Legislation and policies
Legislation and policy can help prevent, detect and respond to fraud, such as by:
- outlining clear rules, regulations and criteria
- allowing entities to collect, use and disclose information
- allowing entities to enforce penalties and recover fraud losses.
Why this countermeasure matters
Activities that are not guided by good legislation or policy may lead to:
- high levels of non-compliance due to inconsistent and unclear processes, rules and decision-making
- fraudsters taking advantage of loose rules and requirements to commit fraud and avoid exposure or prosecution
- fraud or corrupt activity going unnoticed or unchallenged
- less action and accountability to prevent, detect and respond to fraud and corruption
- unknown and unaddressed systemic fraud or corruption.
How you might apply this countermeasure
Some ways to implement this countermeasure include:
- legislation that outlines clear requirements and criteria, and policies that support them
- legislation that allows the collection, use and disclosure of information to prevent, detect and respond to fraud, and policies that support this
- legislation that supports fraud investigations, the enforcement of penalties and the recovery of fraud losses, and policies that support these activities
- processes that align with the Public Governance, Performance and Accountability Act 2013 and Accountable Authority Instructions
- processes that align with the Australian Privacy Principles
- processes and policies that align with the Protective Security Policy Framework
- policies and processes that govern how assets are managed and reported
- policies and processes that govern staff travel and other HR matters.
How to check if your countermeasures are effective
Here are some ways to measure the effectiveness of this type of countermeasure:
- confirm that legislation and policies exist.
- review policies to confirm they are consistent with the legislation.
- review processes to confirm they are consistent with policies.
- confirm that staff can easily find and reference legislation and policies.
- confirm that staff can easily understand and apply legislation and policies.
- ask staff about any known vulnerabilities in the policies and processes that may increase rates of non-compliance and fraud.
- ask staff about any legislation or policies that unreasonably limit their ability to collect, use and disclose information to prevent, detect and respond to fraud.
- ask fraud control staff about any barriers to conducting fraud investigations, enforcing penalties and recovering fraud losses.