risk Management Committee for guidance.

Financial Procedures

Carry out regular (monthly) checking of bank statements to ensure all amounts expected to be banked are received in IHO Global Westpac bank account. This check will be carried out by at least two directors.

Reconcile (match up) supplier statements, invoices and creditor balances to check that invoices match payments.

Change Gateway internet banking password periodically.

Advise directors they can request to view IHO Global bank account. Advise stakeholders, donors etc. (under supervision) that they can request to view IHO Global accounts when required.

Only CEO and the Chief Financial Officer can approve orders and payment of suppliers, invoices etc. over a $200.00 threshold.

Two signatories are required for all bank account activity including new debit/credit cards and online banking.

No cash donations are to be received by IHO Global or any person representing IHO Global.

If online banking, cheques and/or debit/credit cards fraud is suspected, IHO Global Westpac bank branch (Westpac Floreat, Ph: 08 6272 0177) or credit card company should be contacted immediately to ensure a stop is put on all access.


The Whistle-blower Protection Protocol promotes a culture of compliance, honesty and ethical behaviour within IHO Global.

Whistleblowing is:           “The disclosure by or for a witness, of actual or suspected Wrongdoing in        an organisation that reveals fraud, corruption, illegal activities, gross mismanagement, malpractice or any other serious wrongdoing”

A Whistle-blower is:       “A person who reports serious Wrongdoing in accordance with this Policy”.

Executive Management encourages all IHO Global personnel to report Wrongdoing. Our approach is   “when in doubt report”. All persons, including but not limited to members, employees, staff, volunteers, contractors, suppliers or the public who detect or have reasonable grounds for    suspecting improper conduct associated with IHO Global can raise concerns in good faith.

All such persons should feel comfortable and confident about reporting Wrongdoing, without victimisation, harassment or discrimination treatment.  By encouraging this approach, the Board of Directors and Executive Management can adequately manage risk and cultural issues within the Company.

Whistle-blower Anonymity and Confidentiality

IHO Global will take all reasonable steps to protect the Whistle-blower and will not tolerate any retaliatory action or threats of retaliatory action against any person who has made or who is believed to have made a report of improper conduct in good faith. Any such retaliatory action or victimisation by any member of staff in reprisal for a report being made will be treated as serious misconduct and will result in disciplinary action, which may include dismissal.

Management is committed to protecting and supporting the dignity, wellbeing, career and good name of anyone reporting Wrongdoing.

Subject to privacy and confidentiality considerations, the Whistle-blower will be kept informed of the progress and outcome of any investigation of his/her disclosure. All Whistle-blowers must maintain confidentiality of any information provided to them by IHO Global in relation to, or as a consequence or outcome of their disclosure.

Wrongdoing can be reported on an identity or anonymous basis.


Disclosures are made in the following way:

IHO Global provides an official Suspected Fraud Disclosure Form. This form can be obtained from   the CEO, Secretary or the head of the Fraud Risk Management Committee. This form MUST be completed, signed and dated by the complainant and lodged with the Secretary of IHO Global in order to be deemed an official disclosure. This is the official reporting avenue.

Where illiteracy is a constraint, we will take oral disclosures in person, over the phone and by any written means. We will do our very best to assist a such a person by putting their disclosure in writing or to write it down ourselves as faithfully as we can.

Investigation Responsibilities

Every person in the Company is responsible for fraud control and corruption prevention. Accordingly, everyone must report every suspected incident immediately to the head of the Fraud Risk Management Committee.

The investigation processes will vary depending on the nature of the Wrongdoing and the amount       of information provided. For a report to be investigated, it must contain sufficient information disclosed to form a reasonable basis for investigation.

The Fraud Risk Management Committee has the primary responsibility for the investigation of all suspected fraudulent acts as defined in this policy. If the investigation substantiates that fraudulent activities have occurred, the Fraud Management Risk Committee will issue reports to appropriate designated personnel and to the Board of Directors.

IHO Global is responsible for investigating allegations of fraud or suspected fraud against it, including investigating disciplinary matters, unless the matter is referred to and accepted by the Australian Federal Police (AFP) or another law enforcement agency.

Decisions to prosecute or refer the examination results to the appropriate law enforcement and/or regulatory agencies for independent investigation will be made in conjunction with legal counsel and executive management, as will final decisions on disposition of the case.

The Investigation

The investigation will be conducted in accordance with the principles of fairness and natural justice.

The Fraud Risk Management Committee will conduct an investigation as follows:

  • review all claims made, in conjunction with any evidence provided by the Complainant/ Whistle-blower;
  • investigate and locate any evidence that may substantiate or refute the claims of the Complainant/Whistle-blower (this may include interviewing other parties);
  • the person/s against which the allegation has been made will have the opportunity to respond and explain their behaviour and to provide any documentation or material in support of their response and explanation;
  • a conclusion shall not be reached and a recommendation will not be made until reasonable and appropriate enquires have been made and submitted documentation and material considered, and;
  • the Fraud Risk Management Committee may also refer the case for investigation to an external body or the police if criminal conduct appears to have occurred, and the Board of Directors will be advised of any such referral.

The Report

At the conclusion of an investigation a report will be prepared by the Fraud Risk Management Committee. The report will broadly outline the following:

  • the details of the Complainant/Whistle-blower Disclosure;
  • the information and evidence collected during the investigation that either supports or refutes the allegation of improper conduct;
  • the conclusions reached by the Fraud Risk Management Committee and the reasoning behind each conclusion; and
  • the recommendation of the Fraud Risk Management Committee as to any action that is to ensue; and
  • the level of reporting to state and territory regulators and other reporting authorities will be determined by the seriousness of any allegations of the improper conduct.
  • disclosures will be entered into a Disclosure Register and a copy of the report of the Fraud Risk Management Committee and actions taken in response to the report will be logged        and maintained in the Disclosure Register.

Reporting Responsibilities

IHO Global must refer all instances of potential serious or complex fraud offences to the Australian Federal Police (AFP). Call the AFP’s National Switchboard ph: (02) 6131 3000.

Where there is the risk of immediate loss or harm, particularly if the situation is urgent contact the Western Australian Police ph: 131444 or the Victoria Police ph: (03) 9247 6666.

If you would like to provide anonymous information about any crime (State, Territory or Commonwealth crimes) please phone Crime Stoppers on ph: 1800 333 000 or visit the Crime    Stoppers website.  https://www.crimestoppers.com.au/

Report fraudulent behaviour to the state or territory regulator – Department of Commerce (WA),       ph: 1300 136 237, Department of Consumer Affairs (Vic), ph: 1300 55 81 81, Australian Securities      and Investments Commission (ASIC), ph: 1300 300 630, Australian Tax Office, ph: 132865.

Report a scam (such as a fake website in IHO Global’s name) to Scamwatch, ph: 1300 795 995.

Report incidences of fraud to the ACNC, ph: 132262.  The incident should be reported to the ACNC as soon as practicable, and no later than the end of 28 days after IHO Global has knowledge of the breach.

State and territory regulators and other reporting authorities have their own specific forms that must be completed for the official reporting and lodgement of fraudulent behaviour.

There is no minimum level that must be reported. You (the complainant) need to decide whether the incident is serious or significant enough to be reported, taking into account the actual harm or potential risk to your charity (including to those it works to help, its assets, its staff, members, employees, stakeholders, donors, funders, project managers and the public).

Where there is media or public interest in allegations of fraudulent behaviour, the ACNC expects immediate notification.

If you (the complainant) decide the incident is too minor to report, records should be kept and             you should document your decision. Reporting and documenting your decision is one way to demonstrate that IHO Global’s board are dealing with these matters appropriately.

IHO Global must take all reasonable measures to recover financial losses caused by illegal activity through proceeds of crime and civil recovery processes or administrative remedies.


The Fraud Risk Management Committee treats all information received confidentially. Any      employee who suspects dishonest or fraudulent activity will notify the Fraud Risk Management Committee immediately, and should not attempt to personally conduct investigations or interviews/ interrogations related to any suspected fraudulent act (see Reporting Procedure section below).

Investigation results will not be disclosed or discussed with anyone other than those who have a legitimate need to know. This is important in order to avoid damaging the reputations of persons suspected of fraudulent activity but subsequently found innocent of wrongful conduct and to      protect the Company from potential civil liability.

All cases of alleged fraud, corruption or bribery are to be handled in a confidential, professional and prompt manner.

The Person(s) Against Whom the Allegations and Disclosure Have Been Made

IHO Global recognises that persons against whom allegations and disclosures are made under this protocol must also be supported during the handling and investigation of the case.

IHO Global will afford procedural fairness to the person against whom a disclosure has been made.

Authorisation for Investigating Suspected or Detected Fraud

Members of the Fraud Management Risk Committee will have:

  • Free and unrestricted access to all Company records and premises, whether owned or rented; and
  • The authority to examine, copy any portion of the contents of files, desks, cabinets and other storage facilities on the premises without prior knowledge or consent of any individual who might use or have custody of any such items or facilities when it is within the scope of their investigation.

Great care must be taken in the investigation of suspected improprieties or irregularities to avoid mistaken accusations or alerting suspected individuals that an investigation is under way.

An employee who discovers or suspects fraudulent activity will contact the Fraud Risk Management Committee immediately.

The employee or other complainant may remain anonymous.

All inquiries concerning the activity under investigation from the suspected individual, his or her attorney or representative, or any other inquirer should be directed to the Board of Directors.

No information concerning the status of an investigation will be given out. The proper response to   any inquiries is, “I am not at liberty to discuss this matter.” Under no circumstances should any reference be made to “the allegation,” “the crime,” “the fraud,” “the forgery,” “the misappropriation,” or any other specific reference.

The reporting individual should be informed of the following:

  • Do not contact the suspected individual in an effort to determine facts or demand restitution.
  • Do not discuss the case, facts, suspicions, or allegations with anyone unless specifically asked to do so by the Board of Directors or the Fraud Risk Management Committee.


If an investigation results in a recommendation from the Fraud Risk Management Committee to terminate an individual, the recommendation will be reviewed for approval by the Board of Directors and, if necessary, by outside counsel, before any such action is taken.

The Fraud Risk Management Committee does not have the authority to terminate an employee.         The decision to terminate an employee is determined by the criteria set out in the Constitution of IHO Global.

Should the Fraud Risk Management Committee believe the decision inappropriate for the facts presented, the facts will be presented to executive level management for a decision.

Administration and Governance

The Executive Directors of IHO Global are responsible for the administration, revision, interpretation and application of this policy. The policy will be reviewed annually and revised as needed.

Ongoing education, awareness, communication and training about fraud prevention and management, including financial controls and reporting protocols is to be given to all directors,        staff, employees, project managers, volunteers.

The Fraud Risk Management Policy is reviewed every 12 months or whenever there are significant regulatory changes or business needs.