Counter fraud and entity size – is bigger actually better?
The annual Australian Institute of Criminology (AIC) Fraud Questionnaire was completed by 152 Australian Government entities for the 2019-20 financial year. The Commonwealth Fraud Prevention Centre (the Centre) submitted a formal data request to AIC and received a copy of the de-identified responses for analysis. Part of our analysis involved assigning each entity to a size category depending on its number of employees, based on the Australian Public Service Commission’s categories:
- Micro – Less than 20 employees.
- Extra Small – 20 to 100 employees.
- Small – 101 to 250 employees.
- Medium – 251 to 1,000 employees.
- Large – 1,001 to 10,000 employees.
- Extra Large – More than 10,000 employees.
An exploration of the responses found 7 key findings:
- Less than a third of entities (32%) conducted fraud investigations – Only 49 entities reported commencing or finalising at least one fraud investigation during the year and 26 of these were large or extra large entities. There were 22 medium, small and extra small entities that conducted or finalised at least one investigation, and only one micro entity reported investigating fraud. Identifying why so many entities are not detecting or investigating possible fraud could be a future focus area.
- Entities with more employees were more likely to have investigated both internal and external fraud allegations – No micro entities reported investigating internal fraud, and only 4% investigated external fraud. On the other end, 100% of extra large entities reported investigating internal and external fraud. This suggests a connection between how many employees an entity has and its capacity to detect and investigate fraud. Possible reasons for this include entity function, resourcing and opportunities for fraud.
- Only 16% of entities have solely dedicated counter fraud employees – 16% of respondents reported having employees working solely in fraud-related duties and 15% reported having employees working solely in fraud investigations. This percentage increased as entity size increased, as did the average number of employees in each role. A future focus may be understanding the role of counter fraud officials in smaller entities, and understanding the degree that the role is incorporated into other positions.
- 70% of entities reported that they are not fully compliant with all Fraud Rule requirements – The elements of the Fraud Rule are mandatory for non-corporate and corporate Australian Government entities. Entities rated to what extent they met each element, from 1 (not at all) to 5 (fully). 30% of entities reported full compliance with all Fraud Rule requirements, 53% reported partial compliance and 17% reported non-compliance in at least one requirement. Entity size did not significantly link with Fraud Rule compliance.
- Entities are good at recording and reporting fraud, but worse at conducting fraud risk assessments after major changes – For the Fraud Rule requirement of ‘having appropriate mechanisms for recording and reporting incidents of fraud or suspected fraud’, 62% of entities reported full compliance and 3% reported non-compliance. However, for ‘conducting fraud risk assessments after major changes to the structure or function of an entity’, only 48% of entities reported full compliance, with 13% non-compliance.
- Entities are increasingly willing to share data with our Centre: 65% (99 of 152) of entities agreed to share full identified responses with the Centre – Entities were given the option to provide their full responses to all Australian Government entities, only to AIC and the Centre or only to AIC. An additional 38 entities agreed to share their responses with all Australian Government entities. Entity size did not appear to impact whether entities agreed to share their full responses. We’ve had a sneak peak at the 2020-21 fraud census data, and almost 75% of entities (122 of 164) agreed to share their data with the Centre. It’s great to see that an increasing number of entities are trusting the Centre with fraud census data.
- Entities reported total fraud losses of $194.5m and recoveries of $2.7m – Micro entities did not report any losses or recoveries, and only one extra small entity reported losses to fraud. While larger entities report significantly greater financial losses, there are other types of losses that are less quantifiable but potentially equally as harmful. These include human impacts, reputational damage, security concerns, business impacts and environmental outcomes.
Larger entities were more likely than smaller entities to investigate internal and external fraud allegations. This finding may reflect that larger entities have more resources to fight fraud, but it may also reflect that there is less fraud occurring in smaller entities.
It’s important to note that fraud not being detected and investigated does not mean that fraud is not occurring – we know that fraud is under-reported and under-detected. The Commonwealth Fraud Prevention Centre is here to work with all entities, large or small, to help them prevent fraud in all its guises and meet the requirements of the Commonwealth Fraud Control Framework.
Author: Commonwealth Fraud Prevention Centre