Glossary of terms

the person or group of persons with responsibility for, and control over, a Commonwealth entity's operations.

individual measures, processes or functions that help entities prevent, detect and respond to fraud. An integrated assembly of controls make up a control environment.

a department of state, a parliamentary department, a listed entity or a body corporate established by a law of the Commonwealth.

dishonestly obtaining (including attempting to obtain) a gain or benefit, or causing a loss or risk of loss, by deception or other means.

an official with responsibility for conducting an entity’s fraud prevention activities, such as fraud risk assessment.

the official responsible for implementing and maintaining fraud risk controls. This official should maintain close communication with the fraud risk owner.

a plan outlining the treatment strategies and controls put in place to manage fraud risks and vulnerabilities in an entity.

a document outlining an entity’s strategic direction for countering fraud including dealing with emerging and future fraud risks.

the official responsible for ensuring their fraud risks are monitored and treated with fraud controls in a timely and effective manner. This also requires close communication with fraud control owners.

the rating of a fraud risk at a point in time when a fraud risk assessment is conducted. The rating is based on the risk’s likelihood and consequence and relies on assessing the effectiveness of existing fraud controls.

an official as set out under section Public Governance, Performance and Accountability Act 2013.

the amount of risk an entity is willing to accept or retain in order to achieve its objectives. Risk appetite is usually set out in a statement or series of statements that describe the entity’s attitude toward risk taking.

the specific level of risk taking that is acceptable in order to achieve a specific objective or manage a category of risk. Risk tolerance represents the practical application of risk appetite and will be most effective when it is easily understood by all officials.

a risk rating being targeted once new or more effective fraud controls have been successfully implemented. The new or enhanced controls will be treating the risk’s likelihood and/or consequences.

a senior officer with overall responsibility for an entity’s overall fraud control arrangements.

a strategic-level assessment that enables an entity to identify programs or functions that are at higher risk of fraud, and which require the prioritised application of a fraud risk assessment