Skip to main content

Coronavirus (COVID-19) and the Attorney-General’s Department: Find out how our services are being delivered and how you can access them. For the latest COVID-19 news, updates and advice from the Australian Government, visit

End of life processes


Previous page


Next page


Processes undertaken to dispose of archaic or surplus systems, HR positions, assets or information to prevent misappropriation.

NB: This may include archiving information or ceasing a customer identity.

This control is underpinned by:


Some examples of this type of countermeasure include:

  • Documents are disposed of in accordance with the relevant Records Authority.
  • Expired building passes must be surrendered to the issuing authority.
  • Vacant HR positions are regularly reviewed and removed if no longer required.
  • Returned unclaimed mail is handled and destroyed appropriately.
  • Redundant ICT stock is effectively sanitised and disposed of.
  • Deceased customer records are protected from misuse, e.g. made read-only.
  • Redundant providers/supplier accounts are protected from misuse, e.g. made read-only.

Purpose of this countermeasure

Staff or contractors can abuse their position of trust to:

  • process fraudulent requests or claims for themselves or another person,
  • access, manipulate or disclose official information without authority, and
  • steal physical assets.

Staff and contractors can also be coerced to commit fraud for the benefit of another person or entity, e.g. coerced to provide information.

Abuse of public office, obtaining property by deception or influencing a Commonwealth public official to commit fraud are offences under the Criminal Code Act 1995.

Failing to effectively dispose of surplus systems, HR positions, assets or information leave them vulnerable to misappropriation. For example, a fraudster could:

  • use old HR positions to make fraudulent payroll payments
  • continue to receive payments for a deceased customer
  • steal surplus assets, or
  • release information held in legacy systems.


This type of control is supported by:

How do I know if my countermeasures are effective?

You can apply the following methods to measure the effectiveness of these types of countermeasures:

  • Review policies and processes. Confirm that a clear and consistent process exists.
  • Consult subject matter experts on processes and systems. Evaluate their understanding and thoughts about fraud control policies.
  • System or process walkthrough – have staff show you the process.
  • Review who has access to perform end of life processes.
  • Confirm that records cannot be manipulated. Test this if required.
  • Analyse data to confirm archaic or surplus systems, HR positions, assets or information are being properly disposed of.
  • Review a sample of documentation to confirm compliance with policies and processes.
  • Check if and how end of life processes are reported.


Previous page


Next page



Commonwealth Fraud Prevention Centre logo