Managing integrity risk through effective controls
Fraud is widespread across the world and is the most common crime in many Western countries. For example, fraud is estimated to account for 40% of all crime in the UKi. Based on international comparisons, it is estimated between 3% - 5.95% of government outlays are lost to fraud and improper expenditure. If not proactively prevented, serious non-compliance and fraud, including scams, can erode public trust in governments and institutions, the viability of essential services and safety nets, and trust in the goodwill of fellow Australians. Fraud can also be a traumatic experience causing real and irreversible impacts for victims, their families, carers and communitiesii.
Robust frameworks and control environments are key to protecting the APS, and the businesses and citizens we interact with, from the growing economic and social problem of fraud. Global research has found gaps or weaknesses in controls lead to more fraud than any other factoriii. To help Australian Government entities strengthen their counter-fraud approaches, the centre has developed a catalogue of common fraud controls. While the catalogue is fraud focused, the content and techniques are transferable to strengthen integrity in other areas, such as security, cyber and insider threat and corruption.
How the catalogue was developed
Centre Capability and Development team director Christopher McDermott began cataloguing common control types while leading Services Australia's pressure testing program. This extensive program of testing the effectiveness of fraud controls, undertaken over several years, identified similar types of fraud controls across Services Australia's multiple programs and functions. Cataloguing these common control categories provided the opportunity to standardise the way controls were tested, and in doing so, improve the consistency and quality of pressure testing activities.
This work broadened after Chris moved to the Commonwealth Fraud Prevention Centre in 2019 and has culminated in a practical resource containing 70 examples of common fraud control categories.
Using the catalogue
The catalogue can be used for multiple purposes, including to help:
- identify control gaps in your processes and systems
- discover new controls to further mitigate integrity risks
- increase understanding of how to measure the effectiveness of your existing controls
- design products or guidance on how to mitigate specific integrity risks, and
- improve fraud risk reporting through the use of consistent metrics.
What's in the catalogue
The catalogue includes:
- a simple summary and purpose of the control
- examples of the control in action
- a list of other dependent controls
- suggested ways to measure the control's effectiveness
- potential vulnerability indicators
- the common methods fraudsters may use to circumvent the control.
The catalogue includes 3 common control types:
- Prevention controls are the most common and cost-effective way to mitigate risk. Examples include:
- integrity checks and suitability assessments
- system or physical access controls
- confirming identities using evidence and authenticating identities during each interaction
- verifying all information you receive
- data matching
- Detection controls can help identify when a threat has occurred, disrupt additional threats and reduce consequences. Examples include:
- fraud and corruption training
- tip-offs and Public Interest Disclosures
- automatic notification of high-risk activities and transactions
- detection software
- internal or external audits or reviews
- Disruption and Response controls respond to a threat after it has occurred to help reduce or disrupt additional consequences. Examples include:
- incident response plan
- fraud investigations
- audit logging
- evidence and document capture and storage
Investing effort and resources to strengthen fraud control environments across the APS will deliver benefits – trust in government will be enhanced, programs will be more effective, public funds will be better spent, our communities will be safer and our digital economy will be stronger.
To find out more or gain access to the catalogue, contact the Centre.
This article was originally published on the Australian Public Service Academywebsite.
ii - International Public Sector Fraud Forum, Guide to Understanding the Total Impact of Fraud, 2020: International Public Sector Fraud Forum guidance - GOV.UK (www.gov.uk)
iii - Relevant studies include KPMG's 2016 report, 'Global Profiles of the Fraudster', PwC's 2018 Global Economic Crime and Fraud Survey and ACFE's 2018 Global Fraud Study