Skip to main content

Learn about red flags for internal fraud

On this page

Entities face an increasing threat of internal fraud. Over 1,300 internal fraud investigations were finalised during the 2018-19 financial year. Entities can better prevent and detect internal fraud by looking out for red flags - common traits of employees who have committed internal fraud.

Look out for the following red flags

An employee may be a higher internal fraud risk when a combination of the following red flags are present:

  • Unwilling to share duties or take leave.
  • Replacing existing suppliers with suppliers that they have a close connection with.
  • Refusal to implement internal countermeasures.
  • Skipping approval steps.
  • Living a lifestyle above their means or lavishing gifts on colleagues.
  • Failing to keep appropriate or accurate records/receipts.
  • Bullying colleagues.
  • Seeking access to areas which they should not be able to access.
  • Long term shortage of cash/financial hardship.
  • Consistently seeking loans or advances.
  • Past legal/compliance problems.
  • Addiction problems.
  • Gambling problems.
  • Significant personal stress.
  • Strong sense of entitlement.
  • Unhappy with employer.

Closely monitor the following high internal fraud risk activities

 Internal fraud most commonly occurs in the following activities:

  • Vendor management and accounts payable.
  • Cash handling.
  • Crisis payments or pre-payments.
  • Travel and subsistence payments.
  • Contract management.
  • Privileged system accesses, example:. Administrator access.
  • Activities requiring access to sensitive data.
  • Grant programs.

Key tips to prevent internal fraud

Apply the following methods to prevent internal fraud:

  • Promote an ethical culture in your entity.
  • Have mandatory fraud awareness training and refresher training.
  • Have appropriate management oversight.
  • Separate duties and delegations.
  • Have hard coded IT system countermeasures.
  • Have restricted access or dollar value limits for transaction processing.
  • Have physical security measures including the use of safes and physical access restrictions.
  • Conduct regular supplier reviews and maintain a register of non-compliance/breaches of contractual conditions and reporting requirements.
  • Rotate staff in high-risk positions.
  • Require staff to take regular annual leave.
  • Create a gift policy and register and publish the gift register online.
  • Make sure staff complete Conflict of Interest and Secondary Employment registers.
  • Actively test existing countermeasures and make changes where needed.
  • Intervene before non-compliance becomes fraud.

Further reading

This report presents information gathered during the 2016–17 financial year from all non-corporate Commonwealth entities about their experience of fraud and their fraud control measures.

Was this page helpful?