Report on incidents or breaches to help identify if further investigation is required. Clients, public officials or contractors can take advantage of a lack of reporting and transparency to commit fraud, act corruptly and avoid exposure.
Why this countermeasure matters
A lack of reporting on incidents and breaches may result in:
- disorganised or inconsistent practices and decision-making
- less transparency over actions and outcomes
- poor management of performance, decision-making and risk
- less action and accountability to prevent, detect and respond to fraud and corruption
- poor culture that fails to identify or report fraud or corrupt activityfraud or corrupt activity going unnoticed or unchallenged.
How you might apply this countermeasure
Some ways to implement this countermeasure include:
- reporting of financial breaches such as failure of a staff member to acquit a credit card on time
- reporting of system security incidents and breaches
- staff reporting lost, stolen or damaged assets
- staff reporting security incidents such as loss of classified documents.
How to check if your countermeasures are effective
Here are some ways to measure the effectiveness of this type of countermeasure:
- confirm that the reporting requirements for incidents are appropriate
- review reporting processes to see if they align with the Australian Government Investigations Standards and other national guidelines and frameworks
- confirm that reports are actually produced and used
- review a sample of reports to determine if they are clear, relevant and would help someone detect fraud
- confirm documents outlining the process for reporting incidents are easy to locate and use
- confirm the options for reporting incidents are clearly communicated
- review statistics related to reports to identify how many incidents are reported and how often
- confirm that incident reports go to the most appropriate staff/team
- review who has access to incident reports
- check what other reporting occurs, such as if executives review reports during committee meetings.
This type of countermeasure is supported by:
Escalate non-standard requests or claims for further review or scrutiny. Non-standard requests or claims might include those that are late, do not meet normal conditions, include evidence that is difficult to verify (such as from overseas) or are for amounts that are higher than normal.
Automatically notify clients or staff about high-risk events or transactions. This can alert them to potential fraud and avoid delays in investigating and responding to fraud.
Allow clients, staff and third parties to lodge complaints about actions or decisions they disagree with. This may identify fraud or corruption as a cause for complaints, such as a failure to receive an expected payment.
Put in place processes for staff or external parties to lodge tip-offs or Public Interest Disclosures.
An incident response plan outlines how an entity will respond to a fraud incident.