Audits or reviews
Internal or external audits or reviews evaluate the process, purpose and outcome of activities. Clients, public officials or contractors can take advantage of weaknesses in government programs and systems to commit fraud, act corruptly, and avoid exposure.
Why this countermeasure matters
A lack of regular audits or reviews of activities may lead to:
- fraudsters feeling more confident their actions will not be detected
- high levels of non-compliance or errors due to inconsistent and unclear processes, rules and decision-making
- fraudsters taking advantage of inconsistent practices and processes to commit fraud and avoid exposure or prosecution
- less transparency including over the actions and decisions of staff and third parties
- staff or contractors taking advantage of positions of trust to act corruptly, commit fraud and avoid exposure
- fraud or corrupt activity going unnoticed or unchallenged
- less action and accountability to prevent, detect and respond to fraud and corruption
- unknown and unaddressed systemic fraud or corruption.
How you might apply this countermeasure
Some ways to implement this countermeasure include:
- regular Information and Communications Technology security audits
- annual program performance audits
- random site visits for providers
- regular payment accuracy surveys
- monthly audits of staff travel expenditure
- regular reviews of grants allocations
- regular audits of credit card spending.
How to check if your countermeasures are effective
Here are some ways to measure the effectiveness of this type of countermeasure:
- review the outcomes of audits or reviews
- confirm that audits or reviews are actually undertaken
- check how regularly audits or reviews are performed
- confirm that the scope of audits or reviews consider fraud risks and controls
- confirm that audits or reviews are independent, completed by qualified persons and are resilient to corrupting influences
- check that recommendations or actions resulting from audits or reviews are implemented
- check what other reporting occurs, such as executive review of reports during committee meetings.
This type of countermeasure is supported by:
Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.
Make sure a manager, independent person or expert oversees actions and decisions. Involving multiple people in actions and decisions increases transparency and reduces the opportunity for fraud.
Reconcile records to make sure that two sets of records (usually the balances of 2 accounts) match. Reconciling records and accounts can detect if something is different from what is standard, normal, or expected, which may indicate fraud.
Capture documents and other evidence for requests, claims and activities to detect, analyse, investigate and disrupt fraudulent activity.
Audit logging is system-generated audit trails of staff, client or third-party interactions that help with fraud investigations.