Skip to main content

The Reckless

The Reckless acts without care, responsibility or regard to the consequences of their actions by disregarding requirements, procedures, warnings or directions to gain personal benefits.

This might involve disregarding contracts or eligibility requirements for personal gain.

Examples:

  • a contractor accepts a contract knowing they cannot deliver the service
  • a service provider uses grant funds for personal use.

Case studies

A Victorian woman has been sentenced to three years and six months’ imprisonment, with a non-parole period of 20 months, for defrauding the Australian Taxation Office (ATO) of $452,000 and attempting to swindle a further $245,000 across a 15-month period.

Countermeasures

Counter the Reckless using measures that support clear and consistent requirements and processes:

Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.

Develop clear instructions and guidance for activities and processes, such as instructions for collecting the right information to verify eligibility or entitlements, procedures to help staff apply consistent and correct processes and guidance to help staff make correct and ethical decisions.

Clearly document decision-makers using delegations, authorisations and instructions. Clearly defined decision-making powers increase transparency and reduce the opportunity for fraud and corruption.

Help and support to customers, staff and third parties to help them follow correct processes and encourage them to comply with rules and processes and meet expectations.

Provide staff with adequate training to increase likelihood that correct and consistent processes and decisions will be applied.

Use declarations or acknowledgments to both communicate and confirm that a person understands their obligations and the consequences for non-compliance. The declaration could be written or verbal, and should encourage compliance and deter fraud.

Limit and control functionality within systems with user permissions. Assign permissions to users based on specific business needs, such as making high-risk functions limited to specialised users. The Protective Security Policy Framework sets out the government protective security policies that support this countermeasure.

Clear eligibility requirements and only approve requests or claims that meet the criteria. This can include internal requests for staff access to systems or information.

Apply limits on requests, claims or processes, such as maximum claim amounts or time periods. Enforce these limits using IT system controls.

Set up system prompts and alerts to warn users when information is inconsistent or irregular, which either requires acceptance or denies further actions.

Change management processes make sure that changes do not create risks or weaken existing countermeasures.

Personal and government information is highly sought after by fraudsters and organised criminals. The way data is collected and stored can also change the scale and impact of a potential breach. To better protect personal information, the minimal data required for a transaction should be collected, used and retained. Make sure sensitive or official information cannot leave your entity's network without authority or detection.

Conduct quality assurance activities to confirm that processes are being followed correctly and to a high standard and/or that material or goods are what they are claimed to be. Quality assurance checks not only improve processing standards, they can also detect potentially fraudulent activity and are a significant deterrent to fraud.

Was this page helpful?