Red X iconGreen tick iconYellow tick icon
Skip to main content
Category Finance
Type Policy
Approved by Council
Date Policy Took Effect 31 January 2011
Last approved revision 9 December 2025
Sponsor Chief Operating Officer
Responsible officer Head of Risk, Assurance and Compliance

Purpose

Fraud damages the reputation of the University and depletes the University's resources. Accordingly, the University has a zero tolerance to fraud.

The purpose of this policy is to discourage fraudulent and corrupt behaviour by setting out clear requirements for the prevention, detection, and overall response to potential or suspected instances of fraud and corruption within or involving the University of Otago, and to support a just and coordinated response to fraud and corruption.

Organisational scope

This policy applies to all members of the University community, including all University of Otago staff members (whether permanent, temporary, full or part time, emeriti or honorary), all members of the Council of the University, students (whether full time or part time), contractors, subcontractors, consultants, associates, business partners, and official visitors or guests of the University, in relation to fraud and/or corruption, whether suspected, alleged, or proven, that are either committed:

  • Against the University by a person or another organisation; or
  • By any University staff member against any third party (i.e., external parties such as clients, consultants, service providers or other members of the public).

Definitions

Corruption

Corruption means a form of fraud involving the abuse of entrusted power for private gain or to achieve an improper outcome.

Illustrative examples of corrupt behaviour include, but are not limited to, the following types of internal and external corruption:

Internal corruption

  • Any person who has a business involvement with the University, improperly using, or trying to improperly use, the knowledge, power or resources of their position for personal gain or for the advantage of others.
  • Disclosing private, confidential or proprietary information to outside parties without implied or expressed consent.
  • A conflict of interest involving a staff member who acts in their own self- interest rather than the interests of the University (e.g., failing to declare an interest in a transaction the University is about to enter into or employing friends or relatives).
  • The improper use of a political/business position of authority or ‘influence’.
  • Nepotism or preferential treatment.

External corruption

  • External parties knowingly providing, assisting or validating in providing false, misleading, incomplete or fictitious information to circumvent University procurement processes and procedures to avoid further scrutiny or reporting.
  • External parties offering, providing or requesting cash, facilitation payments or kickbacks in connection with University business.

Collusion between internal and external parties

  • A University staff member and a supplier colluding to manipulate a procurement process, in return for secret commissions, kickbacks, bribes or other forms of unlawful payment or advantage.
Fraud

Fraud is an intentional and dishonest act involving deception or misrepresentation, to obtain or potentially obtain an advantage for an individual or any other person. It includes the deliberate falsification, concealment, destruction or use of falsified documentation used or intended for use for a normal business purpose of the University or the improper use of information or position whether or not for personal benefit.

Illustrative examples of fraudulent behaviour include, but are not limited to, the following types of internal and external fraud:

Internal fraud

  • Wrongful or criminal deception intended to result in financial or personal benefit.
  • Falsifying, omitting, or manipulating leave records, including annual/holiday leave balances.
  • Theft or unauthorised use of facilities or equipment for personal gain.
  • Misappropriation or improper disposal of assets, including furniture, fixtures and equipment
  • Inappropriate claims for expenses for personal gain.
  • Use of the University’s credit card for personal gain.
  • Inappropriate payments to third parties.
  • Knowingly providing false, incomplete or misleading information to the University for unfair, unjustified or unlawful gain.
  • Forgery or alteration of documents or accounts belonging to the University.
  • Supporting others in, or in any way being part to, fraud, or not reporting fraud.

External fraud

  • Wrongful or criminal deception by an external party intended to result in financial or personal benefit (for example, fraudulent invoices, identity fraud or scams targeting the University).
  • Coercion or ransom attempts by external parties.

Collusion between internal and external parties

  • Corruption (as defined in this Policy) where a staff member abuses a position of trust in collusion with an external third party.
  • Secret commissions, kickbacks, bribes, and other forms of unlawful payments involving both University personnel and external individuals or organisations.
  • Money laundering or other illicit financial arrangements involving both internal and external parties.

Examples of fraud may also be perpetrated by students, contractors, Council members, external partners, and other persons interacting with the University. For example, misuse of scholarships or grants, submission of false documentation, collusion with staff or contractors, or unauthorised use of University systems to obtain financial advantage.

These examples are not exhaustive. Any conduct that meets the definition of fraud or corruption may be subject to investigation and disciplinary action.

University
Refers to the University and, for risk oversight purposes, its subsidiaries and the Foundation Trust, to the extent that risks in those entities may materially affect the University’s interests, obligations or objectives.

Content

  1. Commitment to Controlling Fraud

    1. The University of Otago will not tolerate any fraudulent or corrupt behaviour and will investigate all instances of suspected Fraud and Corruption.
    2. The University will conduct Fraud risk assessments on a regular basis—at least every three years or as required by changes in operations. These assessments will inform targeted reviews of transactions, business activities, and operational units/locations to proactively identify and mitigate potential fraud risks.
    3. The University will proactively develop and maintain robust internal controls for business delivery including the protection of assets, procurement, purchasing, payroll, treasury, and cash management.
    4. Should an investigation provide sufficient evidence to suggest that fraud has been committed, the University may, at its discretion and in consultation with relevant senior staff, refer the circumstances to the relevant authorities for the purposes of further investigation and possible prosecution. The decision to refer a matter to external authorities rests with the Vice-Chancellor, the Chief Operating Officer and the Chair of the Audit and Risk Committee, informed by the Head of Risk, Assurance and Compliance.

  2. Making and escalating a Fraud or Corruption notification

    1. All suspected instances of fraud or corruption must be reported immediately through (any one of) the following channels:
      1. the Head of Risk, Assurance and Compliance,
      2. the fraud email address or phone number provided below, which are monitored by the Office of Risk, Assurance and Compliance
        Email fraud@otago.ac.nz
        Mobile +64 27 4 359 808
      3. the Vice-Chancellor,
      4. the Chief Operating Officer,
      5. the Chief Financial Officer,
      6. the Director of Human Resources,
      7. via a protected disclosure (in accordance with the Protected Disclosures Policy).
    2. Notifications can be written or verbal. If verbal, the individual receiving the notification must record details of the notification in writing.
    3. All University Staff who receive a notification of a suspected instance of Fraud and/or Corruption are required to immediately notify the Office of Risk, Assurance and Compliance.
    4. Where a notification involves (or may reasonably be regarded as having the potential to involve) one or more of the people listed under Clause 2(a) they shall be excluded from the notification. If the suspected fraud involves any of the individuals listed under Clause 2(a), the notification should be made to an alternative channel or via a protected disclosure, in accordance with the Protected Disclosures Policy.
    5. Upon initial suspicion of fraud or corruption – regardless of whether a substantial investigation has commenced – the Chief Operating Officer must immediately notify Audit New Zealand (on behalf of the Office of the Auditor-General) and the Chairperson of the Audit and Risk Committee. This notification must occur as soon as practicable after the initial report is received and before any substantive investigative steps are undertaken.
    6. No person is to investigate a suspected instance of fraud or corruption unless authorised to do so under Clause 4 of this policy. This ensures investigations are conducted impartially and in accordance with the Fraud and Corruption Prevention procedures.
    7. The notification shall be recorded in the University Fraud Register which is maintained by the Office of Risk, Assurance and Compliance. Details recorded include, for example, date, nature of allegation, and reporting channel.
    8. The person making a notification can request that their identity and any identifying details be confidential to the extent provided for under the Protected Disclosures Policy and Procedures.

  3. Protected Disclosures

    1. University staff may instead make a protected disclosure, under the Protected Disclosures (Protection of Whistle-blowers) Act 2022, where the matter meets the definition of “serious wrongdoing” under the Act, in accordance with the University’s Protected Disclosures Policy.
    2. Fraud or corruption may constitute serious wrongdoing depending on the circumstances (for example, where the conduct is serious, systemic, involves misuse of public funds, or constitutes an offence).
    3. Staff who wish to raise concerns confidentially about suspected fraud or corruption that does not meet the threshold for a protected disclosure may still request that their identity be kept confidential under this Policy to the extent possible. The University prohibits retaliation against any individual who makes a good-faith report under either this Policy or the Protected Disclosures Policy. Any such retaliation may result in disciplinary action.

  4. Investigations

    1. Notifications will be investigated to the fullest practical extent, including instances where staff members have left the University.
    2. The Director of Human Resources, in consultation with the persons advised of a notification under clause 2, shall determine the person responsible for conducting an investigation. In situations where there is disagreement regarding the appropriate investigator, or where a conflict of interest (actual, potential, or perceived) exists, the matter shall be escalated to the Vice-Chancellor for a determination to ensure independence and objectivity are maintained.
    3. Where it has been determined that the Director of Human Resources should not be advised of the notification (e.g., based on perceived conflict of interest), the Vice-Chancellor shall have responsibility for determining who should conduct the investigation.
    4. Where the Director of Human Resources is not responsible for the conduct of an investigation, the party conducting the investigation must ensure that appropriate employment processes are observed.
    5. The Head of Risk, Assurance, and Compliance must provide updates throughout an investigation to the Chief Operating Officer, who in turn will inform the Chief Financial Officer, the Vice Chancellor, and the Director of Human Resources, unless a notification involves (or may reasonably be regarded as having the potential to involve) one or more of those persons.

  5. Confidentiality

    1. All participants in an investigation or informal process shall keep the details and results of that process confidential.
    2. Individuals reporting suspected instances of serious wrongdoing are covered by the Protected Disclosure Policy in accordance with the Protected Disclosures (Protection of Whistle-Blowers) Act 2022.
    3. Subject to any legal or investigation requirements, all individuals involved in a formal investigation or informal process in relation to alleged or actual instances of fraud or corruption have:
      1. The right to have their identity protected wherever possible without detriment to the University;
      2. The right to have information they disclose kept confidential;
      3. The duty to respect the rights of others to the maintenance of confidence; and
      4. The right to have any limits of confidentiality explained to them.
    4. Notwithstanding the above, where fraud or corruption has occurred, the University reserves the right to share information with the external agencies identified in clause 6(a), where required or appropriate.

  6. Reporting

    1. If the investigation has found reasonable grounds to indicate fraud or corruption has occurred, the Head of Risk Assurance and Compliance (in the role of Fraud Control Officer), in conjunction with the Chief Operating Officer, the Vice-Chancellor and the Chairperson of the Audit and Risk Committee will notify the Police, Serious Fraud Office, TEC, Audit New Zealand (on behalf of the Office of the Auditor General), the University’s insurers where required under applicable crime, fidelity, or liability insurance policies, and other external agencies as applicable. The Chief Financial Officer will be responsible for ensuring that all insurer notifications are completed in accordance with the University’s insurance policy conditions.
    2. The Head of Risk Assurance and Compliance will prepare a report which contains:
      1. A report of the findings of the investigation and action (including employment action) taken in relation to it;
      2. A recommendation as to whether the matter was, or should be, referred to an external agency;
      3. Recommendations as to improvement in controls and processes that need to be implemented in order to minimise future recurrences of the behaviour identified by the complaint.
    3. The full results of all completed investigations, including findings, actions taken, and any improvement recommendations, will be reported to the Audit and Risk Committee, and to the Council where appropriate. In addition, the Head of Risk, Assurance and Compliance will report to the Vice-Chancellor and Audit and Risk Committee quarterly on all notifications of suspected, alleged, and confirmed instances of fraud and corruption, including those that did not proceed to full investigation.
    4. Reports will be saved in the University Fraud Register, which is maintained by the Office of Risk, Assurance and Compliance.
    5. In exceptional circumstances (e.g., concern regarding an abusive relationship or self-harm), a decision may be collectively made by the Head of Risk, Assurance and Compliance, the Chief Operating Officer, the Director of Human Resources, the Vice-Chancellor and the Chairperson of the Audit and Risk Committee not to notify the parties identified in (6a). This decision must be documented and saved in the University Fraud Register. These instances must still be reported as part of the quarterly reporting as reflected in (6c), however the Head of Risk Assurance and Compliance should work with the Director of Human Resources to capture sufficient details, including a clear rationale as to why this matter was not reported to the parties identified.

  7. Consequences of a breach

    1. Any breach of this Policy or relevant laws may result in any or all of the following, but is not limited to:    
      1. Disciplinary action;
      2. Civil action;
      3. Criminal prosecution.
    2. Following the completion of an investigation, decisions regarding employment-related consequences will be made by the Director of Human Resources (or delegate), in consultation with the Vice-Chancellor and the Chief Operating Officer, in accordance with the University’s employment agreements and disciplinary procedures.
    3. Decisions relating to non-employment consequences (including referral to external agencies, recovery actions, and control improvements) will be determined by the Vice-Chancellor and the Chief Operating Officer, informed by the findings of the investigation and the recommendations of the Head of Risk, Assurance and Compliance.
    4. Where the consequences relate to a member of the Senior Leadership Team, the decision will be ratified by the Vice-Chancellor and the Chairperson of the Audit and Risk Committee.
    5. Where the consequences relate to a Council member, the matter will be addressed in accordance with the Council Code of Conduct.

  8. Recovery of losses

    1. All practical and reasonable steps, including the consideration of legal action, will be taken in the recovery of any loss of stolen funds or property attributable to fraudulent or corrupt behaviour, in accordance with the Fraud and Corruption Prevention Procedures.

Related policies, procedures and forms

Contact for further information

If you have any queries regarding the content of this policy or need further clarification, contact:

Head of Risk Assurance and Compliance
Email hod.orac@otago.ac.nz

Back to top