Skip to main content

The science of controlling fraud and corruption risk

The science of fraud and corruption control is, in effect, the intentional approach to influencing the elements that converge which lead to fraud, corruption and crime in general:

  • a person's motivation, rationalisation and opportunity (fraud triangle)
  • a motivated offender, a suitable and accessible target, and the absence of a capable guardian (routine activity theory).

Here are a few examples: 

  • Supports and early intervention, e.g. employee assistant programs or a manager identifying red flag behaviour and providing support, can influence what might motivate a person to commit fraud or act corruptly.
  • A positive workplace culture or deterrence messaging can make it more difficult for a person to rationalise committing fraud or acting corruptly (it is more difficult for them to justify the act). 
  • Appropriate checks and oversight (the presence of a capable guardian) can reduce the opportunity to commit fraud or act corruptly.
  • Access controls, e.g. physical or information security controls, can make the target less accessible to a motivated offender.

A healthy organisational culture can be one of the most effective strategies to prevent fraud and corruption. Conversely, an unhealthy workplace culture can create the conditions for fraud or corruption to occur:

  • opportunity through poor internal and external controls 
  • pressure such as incentives that encourage fraudulent or corrupt behaviour 
  • rationalisation or justification by the individual for the dishonest activity. 

A culture of integrity requires a strong value-driven mindset at every level, exemplified by leaders setting the ‘tone from the top’, as well as systems and frameworks that enable and encourage individuals to do the right thing.xi The culture of an organisation also greatly influences how people approach their role in managing fraud and corruption risk. Internal policies, frameworks and controls to combat fraud and corruption cannot work on their own; they must be supported by an organisational culture underpinned by ethics, accountable risk owners and capable guardians.

The following 3 pillars that underpin a culture of integrity within an organisation:

Leadership and Stewardship

In an organisation the “tone from the top’’ can either reinforce ethical behaviour, encouraging it to permeate throughout the culture of the organisation, or undermine it. When leadership openly communicates its commitment to integrity, it sets a precedent for the entire organisation.

Stewardship is a shared responsibility, reflected in the decisions we make – from the advice we provide to government, to the way we work together across agencies, to how we care for the public trust placed in us. 

Policies and Processes

Policies and processes serve as the backbone of an organisation’s culture, influencing its norms, values and practices.

Policies establish guidelines for behaviour, decision-making and interactions shaping the way people engage with each other and the organisation as a whole. Clear and well-defined policies promote consistency, fairness and accountability, fostering a culture of trust and respect. The enforcement of policies communicates the organisation’s commitment to its values and standards, removing the opportunity for fraud and corruption, influencing employees’ behaviour and shaping the overall cultural landscape.

Processes exert significant influence over an organisation’s culture and are driven by relevant policies. The way tasks are structured, workflows are designed and decisions are made all contribute to shaping the prevailing norms and values within the workplace. Efficient, transparent and robust processes can foster a culture of accountability, collaboration and trust. The alignment of processes with an organisation’s goals and values reinforces the desired cultural attributes driving employee behaviour and organisational performance. By continuously refining and adapting processes to meet evolving needs, organisations can build a culture that promotes resilience in the face of change.

Peoplexii

Individuals play a crucial role in influencing and promoting a culture of integrity within their organisation.

Through their actions, attitudes and interactions, people collectively create the environment that defines the organisation’s identity and values. By fostering collaboration, diversity and a sense of belonging through wellbeing support, people cultivate a culture that promotes innovation, productivity and overall success. 
 

Raising awareness of fraud and corruption risk

The Commonwealth Fraud and Corruption Control Framework requires accountable authorities to ensure that officials in an entity are made aware of what constitutes fraud and corruption. Awareness and integrity training are important both as a deterrent and to assist officials to identify risks and red flags. 

Training should be included in induction programs and delivered regularly to all officials through a rolling program. Training is most effective when it's tailored to the specific operations of the entity and the work that staff perform, and should include information on: 

  1. How managing fraud and corruption aligns with the entity’s strategic goals and values (why it is important). 
  2. The responsibilities placed on all officials to control fraud and corruption risks in their day-to-day work. 
  3. What fraud and corruption look like, including common red flags. 
  4. How to respond to the red flags, including how to report suspected fraud or corruption confidentially.

As the well-known Peter Drucker quote says, “what gets measured gets managed,” and that is true for fraud and corruption. One of the challenges in controlling fraud and corruption within the public sector is a limited evidence of their extent and impacts. This is because fraud and corruption are hidden crimes – deliberately concealed by the perpetrators and often overlooked by the affected organisations and programs. However, we know that when organisations invest in capability to find fraud and corruption, they generally find lots of it. It’s there under the surface, we just need to put the effort in to look for it.

The IPSFF Fraud Loss Measurement Framework helps organisations undertake measurement exercises in a way that provide a credible estimate of the levels of fraud and error related to a specific program, activity or function (based on a sample dataset of transactions or payments). This framework outlines:

  • What Fraud Loss Measurement (FLM) is and how it relates to broader fraud measurement and other essential capabilities like risk assessment and control testing.
  • The purpose and benefits of FLM
  • The governance arrangements that support effective FLM capability 
  • The skills and attributes required by staff undertaking FLM exercises
  • How to establish a FLM process
  • How to undertake a FLM exercise, including: 
    • where to undertake measurement,
    • what to measure for, 
    • how to choose the right sample, and
    • how to report on results.

A control is any process, policy, device, system, practice or other action that is put in place to modify the likelihood or consequence of a risk, or to detect if a risk is happening. Controls operate together, and are generally dependent on one another, to mitigate different risks across an organisation or within a specific program, function or activity. An integrated assembly of controls make up a control environment.

Fraud and corruption controls and how they help to mitigate risk

Controls vary in purpose and application. There are 3 key categories of controls, which play a fundamental role in helping entities prevent, detect and respond effectively to fraud and corruption:

Prevention controls are the most common and cost-effective way to stop fraud and corruption, as they prevent or limit the size of risk by reducing the likelihood and consequences of fraud and corruption.

Detection controls can identify and disrupt fraud and corruption and reduce consequences, but are not as cost-effective as prevention controls; however they can significantly reduce impacts, if detection occurs early.

Corrective controls respond to fraud and corruption after they have occurred, to help reduce or disrupt additional consequences, and while they are not as cost-effective as prevention or detection controls, they can significantly reduce the impacts, if implemented effectively.

When determining the level of risk, the combination of the likelihood and consequence that provide an estimation of the current risk level:

  • Likelihood: the probability (what is the chance of fraud or corruption taking place) and frequency (the number of fraud or corruption incidents that can be expected).
  • Consequence: the duration (time before fraud is prevented, detected or disrupted) and the impact (the potential severity of the fraud or corruption).

When looking to mitigate a risk, you can reduce the likelihood (probability and frequency) through prevention controls. A reduction in the consequences (duration and impact) can be achieved through prevention controls but is often achieved through effective detection controls (reduced time to action) and response controls (to reduce or remediate the impacts). 

The most efficient path to reduce risk is achieved by reducing both the likelihood and consequences - through a combination of effective prevention, detection and corrective controls. However, while all these controls are important, control environments should always be geared towards prevention as this is the most cost-effective means of minimising the risk of fraud and corruption to begin with and avoiding the harm they cause.
 

Identifying options to prevent, detect and respond to fraud and corruption

The Centre’s Fraud Control Catalogue provides an extensive reference of over 70 different types of controls that can help Australian Government officials prevent, detect and respond effectively to fraud and corruption. 

This catalogue provides:

  • a summary of each control category
  • specific examples of controls under each category
  • an explanation of the purpose of each control category
  • suggested ways of measuring the effectiveness of controls under each category
  • vulnerabilities to consider for each control category
  • dependencies (links to other control categories that help public bodies develop more complete control environments).

Understanding the different types of controls help you ask the right questions, for example:

  • What type of managerial oversight exists over processes and decisions?
  • How do you verify the evidence submitted by an applicant?
  • Are there automated workflows for decision-making?
  • What fraud detection controls are in place? 
  • Are there easy to access and confidential ways someone lodge a tip-off or complaint?
  • Are there any system audit logs to support detection or an investigation in fraud or corruption?

Early consideration of risk can position an organisation to appropriately balance service delivery priorities such as streamlining processes and improve user experience with safeguarding the integrity of government services, resources and systems.

Assessing fraud and corruption risk and defining prevention mechanisms during the design phase of policies, programs and transformation initiatives is important to ensure that vulnerabilities are identified early. Controls can then be embedded in the policy and legislative frameworks themselves, for example by: 

  • providing robust legislative powers to authenticate identity 
  • sharing information with other entities, or
  • verifying a person’s fitness and propriety before allowing them to access a government scheme or service. 

Accounting for fraud and corruption risks should start with understanding and analysing the features of the new initiative, for example: 

  • whether the program establishes new targets for fraud or corruption (e.g. new financial or non-financial benefits), 
  • how and where the program will be delivered, 
  • what the anticipated volume of transactions is, or 
  • what the government’s expectations in terms of priorities and delivery mechanisms are.

Understanding these factors will help you identify threats, vulnerabilities and other risk factors that might impact on the initiative, and policy elements that could mitigate fraud and corruption.
 

Countering Fraud and Corruption by Design

The Centre’s Countering Fraud and Corruption by Design Toolkit includes principles and tools to help counter fraud and risk practitioners:

  • communicate how countering fraud and corruption is critical to achieving desired policy outcomes
  • collaborate with policy developers to protect new initiatives from abuse
  • take advantage of opportunities across the policy lifecycle to influence and embed integrity thinking
  • access a range of strategies and business enabling tools to strengthen integrity in policy design through effective fraud and corruption control, and 
  • co-design solutions with policy officials at the right points in the policy lifecycle.

Was this page helpful?