Skip to main content

Coronavirus (COVID-19) and the Attorney-General’s Department: Find out how our services are being delivered and how you can access them. For the latest COVID-19 news, updates and advice from the Australian Government, visit

Exception reporting


Previous page


Next page


Exception reports identify anomalies for further interrogation. For example, an exception report on payroll would identify unusually high pays.


Some examples of this type of countermeasure include:

  • An exception report of large salary changes and payments.
  • A report is automatically generated to flag unusually high programme payments.
  • A report would highlight excessive ordering of assets.
  • A report is automatically generated to show claimants who have made more than 10 claims within a month.

Purpose of this countermeasure

Someone can make fraudulent claims or requests by acting dishonestly or providing false or misleading information or evidence. Additionally, a staff member can abuse their position of trust to process fraudulent requests or claims, or access information without authority.

Acting dishonestly or providing false or misleading statements or information to commit fraud are offences under the Criminal Code Act 1995.

Not reporting on anomalies for further interrogation can lead to:

  • dysfunctional and obscure processes,
  • reduced transparency, and
  • poor management of fraud and corruption risks.

Exception reporting increases transparency and reduces the opportunity for fraud.


This type of countermeasure is supported by:

How do I know if my countermeasures are effective?

You can apply the following methods to measure the effectiveness of these types of countermeasures:

  • Confirm that the exception tolerances or parameters are appropriate.
  • Confirm that the exception parameters or thresholds are not widely known.
  • Confirm that exception reports are actually produced and used. Is the process is adequate?
  • Confirm that exception reports go to the most appropriate staff/team for review.
  • Process walk through - sit with a staff member while they review the report and respond to anomalies.
  • Review a sample of reports to determine if it would help detect fraud. Is the report clear and relevant to the user?
  • Undertake quantitative analysis of data related to reports. E.g. how many exceptions are reported? How often?
  • Review who has access to exception reports.
  • Confirm that someone cannot manipulate reports (including the data that underlies them). Test this if required.
  • Confirm that reviews of exceptions is segregated from processing staff/teams.
  • Check what other reporting occurs, e.g. do executives review exception reports during committee meetings?


Previous page


Next page



Commonwealth Fraud Prevention Centre logo