Skip to main content

Coronavirus (COVID-19) and the Attorney-General’s Department: Find out how our services are being delivered and how you can access them. For the latest COVID-19 news, updates and advice from the Australian Government, visit

Incident reporting


Previous page


Next page


Incident reports or breach reporting to identify circumstances where further investigation is required.


Some examples of this type of countermeasure include:

  • The CFO reports financial breaches, e.g. failure to acquit a credit card on time.
  • ICT reports incidents and breaches.
  • Staff must report lost, stolen or damaged assets.
  • Staff are required and supported to report security incidents, e.g. loss of classified documents.

Purpose of this countermeasure

Not reporting incidents or breaches for further investigation can lead to:

  • dysfunctional and obscure processes,
  • reduced transparency, and
  • poor management of performance, decision-making and risk.

Customers, public officials or contractors can take advantage of the obscurity to commit fraud, act corruptly, and avoid exposure.

Abuse of public office or acting dishonestly to commit fraud are offences under the Criminal Code Act 1995.

Activity reporting increases transparency and reduces the opportunity for fraud.


This type of countermeasure is supported by:

How do I know if my countermeasures are effective?

You can apply the following methods to measure the effectiveness of these types of countermeasures:

  • Confirm that the reporting requirements for incidents are appropriate.
  • Confirm that reports are actually produced and used.
  • Review a sample of reports determine if they: a. are clear and relevant, and b. would help someone detect fraud.
  • Confirm that the process for reporting incidents is easy to locate and use.
  • Confirm the options for reporting incidents are clearly communicated.
  • Undertake quantitative analysis of data related to reports. E.g. how many incidents are reported? How often?
  • Confirm that incident reports go to the most appropriate staff/team.
  • Review who has access to incident reports.
  • Check what other reporting occurs, e.g. do executives review reports during committee meetings?


Previous page


Next page



Commonwealth Fraud Prevention Centre logo