Report 7

Fraud Prevention and Detection in the Public Sector

Planning and resourcing

Agencies lacked a coordinated approach to managing fraud and corruption risks

Fraud and Corruption Control Plan

None of the agencies we examined had a documented fraud and corruption control plan in place. Only ICWA and Murdoch University had started to develop a plan. The other seven agencies had not considered the need to develop a plan specifically for fraud and corruption control. Prior to the date of this report Murdoch University had completed a fraud and corruption control plan which was approved and published in February 2013.

A fraud and corruption control plan enables agencies to ensure that their approach to managing fraud and corruption is comprehensive and subject to regular review to ensure ongoing effectiveness. A fraud and corruption control plan is the first step in the integral management of fraud and corruption as a business risk. Key elements of a fraud and corruption control plan include:

  • organisational commitment to and awareness of fraud and corruption issues
  • specific consideration of fraud and corruption risks
  • concise policies and procedures covering fraud and corruption management
  • allocation of sufficient resources to manage fraud and corruption
  • effective employee, supplier and customer vetting
  • fraud and corruption training and awareness programs
  • post incident reviews of controls.

Fraud and Corruption Risk Identification

Of the nine agencies we examined, seven had identified at least one incident of fraud or corruption in recent years. These incidents were typically for low-level amounts and included misuse of credit cards, misappropriation of assets or theft, timesheet fraud and identity fraud. However, the Police and the Corruption and Crime Commission made it clear that public sector fraud is much more prevalent and serious than suggested by these known instances. Only two of the nine agencies we examined had completed a risk assessment which actively considered fraud and corruption as a category of risk for each area of their business. All agencies were conducting risk assessments in line with Treasurer’s Instruction 825 Risk Management and Security. However, fraud and corruption risks were considered in an ad hoc manner, with only some business areas identifying specific fraud and corruption risks. We believe it likely that the agencies had not identified all the genuine fraud and corruption risks that they need to control.

We found that agencies’ risk registers did contain some fraud risks, but there did not appear to be a coordinated approach to the identification and then classification of those risks across the individual agencies. Most agencies advised that fraud was not normally a focus of their risk management process. Only ICWA had conducted an individual fraud and corruption risk assessment though this was not incorporated into their normal risk management process.

 
Page last updated: June 19, 2013

Back to Top