Based on our agency fraud and corruption maturity assessment all agencies have room for improvement
During the audit we developed a maturity model based on key components of the Australian Standard. In line with the Standard, we used five categories to assess the maturity of fraud and corruption control at agencies:
- assess and manage fraud risks
- fraud policy development
- communication and training
- prevention and detection
For each category, agencies’ controls and activities were assessed using the criteria and associated rating scale shown in Figure 2.
Agencies were categorised based on revenue and number of employees. This allowed for a comparison of similar sized agencies. However it did not take into account the nature of the service provided and therefore the differing risks faced by each agency. We expected agencies to achieve at least a rating of ‘three’ in each category, with larger, better resourced agencies performing at a higher level. What we found was that all agencies had room for improvement. Only three agencies achieved a score of four (managed and measurable) in any category, while the most common rating across all categories and agencies was two (initial/ad hoc). We note that despite their low ratings, both Murdoch University (Figure 3) and the Department of Transport (Figure 4) were already reviewing their fraud and corruption management. Both agencies had plans in place to implement reforms to correct identified shortfalls.
Landgate was the only agency that achieved a rating of three or above across all categories (Figure 4). Following a high profile fraud incident in 2011, Landgate has strengthened its fraud and corruption framework. ICWA and Water Corporation also demonstrated reasonably good levels of maturity across the five categories we assessed (Figure 3).
We did not expect the two smallest agencies (WAIS or WDC) to perform at the same level as the larger entities. However our assessment indicates all of the agencies have room for improvement. We noted that some smaller agencies were using policies and resources already developed by larger agencies. For instance, some smaller agencies utilised the policies from the Public Sector Commission and risk management advice from the Insurance Commission for developing their own framework. This greatly enhanced their effectiveness and also reduced their time and cost in gaining this information and expertise.