Report incidents or breaches for further investigation
Report on incidents or breaches to help identify if further investigation is required. Clients, public officials or contractors can take advantage of a lack of reporting and transparency to commit fraud, act corruptly and avoid exposure.
Why this countermeasure matters
A lack of reporting on incidents and breaches may result in:
- disorganised or inconsistent practices and decision-making
- less transparency over actions and outcomes
- poor management of performance, decision-making and risk
- less action and accountability to prevent, detect and respond to fraud and corruption
- fraud or corrupt activity going unnoticed or unchallenged.
How to put this countermeasure in place
Some ways to implement this countermeasure include:
- reporting of financial breaches such as failure of a staff member to acquit a credit card on time
- reporting of system security incidents and breaches
- staff reporting lost, stolen or damaged assets
- staff reporting security incidents such as loss of classified documents.
How to measure this countermeasure's effectiveness
Measure the effectiveness of this countermeasure using the following methods:
- Confirm that the reporting requirements for incidents are appropriate.
- Review reporting processes to see if they align with the Australian Government Investigations Standards and other national guidelines and frameworks.
- Confirm that reports are actually produced and used.
- Review a sample of reports to determine if they are clear, relevant and would help someone detect fraud.
- Confirm documents outlining the process for reporting incidents are easy to locate and use.
- Confirm the options for reporting incidents are clearly communicated.
- Review statistics related to reports to identify how many incidents are reported and how often.
- Confirm that incident reports go to the most appropriate staff/team.
- Review who has access to incident reports.
- Check what other reporting occurs, such as if executives review reports during committee meetings.
This type of countermeasure is supported by:
Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.
Make sure a manager, independent person or expert oversees actions and decisions. Involving multiple people in actions and decisions increases transparency and reduces the opportunity for fraud.
Make sure requests or claims use a specific form, process or system for consistency.
Apply limits on requests, claims or processes, such as maximum claim amounts or time periods. Enforce these limits using IT system controls.
Escalate non-standard requests or claims for further review or scrutiny. Non-standard requests or claims might include those that are late, do not meet normal conditions, include evidence that is difficult to verify (such as from overseas) or are for amounts that are higher than normal.
Conduct quality assurance activities to confirm that processes are being followed correctly and to a high standard.
Automatically notify clients or staff about high-risk events or transactions. This can alert them to potential fraud and avoid delays in investigating and responding to fraud.
Allow clients, staff and third parties to lodge complaints about actions or decisions they disagree with. This may help identify fraud or corruption, such as failure to receive an expected payment.
Put in place processes for staff or external parties to lodge tip-offs or Public Interest Disclosures.
Reconcile records to make sure that 2 sets of records (usually the balances of 2 accounts) match. Reconciling records and accounts can detect if something is different from what is standard, normal, or expected, which may indicate fraud.
Prepare summary reports on activities for clients, managers or responsible staff.
Establish exception reports to identify activities that are different from the standard, normal, or expected process and should be further investigated.
Capture documents and other evidence for requests, claims and activities to detect, analyse, investigate and disrupt fraudulent activity.
An incident response plan outlines how an entity will respond to a fraud incident.