Learn about your obligations

This page includes the core obligations for Commonwealth entities to reduce fraud and corruption and its impacts, and make sure there is transparency and accountability in counter fraud and anti-corruption processes. For the full list of obligations see the Commonwealth Fraud and Corruption Control Framework.

All Commonwealth entities must have counter fraud and anti-corruption arrangements in place. Certain obligations are either binding or considered better practice, depending on whether the entity is a non-corporate or a corporate Commonwealth entity.

Establish who is responsible for countering fraud and corruption

Non-corporate entities: Binding

Corporate entities: Binding

A Commonwealth entity’s Accountable Authority (Secretaries, Chief Executives or the governing board) is responsible for establishing and maintaining an appropriate system of internal fraud and corruption control for their entity. Their duties include developing a fraud and corruption control framework for their entity and taking all reasonable measures to prevent, detect and deal with fraud and corruption relating to the entity [section 10 of the Public Governance, Performance and Accountability Rule 2014 (Fraud and Corruption Rule)].

Conduct regular fraud and corruption risk assessments

Non-corporate entities: Binding

Corporate entities: Binding

All Commonwealth entities must conduct regular fraud risk assessments (subsection 10(a) of the Public Governance, Performance and Accountability Rule 2014).

Fraud and corruption risk assessments enable entities to identify threats, vulnerabilities and impacts that can adversely affect entities and the services they deliver. They also help entities understand how fraudsters will target their programs and what controls are most important.

Learn how to conduct a fraud and corruption risk assessment.

Create a fraud and corruption control plan

Non-corporate entities: Binding

Corporate entities: Binding

All Commonwealth entities must have an up-to-date Fraud and corruption control plan (subsection 10(b) of the Fraud and Corruption Rule).

Fraud and corruption control plans help entities document, communicate, manage and monitor activities that manage an entity’s identified fraud and corruption risks. This enables fraud and corruption to be dealt with quickly and in a consistent manner while also providing accountability and transparency.

Learn how to create a fraud and corruption control plan.

Regularly review the effectiveness of fraud and corruption controls

Non-corporate entities: Binding

Corporate entities: Binding

All Commonwealth entities must conduct periodic reviews of the effectiveness of their fraud and corruption controls (subsection 10(c) of the Fraud and Corruption Rule).

Control testing will uncover gaps and vulnerabilities in controls. We encourage entities to treat these gaps and vulnerabilities through a collaborative and co-design approach.

Learn how to review the effectiveness of an entity’s fraud and corruption controls.

Put in place governance structures, processes and officials to oversee and manage fraud and corruption risks

Non-corporate entities: Binding

Corporate entities: Binding

All Commonwealth entities must have governance structures, processes and officials in place to oversee and manage fraud and corruption risks (subsection 10(d) of the Fraud and Corruption Rule).

Governance structures and processes are critical to ensuring effective oversight, decision-making and assurance of the measures and mechanisms entities put in place to manage fraud and corruption. Entities must keep records of those structures, processes and officials.

Learn more about how governance arrangements can help an entity oversee and manage fraud and corruption risks.

Put in place controls to prevent fraud and corruption

Non-corporate entities: Binding

Corporate entities: Binding

All Commonwealth entities must have appropriate fraud and corruption prevention processes (subsection 10(e) of the Fraud and Corruption Rule).

These processes include making sure:

• officials and contractors are aware of what fraud and corruption is and how to report it
• fraud and corruption risk is taken into account when planning and conducting activities.

The most effective way to deal with fraud and corruption is to prevent them. Prevention measures reduce the likelihood of fraud and corruption and their impacts. Preventing fraud and corruption is also cost effective as it reduces the need for expensive response activities such as fraud and corruption investigations.

Learn about preventing fraud and corruption and explore different types of prevention controls.

Put in place controls to detect fraud and corruption

Non-corporate entities: Binding

Corporate entities: Binding

All Commonwealth entities must have appropriate processes to detect fraud and corruption (subsection 10(f) of the Fraud and Corruption Rule). Strong detection controls enables entities to identify and deal with fraud and corruption earlier which reduces the impact of fraud and corruption. Strong detection measures also help deter fraud and corruption.

These processes include:

• processes for entity officials and other persons to report suspected fraud or corruption confidentially
• recording and reporting incidents of fraud or corruption or suspected fraud or corruption.

Learn about detecting fraud and corruption and explore different types of detection controls.

Create documented instructions and procedures to help staff prevent, detect and deal with fraud and corruption

Non-corporate entities: Binding

Corporate entities: Better practice

Document instructions and procedures to help staff prevent, detect and deal with fraud and corruption (paragraph 4.5 of the Commonwealth Fraud and Corruption Control Policy). This helps staff take appropriate actions to manage fraud and corruption and encourages a more consistent and timely response to fraud and corruption incidents.

Learn more about how to document arrangements for managing fraud and corruption risks.

Staff primarily focused on fraud control must have qualifications/training

Non-corporate entities: Binding

Corporate entities: Better practice

Make sure staff engaged in fraud and corruption control activities are appropriately trained and maintain an appropriate level of capability to carry out their duties (paragraph 4.4 of the Commonwealth Fraud and Corruption Control Policy). It requires a specific skillset to understand and deal with fraud and corruption risks and controls. Staff with a lack of appropriate skills may lead to fraud and corruption risks not being identified or inappropriate controls.

Learn more about fraud and corruption training and qualifications.

Investigate and deal with incidents of fraud and corruption

Non-corporate entities: Binding

Corporate entities: Better practice

Investigate fraud and corruption consistent with requirements in the Australian Government Investigations Standards (paragraph 7.5 of the Commonwealth Fraud and Corruption Control Policy).

Learn more about fraud and corruption investigations.

Refer serious or complex fraud investigations to the Australian Federal Police

Non-corporate entities: Binding

Corporate entities: Better practice

Refer all serious and complex fraud to the Australian Federal Police (AFP) unless otherwise exempted (paragraph 7.3 of the Commonwealth Fraud and Corruption Control Policy).

Referring serious and complex fraud to the AFP helps provide crucial information about the state of fraud. It also allows the AFP to better allocate resources and avoid conflicts with other investigations.

Learn more about requesting support from the AFP.

Refer serious or systemic corruption cases to the National Anti-Corruption Commission

Non-corporate entities: Binding

Corporate entities: Binding

Refer all suspected serious and systemic corrupt conduct to the National Anti-Corruption Commission (NACC) (section 33 of the National Anti-Corruption Commission Act 2022, paragraph 7.4 of the Commonwealth Fraud and Corruption Control Policy).

Learn more about the obligation to report to the NACC.

Deal with the fraud and corruption if law enforcement declines to investigate

Non-corporate entities: Binding

Corporate entities: Better practice

Deal with fraud and corruption that occurs, including making sure matters are resolved appropriately. This includes investigating and dealing with fraud and corruption if a law enforcement entity declines a referral (paragraph 7.1 of the Commonwealth Fraud and Corruption Control Policy).

Fraud and corruption investigations must be conducted by qualified staff

Non-corporate entities: Binding

Corporate entities: Better practice

Make sure fraud and corruption matters are investigated by qualified staff (paragraph 7.6 of the Commonwealth Fraud and Corruption Control Policy). Investigations are technical and if information is not collected appropriately it may mean that it cannot be used in further proceedings. Investigations are also invasive and it is necessary to have appropriately skilled investigators conducting the investigation in order to make sure they are fair to the people being investigated.

Learn more about training staff to be effective analysts and investigators.

Report fraud and corruption to the Australian Institute of Criminology

Non-corporate entities: Binding

Corporate entities: Better practice

Non-Corporate Commonwealth entities must provide information on their fraud and corruption incidents to the Australian Institute of Criminology (paragraph8.5 of the Commonwealth Fraud and Corruption Control Policy). This is also considered better practice for Corporate Commonwealth entities.

Reporting on fraud and corruption helps the government stay accountable, understand the extent of fraud and corruption and set priorities to deal with fraud and corruption. The Australian Institute of Criminology enables the government to understand and measure the amount of fraud occurring against it.

Report significant fraud and corruption to the relevant Minister

Non-corporate entities: Binding

Corporate entities: Binding

All entities must report significant fraud and corruption to their relevant Minister (section 19 of the Public Governance, Performance and Accountability Act 2013). Reporting fraud and corruption helps to make sure ministers are aware of relevant incidents.

Record and report incidents of fraud and corruption

Non-corporate entities: Binding

Corporate entities: Binding

All Commonwealth entities must have appropriate processes for recording and reporting incidents of fraud and corruption (subsection 10(f) of the Fraud and Corruption Rule).

Non-Corporate Commonwealth entities must have procedures in place to collect and manage information about fraud and corruption against the entity (paragraph 8.1 of the Commonwealth Fraud and Corruption Control Policy).

Collecting information about fraud and corruption helps entities measure the amount of fraud and corruption occurring against them, as well as identify high risk areas and detect other fraud and corruption.

Learn more about recording and reporting fraud and corruption.

Document decisions to use in civil, administrative or disciplinary procedures

Non-corporate entities: Binding

Corporate entities: Better practice

Document decisions to take action or not take action to a fraud and corruption against the entity (paragraph 7.2 of the Commonwealth Fraud and Corruption Control Policy). This supports consistent, transparent and accountable decision-making. This is also considered better practice for Corporate Commonwealth entities.

Learn more about enforcing penalties for fraud and corruption and non-compliance.

Recover financial losses caused by illegal activity

Non-corporate entities: Binding

Corporate entities: Better practice

Make all reasonable attempts to recover financial losses from fraud and corruption (paragraph 7.10 of the Commonwealth Fraud and Corruption Control Policy). It is important to recover money lost to fraud and corruption to deter future fraud and corruption. It also disrupts criminal activity and prevents public money being used to fund further crime.

Learn more about recovery and debt management.

Share information about criminal activity with other entities

Non-corporate entities: Binding

Corporate entities: Better practice

Disclose information about potential fraud and corruption affecting another entity to that entity (subject or other legal requirements) (paragraph 7.9 of the Commonwealth Fraud and Corruption Control Policy). Entities are also encouraged to collaborate and share information and intelligence to prevent, detect and respond to fraud and corruption in accordance with any legislative obligations or powers dealing with information sharing (paragraph 8.3 of the Commonwealth Fraud and Corruption Control Policy).

Fraudsters and criminals often target multiple entities and programs. Other entities may be in a better position to respond to fraud and corruption. It is also crucial to combat and disrupt fraud and corruption as it can help stop fraud and corruption earlier.

Learn more about when and how to share information with other entities.