Skip to main content

I want to learn about red flags for internal fraud

Entities face an increasing threat of internal fraud. Over 1,300 internal fraud investigations were finalised during the 2018-19 financial year. Entities can better prevent and detect internal fraud by looking out for red flags - common traits of employees who have committed internal fraud.


Look out for the following red flags

An employee may be a higher internal fraud risk when a combination of the following red flags are present:

  • Unwilling to share duties or take leave.
  • Replacing existing suppliers with suppliers that they have a close connection with.
  • Refusal to implement internal countermeasures.
  • Skipping approval steps.
  • Living a lifestyle above their means or lavishing gifts on colleagues.
  • Failing to keep appropriate or accurate records/receipts.
  • Bullying colleagues.
  • Seeking access to areas which they should not be able to access.
  • Long term shortage of cash/financial hardship.
  • Consistently seeking loans or advances.
  • Past legal/compliance problems.
  • Addiction problems.
  • Gambling problems.
  • Significant personal stress.
  • Strong sense of entitlement.
  • Unhappy with employer.


Closely monitor the following high internal fraud risk activities

 Internal fraud most commonly occurs in the following activities:

  • Vendor management and accounts payable.
  • Cash handling.
  • Crisis payments or pre-payments.
  • Travel and subsistence payments.
  • Contract management.
  • Privileged system accesses, example:. Administrator access.
  • Activities requiring access to sensitive data.
  • Grant programs.


Key tips to prevent internal fraud

Apply the following methods to prevent internal fraud:

  • Promote an ethical culture in your entity.
  • Have mandatory fraud awareness training and refresher training.
  • Have appropriate management oversight.
  • Separate duties and delegations.
  • Have hard coded IT system countermeasures.
  • Have restricted access or dollar value limits for transaction processing.
  • Have physical security measures including the use of safes and physical access restrictions.
  • Conduct regular supplier reviews and maintain a register of non-compliance/breaches of contractual conditions and reporting requirements.
  • Rotate staff in high-risk positions.
  • Require staff to take regular annual leave.
  • Create a gift policy and register and publish the gift register online.
  • Make sure staff complete Conflict of Interest and Secondary Employment registers.
  • Actively test existing countermeasures and make changes where needed.
  • Intervene before non-compliance becomes fraud.

Further reading

This report presents information gathered during the 2016–17 financial year from all non-corporate Commonwealth entities about their experience of fraud and their fraud control measures.

Was this page helpful?