Learn about your obligations

This page includes the core obligations for Commonwealth entities to reduce fraud and its impacts, and make sure there is transparency and accountability in counter fraud processes. For the full list of obligations see the Commonwealth Resource Management Framework and the Commonwealth Fraud Control Framework.

All Commonwealth entities must have counter fraud arrangements in place. Certain obligations are either binding or considered better practice, depending on whether the entity is a non-corporate or a corporate Commonwealth entity.

Establish who is responsible for countering fraud

Non-corporate entities: Binding

Corporate entities: Binding

A Commonwealth entity’s Accountable Authority (Secretaries, Chief Executives or the governing board) is responsible for establishing and maintaining an appropriate system of internal fraud control for their entity. Their duties include developing a fraud control framework for their entity and taking all reasonable measures to prevent, detect and deal with fraud relating to the entity (section 10 of the Public Governance, Performance and Accountability Rule 2014).

Conduct regular fraud risk assessments

Non-corporate entities: Binding

Corporate entities: Binding

All Commonwealth entities must conduct regular fraud risk assessments (subsection 10(a) of the Public Governance, Performance and Accountability Rule 2014).

Fraud risk assessments enable entities to identify threats, vulnerabilities and impacts that can adversely affect entities and the services they deliver. They also help entities understand how fraudsters will target their programs and what countermeasures are most important.

Learn how to conduct a fraud risk assessment.

Create a fraud control plan

Non-corporate entities: Binding

Corporate entities: Binding

All Commonwealth entities must have an up-to-date Fraud Control Plan (subsection 10(b) of the Public Governance, Performance and Accountability Rule 2014).

Fraud control plans help entities have structures, controls and strategies in place to counter fraud. This enables fraud to be dealt with quickly and in a consistent manner while also providing accountability and transparency.

Learn how to create a fraud control plan.

Put in place countermeasures to prevent fraud

Non-corporate entities: Binding

Corporate entities: Binding

All Commonwealth entities must have appropriate fraud prevention processes (subsection 10(c) of the Public Governance, Performance and Accountability Rule 2014).

These processes include making sure:

• officials and contractors are aware of what fraud is and how to report it
• fraud risk is taken into account when planning and conducting activities.

The most effective way to deal with fraud is to prevent it. Prevention measures reduce the likelihood of fraud and its impacts. Preventing fraud is also cost effective as it reduces the need for expensive response activities such as fraud investigations.

Explore different types of prevention countermeasures.

Put in place countermeasures to detect fraud

Non-corporate entities: Binding

Corporate entities: Binding

All Commonwealth entities must have appropriate processes to detect fraud (subsection 10(d) of the Public Governance, Performance and Accountability Rule 2014). Strong detection countermeasures enables entities to identify and deal with fraud earlier which reduces the impact of fraud. Strong detection measures also help deter fraud.

Explore different types of detection countermeasures.

Create documented instructions and procedures to help staff prevent, detect and deal with fraud

Non-corporate entities: Binding

Corporate entities: Better practice

Document instructions and procedures to help staff prevent, detect and deal with fraud (paragraph 1 of the Commonwealth Fraud Control Policy). This helps staff take appropriate actions to manage fraud and encourages a more consistent and timely response to fraud incidents.

Learn more about developing a fraud strategy document.

Staff primarily focused on fraud control must have qualifications/training

Non-corporate entities: Binding

Corporate entities: Better practice

Make sure staff engaged in fraud control activities are appropriately trained (paragraph 14 of the Commonwealth Fraud Control Policy). It requires a specific skillset to understand and deal with fraud risks and countermeasures. Staff with a lack of appropriate skills may lead to fraud risks not being identified or inappropriate controls.

Learn more about fraud training and qualifications.

Investigate and deal with incidents of fraud

Non-corporate entities: Binding

Corporate entities: Better practice

Investigate fraud consistent with requirements in the Australian Government Investigations Standards (paragraph 4 of the Commonwealth Fraud Control Policy).

Learn more about fraud investigations.

Refer serious or complex investigations to the Australian Federal Police

Non-corporate entities: Binding

Corporate entities: Better practice

Refer all serious and complex fraud to the Australian Federal Police (AFP) unless otherwise exempted (paragraph 8 of the Commonwealth Fraud Control Policy).

Referring serious and complex fraud to the AFP helps provide crucial information about the state of fraud. It also allows the AFP to better allocate resources and avoid conflicts with other investigations.

Learn more about requesting support from the AFP.

Deal with the fraud if law enforcement declines to investigate

Non-corporate entities: Binding

Corporate entities: Better practice

Deal with fraud that occurs, including making sure matters are resolved appropriately. This includes investigating and dealing with fraud if a law enforcement entity declines a referral (paragraph 7 of the Commonwealth Fraud Control Policy).

Qualified staff must conduct fraud investigations

Non-corporate entities: Binding

Corporate entities: Better practice

Make sure fraud matters are investigated by qualified staff (paragraph 9 of the Commonwealth Fraud Control Policy). Investigations are technical and if information is not collected appropriately it may mean that it cannot be used in further proceedings. Investigations are also invasive and it is necessary to have appropriately skilled investigators conducting the investigation in order to make sure they are fair to the people being investigated.

Learn more about training staff to be effective analysts and investigators.

Report fraud to the Australian Institute of Criminology

Non-corporate entities: Binding

Corporate entities: Better practice

Non-Corporate Commonwealth entities must provide information on their fraud incidents to the Australian Institute of Criminology (paragraph 14 of the Commonwealth Fraud Control Policy). This is also considered better practice for Corporate Commonwealth entities.

Reporting on fraud helps the government stay accountable, understand the extent of fraud and set priorities to deal with fraud. The Australian Institute of Criminology enables the government to understand and measure the amount of fraud occurring against it.

Report significant fraud to the relevant Minister

Non-corporate entities: Binding

Corporate entities: Binding

All entities must report significant fraud to their relevant Minister (section 19 of the Public Governance, Performance and Accountability Act 2013). Reporting fraud helps to make sure ministers are aware of relevant incidents.

Record and report incidents of fraud

Non-corporate entities: Binding

Corporate entities: Binding

All Commonwealth entities must have appropriate processes for recording and reporting incidents of fraud (subsection 10(f) of the Public Governance, Performance and Accountability Rule 2014).

Non-Corporate Commonwealth entities must have procedures in place to collect and manage information about fraud against the entity (paragraph 12 of the Commonwealth Fraud Control Policy). 

Collecting information about fraud helps entities measure the amount of fraud occurring against them, as well as identify high risk areas and detect other fraud.

Learn more about activity reporting.

Document decisions to use in civil, administrative or disciplinary procedures

Non-corporate entities: Binding

Corporate entities: Better practice

Document decisions to take action or not take action to a fraud against the entity (paragraph 5 of the Commonwealth Fraud Control Policy).  This supports consistent, transparent and accountable decision-making. This is also considered better practice for Corporate Commonwealth entities.

Learn more about enforcing penalties for fraud and non-compliance.

Recover financial losses caused by illegal activity

Non-corporate entities: Binding

Corporate entities: Better practice

Make all reasonable attempts to recover financial losses from fraud (paragraph 10 of the Commonwealth Fraud Control Policy). It is important to recover money lost to fraud to deter future fraud. It also disrupts criminal activity and prevents public money being used to fund further crime.

Learn more about recovery and debt management.

Share information about criminal activity with other entities

Non-corporate entities: Binding

Corporate entities: Better practice

Disclose information about potential fraud affecting another entity to that entity (subject or other legal requirements) (paragraph 11 of the Commonwealth Fraud Control Policy). Fraudsters often target multiple entities and programs. Other entities may be in a better position to respond to fraud. It is also crucial to combat and disrupt fraud as it can help stop fraud earlier.

Learn more about coordinated disruption activity.