7.1 FRAUD AND RISK CERTIFICATION
MANAGING INTERNAL FRAUD
The department’s Fraud Control Plan provides assurance that the department is managing its identified fraud risks appropriately. The plan meets the department’s responsibility for compliance with section 10 of the Public Governance, Performance and Accountability Rule 2014 and the Commonwealth Fraud Control Framework.
Under the Fraud Control Plan the department takes a comprehensive strategic approach to fraud risk and ensures that all reasonable measures are in place to prevent, detect and deal with fraud.
The department uses a range of strategies to prevent and respond to internal fraud, including:
- fraud control planning, monitoring and reporting
- a requirement that all staff adhere to the department’s Fraud Strategy Statement
- internal and external reporting mechanisms
- collecting and analysing information and data to detect fraud
- receiving and analysing allegations from internal and external sources
- testing and analysing the effectiveness of fraud controls and, if necessary, making recommendations to strengthen controls to prevent and detect fraudulent activity
- conducting investigations in accordance with the Australian Government Investigation Standards.
The department supports fraud prevention by promoting messages about:
- how the department identifies and reports suspected fraud
- staff responsibilities
- current and emerging risks.
The department’s fraud prevention and awareness strategy includes:
- mandatory fraud awareness training, with tailored communication activities and presentations
- a dedicated Intranet page linking to all relevant information and tip‑off forms.
The department refers substantiated incidents of internal fraud to the Commonwealth Director of Public Prosecutions for consideration of criminal prosecution. The department also considers administrative action against breaches of the Australian Public Service (APS) Code of Conduct (see ‘Standards of behaviour’ on page 262 of this report).
Risk management is integral to the department’s operations. The governance framework and planning processes reflect this.
The department’s Enterprise Risk Management Policy and Risk Management Framework outline the vision, direction and guiding principles of the risk management approach. They are consistent with the international risk management standard AS/NZS ISO 31000:2009 Risk Management and the Commonwealth Risk Management Policy. The department reviews the policy and framework annually to ensure compliance with better practice and it is currently under review to ensure consistency with the recently published ISO 31000:2018 Risk Management Guidelines.
The department identifies risks and develops responses to them during the strategic planning process and the business planning cycle. As well as the department’s direct risk environment, factors affecting the Australian Government and the APS are considered more widely. The senior executive staff manage risks and report on them regularly to the Executive Committee. The Audit Committee reviews the effectiveness of the department’s risk management system.
Comcover risk management
In 2017–18 the department participated in the annual Comcover Risk Management Benchmarking Program by completing a self‑assessment survey, which measured the department’s risk management maturity against elements of the Commonwealth Risk Management Policy using a flexible risk maturity model. Comcover rated the department’s maturity level as advanced. The Comcover Risk Management Benchmarking Program identifies an ‘advanced’ risk management rating as the second highest on a six‑point maturity scale. This maturity level reflects the department’s commitment to sound risk management and the integration of risk management with its operations.