Guidance material

Controlling fraud and corruption: a prevention checklist

Public sector agencies and local councils that manage fraud risks well are more resistant to corruption. This resource has been developed to assist organisations in assessing their current fraud and corruption prevention practices and identify areas for improvement.

Each public sector organisation will have specific fraud risks and differing levels of risk across the organisation and its services. In determining the best approach to managing these risks, the resources used for preventative strategies should be proportionate to the fraud risk profile.

Organisations also need a mechanism for ensuring that the policies are being followed and there are consequences when they are not. An organisation cannot rely on the existence of policies and procedures alone. Having a workplace culture that is professional and responsible encourages an environment where fraud cannot be tolerated.

  • The Australian Standard for fraud and corruption control defines fraud as:

    'Dishonest activity causing actual or potential financial loss to any person or entity including theft of moneys or other property by employees or persons external to the entity and where deception is used at the time, immediately before or immediately following the activity. This also includes the deliberate falsification, concealment, destruction or use of falsified documentation used or intended for use for a normal business purpose or the improper use of information or position for personal financial benefit.'

    Whether it occurs in the public or the private sector, fraud has a number of negative effects.

    It can result in significant financial losses and reputational damage, which is especially harmful in the public sector as it can impact on public trust in the integrity of government. Fraud can also have significant personal impacts on those affected by it.

    The impact of fraud can be difficult to reverse, underscoring the importance of implementing effective prevention strategies at all levels of an organisation.

  • Public sector organisations are subject to mandatory standards of financial and risk management. The Standards Australia AS 8001–2008 Fraud and Corruption Control standard is a better-practice resource that many organisations adopt voluntarily to develop a robust approach to fraud and corruption control.

    Fraud and corruption risk management is about taking a proactive approach to mitigating the risks posed by fraud and corruption before they occur.

    Strategies and actions to manage fraud and corruption include:

    • prevention – proactive measures designed to help reduce the risk of fraud and corruption occurring in the first place
    • detection – measures designed to uncover incidents of fraud and corruption when they occur
    • response – measures designed to take corrective action and remedy the harm caused by fraud or corruption.
  • Some common examples of fraud in Australia include:

    By individuals

    • theft of plant and equipment by employees
    • theft of inventory by employees
    • false invoicing (creating a fictitious invoice claiming payment for goods or services not delivered or
    • exaggerating the value of goods delivered or services provided)
    • theft of funds or cash (usually involving some form of concealment)
    • accounts receivable fraud (misappropriation or misdirection of remittances received by an entity
    • from a debtor)
    • credit card fraud involving the unauthorised use of a credit card or credit card number issued to another person, or the use of stolen or fraudulently generated credit card numbers by merchants
    • theft of intellectual property or other confidential information
    • release or use of misleading or inaccurate information for the purposes of deceiving, misleading or to hide wrongdoing
    • insider trading (buying and selling shares on the basis of information coming into the possession
    • of the perpetrator by reason of their position but which is not known to investors generally)
    • misuse of position in order to gain some form of financial advantage
    • fraudulent tendering by managers and involving external parties.

    By organisations

    • material and deliberate misstatement of accounting information for an improper purpose (for example to meet performance forecasts)
    • overcharging for goods and services
    • taking-up as revenue remittances received in error rather than allowing a credit to the payer
    • tax evasion
    • money laundering
    • insider trading
    • theft of intellectual property
    • financial reporting fraud (falsification of the entity’s financial statements with a view to obtaining some form of improper financial benefit).
  • An organisation’s approach to managing the risks of fraud and corruption should be underpinned by a whole-of-organisation policy framework, with appropriate benchmarking against established best-practice prevention programs and standards. This non-exhaustive list of prevention practices can be used to assess an organisation's current practice and identify areas for improvement.

    Assessing fraud risk

    • A risk assessment uses methodology consistent with the Australian/New Zealand Standard AS/NZ ISO 31000:2009 Risk Management Principles and Guidelines and thorough, periodic fraud risk assessments are conducted to ensure they identify and effectively manage all fraud risk exposures

    • In identifying fraud risks, consideration is given to the organisation’s size and function, any change in structure or function, external and internal fraud risks, new and emerging fraud risks, and the broader organisational operating environment risks to develop a fraud risk profile

    Implement and maintain an integrity framework

    • Corruption prevention principles form an integral part of corporate, strategic and operational planning processes and objectives, both annually and long term

    • Corruption prevention principles are applied as part of all project planning, agency restructure, business processes and service review processes

    • Arrangements are in place that ensure effective ongoing scrutiny by executive management, internal audit and audit committees, of the effectiveness of the framework

    • Independent reviews are undertaken of the operation and effectiveness of all internal control systems to ensure they adequately prevent, deter and detect major frauds

    Fraud control governance arrangements

    • A member of the executive management is the central point of contact for fraud control policies within the organisation

    • A fraud and corruption control policy communicates the organisation’s commitment to fraud and corruption control, setting out the executive management’s approach to preventing, detecting and responding to fraud and corruption

    • A fraud control plan has been developed for minimising the impact and likelihood of identified fraud risks

    Management commitment to controlling the risks of fraud

    • Ethics, compliance and fraud prevention goals are included in the performance measures against which managers are evaluated and are used to determine performance-related progression

    Ethical framework

    • A code of conduct or ethical framework states the standards employees are expected to uphold

    Line management accountability

    • People in high-risk positions, such as procurement, revenue receipt, providing exemptions or who have discretionary decision-making roles are appropriately trained, supervised and supported

    • Supervisors are alert to signs of stress experienced by staff or of other unexplained changes in behaviour or attitude, particularly holders of high-risk roles

    Internal controls

    • The organisation uses internal audit to actively review its risk management systems and controls, and aligns these with its own risk profile

    • The organisation systematically monitors and reports on the effectiveness of its fraud control strategies7 at least annually, and there are clearly documented procedures for conducting high risk activities such as tendering, accounts payable or purchasing and managing assets

    • A clearly articulated stance on the acceptance of gifts or benefits is known and understood by all employees

    Employee awareness

    • Employees are provided with fraud and corruption awareness training during induction so they are in a better position to take appropriate action when faced with unethical behaviour

    • Ongoing fraud and corruption awareness activities and training are conducted for all staff, including suppliers, volunteers and contractors to foster awareness of the significance of fraud and corruption and their potential impacts on the organisation

    • Specialist training is provided for key positions performing identified higher-risk functions

    • Employees know and understand the need to declare and manage conflicts of interest

    Client and community awareness

    • Customers and the community are aware the organisation will not tolerate fraudulent or corrupt behaviour and are given a channel for reporting any concerns

    Pre-employment screening

    • There is an established pre-employment screening policy, including employment, qualifications, credit, criminal history and reference checks which can help identify potential issues and factors that may be indicative of fraud risk, such as prior criminal convictions for dishonesty

    Supplier and client vetting

    • The credentials of new suppliers and customers are checked and periodically confirmed

    • The organisation's fraud control policy is provided to external service providers

    Avenues for reporting suspected incidents

    • A range of internal and external reporting mechanisms is in place to report suspected unethical behaviour, including fraud and corruption

    • The reporting mechanisms, including what needs to be reported and to whom, are well known by employees and the broader community, and are easily accessible

    Protections for disclosers

    • Mechanisms, policies and procedures for supporting and protecting disclosers are established as required by the Public Interest Disclosures Act 2012 (Vic)

    • Strict confidentiality is maintained from the outset in the receipt and processing of reports of fraud and corruption 

    • AS 8001 – 2008 Fraud and corruption Control, Standards Australia, 6 March 2008, Sydney
    • Association of Certified Fraud Examiners, ACFE fraud prevention check-up, 2012, ACFE, Austin, USA
    • Australian National Audit Office, Fraud control in Australian government entities, Better practice guide, March 2011, Canberra
    • Corruption and Crime Commission, Misconduct resistance: an integrated governance approach to protecting agency integrity, 2008, CCC, Perth
    • Crime and Misconduct Commission, Fraud and corruption control: guideline for best practice, March 2005, CMC, Brisbane
    • Ernst and Young, Navigating today’s complex business risks: Europe, Middle East, India and Africa fraud survey 2013, http://www.ey.com/GL/en/Services/Assurance/Fraud-Investigation, accessed 11/10/2013
    • Graycar A, Perceptions of corruption in Victoria: Independent Broad-based Anti-corruption Commission Research Paper, September 2013, Australian National University