This audit examined selected entities’ effectiveness in implementing entity-wide fraud control arrangements, including compliance with the requirements of the 2011 Commonwealth Fraud Control Guidelines, and the overall administration of the fraud control framework by the Attorney-General’s Department.
Fraud control is an ongoing responsibility for Australian Government entities, providing a safeguard against: financial and material losses which can impact on the Government’s ability to deliver services and achieve its policy objectives; reputational damage to government and responsible entities; and loss of confidence in Australian Government administration. Government expectations relating to fraud control have been promulgated over many years in successive Fraud Control Guidelines (the Guidelines) administered by the Attorney-General’s Department (AGD). Since 2011, the Guidelines have focused on embedding fraud control as part of an entity’s culture and governance arrangements; an approach which has highlighted the importance of risk management, fraud prevention, awareness-raising and shared responsibility by entity staff and management. This contemporary approach to fraud control contrasts with the more traditional approach focusing on compliance with requirements and the detection and investigation of fraud after it has occurred.
Overall, the selected entities—Comcare, the Australian Trade Commission (Austrade) and the Department of Veterans’ Affairs (DVA)—were generally compliant with the applicable mandatory requirements of the 2011 Fraud Control Guidelines (2011 Guidelines) in effect during the course of the audit, and had implemented a range of strategies and fraud control measures relevant to their specific circumstances. The strategies and measures implemented by the selected entities had regard to the key focus areas identified in the 2011 Guidelines: risk assessment; the preparation of fraud control plans; fraud awareness and training, including for third party service providers; and detection, investigation and response. However, the selected entities’ progress in transitioning to the more contemporary and preventive approach has varied, with Comcare establishing an internal framework generally aligned with the 2011 Guidelines, while DVA and Austrade were at different stages of transition.
AGD’s overall administration of the fraud control framework has been generally effective. The department administers a well-developed framework comprising: documented policy and guidance; clear assignment of roles and responsibilities between AGD and entities; identified points of co-ordination; and the provision of support to entities through networking, communication and training arrangements. However there remains scope for improvement in the preparation of annual whole-of-government Fraud and Compliance Reports to government, which have only been submitted on time to ministers on three occasions in the past 10 years. Entities have continued to face compliance costs in providing annual information updates for inclusion in the reports, while the Australian Government and its entities have not had the benefit of annual reporting on key trends and developments. AGD should establish a formal arrangement with the AIC to facilitate the timely preparation and submission of the reports, to inform ministers of the extent of fraud against the Commonwealth and entities’ compliance with government requirements.
The networking, communication and training activities sponsored by AGD and discussed above, were intended to support entities in transitioning to a more contemporary risk-based approach to fraud control. AGD established dedicated Govdex and Govspace websites to assist the whole-of-government Fraud Control Network and individual entities, and hosted workshops and seminars during 2011–13 to provide training for key entity personnel and support the introduction of the 2011 Guidelines.
Among the selected agencies, those which most actively engaged with the ‘community of practice’ sponsored by AGD had also moved further along the road towards adopting a more contemporary approach to fraud control. Comcare participated actively in AGD networks and events, including hosting and chairing some events, while DVA had only occasional involvement. At least since 2010, Austrade and DVA did not participate in AGD-sponsored forums and the Fraud Control Network. Austrade advised that it started to access the Govdex website during the course of the audit. Given the change in approach sought by the Australian Government with the release of the 2011 Guidelines, limited entity engagement with the wider community of practice was a lost opportunity to keep abreast of better practice and key developments in fraud control.
The ANAO has made one recommendation aimed at supporting the timely preparation of whole-of-government fraud control reports to government by AGD and the AIC. This audit has also highlighted scope for some entities to focus more strongly on transitioning to the more contemporary approach to fraud control. Entities in transition can derive particular benefit from ongoing engagement with wider Commonwealth networks, promoting shared responsibility amongst staff and management, and continued senior management attention to drive implementation.