Mitigating integrity risk through effective controls
The Commonwealth Fraud Prevention Centre has developed an extensive catalogue of common fraud controls.
By the Commonwealth Fraud Prevention Centre
Across the world fraud is widespread – in many western countries it is the most frequent crime. For example, fraud is estimated to account for 40% of all crime committed across the UK.1 Based on international comparators, it is estimated that somewhere between 3% - 5.95% of government outlays are lost to fraud and improper expenditure. This has led to industry experts referring to fraud as the ‘volume crime of our time’.2 If not proactively prevented, serious non-compliance and fraud, including scams, can erode public trust in governments and our institutions, the viability of essential services and safety nets, and trust in the good will of fellow Australians. Fraud can also be a traumatic experience that often causes real and irreversible impacts for victims, their families, carers and communities.3
Robust frameworks and control environments are key to protecting the APS, and the businesses and citizens that we interact with, from the growing economic and societal problem of fraud. Global research has found that gaps or weaknesses in controls lead to more fraud than any other factor.4 To help Australian Government entities strengthen their counter fraud approaches, the Commonwealth Fraud Prevention Centre (the Centre) has developed an extensive catalogue of common fraud controls. Whilst the catalogue is fraud focused, the content and techniques are easily transferable to strengthen integrity in other areas, such as security, cyber, and insider threat and corruption.
How the catalogue was developed
Christopher McDermott, Director of the Centre’s Capability and Development team, began cataloguing common control types while leading Services Australia’s pressure testing program. This extensive program of testing the effectiveness of fraud controls, undertaken over several years, identified similar types fraud controls across Services Australia’s multiple programs and functions. Cataloguing these common control categories provided the opportunity to standardise the way controls were tested, and in doing so, improve the consistency and quality of pressure testing activities.
This work broadened after Chris moved to the Centre in 2019 and has culminated in a practical resource containing 70 examples of common fraud control categories.
Using the catalogue
The catalogue can be used for multiple purposes, including to help:
- identify control gaps in your processes and systems
- discover new controls to further mitigate integrity risks
- increase understanding of how to measure the effectiveness of your existing controls
- design products or guidance on how to mitigate specific integrity risks, and
- improve fraud risk reporting through the use of consistent metrics.
What’s in the catalogue
The catalogue includes:
- A simple summary and purpose of the control
- Examples of the control in action
- A list of other dependent controls
- Suggested ways to measure the control’s effectiveness
- The common methods fraudsters may use to circumvent the control.
The catalogue includes common control types under 3 categories.
Prevention controls are the most common and cost-effective way to mitigate risk. Examples include:
- Integrity checks and suitability assessments
- System or physical access controls
- Confirm identity using evidence and authenticate identity during each interaction
- Verify information you receive
- Data matching.
Detection controls can help identify when a threat has occurred, disrupt additional threats and reduce the consequences. Examples include:
- Fraud and corruption training
- Tip-offs and Public Interest Disclosures
- Automatic notification of high-risk activities and transactions
- Detection software
- Internal or external audits or reviews.
Disruption and Response controls respond to a threat after it has occurred to help reduce or disrupt additional consequences. Examples include:
- Incident response plan
- Fraud investigations
- Audit logging
- Evidence and document capture and storage.
Investing effort and resources to strengthen fraud control environments across the APS will deliver considerable benefits – trust in government will be enhanced, programs will be more effective, public funds will be better spent, our communities will be safer and ultimately our digital economy will be stronger.
Fortunately, the Centre has already written the playbook.
To find out more or gain access to the catalogue, please email firstname.lastname@example.org.
- Relevant studies include KPMG’s 2016 report, ‘Global Profiles of the Fraudster’, PwC’s 2018 Global Economic Crime and Fraud Survey and ACFE’s 2018 Global Fraud Study.
- UK House of Commons Committee of Public Accounts, Fraud and Error – Ninth Report of Session 2021-22, 2021: Fraud and Error (parliament.uk).
- Royal United Services Institute, The Silent Threat – The Impact of Fraud on UK National Security, 2021: the_silent_threat_web_version.pdf.
- International Public Sector Fraud Forum, Guide to Understanding the Total Impact of Fraud, 2020: International Public Sector Fraud Forum guidance - GOV.UK (www.gov.uk)