policy & reform campusreview. com. au
Risky business
Universities are under increasing risk from fraudsters and cybercriminals.
By Graham Newton
Australia’ s higher education sector is under some pressure as a result of the government’ s Higher Education Reform Package. Disruption of any kind increases risk in any organisation, but when disruption involves cost saving, the risk can lead to financial stress, leakage or even fraud.
The annual operating revenue of some of Australia’ s largest universities is close to $ 2 billion, which, comparatively speaking, ranks them alongside many of the ASX 200. International students alone are Australia’ s third largest export and are worth $ 22 billion to our economy annually. Put simply, universities are big business and remain an attractive target for fraud offenders.
With the proposed reduction in funding placing an increased burden on the sector, there will be greater emphasis on fiscal restraint and possibly the international student market cross-subsidising the domestic research and teaching demands. Invariably, risks will follow as the pressure to cut costs impacts budgets, staffing and general expense management.
One risk likely to develop over the next year will relate to the government’ s cost-saving message. This may generate uncertainty in the minds of university staff about their position. This pressure can lead to some staff seeking a financial benefit they feel entitled to because of cost cutting that impacts them. This means risks such as corporate credit card fraud and theft are magnified.
This heightened internal threat is combined with the threat of cybercrime during times of fiscal measures. Universities are prime targets for external, highly organised individuals or criminal networks seeking to take advantage of the high-value information universities control. Cyber intrusions are experienced daily across the sector. A staff member with access to high-value research who opens an attachment within a phishing email can compromise confidential research. Alternatively, it is increasingly common for hackers to install ransomware across entire networks and demand payment in return for unlocking information.
Staying ahead of this risk places onerous demands on chief information officers and cyber teams to remain vigilant to each threat.
Most important to cyber resilience is staff education. If a person recognises a phishing email and does not open the attachment, the threat is reduced, but ensuring all staff are vigilant to this threat is the greatest challenge.
INTERNATIONAL STUDENT MARKET Given the growing financial pressure on universities, the opportunities for revenue growth within the international student market are attractive, but the challenges are yet to be completely recognised and addressed. One major risk is foreign bribery and corruption. With the continued push to attract international students, there is considerable investment by many universities in‘ higher risk’ economies. Doing business in
China, Indonesia or India, for example, can present challenges not otherwise considered. All three countries are highlighted as a risk by Transparency International’ s 2016 Corruption Perceptions Index. Australian universities with a footprint in the greater Asia Pacific region need to be aware of this risk.
Some universities are already analysing the payments they make in these countries to assess the danger of being dragged into a bribery scandal. This is unchartered territory in the university environment, and therefore the risk profile is compounded. Like any business operating in high-risk locations, universities must put in place control measures through policies, communication, reporting channels and awareness.
TRADITIONAL RISKS REMAIN REAL While funding pressures and the international student market present risks, the greatest threats are still the traditional risks.
For many years universities have operated in an environment that lends itself to elements of dishonesty and people seeking to take advantage of control environments through third-party relationships. Some of these include:
• Casual contractor arrangements, particularly where the delegation to appoint rests with the faculty without consistent oversight and due diligence and background checking of appointees.
• Accounts payable and corporate credit card use where there is a trend of‘ accidental’ spend and later reimbursement on the credit card.
• Conflicts of interest, particularly in faculties where the academic staff maintain a role in the profession and derive income.
The higher education sector reflects the broader economy in its risk profile. Add to this the segregated structure and considerable revenue being generated through universities and you have an environment that is attractive to people who are seeking dishonest gain or those who simply make poor decisions based on personal financial circumstances.
With disruption and a degree of uncertainty set to have a direct impact across the sector in 2018, there is little doubt that it’ s time to prepare for these risks through programs of education, awareness, policies and testing of procurement processes. ■
Graham Newton is a partner of McGrathNicol Forensic.
10