Agencies responded appropriately to incidents of fraud where they had occurred, however did not require post incident reviews or trend analysis as part of their fraud management framework

We found that where incidents of fraud had occurred agencies had investigated them in a timely manner and taken appropriate action. This included reporting to the Corruption and Crime Commission and where necessary to the Police. Perpetrators were appropriately disciplined. Depending on the nature of the incident this ranged from internal disciplinary action to dismissal.

We noted that agencies’ policies do not require post incident review of controls or trend analysis following significant incidents of fraud or corruption. Two agencies regularly reviewed the controls following a fraud incident however none analysed trends on an annual or bi-annual basis to identify systemic control weaknesses. Monitoring and tracking of incidents allows agencies to identify trends that may indicate that improvements to controls are required.

During the course of the audit it was noted that there were varied approaches to the recording of information. Five agencies do not record any information in a central register while four have a well-developed register which could allow management to conduct regular analysis.