Skip to main content

Establish exception reporting

Type of countermeasure

This is a detection countermeasure. Detection countermeasures can help to identify when fraud has occurred. They can help disrupt additional fraud and reduce the consequences.


Establish exception reports to identify activities that are different from the standard, normal, or expected process and should be further investigated.

Why this countermeasure matters

Lack of exception reporting may lead to:

  • disorganised or inconsistent practices and decision-making
  • less transparency over actions and outcomes
  • poor management of fraud and corruption risks
  • less action and accountability to prevent, detect and respond to fraud and corruption
  • fraud or corrupt activity going unnoticed or unchallenged.

How to put this countermeasure in place

Some ways to implement this countermeasure include generating exception reports to identify:

  • unusually high pays
  • large salary changes
  • unusually high program payments
  • excessive ordering of assets
  • staff who have made more claims than usual within a month.

How to measure this countermeasure's effectiveness

Measure the effectiveness of this countermeasure using the following methods:

  • Confirm that the exception tolerances or parameters are appropriate.
  • Confirm that the exception parameters or thresholds are not widely known.
  • Confirm that exception reports are actually produced, used and the process is adequate.
  • Confirm that exception reports go to the most appropriate staff/team for review.
  • Walk through processes with staff members while they review reports and respond to anomalies.
  • Review a sample of reports to see if they are clear, relevant to the user and would help detect fraud.
  • Review statistics related to reports, such as how many exceptions are reported and how often.
  • Review who has access to exception reports.
  • Confirm that someone cannot manipulate reports or the data they are based on.
  • Confirm that those who review exceptions are separate from processing staff/teams.
  • Check what other reporting occurs, such as if executives review exception reports during committee meetings.

Related countermeasures

This type of countermeasure is supported by:

Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.

Collaborate with strategic partners such as other government entities, committees, working groups and taskforces. This allows you to share capability, information and intelligence and to prevent and disrupt fraud.

Automatically match data with another internal or external source to obtain or verify relevant details or supporting evidence. This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.

Prepare summary reports on activities for clients, managers or responsible staff.

Report on incidents or breaches to help identify if further investigation is required. Clients, public officials or contractors can take advantage of a lack of reporting and transparency to commit fraud, act corruptly and avoid exposure.

Internal or external audits or reviews evaluate the process, purpose and outcome of activities. Clients, public officials or contractors can take advantage of weaknesses in government programs and systems to commit fraud, act corruptly, and avoid exposure.

Audit logging is system-generated audit trails of staff, client or third-party interactions that help with fraud investigations.

Related Fraudster Personas

Was this page helpful?