Australian Institute of Criminology

Skip to content

Preventing fraud

The Commonwealth Fraud Control Guidelines (AGD 2011) establish the fraud control policy framework within which entities determine their own specific practices, plans and procedures to manage the prevention and detection of fraudulent activities, the related investigation and where appropriate, prosecution of offenders. Fraud control is based on a thorough assessment of fraud risks particular to the operating environments of entities and of the programs they administer, as well as development and implementation of processes and systems to effectively prevent fraud from occurring. This includes training of all employees and relevant contractors in fraud awareness, and specialised training of employees involved in fraud control activities.


An important element of fraud control generally is to have trained staff dedicated to fraud risk management and prevention working within entities. Over the three years, approximately one third of respondents indicated that they had a dedicated fraud control section, decreasing from 40.3 percent in 2010-11 to 37.4 percent in 2011-12, to 35.2 percent in 2012-13. Despite this decline, as indicated in Table 13 above, between 2010-11 and 2012-13 there was a 30 percent increase in the number of staff employed within entities working specifically in the area of fraud prevention, although only a small percentage of these were identified as having formal qualifications in fraud control. Most of these changes were in two large entities that reassigned staff with ‘other’ fraud control functions to roles in ‘prevention’ and ‘investigation’. Overall, the total number of fraud control staff remained constant over the three years.


Each year, at least 90 percent of respondents indicated that their Chief Executives certified to the Minister or Presiding Officer, as required by the Guidelines, that their entity had adequate fraud control practices in place. Two essential elements of this include the preparation of a fraud control plan and the conduct of a fraud risk assessment. Generally, fraud control plans should be updated following changes in business processes, when new systems are implemented or if fraud has been experienced.

Respondents were asked to indicate when their most recent fraud control plan was developed. Respondents were advised that fraud control plans need not necessarily be standalone documents, but may be included within more general risk management plans. It was found that 89 percent of entities in both 2010–11 and 2011–12 reported completing a fraud control plan within the previous two financial years, while in 2012–13 this rose to 94 percent of entities (n=153; see Figure 22).

Figure 22 Year most recent fraud control plan was developed (number of respondents)

Source: Commonwealth fraud surveys 2010–11, 2011–12 and 2012–13 [AIC computer file]

Under the Guidelines, a fraud risk assessment is required to be undertaken by entities every two years. Over the three years examined, there has been an increase in the percentage of entities complying with this requirement. In 2010–11, 88 percent of entities (n=135) reported completing a fraud risk assessment within the previous two financial years, which was similar to the 89 percent (n=138) in 2011–12. In 2012–13, this had increased to 94.4 percent (n=152). There were, however, a small number of respondents who indicated that their entity had never undertaken a fraud risk assessment (see Figure 23).

Figure 23 Year most recent fraud risk assessment (number of respondents)

Source: Commonwealth fraud surveys 2010–11, 2011–12 and 2012–13 [AIC computer file]


The Guidelines state that fraud awareness training should be included in all staff induction programs and that all entities should document their procedures and instructions to assist employees in dealing with fraud. Over the three year period, respondents agreed that regular and current training of staff was needed to reduce the impact of fraud. However, there were some differences of opinion as to who should have responsibility for administering training, particularly if this should be a whole-of-government undertaking. In 2010–11, 66 respondents, compared with 74 respondents in 2011–12 and 85 in 2012–13, suggested ways in which training of staff in the area of fraud control could be improved. The top three most frequent responses related to the implementation of online training courses for staff (see Figure 24). Some respondents said that their entity had or was implementing eLearning courses, while others felt that an online course should be made available to assist in training staff. In addition to a free online course, some respondents felt a whole-of-government approach to fraud awareness was required. Examples of how this could be operationalised included suggestions of best practice training sessions conducted by the AFP, the Attorney-General’s Department, or the Australian National Audit Office being more beneficial than individual training courses.

Figure 24 Top three suggested ways of improving fraud control training (percentage of respondents)

Source: Commonwealth fraud surveys 2010–11, 2011–12 and 2012–13 [AIC computer file]

In addition, respondents were asked to provide their opinion as to what had made a difference to the prevention of fraud during the previous year. The most frequent response in each year concerned the use of fraud awareness training for staff, followed by the presence of fraud control plans and the implementation of fraud risk assessments (see Figure 25).

Figure 25 Respondents’ views as to what had made a difference to the prevention of fraud (percentage of respondents)

Source: Commonwealth fraud surveys 2010–11, 2011–12 and 2012–13 [AIC computer file]

In answering this question, the majority of respondents focused on factors that contributed to preventing internal fraud, with only a few specifically mentioning ways in which to prevent or reduce external fraud. In 2011–12, one respondent mentioned the creation of a fraud hotline for employees to report suspected fraud incidents, while in the same year, another respondent noted that a reassessment of fraud prevention processes had been undertaken following the occurrence of a fraud incident during that year. Many respondents also noted that the use of risk assessments and fraud control plans contributed to the prevention of fraud.