​​​​​​​
You are here: Skip breadcrumbAttorney-General's Department >> Integrity >> Counter fraud >> Better practice fraud control >> Key fraud control considerations

 Key fraud control considerations

A systematic approach to fraud control contains the following elements in an ongoing cycle:

 

Fundamentals for sound fraud control

  • Are the entity's fraud control arrangements consistent with the expectations of the Commonwealth Fraud Control Framework established under the Public Governance, Performance and Accountability Rule 2014?
  • Is the senior leadership team suitably visible and engaged in fraud control within the entity?
  • Does the entity promote an ethical culture to assist in preventing fraud and helping detect it once it occurs?
  • Has the accountable authority established a suitable governance structure for fraud control that reflects the operating environment and risks of the entity?
  • Does the entity take opportunities to engage with other entities and relevant networks to share information and experiences relating to contemporary fraud control approaches?

Back to better practice overview
Back to top

Risk management and planning

  • Does the entity manage its fraud risks in a way which best suits the individual circumstances of the entity, in the context of the entity's overarching risk management framework (as described in the Commonwealth Risk Management Policy)?
  • What is the most effective mechanism to consult and communicate with staff on fraud risks and the entity's fraud control plan?
  • Has the entity identified relevant fraud risks, taking into consideration the entity's role, size and function, ongoing and emerging fraud risks, and broader organisational risks?
  • Are the fraud control mechanisms in place to address identified fraud risks fit for purpose and based on the entity's individual risk context?
  • When did the entity last conduct a fraud risk assessment?
  • Was a fraud risk assessment conducted when there was a substantial change in the structure, functions or activities of the entity?
  • Is the fraud risk assessment updated through regular, targeted risk assessments?
  • Has the entity developed and implemented a fraud control plan following the fraud risk assessment?
  • Does the entity's Audit Committee receive sufficient and timely information on fraud control arrangements to allow it to provide adequate assurance to the accountable authority?
  • Does the Executive have clear oversight of the entity's fraud control plan?
  • Does monitoring and evaluation of the fraud control plan inform fraud risk assessment and fraud control strategies on an ongoing basis?
  • Does monitoring and evaluation of the fraud control plan inform fraud risk assessment and fraud control strategies for key stages in the life-cycle of the entity's key functions, particularly program design?
  • Are there any entity functions or responsibilities, including large and/or high risk programs that warrant their own fraud control plan based on assessed risks?

Back to better practice overview
Back to top

Fraud prevention

Discover more information about fraud prevention countermeasures.

Back to better practice overview
Back to top

Fraud detection

Discover more information about fraud detection countermeasures.

Back to better practice overview
Back to top

Fraud response

  • What mechanisms does the entity have in place for investigating or otherwise dealing with incidents of fraud or suspected fraud?
  • Is there an electronic system (fraud incident register) for recording allegations?
  • Do the entity's incidents of potential fraud warrant development of a case prioritisation model?
  • Are there procedures in place which cover the process for undertaking initial evaluations of allegations?
  • Does the entity use the Australian Government Investigations Standards when conducting investigations?
  • Are employees or contractors responsible for conducting investigations on behalf of the entity appropriately qualified?
  • Is relevant fraud investigation capability available within the entity, or have other arrangements for investigations been considered?
  • Is there a policy that recovery action be undertaken only where the likely benefit will exceed the recovery costs?
  • Are there processes in place to seek recoveries?
  • Following an instance of fraud, does the entity review the work processes subject to the fraud to determine whether changes are required to existing processes, including processes relating to fraud risk assessment and fraud prevention?
  • Does the entity monitor and asses the effectiveness of its fraud response activities? How does this assessment inform ongoing fraud control arrangements?

Discover more information about fraud response countermeasures.

Back to better practice overview
Back to top

Recording and reporting fraud

  • What mechanisms are in place for recording and reporting instances of fraud or suspected fraud?
  • Are the mechanisms in place for recording and reporting incidents of fraud appropriate for the number and type of cases of fraud and the complexity of investigations undertaken?
  • Do recording and reporting mechanisms include the outcomes of incidents and investigations?
  • Are fraud incidents reported, and outcomes of investigations communicated internally to officials of the entity?
  • Does the entity report annually to the responsible Minister or Presiding Officer (as required) on fraud initiatives planned and undertaken, the significant fraud risks facing the entity, and any significant fraud incidents that occurred?

Back to better practice overview
Back to top

​​​​Commonwealth Fraud Prevention Centre logo​​​​​​​​​​​​​ ​​​​​​​​​​​​​​