Develop a coordinated approach to manage fraud risks

• Fraud risks across organisation are assessed, documented and controls are in place.

• Fraud and Corruption Control Plan (Plan) is in place and reviewed at least once every 2 years.

• Audit committee engages with internal audit plan to ensure fraud risks are considered.

Create a fraud resistant organisation

• Integrity policies (such as Codes of Conduct and conflicts of interest) are appropriate, clearly written and available.
• Staff regularly engage with integrity policies. For example, signing yearly an understanding of the Code of Conduct.
• Fraud prevention and awareness training, newsletters and presentations are used to communicate entities ethical standards to staff.

• Business processes, especially those assessed as higher risk, have controls that are well documented, updated and understood by all staff.
• Entities verify identity and credentials of all new employees and employees transferring to areas of higher risk, including:

• • verify necessary qualifications
  • review of past work history and referee checks
  • criminal background checks
  • confirm professional memberships are valid.

• Supplier credentials are checked, particularly for high-risk or high value purchases, including:

• • Confirm ABN
  • confirm directors are not bankrupt or disqualified.

Entities are ready to detect fraud

• Entities should implement detection systems, as appropriate to their business needs, to identify potential fraud as soon as possible.
• Multiple avenues are in place for staff, the public and suppliers to report concerns.
• Reporting processes are well advertised, and include anonymous options.

Entities are ready to respond to potential fraud

• Entities should implement processes to record, analyse and escalate all incidents.
• Processes are in place to review internal controls after incidents.