Conduct internal or external audits or reviews
Internal or external audits or reviews evaluate the process, purpose and outcome of activities. Clients, public officials or contractors can take advantage of weaknesses in government programs and systems to commit fraud, act corruptly, and avoid exposure.
Why this countermeasure matters
A lack of regular audits or reviews of activities may lead to:
- fraudsters feeling more confident their actions will not be detected
- high levels of non-compliance or errors due to inconsistent and unclear processes, rules and decision-making
- fraudsters taking advantage inconsistent practices and processes to commit fraud and avoid exposure or prosecution
- less transparency over the actions and decisions of staff and third parties
- staff or contractors taking advantage of positions of trust to act corruptly, commit fraud and avoid exposure
- fraud or corrupt activity going unnoticed or unchallenged
- less action and accountability to prevent, detect and respond to fraud and corruption
- unknown and unaddressed systemic fraud or corruption.
How to put this countermeasure in place
Some ways to implement this countermeasure include:
- regular Information and Communications Technology security audits
- annual program performance audits
- random site visits for providers
- regular payment accuracy surveys
- monthly audits of staff travel expenditure
- regular reviews of grants allocations
- regular audits of credit card spending.
How to measure this countermeasure's effectiveness
Measure the effectiveness of this countermeasure using the following methods:
- Review the outcomes of audits or reviews.
- Confirm that audits or reviews are actually undertaken.
- Check how regularly audits or reviews are performed.
- Confirm that the scope of audits or reviews consider fraud risks and controls.
- Confirm that audits or reviews are independent, completed by qualified persons and are resilient to corrupting influences.
- Check that recommendations or actions resulting from audits or reviews are implemented.
- Check what other reporting occurs, such as executive review of reports during committee meetings.
This type of countermeasure is supported by:
Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.
Make sure a manager, independent person or expert oversees actions and decisions. Involving multiple people in actions and decisions increases transparency and reduces the opportunity for fraud.
Collaborate with strategic partners such as other government entities, committees, working groups and taskforces. This allows you to share capability, information and intelligence and to prevent and disrupt fraud.
Put protections in place to prevent data from being manipulated or misused.
Collect and analyse data to improve processes and controls, increase payment accuracy and find and prevent non-compliance, fraud and corruption.
Train and support staff to identify red flags to detect fraud, know what to do if they suspect fraud and know how to report it. Fraudsters can take advantage if staff and contractors are not aware of what constitutes fraud and corruption.
Reconcile records to make sure that 2 sets of records (usually the balances of 2 accounts) match. Reconciling records and accounts can detect if something is different from what is standard, normal, or expected, which may indicate fraud.
Prepare summary reports on activities for clients, managers or responsible staff.
Establish exception reports to identify activities that are different from the standard, normal, or expected process and should be further investigated.
Capture documents and other evidence for requests, claims and activities to detect, analyse, investigate and disrupt fraudulent activity.
Audit logging is system-generated audit trails of staff, client or third-party interactions that help with fraud investigations.