Skip to main content

Find where to start

On this page

This page will help you understand fraud control and ask questions to help you identify opportunities to improve your fraud control arrangements.

Fundamentals for sound fraud control

  • Does your fraud control include: 
    • risk management and planning
    • prevention
    • detection
    • response
    • recording
    • reporting?
  • Are your fraud control arrangements consistent with the expectations of the Commonwealth Fraud Control Framework established under the Public Governance, Performance and Accountability Act 2013?
  • Is your senior leadership team engaged in fraud control efforts?
  • Do you promote an ethical culture to help prevent and detect fraud?
  • Do you have a suitable governance structure for fraud control that reflects the operating environment and risks of your entity?
  • Do you take opportunities to engage with other entities and relevant networks to share information and experiences on contemporary fraud control approaches?

Risk management and planning

  • Do you manage fraud risks in a way which best suits the individual circumstances of your entity in the context of an overarching risk management framework (as described in the Commonwealth Risk Management Policy)?
  • What is the most effective process to consult and communicate with staff on fraud risks and your fraud control plan?
  • Have you identified relevant fraud risks, taking into consideration your entity's role, size and function, ongoing and emerging fraud risks and broader organisational risks?
  • Are your fraud control processes fit for purpose and based on your entity's individual risk context?
  • When did your entity last conduct a fraud risk assessment?
  • Do you undertake fraud risk assessments when there is substantial changes to the structure, functions or activities of your entity?
  • Are your fraud risk assessments updated through regular and targeted risk assessments?
  • Has your entity developed and implemented a fraud control plan following the fraud risk assessment?
  • Does your Audit Committee receive sufficient and timely information on fraud control arrangements to allow it to provide adequate assurance to the Accountable Authority?
  • Does your Executive have clear oversight of your entity's fraud control plan?
  • Do you regularly monitor and evaluate your fraud control plan and use it to inform your fraud risk assessments and fraud control strategies?
  • Do you monitor and evaluate risk at key stages of a program or function’s life-cycle (particularly program design)?
  • Are there any functions or responsibilities (including large and/or high risk programs) that call for a separate fraud control plan based on assessed risks?

Fraud prevention

Discover more information about prevention countermeasures.

Fraud detection

Discover more information about detection countermeasures.

Fraud response

  • What processes are in place for investigating or otherwise dealing with incidents of fraud or suspected fraud?
  • Is there an electronic system (fraud incident register) for recording allegations?
  • Do you have a method of triaging potential incidents or allegations of fraud?
  • Do you have processes for undertaking initial evaluations of allegations?
  • Do you use the Australian Government Investigations Standards when conducting investigations?
  • Are your fraud investigators appropriately qualified?
  • Can you complete a fraud investigation from start to finish? Or do you source capability from elsewhere, such as through a contractor or shared services arrangement?
  • Do you have processes to recover fraud losses? Does this include a process for determining when to pursue fraud losses?
  • Following an instance of fraud, do you review your processes to determine what changes can be made to prevent or detect further fraud?
  • Do you monitor and assess the effectiveness of your fraud response activities? How does this inform ongoing fraud control arrangements?

Discover more information about response countermeasures.

Recording and reporting fraud

  • What processes do you have in place for recording and reporting instances of fraud or suspected fraud?
  • Are your processes for recording and reporting incidents of fraud appropriate for the number and type of cases of fraud you experience and the complexity of investigations you undertake?
  • Do you record and report on the outcomes of incidents and investigations?
  • Do you communicate the outcomes of fraud investigations internally to staff?
  • Do you report annually to the responsible Minister or Presiding Officer (as required) on:
    • fraud initiatives planned and undertaken?
    • significant fraud risks facing the entity?
    • significant fraud incidents that occurred?
  • Do you report fraud data to the Australian Institute of Criminology?

Was this page helpful?