Audits or reviews

Type of countermeasure

This is a detection countermeasure. Detection countermeasures can help to identify when fraud has occurred. They can help disrupt additional fraud and reduce the consequences.

Summary

Internal or external audits or reviews evaluate the process, purpose and outcome of activities. Clients, public officials or contractors can take advantage of weaknesses in government programs and systems to commit fraud, act corruptly, and avoid exposure.

Why this countermeasure matters

A lack of regular audits or reviews of activities may lead to:

  • fraudsters feeling more confident their actions will not be detected
  • high levels of non-compliance or errors due to inconsistent and unclear processes, rules and decision-making
  • fraudsters taking advantage of inconsistent practices and processes to commit fraud and avoid exposure or prosecution
  • less transparency including over the actions and decisions of staff and third parties
  • staff or contractors taking advantage of positions of trust to act corruptly, commit fraud and avoid exposure
  • fraud or corrupt activity going unnoticed or unchallenged
  • less action and accountability to prevent, detect and respond to fraud and corruption
  • unknown and unaddressed systemic fraud or corruption.

How you might apply this countermeasure

Some ways to implement this countermeasure include:

  • regular Information and Communications Technology security audits
  • annual program performance audits
  • random site visits for providers
  • regular payment accuracy surveys
  • monthly audits of staff travel expenditure
  • regular reviews of grants allocations
  • regular audits of credit card spending.

How to check if your countermeasures are effective

Here are some ways to measure the effectiveness of this type of countermeasure:

  • review the outcomes of audits or reviews
  • confirm that audits or reviews are actually undertaken
  • check how regularly audits or reviews are performed
  • confirm that the scope of audits or reviews consider fraud risks and controls
  • confirm that audits or reviews are independent, completed by qualified persons and are resilient to corrupting influences
  • check that recommendations or actions resulting from audits or reviews are implemented
  • check what other reporting occurs, such as executive review of reports during committee meetings.

Related countermeasures

This type of countermeasure is supported by:

Governance, accountability and oversight

Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.

Managerial, independent or expert oversight

Make sure a manager, independent person or expert oversees actions and decisions. Involving multiple people in actions and decisions increases transparency and reduces the opportunity for fraud.

Reconcile records

Reconcile records to make sure that 2 sets of records (usually the balances of 2 accounts) match. Reconciling records and accounts can detect if something is different from what is standard, normal, or expected, which may indicate fraud.

Document capture and storage

Capture documents and other evidence for requests, claims and activities to detect, analyse, investigate and disrupt fraudulent activity.

Audit logging

Audit logging is system-generated audit trails of staff, client or third-party interactions that help with fraud investigations.

Related Fraudster Personas

This countermeasure helps prevent, detect or respond to the following Fraudster Personas:

The Fabricator

The Fabricator invents or produces something that is false to dishonestly gain personal benefits.

The Concealer

The Concealer hides their actions from being seen or known about to dishonestly gain personal benefits.

The Exploiter

The Exploiter uses something for a wrongful purpose to dishonestly gain personal benefits.

The Coercer

The Coercer influences, manipulates or bribes another person to act in a desired way to dishonestly gain personal benefits.

The Deceiver

The Deceiver makes others believe something that is not true to dishonestly gain personal benefits.

Was this page helpful?