Find where to start
This page will help you understand fraud control and ask questions to help you identify opportunities to improve your fraud control arrangements.
Fundamentals for sound fraud control
- Does your fraud control include:
- risk management and planning
- Are your fraud control arrangements consistent with the expectations of the Commonwealth Fraud Control Framework established under the Public Governance, Performance and Accountability Act 2013?
- Is your senior leadership team engaged in fraud control efforts?
- Do you promote an ethical culture to help prevent and detect fraud?
- Do you have a suitable governance structure for fraud control that reflects the operating environment and risks of your entity?
- Do you take opportunities to engage with other entities and relevant networks to share information and experiences on contemporary fraud control approaches?
Risk management and planning
- Do you manage fraud risks in a way which best suits the individual circumstances of your entity in the context of an overarching risk management framework (as described in the Commonwealth Risk Management Policy)?
- What is the most effective process to consult and communicate with staff on fraud risks and your fraud control plan?
- Have you identified relevant fraud risks, taking into consideration your entity's role, size and function, ongoing and emerging fraud risks and broader organisational risks?
- Are your fraud control processes fit for purpose and based on your entity's individual risk context?
- When did your entity last conduct a fraud risk assessment?
- Do you undertake fraud risk assessments when there is substantial changes to the structure, functions or activities of your entity?
- Are your fraud risk assessments updated through regular and targeted risk assessments?
- Has your entity developed and implemented a fraud control plan following the fraud risk assessment?
- Does your Audit Committee receive sufficient and timely information on fraud control arrangements to allow it to provide adequate assurance to the Accountable Authority?
- Does your Executive have clear oversight of your entity's fraud control plan?
- Do you regularly monitor and evaluate your fraud control plan and use it to inform your fraud risk assessments and fraud control strategies?
- Do you monitor and evaluate risk at key stages of a program or function’s life-cycle (particularly program design)?
- Are there any functions or responsibilities (including large and/or high risk programs) that call for a separate fraud control plan based on assessed risks?
- Do you have dedicated resources for fraud prevention activities? Are these resources proportionate to the level of fraud risk, taking into account the materiality, scope, complexity and sensitivity of possible fraudulent activity?
- What processes do you have in place, such as a fraud strategy statement and fraud awareness training to make sure that staff are aware of what fraud is?
- How do you make sure the risk of fraud is taken into account in planning and conducting the activities of the entity?
- Do you have a process for staff to disclose conflicts of interest and has this process been communicated to staff?
- Have you established suitable employment screening processes for new employees and existing employees where required?
- What processes do you have in place for engaging third-parties? How do you make sure the third-party has integrity? Do you have appropriate rules in contracts and agreements to help with fraud prevention?
- Do you consider fraud risks early and throughout the design of policies and programs to allow appropriate countermeasures to be built into the policy or program design?
- If your entity has a specialised fraud team, do line areas engage with the fraud team to identify fraud risks and appropriate preventative countermeasures?
- Do you communicate the outcomes of completed fraud investigations?
- Do you monitor and assess the effectiveness of your fraud prevention activities? How does this assessment inform your ongoing fraud arrangements?
Discover more information about prevention countermeasures.
- What processes do you have in place to detect possible incidents of internal and external fraud?
- Do you have a process for staff and other persons to report suspected fraud? Can they do this confidentially?
- Does your entity's culture encourage the reporting of suspected fraud?
- Are the resources allocated to fraud detection measures proportionate to your entity’s fraud risk profile (taking into account the materiality, scope, complexity and sensitivity of possible fraudulent activities)?
- Do you have a range of internal and external reporting processes for parties to report suspected unethical behaviour (including fraud)?
- Do you review the integrity (currency and accuracy) of your data?
- Do you monitor and assess the effectiveness of your fraud detection activities? How does this assessment inform ongoing fraud control arrangements?
Discover more information about detection countermeasures.
- What processes are in place for investigating or otherwise dealing with incidents of fraud or suspected fraud?
- Is there an electronic system (fraud incident register) for recording allegations?
- Do you have a method of triaging potential incidents or allegations of fraud?
- Do you have processes for undertaking initial evaluations of allegations?
- Do you use the Australian Government Investigations Standards when conducting investigations?
- Are your fraud investigators appropriately qualified?
- Can you complete a fraud investigation from start to finish? Or do you source capability from elsewhere, such as through a contractor or shared services arrangement?
- Do you have processes to recover fraud losses? Does this include a process for determining when to pursue fraud losses?
- Following an instance of fraud, do you review your processes to determine what changes can be made to prevent or detect further fraud?
- Do you monitor and assess the effectiveness of your fraud response activities? How does this inform ongoing fraud control arrangements?
Discover more information about response countermeasures.
Recording and reporting fraud
- What processes do you have in place for recording and reporting instances of fraud or suspected fraud?
- Are your processes for recording and reporting incidents of fraud appropriate for the number and type of cases of fraud you experience and the complexity of investigations you undertake?
- Do you record and report on the outcomes of incidents and investigations?
- Do you communicate the outcomes of fraud investigations internally to staff?
- Do you report annually to the responsible Minister or Presiding Officer (as required) on:
- fraud initiatives planned and undertaken?
- significant fraud risks facing the entity?
- significant fraud incidents that occurred?
- Do you report fraud data to the Australian Institute of Criminology?