Summary reports related to a particular activity are available to customers, managers or responsible officials.
Some examples of this type of countermeasure include:
- A Programme Board receives reports on programme expenditure.
- Programme executives review reports on programme claiming to identify trends and anomalies.
- Line managers receive reports on staff leave and allowances.
- Contract managers receive reports on contractor performance and vendor payments.
Purpose of this countermeasure
Not reporting on activities can lead to:
- dysfunctional and obscure processes,
- reduced transparency, and
- poor management of performance, decision-making and risk.
Customers, public officials or contractors can take advantage of the obscurity to commit fraud, act corruptly, and avoid exposure.
Abuse of public office or acting dishonestly to commit fraud are offences under the Criminal Code Act 1995.
Activity reporting increases transparency and reduces the opportunity for fraud.
This type of control is supported by:
- Governance, accountability and oversight
- Managerial, independent or expert oversight
- Collaboration with strategic partners
- A specific form, process or system must be used
- Data matching
- Data protected from manipulation or misuse
- Data analytics
- Staff are trained and supported to identify and report fraud and corruption
- Tip-offs and Public Interest Disclosures
- Exception reporting
- Incident reporting
- Internal or external audits or reviews
- Audit logging
How do I know if my countermeasures are effective?
You can apply the following methods to measure the effectiveness of these types of countermeasures:
- Confirm that reports are actually produced and used.
- Review a sample of reports determine if they: a. are clear and relevant, and b. would help someone detect fraud.
- Undertake quantitative analysis of data related to reports, e.g. how often are they opened and read?
- Check how reports are provided to determine if the process is adequate. Are they sent to the best person via the best method?
- Confirm that reports are available to appropriate persons e.g. customers can view reports on their online account; line managers receive an email; or executives review reports during committee meetings.
- Confirm that someone cannot manipulate reports (including the data that underlies them). Test this if required.