Skip to main content

Properly dispose of old or unnecessary systems, records and assets

Type of countermeasure

This is a prevention countermeasure. Prevention countermeasures are the most common and cost effective way to stop fraud. They prevent or limit the size of the fraud risk by reducing the likelihood and consequences of fraud.

decorative  prevention countermeasures


Have processes in place to properly archive or dispose of old or unnecessary:

  • ICT systems
  • assets
  • staff position numbers and access controls
  • client account
  • records.

This control is supported by the National Archives of Australia's Information Management Standards and the Protective Security Policy Framework.

Why this countermeasure matters

Keeping old or unnecessary ICT systems, staff position numbers and access controls, client accounts, assets or records may allow fraudsters to:

  • use old HR position numbers to make fraudulent payroll payments
  • receive payments for deceased customers
  • impersonate government officials
  • steal surplus assets
  • access and release information held in old or unused systems or hardware
  • use stolen records to make fraudulent requests or claims.

How to put this countermeasure in place

Some ways to implement this countermeasure include:

  • archiving information or ceasing a client identity
  • disposing of documents in accordance with the relevant records authority
  • making sure expired building passes are surrendered to the issuing authority
  • regularly reviewing vacant HR position numbers and removing them if no longer required
  • appropriately handling and destroying returned unclaimed mail
  • effectively disposing of redundant ICT stock
  • withdraw access to ICT systems and resources upon separation of personnel
  • withdraw privileged access to ICT systems when no longer required
  • protecting deceased client records from misuse such as by making them read-only
  • protecting redundant provider/supplier accounts from misuse such as by making them read-only.

How do I know if my countermeasures are effective?

Measure the effectiveness of this countermeasure by using the following methods:

  • Review policies and processes to confirm that clear and consistent processes exists.
  • Consult subject matter experts on processes and systems to evaluate their understanding and thoughts about fraud control policies.
  • Conduct a process walkthrough by having staff show you the archive or disposal process.
  • Review who has access to perform archive or disposal processes.
  • Confirm that archived records cannot be manipulated and test this if required.
  • Analyse data or reports to confirm old or unnecessary systems, staff positions and accesses, client accounts, assets or records are being properly archived or disposed of.
  • Review a sample of documentation to confirm compliance with policies and processes.
  • Check if and how archive or disposal processes are reported.

Related countermeasures

Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.

Develop clear instructions and guidance for activities and processes, such as instructions for collecting the right information to verify eligibility or entitlements, procedures to help staff apply consistent and correct processes and guidance to help staff make correct and ethical decisions.

Limit and control functionality within systems with user permissions. Assign permissions to users based on specific business needs, such as making high-risk functions limited to specialised users. The Protective Security Policy Framework sets out the government protective security policies that support this countermeasure.

Reconcile records to make sure that 2 sets of records (usually the balances of 2 accounts) match. Reconciling records and accounts can detect if something is different from what is standard, normal, or expected, which may indicate fraud.

Internal or external audits or reviews evaluate the process, purpose and outcome of activities. Clients, public officials or contractors can take advantage of weaknesses in government programs and systems to commit fraud, act corruptly, and avoid exposure.

Related Fraudster Personas

Was this page helpful?