Skip to main content

Coronavirus (COVID-19) and the Attorney-General’s Department: Find out how our services are being delivered and how you can access them. For the latest COVID-19 news, updates and advice from the Australian Government, visit

Requests, claims or activities are approved by the appropriate decision-maker


Previous page


Next page


All requests, claims or activities must be approved by an appropriate decision-maker.

NB: Strong workflow controls are enforced by systems.


Some examples of this type of countermeasure include:

  • Programme payments automatically workflow through to the correct delegate for approval.
  • All asset requests are approved by the requester's line manager.
  • All travel expenditure must be approved by the appropriate spending approver.
  • Payments exceeding a certain threshold must be approved by a specified approver.
  • Purchase orders automatically workflow through to the procurement team and spending approvers in the finance system.

Purpose of this countermeasure

Staff or contractors can abuse their position of trust to process fraudulent requests or claims for themselves or another person. Staff or contractors can also be coerced to process fraudulent requests or claims for another person or entity, e.g. pressured to pay a fraudulent invoice.

Staff or contractors can also abuse their position of trust to access and disclose official information without authority.

Acting dishonestly or influencing a Commonwealth public official to commit fraud are offences under the Criminal Code Act 1995.

Allowing someone other than the appropriate decision-maker to approve a requests, claim or activity can lead to:

  • dysfunctional and obscure processes, and
  • poor management of decision-making and risk.

For example, staff could collude to approve leave or overtime without the knowledge or approval of the manager or central delegate.


This type of control is supported by:

How do I know if my countermeasures are effective?

You can apply the following methods to measure the effectiveness of these types of countermeasures:

  • Consult staff approval processes. Confirm they have a correct and consistent understanding.
  • Identify how approval requirements are communicated to staff.
  • Confirm the existence of approval workflows within the system.
  • Review procedures or guidance to confirm it clearly specifies approval processes.
  • Obtain and review requirements for how approvals are obtained.
  • Confirm approvals processes are consistently applied.
  • Confirm that someone cannot override or bypass approval processes, even when pressure or coercion is applied.
  • Review a sample of completed requests/claims to confirm appropriate approval was obtained on all occasions.
  • Quantitative analysis of completed requests/claims or activities to confirm approval is obtained on all occasions.
  • Undertake vulnerability testing or a process walk-through to confirm that approval processes are enforced.
  • Confirm the existence of a review and reconciliation process. Review the reports.
  • Review any past fraud cases to identify how they were allowed to occur.
Previous page


Next page



Commonwealth Fraud Prevention Centre logo