Create legislation and policies that help prevent, detect and respond to fraud
Summary
Legislation and policy can help prevent, detect and respond to fraud, such as by:
- outlining clear rules, regulations and criteria
- allowing entities to collect, use and disclose information
- allowing entities to enforce penalties and recover fraud losses.
Why this countermeasure matters
Activities that are not guided by good legislation or policy may lead to:
- high levels of non-compliance due to inconsistent and unclear processes, rules and decision-making
- fraudsters taking advantage of loose rules and requirements to commit fraud and avoid exposure or prosecution
- fraud or corrupt activity going unnoticed or unchallenged
- less action and accountability to prevent, detect and respond to fraud and corruption
- unknown and unaddressed systemic fraud or corruption.
How to put this countermeasure in place
Some ways to implement this countermeasure include creating:
- legislation that outlines clear requirements and criteria, and policies that support them
- legislation that allows the collection, use and disclosure of information to prevent, detect and respond to fraud, and policies that support this
- legislation that supports fraud investigations, the enforcement of penalties and the recovery of fraud losses, and policies that support these activities
- processes that align with the Public Governance, Performance and Accountability Act 2013 and Accountable Authority Instructions
- processes that align with the Australian Privacy Principles set out in the Privacy Act 1988, and operational privacy policies
- processes and policies that align with the Protective Security Policy Framework
- policies and processes that govern how assets are managed and reported
- policies and processes that govern staff travel and other HR matters.
How to measure this countermeasure's effectiveness
Measure the effectiveness of this countermeasure by using the following methods:
- Confirm that legislation and policies exist.
- Review policies to confirm they are consistent with the legislation.
- Review processes to confirm they are consistent with policies.
- Confirm that staff can easily find and reference legislation and policies.
- Confirm that staff can easily understand and apply legislation and policies.
- Ask staff about any known vulnerabilities in the policies and processes that may increase rates of non-compliance and fraud.
- Ask staff about any legislation or policies that unreasonably limit their ability to collect, use and disclose information to prevent, detect and respond to fraud.
- Ask fraud control staff about any barriers to conducting fraud investigations, enforcing penalties and recovering fraud losses.
Related countermeasures
Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.
Develop clear instructions and guidance for activities and processes, such as instructions for collecting the right information to verify eligibility or entitlements, procedures to help staff apply consistent and correct processes and guidance to help staff make correct and ethical decisions.
Clearly document decision-makers using delegations, authorisations and instructions. Clearly defined decision-making powers increase transparency and reduce the opportunity for fraud and corruption.
Collaborate with strategic partners such as other government entities, committees, working groups and taskforces. This allows you to share capability, information and intelligence and to prevent and disrupt fraud.
Internal or external audits or reviews evaluate the process, purpose and outcome of activities. Clients, public officials or contractors can take advantage of weaknesses in government programs and systems to commit fraud, act corruptly, and avoid exposure.