Internal or external audits or reviews
Audits or reviews related to the particular activity are undertaken.
Some examples of this type of countermeasure include:
- Periodic ICT security audits.
- Annual programme performance audits.
- Random inspection of providers.
- Payment accuracy reviews.
- Monthly audit of travel expenditure.
- Internal review of grants allocation.
- Six-monthly compliance check of credit card expenditure.
Purpose of this countermeasure
Not conducting regular audits or reviews of activities can lead to:
- dysfunctional and obscure processes,
- reduced transparency, and
- poor management of performance, decision-making and risk.
Customers, public officials or contractors can take advantage of the obscurity to commit fraud, act corruptly, and avoid exposure.
Abuse of public office or acting dishonestly to commit fraud are offences under the Criminal Code Act 1995.
Internal or external audits or reviews increase transparency and reduce the opportunity for fraud.
This type of countermeasure is supported by:
- Governance, accountability and oversight
- Managerial, independent or expert oversight
- Collaboration with strategic partners
- Data protected from manipulation or misuse
- Data analytics
- Staff are trained and supported to identify and report fraud and corruption
- Reconciliation (accounting)
- Activity reporting
- Exception reporting
- Documentation and evidence storage
- Audit logging
How do I know if my countermeasures are effective?
You can apply the following methods to measure the effectiveness of these types of countermeasures:
- Review audit/review outcomes.
- Confirm that audit/reviews are actually undertaken.
- Check how regularly audits/reviews are performed.
- Confirm that the scope of audits/reviews encompass fraud risks/controls.
- Confirm that audits/reviews are independent, completed by qualified persons, and are resilient to corrupting influences.
- Check that recommendations or actions resulting from audits/reviews are implemented.
Check what other reporting occurs, e.g. do executives review reports during committee meetings?