Create legislation and policies that help prevent, detect and respond to fraud
Legislation and policy can help prevent, detect and respond to fraud, such as by:
- outlining clear rules, regulations and criteria
- allowing entities to collect, use and disclose information
- allowing entities to enforce penalties and recover fraud losses.
Why this countermeasure matters
Activities that are not guided by good legislation or policy may lead to:
- high levels of non-compliance due to inconsistent and unclear processes, rules and decision-making
- fraudsters taking advantage of loose rules and requirements to commit fraud and avoid exposure or prosecution
- fraud or corrupt activity going unnoticed or unchallenged
- less action and accountability to prevent, detect and respond to fraud and corruption
- unknown and unaddressed systemic fraud or corruption.
How to put this countermeasure in place
Some ways to implement this countermeasure include creating:
- legislation that outlines clear requirements and criteria, and policies that support them
- legislation that allows the collection, use and disclosure of information to prevent, detect and respond to fraud, and policies that support this
- legislation that supports fraud investigations, the enforcement of penalties and the recovery of fraud losses, and policies that support these activities
- processes that align with the Public Governance, Performance and Accountability Act 2013 and Accountable Authority Instructions
- processes that align with the Australian Privacy Principles set out in the Privacy Act 1988, and operational privacy policies
- processes and policies that align with the Protective Security Policy Framework
- policies and processes that govern how assets are managed and reported
- policies and processes that govern staff travel and other HR matters.
How to measure this countermeasure's effectiveness
Measure the effectiveness of this countermeasure by using the following methods:
- Confirm that legislation and policies exist.
- Review policies to confirm they are consistent with the legislation.
- Review processes to confirm they are consistent with policies.
- Confirm that staff can easily find and reference legislation and policies.
- Confirm that staff can easily understand and apply legislation and policies.
- Ask staff about any known vulnerabilities in the policies and processes that may increase rates of non-compliance and fraud.
- Ask staff about any legislation or policies that unreasonably limit their ability to collect, use and disclose information to prevent, detect and respond to fraud.
- Ask fraud control staff about any barriers to conducting fraud investigations, enforcing penalties and recovering fraud losses.