Australian Institute of Criminology

Skip to content

Results for 2009–10

In the 2009–10 survey of Commonwealth agencies, agencies were asked to include alleged incidents of fraud—either discovered by the agency or allegations of fraudulent behaviour reported to the agency. Agencies were asked to use the definition of fraud contained in the Commonwealth Fraud Control Guidelines 2002: dishonestly obtaining a benefit by deception or other means, including:

  • theft;
  • obtaining property, financial advantage or any other benefit by deception;
  • causing a loss, or avoiding or creating a liability by deception;
  • providing false or misleading information to the Commonwealth, or failing to provide information where there is an obligation to do so;
  • making, using, or possessing forged or falsified documents;
  • bribery, corruption, or abuse of office;
  • unlawful use of Commonwealth computers, vehicles, telephones and other property or services;
  • relevant bankruptcy offences; and
  • any offences of a like nature to those listed above.

In responding to the survey, agencies contributed information on incidents of fraud allegedly perpetrated internally (by public servants and contractors engaged by the government) and externally (by members of the public). Questions relating to incidents of internal fraud and external fraud were separated to allow for analysis of different risk factors and methodologies associated with the two classes of perpetrator.

The survey was designed to maximise information available on actual fraud types and methods. As such, agencies were asked to report a single incident in multiple categories, where applicable, which meant that for some of the data reported, the total number of responses exceeded the total number of incidents owing to some individual incidents entailing multiple types of fraud or methods. For each table, the total number of responses is indicated.

Agency information

Of the 152 agencies whose responses were analysed, most were governed by the FMA Act (see Figure 1). The proportion of agencies governed by these two Acts was the same in 2009–10 as in 2008–09 (FMA Act=68%, n=103 and CAC Act at least 50%=32%, n=49). There was only an increase of two FMA Act agencies and one CAC Act agency in 2009–10.

Figure 1: Respondents by type of agency governance (number and percentage of agencies)

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Fraud control

Nearly all agencies (88%, n=133) indicated that they had completed a fraud risk assessment within the previous two financial years, with 62 percent (n=94) undertaking a risk assessment in 2009–10. Only two percent of respondents (n=3) indicated that they had never conducted a fraud risk assessment, although they might have undertaken general risk assessments not specifically related to fraud (Table 2). According to the Guidelines, risk assessments are required to be completed every two years. On the basis of the specific responses given, there was a slight decline in the number of agencies undertaking risk assessments in 2009–10 compared with 2008–09. According to the Ernst & Young’s global fraud survey (2010), which covers both the private and public sectors, only six percent of Australian respondents had never undertaken a fraud risk assessment, far better than the global average of 15 percent.

Table 2: Date of most recent fraud risk assessment (2008–09 and 2009–10)
Period 2009–10 survey 2008–09 survey
n % n %
Current financial year 94 62 95 64
Previous financial year 39 26 41 28
Two years ago 10 7 4 3
More than two years ago 6 4 6 4
Never had a fraud risk assessment 3 2 3 2
Total 152 100 149 100

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Similarly, nearly all agencies (88%, n=134) had completed a fraud control plan within the previous two financial years, with 56 percent (n=85) completing a plan in 2009–10. Two percent of responding agencies (n=3) had never completed a fraud control plan (Table 3).

Table 3: Date of most recent fraud control plan (2008–09 and 2009–10)
2009–10 survey 2008–09 survey
n % n %
Current financial year 85 56 93 62
Previous financial year 49 32 39 26
Two years ago 10 7 8 5
More than two years ago 5 3 7 5
Never had a fraud control plan 3 2 2 1
Total 152 100 149 100

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Revisions to the survey instrument in 2011 will clarify the type of risk assessments and plans agencies use and will enable agencies that embed their fraud prevention policies and activities in more general agency-wide risk management arrangements to report this fact clearly.

Fraud incidents

A fraud incident, for the purposes of the survey, was defined as:

‘All counts alleged against a single accused person during one investigation and might comprise a number of counts of offences that are actually prosecuted. An incident may take place on a single date, or over a period of time.’

The survey divided fraud into two distinct categories—internal fraud and external fraud. Internal fraud was defined as ‘any incident of suspected fraud allegedly committed by an employee or contractor of the agency’. External fraud was defined as ‘any incident of suspected fraud allegedly committed against the agency by a person other than an employee or contractor of the agency’.

Agency reporting of fraud incidents

A similar percentage of agencies reported experiencing at least one incident of fraud in 2009–10 as in 2008–09 (n=61 of 152 respondents, 40% in 2009–10 compared with n=58 of 149 respondents, 39% in 2008–09). Of the 152 agencies that responded to the 2009–10 survey, 47 (31%) indicated that they had experienced at least one incident of internal fraud during this time. Of these, 37 were FMA Act agencies and 10 were CAC Act bodies (Figure 2).

Figure 2: Fraud experience by type of agency governance (percentage of agencies)

In relation to external fraud, 51 (34%) agencies reported experiencing at least one incident of external fraud during 2009–10; 40 were FMA Act agencies and 11 were CAC Act bodies (Figure 2). The number of agencies reporting external fraud increased by four percent between the 2008–09 (n=45, 30%) and the 2009–10 reporting periods. That more fraud was reported by FMA Act agencies than CAC Act agencies may be because CAC Act agencies tended to be smaller government bodies dealing with smaller sums of money, thus making them less attractive to external and internal fraud offenders. Other explanations might relate to differences in counting rules within agencies. Larger agencies may also have specialised fraud sections with enhanced detection and investigation capabilities.

Incidents of fraud

The total number of fraud incidents reported for 2009–10 was 705,942. This represented a 12 percent reduction in the number of incidents reported in 2008–09, which totalled 800,698 incidents. Analysis showed that 90 percent of the frauds reported in 2008–09 were reported by one large agency, which experienced nearly 720,000 incidents of external fraud. In 2009–10 this large agency reported 104,175 fewer fraud incidents than in 2008–09 (719,326 incidents in 2008–09 and 615,151 in 2009–10, a reduction of 14.5%). In 2009–10, however, the fraud counting rules within this agency changed, which could have contributed to the large reduction in the number of incidents reported. Two other agencies reported substantial reductions in frauds experienced—one from 1,491 incidents in 2008–09 to 1,240 in 2009–10 (17% reduction), and the other from 921 in 2008–09 to 646 in 2009–10 (30% reduction).

Other agencies reported more fraud incidents than in the preceding year. One agency’s experience of fraud increased by 41 percent from 2,594 incidents in 2008–09 to 3,659 in 2009–10, while another reported an increase in fraud incidents of 178 percent from 197 in 2008–09 to 547 in 2009–10 (11% increase). Factors that could be responsible for these large changes may be changes in reporting practices. For example, some agencies may include allegations of non-compliance with regulatory measures in their reporting of fraud. The survey in 2010–11 asks agencies to identify non-compliance separately from actual fraud, thus clarifying this aspect of the survey. Other changes in reporting practices may include significant changes to agencies’ roles, structures or functions, or agencies taking on new programs or service delivery functions. Alternatively, human or system error may have contributed to the changes detected. Further in-depth analysis with the agencies would be required to explore each of these factors.

Twenty-four percent of responding agencies experienced both internal and external incidents in 2009–10, representing a one percent increase from the 2008–09 findings. Agencies that experienced one type of fraud (either internal or external) were significantly more likely to also experience the other type (χ2=62.3, df=1 p<0.001). Cramér’s V of 0.64 indicated that there was a strong level of association between these two variables. Table 4 shows the number of agencies that experienced each type of fraud in 2009–10.

Table 4: Agency experience of fraud incidents, by type of perpetrator (number of agencies)
Any external incident
Any internal incident No Yes Total
No 91 14 105
Yes 10 37 47
Total 101 51 152

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Agency size and fraud

In 2009–10, agencies reported having between no staff and 81,366 full-time equivalent (FTE) employees (including ongoing staff, non-ongoing and other staffing categories). Fifteen agencies reported having between one and 10 employees, seven agencies either had zero employees or did not respond. Some agencies reported zero staff if they were managed by larger agencies and therefore did not have any specific staff operating within that agency.

Agency size was found to be statistically related to agency experience of fraud. Agencies were grouped into three categories according to size: up to 500 employees, 501 to 1000, and more than 1000. It was found that the group with up to 500 employees was significantly less likely to have reported incidents of fraud in 2009–10 compared with the other two groups (Figure 3). In contrast, the category of agencies with more than 1,000 employees was significantly more likely to have experienced fraud (n=31, 94%, df=2, χ2 =66.0, p<0.001). Cramér’s V of 0.66 indicated that there was a strong association between the size of the agency and reported incidents of fraud. Furthermore, only 8 (5%) agencies that reported having more than 500 employees did not report any fraud incidents. These findings indicate that smaller agencies were less likely to report having experienced fraud incidents than agencies with more than 500 employees.

Figure 3: Incidence of fraud, by agency size (percentage of agencies)

a: employees included both permanent and employees on a non-ongoing contract; 62 agencies experienced fraud with six reported having zero staff

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Agency fraud control sections

Information was also gathered on the size and composition of fraud control sections within agencies and how this related to fraud experiences. Fifty-three percent of respondents indicated they had at least a part-time employee in their agency dedicated to fraud control, which represented a large reduction from 2008–09 when 62 percent of respondents reported having at least one employee dedicated to fraud control.

Overall, it was found that agencies with a dedicated fraud control section were significantly (χ2 =29.9, df=1, p<0.0001, Cramér’s V of 0.44—indicating a low level of association) more likely to have reported fraud incidents than those without such a section. This finding, however, differed depending on whether internal or external fraud was involved. Table 5 shows that a higher percentage of agencies that reported experiencing external fraud had a fraud control section than agencies experiencing internal fraud. The level of association between the variables of experience of fraud and presence of a fraud control section was generally weak, as indicated by the Cramér V figure showing a higher level of association as it approaches 1.0.

Table 5: Experience of fraud by agencies with a fraud control section (% of agencies)
Internal External Any
Yes (Fraud control section) 47* 52** 60***
No (No fraud control section) 53 48 40
All 100 100 100

*(χ2 =20.8, df=1, p<0.0001, Cramér’s V = 0.37)

** (Χ2 =26.0, df=2, p<0.0001), Cramér’s V = 0.41)

*** (Χ2 =29.9, df=1, p<0.0001), Cramér’s V = 0.44)

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Another factor considered was the size of the agencies that had a fraud control section, as agency size has been shown as an important factor in reported victimisation, with larger agencies more likely to report experiencing fraud. Larger agencies (over 1,000 employees), which represented only 22 percent of all agencies, were more likely to have a fraud section (88%). This was slightly fewer than in 2008–09 (93%).Those agencies with fewer than 500 employees were least likely to have a dedicated fraud section (41%). This was lower than in 2008–09, when 50 percent of such agencies had a dedicated fraud section.

Internal fraud

Respondents were asked to report on two aspects of internal fraud incidents—the ‘focus’ or the benefit that was being sought and the ‘method’ used to carry out the alleged activity. It was anticipated that by collecting data in both ways the survey would highlight the types of fraud that affected agencies as well as the methods being used. This information could then be used to create better fraud prevention strategies across all Australian Government agencies.

Focus of internal fraud incidents

The five categories of focus were equipment, entitlements, information, financial benefits, and ‘other’ for any incidents relating to a benefit that did not fall into one of the four defined subcategories.

If a respondent agency answered ‘yes’ to experiencing any incidents relating to a category of fraudulent benefit, that agency was required to specify what the incident had involved. For example, if an agency stated that it had experienced fraud focused on ‘entitlements’, it was then asked about whether the fraud involved false travel claims or payroll fraud etc. Within each subcategory there was also an option to state that the nature of the specific incident could not be determined. This was used in cases in which it was known that an incident of that general category had occurred, but there was insufficient information to define the exact nature of the fraud.

The survey assessed both the number of agencies affected by each fraud category and the total number of incidents reported, regardless of how many agencies reported them. From previous results, it was expected that there would be a difference in the distribution of fraud types by size of problem. That is, the type of fraud experienced by those reporting large numbers of incidents was expected to differ from those reporting fewer incidents. In total, 31 percent of agencies (n=47) experienced at least one internal fraud incident in 2009–10. The largest proportion of agencies (n=30, 20%) reported fraud that involved obtaining ‘financial benefits’ followed by fraud focused on obtaining ‘equipment’ (n=27, 18%), ‘entitlements’ (n=25, 16%), ‘information’ (n=22, 14%) and ‘other’ (n=5, 3%). See Figure 4.

Figure 4: Agency experience of internal fraud, by focus (% of agencies)

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

For the various types of internal fraud focus, it was found that ‘leave and related entitlements’ was the type of fraud that affected the greatest number of agencies (n=19), followed by ‘misuse of government equipment’ (n=15) (see Table 6). Interestingly, ‘misuse of government equipment’ was a new category for 2009–10 and was shown to be an area of concern. In the ‘other’ category, one agency reported internal fraud involving ‘assisting customers to circumvent controls’ in 293 cases, while another agency reported 20 incidents relating to ‘damage of government property’.

Table 6: Internal fraud, by focus of incident (number of agencies and incidents)
Focus of fraud Agencies Mean Total incidents
Equipment
Theft of telecommunications or computer equipment (not including mobile devices) 13 6 72
Theft of other government equipment 7 11 76
Theft of consumable stock (office related) 5 1 5
Theft of consumable stock (other) 5 5 26
Misuse of government equipment 15 8 118
Unable to be determined 1 1 1
Other equipment 4 1 5
Entitlements
Expenses (other than travel) 5 1 5
Travel claims 11 2 27
Payroll fraud 7 4 25
Leave and related entitlements 19 6 119
Unable to be determined 1 2 2
Other entitlements 5 64 320
Information
Obtaining or using information without authorisation (excluding personal information) 10 11 110
Obtaining or using personal information without authorisation 8 109 869
Providing false or misleading information, or failing to provide information when required to do so 12 6 75
Use of agency logo or name without authorisation 6 2 13
Misuse of agency intellectual property 5 1 5
Unable to be determined 1 2 2
Other information 2 3 6
Financial benefits
Obtaining cash/currency without permission (including theft of petty cash) 13 5 63
Misuse or theft of government credit cards, travel cards or other cash cards 14 6 90
Misuse or theft of Cabcharge 9 5 43
Theft of property other than cash 7 4 28
Procurement offences 5 2 11
Bankruptcy offences (including hiding or disposing of assets) 0 0 0
Falsification of document in order to gain financial benefit 12 5 63
Unable to be determined 0 0 0
Other financial benefits 4 4 14

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Although fraud focusing on obtaining ‘financial benefits’ was the category of internal fraud experienced by the greatest number of agencies (n=30, 20%), fraud focused on ‘information’ was the most frequently reported type of internal fraud (n=1,080, 36%), (Figure 5). Fraud relating to ‘obtaining or using personal information without authorisation’ accounted for 29 percent of all internal fraud reports (n=869 out of 3,001 reported incidents).

Figure 5: Internal fraud by focus of incident (% of incidents)

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Methods of committing internal fraud

In addition to collecting information on types of alleged fraud, the survey examined the methods used to carry out internal fraud. The data from questions about fraud methods were analysed by counting the number of agencies affected by a particular type of fraud method as well as the methods used in most incidents. Fraud involving the ‘misuse of documents’ affected the largest proportion of agencies, with 16 percent (n=24) of agencies reporting each of these activities (Figure 6).

Figure 6: Internal fraud, by method of commission (% of agencies)

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

The category with the highest number of incidents that employed particular fraud methods, as was the case in the 2008–09 survey, was ‘accessing information or programs via a computer without authorisation’ (n=1,011). The number of reported incidents in this category, however, was much smaller than in 2008–09 (n=1,816). ‘Failure to disclose/abuse of a conflict of interest’ ranked second in frequency of reported incidents (n=342). The largest number of agencies (n=16) experienced ‘creating and/or using a false or altered agency document’, followed by ‘creating and/or using a false or altered document (not belonging to the agency)’ (n=14) (Table 7).

Table 7: Internal fraud, by method of commission (number of agencies and incidents)
Method type Agencies Meana Total incidents
Misuse of information technologies
Accessing information or programs via a computer without authorisation 8 150 1,011
Copying or altering data or programs without authorisation 7 5 34
Misuse of email 8 4 35
Manipulation of a computerised accounting system 4 1 4
Insertion of malicious code 0 0 0
Interference with computer networks 1 6 6
Unable to be determined 0 0 0
Other misuse of IT 6 6 34
Misuse of identity
Creating and/or using a fictitious identity 1 1 1
Use of another employee’s or contractor’s identity without their knowledge 2 2 3
Fraudulently using another person’s identity with their permission 2 2 3
Unauthorised use of another person’s password, PIN, or access pass 3 2 5
Unauthorised use of another person’s Tax File Number or Australian Business Number 0 0 0
Unable to be determined 1 1 1
Other misuse of ID 2 1 2
Misuse of documents
Creating and/or using a false or altered agency document 16 8 125
Creating and/or using a false or altered document (not belonging to the agency) 14 3 38
Dishonestly concealing documents 0 0 0
Failing to provide documents when required to do so 2 24 48
Unable to be determined 2 16 32
Other misuse of documents 4 3 11
Corruption
Bribery of an employee 3 16 48
Accepting kickbacks or gratuities 6 2 9
Failure to disclose/abuse of a conflict of interest 11 31 342
Collusion or conspiracy 4 6 23
Abuse of power 13 3 45
Unable to be determined 3 31 92
Other corruption 2 122 243

a: Mean per agency with an incident

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Losses and recoveries

Losses

Due to the separation of fraud types and methods in the survey design, estimates of the total losses sustained by agencies from all reported incidents of fraud were not requested. Instead, questions were intended to produce an estimate of loss for each fraud category. A general indication of total loss can be obtained by adding the total losses for each category, although there is a possibility of some double counting where agencies report losses attributable to an incident that involved two types of fraud. Such instances are likely to be few, so the total losses provide a good indication of overall dollars lost by agencies.

In 2009–10, the 3,001 incidents of internal fraud reported by 47 agencies involved a total of $2,039,162, or a mean of $680 lost per incident. However, only 53 percent of agencies that experienced an internal fraud incident specified a loss, which means that the total presented is a significant under-estimate. In 2008–09, there was a mean loss of $551 per incident of internal fraud—60 percent of agencies that experienced internal fraud specified a loss.

The difficulties in calculating fraud losses are well known and were outlined in the introduction to this report. For the purposes of this survey, fraud losses were defined as:

The amount, in whole dollars, thought to have been lost to the agency from fraud incidents, prior to the recovery of any funds, and excluding the costs of detection, investigation or prosecution.

Not all agencies that experienced internal fraud reported a financial loss as a result of the incident(s). While 31 percent (n=47) of agencies experienced internal fraud, only 16 percent of all agencies (n=25), or 53 percent of agencies that experienced an internal fraud incident, specified a loss from internal fraud. Further, 34 percent (n=16) of those that experienced internal fraud were unable to calculate their losses or were unwilling to report such losses.

Figure 7: Agency experience of internal fraud, by focus of incident and reported losses (% of agencies and value)

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

The internal fraud type that resulted in the largest financial loss to Australian Government agencies was ‘fraud relating to entitlements’, with over $1.2m dollars lost in this way (Table 8). This type of fraud resulted in a loss for nine percent of all agencies (n=14), with an average loss of more than $91,000 for each agency affected. The financial losses experienced as a result of internal fraud in 2009–10 differed somewhat from the findings in 2008–09. The number of agencies affected was similar across the different methods of commission, although the total loss for ‘financial benefits fraud’ was less in 2009–10 at $375,853 than the $684,663 reported in 2008–09. Financial losses due to ‘corruption’ increased from nil in 2008–09 to $3,800 in 2009–10.

Table 8: Internal fraud losses by focus of incident (number and value)
Type Agencies (n) Mean ($)a Total ($)
Equipment 11 32,896 356,353
Entitlements 14 91,577 1,282,076
Information 1 800 800
Financial Benefits 17 22,109 375,853
Corruption 2 1,900 3,800
Other frauds 2 10,140 20,280

a: mean number of agencies with an incident

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

The total amount lost for each fraud type against the percentage of agencies that experienced internal fraud incidents is presented in Figure 6. With the exception of ‘fraud relating to entitlements’ there was no relationship between the number of agencies reporting incidents and the amount lost for each fraud type.

It is important to note that fraud incidents can have a non-financial impact on agencies, and a small financial loss can be associated with a significant non-financial impact. In total, 23 agencies reported a loss from internal fraud that could not be quantified (Table 9). Taking into account the difficulties associated with calculating fraud losses, it is clear that the figures of estimated loss in this report considerably underestimate the actual internal fraud losses incurred by Australian Government agencies in 2009–10.

Table 9: Internal fraud losses that could not be quantified, by method of commission (number and % of agencies)
Fraud type Agencies (n) Agencies (%)
Equipment 5 3
Entitlements 4 3
Information 4 3
Financial benefits 4 3
Corruption 3 2
Other frauds 3 2

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Recoveries

Only 32 percent (n=15) of agencies that experienced internal fraud recovered money from these incidents. The amounts recovered by agencies were diverse, ranging from a minimum of $230 through to a maximum of $359,310. Agencies most commonly recovered losses through administrative remedies. No agencies used civil action to recover losses during 2009–10.

In relation to methods of committing fraud and recoveries, ‘entitlement fraud’ represented the category with the largest amount recovered—in excess of $330,000. This was followed by ‘financial benefits fraud’ with recoveries of more than $240,000 (Table 10). The amount recovered in cases involving ‘entitlement fraud’ ranged from $215 to $225,489. In all, $599,350 was recovered from incidents of internal fraud.

Table 10: Internal fraud recoveries, by focus of incident and recovery type (number of agencies and value)a
Fraud type Criminal Civil Administrative remedy Other Total
Equipment
Amount recovered ($) 6,368 0 9,075 4,800 20,243
Agencies (n) 1 0 3 2 6
Entitlements
Amount recovered ($) 5,250 0 308,167 18,597 332,014
Agencies (n) 1 0 9 3 13
Information
Amount recovered ($) 0 0 0 800 800
Agencies (n) 0 0 0 1 1
Financial benefits
Amount recovered ($) 163,234 0 59,278 18,094 240,606
Agencies (n) 2 0 7 4 13
Corruption
Amount recovered ($) 0 0 0 800 800
Agencies (n) 0 0 0 1 1
Other frauds
Amount recovered ($) 943 0 3,458 486 4,887
Agencies (n) 1 0 2 1 4

a: agencies reported recovering money using more than one method per category

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Suspects

Ninety-four percent (n=44) of agencies that experienced an internal fraud incident identified at least one suspect. Fraud relating to ‘financial benefits’ was the type of fraud for which the largest number of agencies identified suspects (n=25). However, the fraud type that generated the most suspects was ‘fraud related to information’, with 961 suspects identified by 21 agencies (Table 11).

Table 11: Internal fraud suspects, by focus of incident (number of agencies and suspects)
Type Agencies that identified suspects Mean suspects Total suspects
Equipment 21 10 207
Entitlements 24 17 406
Information 21 57 961
Financial benefits 25 9 218
Corruption 13 50 650
Other 13 30 390

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

As individuals suspected of internal fraud were, by definition, employees of the agency, information on their job role was gathered, together with the duration of their employments in some cases (Table 12). However, this information was not always collected by agencies due to limitations in record keeping. Of the 2,832 internal fraud suspects, information on job role and duration of employment was reported for only 2,001 (71%). Of those cases in which duration of employment and position could be determined, most suspects were in junior or non-management roles (n=426); suspects from executive/senior management levels were comparatively rare (n=22). This contrasts with the results of recent fraud surveys where managerial employees were most likely to be the perpetrators who caused the largest financial losses through fraud, especially in the public sector. For example, KPMG (2010) found that in the public sector organisations surveyed, 85 percent of losses suffered were caused by managers, while the largest proportion of incidents was committed by non-managerial employees (62%). It should be noted that the results of KPMG’s survey related to proved incidents of fraud, unlike the present survey which included alleged and substantiated incidents.

Table 12: Suspects’ duration of employment and current job role (number of suspects)
Position Less than 1 year 1–<3 years 3–<6 years 6–<9 years More than 9 years Unknown Total
Junior non-management 17 124 77 53 73 82 426
Management 1 16 12 13 54 13 109
Executive/senior management 1 0 1 2 10 8 22
Other 0 1 0 0 1 22 24
Unknown 67 311 163 146 368 365 1,420
Total 86 452 253 214 506 490 2,001

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Where the duration of employment was known, but not the position held, suspects were most likely to have been employed for more than nine years (n=368), followed by employment from between one and three years (n=311). In total, across all positions, junior non-management staff employed from between one and three years at the responding agency represented the greatest number of suspects (n=124, or 27 percent of the 456 suspects whose current job role and duration of employment was specified). Eighteen percent (n=365) of the employees suspected of internal fraud were unable to be identified by position or duration of employment. Such missing data was less than half the size of what was reported in 2008–09 (n=1,491, 47%), possibly indicating improvement in data collection in agencies. Overall, the reported data relating to suspects of internal fraud were consistent with the findings in 2008–09.

Fraud detection and investigation

Alongside fraud incident data, information was also gathered on the ways in which internal fraud was both detected and investigated. Agencies provided information on the detection of 2,481 internal fraud incidents. The ‘internal controls/audit/investigation’ method of detection was frequently used (n=22 agencies), producing the highest total number of incidents detected (n=1,275). This category of detection had the highest mean detection rate of 58 incidents detected per agency.

Detection by ‘staff member/colleagues’ was the most common form of discovery identified by 36 agencies, although it had a much lower mean of 13 incidents detected per agency using this method.

Detection by ‘external whistleblower/informant (not anonymous)’—informants outside the agency who reported their suspicions in the public interest—was another common method of detection, resulting in 592 identified incidents and a mean of 33 incidents per agency (Table 13).

Table 13: Internal fraud detection methods (number of agencies and incidents)
Method of detection Agencies Meana Total incidents detected
Internal controls/audit/investigation 22 58 1,275
Staff member/colleague discovered/reported 36 13 453
Anonymous whistleblower/informant 13 5 70
External audit/investigation 5 4 18
Notification by police or other law enforcement agencies/investigations 7 4 29
External whistleblower/informant (not anonymous) 18 33 592
Credit card issuer 1 1 1
Media 2 2 3
Offender self-reported 3 7 20
Unable to be determined 4 2 7
Other 2 7 13
Total 2,481

a: mean of agencies that detected an incident

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Agencies provided information about the investigation of 2,633 internal fraud incidents. The overwhelming majority of internal fraud incidents were investigated by the agency that experienced the fraud (Table 14). This was true for the number of agencies (89%) as well as for the number of incidents investigated (97%). The total number of incidents investigated was slightly higher than the number of incidents detected, which may be due to agencies investigating possible cases of non-compliance and determining that fraud was not evident.

Table 14: Method used to investigate internal fraud incidents (number of agencies and investigations)
Manner investigated Agencies Meana Total investigations
Agency investigation only—no external investigation 42 61 2,553
External investigator 7 1 10
Australian Federal Police 8 3 20
State or territory police 9 3 24
Credit card issuer 2 2 3
Media 1 1 1
Another agency 6 3 18
Other 3 1 4
Total 2,633

a: mean of agencies that detected an incident

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Referrals for police investigation and prosecution

The number of agencies that reported referring internal fraud incidents to the AFP, state and territory police and the CDPP was small (Table 15). In 2009–10, agencies referred a total of 94 incidents involving internal fraud for police investigation or prosecution by the Commonwealth Director of Public Prosecutions (CDPP). Of these, agencies referred 34 internal fraud incidents to the Australian Federal Police (AFP) and a further 25 internal fraud incidents to state and territory police. Agencies also referred 35 internal fraud incidents to the CDPP in 2009–10. This indicates that the agency involved investigated the majority of its fraud incidents, rather than involving police and prosecutors. This is in accordance with the Commonwealth Fraud Control Guidelines 2002, which require agencies to have primary responsibility for fraud investigation. Relatively small numbers of incidents were also referred to the CDPP for prosecution. It appears that internal frauds involving ‘entitlements’ were most likely to result in referral to the CDPP in 2009–10.

External fraud

As previously noted, external fraud was defined as ‘any incident of suspected fraud allegedly committed against the agency by a person other than an employee or contractor of the agency’. Where appropriate, agencies were able to record one incident in multiple categories of fraud type. As was the case for internal fraud, the survey questions about external fraud incidents were presented in two sections—the first concerning the ‘focus’ or benefit to be obtained and the second concerning the ‘method’ that was used to carry out the incident.

Focus of external fraud incidents

External fraud types were grouped into five categories—equipment, entitlements, financial benefits, information and other. ‘Other’ was for any incidents relating to a benefit that did not fall into one of the other four identified categories.

If a respondent agency answered ‘yes’ to experiencing any incidents relating to a category of fraud benefit, it was required to specify what the incident involved. For example, if an agency stated that it had experienced fraud focused on ‘entitlements’, it was then asked whether the fraud related to housing, social security etc. Within each fraud category, there was also an option to state that the specific fraud focus was ‘unable to be determined’. This was used in cases in which it was known that an incident of that general category had occurred, but there was insufficient information to define the exact nature of the fraud.

The survey also counted the number of agencies affected by each fraud type and the total number of incidents reported regardless of how many agencies reported them. Based on the findings of the 2008–09 survey, it was expected that there would be a difference between the fraud types that affected most agencies and those that generated the largest number of incidents.

Thirty-four percent (n=51) of the total number of agencies providing usable data reported having experienced some kind of fraud perpetrated by an external entity—that is, a person not employed by the agency. The fraud categories that affected most agencies were ‘financial benefits’ (21% n=32) and ‘equipment’ (16%, n=24), (Figure 8).

Figure 8: External fraud, by focus of incident (% of agencies)

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Although the number of agencies that experienced internal and external fraud was quite similar (n=47 and n=51 respectively), the number of actual incidents experienced was considerably higher in the case of external fraud. It was also evident that the external fraud types that produced the largest number of incidents were experienced by only a small proportion of agencies. Overwhelmingly, ‘misusing or claiming benefits without entitlement relating to social security’ produced the highest number of incidents (n=613,527), although only three agencies reported experiencing this type of external fraud. Compared with 2008–09, the incidence of social security related fraud was less in 2009–10. Further investigations with one of the agencies in question, revealed that this was largely due to a change in counting rules within that agency, which was responsible for reporting 99 percent of these types of incidents (n= 717,414 in 2008–09; n=613,527 in 2009–10).

When looking at other specific fraud types, agencies were most likely to experience ‘theft of telecommunications or computer equipment’ (n=18), ‘providing false or misleading information, or failing to provide information when required to do so’ (n=13), or ‘fictitious claims/forgery’ (n=13) (Table 16).

Table 16: External fraud, by focus of incident (number of agencies and incidents)
Fraud type Agencies Mean incidentsa Total incidents
Equipment
Theft of telecommunications or computer equipment (including mobile devices) 18 727 13,083
Theft of other government equipment 11 2 26
Theft of consumable stock (office-related) 4 2 6
Theft of consumable stock (other) 2 2 3
Misuse of government equipment 3 8 24
Unable to be determined 0 0 0
Other 4 162 648
Entitlements
Misusing or claiming benefits without entitlement relating to housing 0 0 0
Misusing or claiming benefits without entitlement relating to social security 3 204,509 613,527
Misusing or claiming benefits without entitlement relating to health benefits 2 562 1,123
Misusing or claiming benefits without entitlement relating to visa/citizenship 2 33,151 66,302
Misusing, evading or claiming benefits without entitlement relating to child support 1 464 464
Revenue fraud 4 167 669
Customs and excise fraud (evading excise) 1 563 563
Unable to be determined 3 1,335 4,006
Other (combined) 11 521 5,733
Information
Obtaining or using information without authorisation (excluding personal information) 5 2 9
Providing false or misleading information, or failing to provide information when required to do so 13 147 1,913
Obtaining or using personal information without authorisation 3 154 461
Use of agency logo or name without authorisation 6 2 12
Misuse of agency intellectual property 1 1 1
Unable to be determined 2 234 468
Other Information 2 8 16
Financial benefits
Obtaining cash/currency without permission (including theft of petty cash) 6 4 21
Misuse or theft of government credit cards, travel cards or other cash cards 8 10 76
Theft of misuse of cabcharge 9 3 25
Theft of property other than cash 6 3 17
Procurement offences 1 20 20
Fictitious claims/forgery 13 7 85
Unable to be determined 2 12 23
Other 13 499 6,485
Other frauds
Other (combined) 17 564 4,004

a: mean calculated on agencies that reported an incident

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

In the ‘other frauds’ category, agencies reported a range of fraudulent activities including, but not limited to, community protection matters (n=2,536); non-payment of national park entry fees (n=640); illegal importation (n=13); illegal foreign fishing vessels operating in Australian waters (n=23); plagiarism (n=27); and cheating in examinations (n=6).

Methods used in external fraud incidents

With respect to the methods used to commit external fraud, it was found that fraud involving the ‘misuse of documents’ affected the largest proportion of agencies—17 percent of all agencies reported this method of fraud (Figure 9). A similar finding was reported in 2008–09, where ‘misuse of documents’ was the most common method identified, although this was slightly less in 2009–10 than in 2008–09 (21%). In contrast to internal fraud, external fraud incidents involving the ‘misuse of IT’ and ‘corruption’ were comparatively rare (both 7%), with ‘misuse of identification’ more common (11%).

Figure 9: External fraud, by method of commission (% of agencies)

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

The specific method of external fraud experienced by the greatest number of agencies was ‘creating and/or using a false or altered document (not belonging to the agency)’ (n=16); 666 incidents were reported where this method of fraud was used (Table 17). The largest number of incidents were recorded in relation to ‘failing to provide documents when required to do so’ (n=7,573), which was experienced by seven agencies. This was followed by ‘unauthorised use of another person’s tax file number or Australian business number’ (n=2,859), which involved just two agencies. Compared with ‘misuse of IT’ in connection with internal fraud, external fraud incidents involving the ‘misuse of IT’ were rare, with only four agencies reporting external fraud occurring through information having been accessed via a computer without authorisation. One agency reported interfering with computer networks in relation to six incidents of internal fraud (see Table 7).

Table 17: External fraud, by method of commission (number of agencies and incidents)
Method type Agencies Meana Total incidentsb
Misuse of information technologies
Accessing information or programs via a computer without authorisation 4 115 460
Copying or altering data or programs without authorisation 1 2 2
Manipulation of a computerised accounting system 1 1 1
Insertion of malicious code 0 0 0
Interference with computer networks 2 4 7
Unable to be determined 0 0 0
Other misuse of IT 5 2 8
Misuse of identify
Creating and/or using a fictitious identity/forgery 10 15 153
Use of an employee’s or contractor’s identity without their knowledge 4 1 5
Fraudulently using another person’s identity with their permission 0 0 0
Unauthorised use of another person’s password, PIN, or access pass 0 0 0
Unauthorised use of another person’s tax file number or Australian Business Number 2 1,430 2,859
Unable to be determined 2 4,356 8,711
Other misuse of ID 5 2 8
Misuse of documents
Creating and/or using a false or altered agency document 13 7 96
Creating and/or using a false or altered document (not belonging to the agency) 16 42 666
Dishonestly concealing documents 0 0 0
Failing to provide documents when required to do so 7 1,082 7,573
Unable to be determined 7 3,303 23,123
Other misuse of documents 9 19 170
Corruption
Bribery of an employee 1 42 42
Accepting kickbacks or gratuities 2 2 4
Failure to disclose/abuse of a conflict of interest 4 3 11
Collusion conspiracy 4 5 19
Abuse of power 3 14 43
Unable to be determined 3 7 22
Other corruption 2 1 2
Other methods
Other 40 43,537 608,704

a: mean calculated on agencies that reported an incident

b: respondents were able to provide multiple responses, hence the absence of column totals

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Losses and recoveries

Losses

Owing to the separation of fraud types and methods in the survey design, estimates of the total losses sustained by agencies with respect to external fraud were not collected from respondents. Instead, questions were intended to produce an estimate of loss for each fraud category. As was the case when reporting on internal fraud losses, a general indication of total loss can be obtained by adding the total losses for each category, although there is a possibility of some double counting where agencies report losses attributable to an incident that involved two types of method. In 2009–10, the 702,941 incidents of external fraud reported by 51 agencies involved a total loss of $495,534,658. However, only 65 percent of agencies that experienced an external fraud incident specified a loss.

As in the case of internal fraud, fraud losses from external fraud were defined as:

the amount, in whole dollars, thought to have been lost to the agency from fraud incidents, prior to the recovery of any funds, and excluding the costs of detection, investigation or prosecution.

Not all agencies that experienced external fraud reported a loss. While 34 percent (n=51) of all agencies experienced an external fraud incident, only 22 percent (n=33) reported a loss from external fraud (or 65 percent of agencies that experienced an external fraud).

The total estimated losses due to external fraud in 2009–10, were close to $496m, which represented a 17 percent reduction ($105m) from the losses reported in 2008–09. The external fraud type that resulted in the largest financial loss to agencies was fraud relating to ‘entitlements’, costing agencies nearly $488m in 2009–10 (see Table 18). ‘Financial benefits fraud’ affected the greatest number of agencies that experienced an external fraud incident (35%, n=18), which is fairly consistent with the reported figures for 2008–09; however, the total amount lost was approximately $14.5m less than was reported in 2008–09.

Table 18: External fraud losses, by focus of incident (number of agencies and value)
Fraud type Agencies (n) Mean ($)a Total lost ($)b
Equipment 16 13,586 217,370
Entitlements 8 60,948,151 487,585,211
Information 1 572,018 572,018
Financial benefits 18 348,654 6,275,774
Corruption 2 441,503 883,005
Other frauds 2 640 1,280

a: mean calculated on agencies that reported an incident

b: respondents were able to provide multiple responses, hence the absence of column totals

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Fraud in relation to ‘equipment’ showed a marked decrease compared with 2008–09, decreasing from $1,429,052 in 2008–09, to $217,370 in 2009–10. The greatest area of decrease between 2008–09 and 2009–10, however, concerned fraud relating to ‘financial benefits’. Losses totalling $20,800,000 were reported in 2008–09, down to only $6,274,774 in 2009–10. This is most likely due to the impact of changes in counting rules adopted by the relevant agency. Losses due to ‘information’ fraud increased from no losses reported in 2008–09 to $572,018 in 2009–10, although this involved only one agency that suffered a large loss as a result of the fraud incident.

The amount lost for each fraud type for the number of agencies that experienced external fraud incidents is presented in Figure 10. Without exception across all fraud types, there was a substantial difference between the number of agencies that reported incidents and the amount lost for each fraud type. While there were a relatively small number of agencies that suffered fraud incidents relating to ‘entitlements’ compared with ‘financial benefits’, the amount lost due to ‘entitlement fraud’ was considerably more than losses caused by ‘financial benefit fraud’ and each of the other fraud types. It is important to note, however, that the impact of fraud incidents could affect agencies in non-financial ways and a small financial loss, as seen in the case of corruption and fraud relating to information, might not necessarily mean that the fraud had not had a significant effect on the victimised agency.

Figure 10: Agency experience of external fraud, by focus of incident and reported losses (% of agencies and value)

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Owing to the inherent difficulties associated with calculating fraud losses, agencies were given the option of specifying losses that they were unable to quantify. In total, 37 agencies reported suffering a loss from external fraud that could not be quantified (Table 19). Given the difficulties of calculating losses and the fact that 19 agencies identified losses that could not be quantified, it is likely that the figures of estimated loss in this report underestimate the external fraud losses incurred by Australian Government agencies in 2009–10.

Table 19: External fraud losses that could not be quantified, by focus of incident (number and % of agencies)
Fraud type Agencies (n) Agencies (%)
Equipment 7 5
Entitlements 5 3
Information 8 5
Financial benefits 10 7
Corruption 3 2
Other frauds 4 3

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Recoveries

In 2009–10, 43 percent of agencies that experienced external fraud were able to recover money (n=22). The amount of money recovered by agencies from external fraud varied, with amounts ranging from $83 to more than $86m for one agency alone. The total recovered was approximately $196m (Table 20). Recovery for fraud relating to ‘financial benefits’ was the most common fraud type that led to recovery of funds (n=18), with the use of ‘administrative remedies’ the most common method used to recover funds (n=18). The largest total recoveries were made using administrative methods—internal procedures not involving civil or criminal action—in connection with fraud relating to ‘entitlements’ (over $86m), involving five agencies. In 2008–09 no financial losses involving ‘entitlements’ were recovered using criminal prosecution or civil remedies, while in 2009–10 two agencies recovered almost $150,000 through criminal prosecution and another agency recovered over $3,000 through civil remedies. The total amount recovered for ‘other’ through ‘other’ means of recovery was almost $86.6m. This compares to $30m in the same category for 2008–09, showing a considerable increase (Table 20).

Table 20: External fraud recoveries, by focus of incident and method of recovery (number of agencies and value)a
Fraud type Criminal Civil Administrative remedy Other Total
Equipment
Amount recovered ($) 0 0 21,640 0 21,640
Agencies (n) 0 0 1 0 1
Entitlements
Amount recovered ($) 149,421 3,373 86,814,519 0 86,967,313
Agencies (n) 2 1 5 0 8
Information
Amount recovered ($) 0 0 126,600 79,278 205,878
Agencies (n) 0 0 2 1 3
Financial benefits
Amount recovered ($) 408,660 200 11,661,031 128,519 12,198,410
Agencies (n) 5 1 8 4 18
Corruption
Amount recovered ($) 522 0 0 81,246 81,768
Agencies (n) 1 0 0 1 2
Other frauds
Amount recovered ($) 10,096,025 0 9,460 86,555,653 96,661,138
Agencies (n) 1 0 2 1 4

a: agencies could recover money through more than one method per category of fraud

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Suspects

Eighty-eight percent of agencies that experienced an incident of external fraud identified at least one suspect, a slightly lower proportion than in 2008–09 (96%). Suspects were identified by 26 agencies with respect to fraud relating to ‘financial benefits’ followed by individuals suspected of fraud involving ‘equipment’, in which 18 agencies identified suspects. The largest number of suspects was identified for external fraud incidents that related to ‘entitlements’ (n=691,111), which was consistent with the high number of incidents for this type of fraud (Table 21). The number of agencies that identified suspects by the various fraud types was fairly consistent with findings from 2008–09, despite the substantial change in the number of incidents between the two years.

Table 21: External fraud, by focus of incident (number of agencies and suspects)
Type Agencies Mean suspectsa Total suspects
Equipment 18 5 85
Entitlements 13 53,162 691,111
Information 15 155 2,319
Financial benefits 26 243 6,308
Corruption 4 12 49
Other frauds 12 356 4266

a: mean calculated on agencies with a suspect

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

As external fraud is committed by members of the public, data on the employment background of suspects would not necessarily be collected by agencies. Accordingly, information on this variable was not included in the survey. Further research, perhaps undertaken through the analysis of prosecution files, would be required to obtain this information, although this would be a limited data source given the large number of matters dealt with by other means.

Fraud detection and investigation

In addition to fraud incident data, information was gathered on the ways in which external fraud was both detected and investigated. Agencies provided information on the detection of 703,424 external fraud incidents. It was found that most agencies detected external fraud through ‘internal controls/audit/investigation’ (n=33); this method was also responsible for detecting the greatest number of fraud incidents (n=596,094, see Table 22).

Table 22: External fraud detection methods (number of agencies and incidents)
Method of detection Agencies Meana Total incidents detectedb
Internal controls/audit/investigation 33 18,063 596,094
Staff member/colleague discovered 29 1,344 38,974
Anonymous whistleblower/informant 3 4 12
External audit/investigation 5 173 863
Notification by police or other law enforcement agencies/investigations 8 88 705
External whistleblower/informant (not anonymous) 21 2,189 45,972
Media 5 2 8
Accused self-reported 4 1,408 5,631
Unable to be determined 3 937 2,811
Other frauds 5 1,235 12,354

a: mean calculated on agencies that detected an incident

b: respondents were able to provide multiple responses, hence the absence of column totals

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Although only four accused perpetrators were ‘self-reported’, this led to the detection of the highest average of fraud incidents. It was reported that one of the accused had committed virtually all of the 5,631 self-reported incidents, committing 5,627 fraud incidents before self-reporting.

Comparing 2008–09 with 2009–10 findings, there was a decline in the number of incidents detected by ‘internal controls/audit/investigation’ (from 730,145 to 596,094) and those incidents detected by ‘external anonymous whistleblower/informant’ (from 71,559 to 45,972). Both of these changes were probably due to the change in fraud reporting and counting practices adopted by two large agencies that relied on these two methods to control fraud and non-compliance risks. There has also been a rise in the incidents detected by ‘other’ methods (from 190 to 12,354).

Respondents provided information about the manner in which 665,846 incidents of external fraud were investigated in 2009–10. As was the case with investigating internal fraud incidents, the agency involved investigated the clear majority of these incidents (Table 23). This was true with respect to both the number of agencies that reported external fraud (73%) and the number of incidents involved (99%). Compared with 2008–09, fewer external fraud incidents were investigated by the Australian Federal Police (79 incidents in 2008–09 compared with 59 incidents in 2009–10) and/or state or territory police (52 incidents in 2008–09 compared with 37 incidents in 2009–10). The total number of incidents investigated was fewer than the number of incidents detected. This was probably because, although some incidents were detected, not all were necessarily investigated. Further qualitative research would be required to confirm this.

Table 23: Methods used to investigate external fraud incidents (number of agencies and incidents)
Method of investigation Agencies Meana Total
Agency investigation only—no external investigation 37 17,835 659,899
External investigator 4 65 261
Australian Federal Police 17 3 59
State or territory police 16 2 37
Media 0 0 0
Another agency 11 17 182
Other 11 492 5,408
Total 665,846

a: mean calculated on agencies that investigated an incident

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Referrals for police investigation and prosecution

The number of agencies referring external fraud incidents to the AFP, state and territory police and the CDPP was small, as was the case with internal fraud incidents (Table 24). In 2009–10, agencies referred a total of 5,428 incidents involving external fraud for police investigation or prosecution by the CDPP. Of these, agencies referred 134 incidents to the AFP, a further 101 to state and territory police and 5,193 incidents to the CDPP.

Table 24: Number of external fraud referrals, by focus of incident (number of agencies and incidents)
Focus AFP State and territory police CDPP
Equipment
Agencies 4 11 0
Referrals 6 36 0
Entitlements
Agencies 4 4 7
Referrals 35 7 4,665
Information
Agencies 6 1 1
Referrals 9 2 4
Financial benefits
Agencies 9 9 8
Referrals 18 15 28
Other frauds
Agencies 5 4 5
Referrals 66 41 496

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Frauds targeting ‘entitlements’ were most often referred for police or prosecution activity (n=4,707), followed by ‘other’ fraud types (n=603), although this was still a small proportion of the total number of these incidents. The referrals reported in 2009–10 showed a general decrease in all categories compared with 2008–09. The greatest decline from 2008–09 to 2009–10 was in the number of referrals to the AFP for frauds relating to ‘entitlements’ (from n=67 to n=35 respectively); however, the number of referring agencies remained the same (n=4). Also, the number of referrals to the CDPP for fraud relating to ‘information’ also decreased between 2008–09 and 2009–10 (from 20 to 4 referrals). Referral rates, of course, are influenced by a variety of factors, including the initial detection of incidents, adequacy of evidence and ability of policing and prosecution agencies to deal with matters.

Training and fraud

In the 2009–10 survey, agencies were asked to specify the employee resources that they devoted to fraud control. Specifically, agencies were asked to report the number of staff they employed in each section on fraud control and the number of staff in these sections that had a fraud control qualification. A qualification could be in the form of a certificate or diploma in fraud investigation or some aspect of fraud control. It was found that the largest number of employees within fraud control sections of agencies worked on investigations and that those working in investigations had formal qualifications more often than those working in fraud prevention (93% compared with 15% respectively) (Table 25).

Table 25: Qualifications of agency fraud control staff (number and % of staff)
Fraud prevention Fraud investigation Fraud other
Employees in fraud section (n) 680 1,126 1,620
Employees with a qualification (n) 101 1,044 125
Fraud section employees with a qualification (%) 15 93 8

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

From 2008–09 to 2009–10, the number of dedicated fraud section employees increased in ‘prevention’, from 454 to 680. There was also an increase in staff assigned to ‘other’ categories, from 442 to 1,620. In contrast, the number of dedicated fraud section employees in ‘investigation’ decreased by almost half, from 2,062 in 2008–09 to 1,126 in 2009–10.

With the substantial increase in fraud prevention staff, the proportion of fraud prevention staff with a relevant qualification, as a percentage of total fraud staff, decreased from 19 percent to 15 percent between 2008–09 and 2009–10. However, there was a substantial increase in the percentage of staff with qualifications out of total fraud staff between 2008–09 and 2009–10, from 30 percent to 43 percent respectively in connection with ‘investigation’ activities. There was a slight decrease in qualifications from 10 percent to 8 percent for staff working in ‘other’ fraud control activities. The quadrupling of staff numbers assigned to work in this area over the same period should be noted.

Fraud training

The 2002 Guidelines dictate the levels of training required for staff in the areas of fraud control, and current Fraud against the Commonwealth survey findings indicated that agencies were generally favourable to the idea of regular and mandatory training of staff in those matters. However, there were concerns raised about consistency and standards among the current training courses available. Agencies suggested there was a need for more structured training courses, standardised training across APS agencies and for increased information to be available to agencies to use when selecting courses. To facilitate the provision of staff training, some agencies have suggested that advice should also be sought from external professional companies that deal with fraud and risk management to enhance APS-wide training.

Thirty-four agencies responded to a question concerning the need for further improvement in opportunities for staff training in the area of fraud control. Their responses were classified into five general areas (agencies sometimes provided suggestions in more than one category):

  • staff to complete a tertiary certificate or diploma in governance in fraud control and/or investigations (11 agencies—32%);
  • APS-wide short course training on fraud awareness to be provided by the Australian Government instead of external providers on fraud and risk management (22 agencies—64%);
  • in-house fraud and ethics training with additional information on the intranet as a reference point (25 agencies—74%);
  • more informal mentoring and buddy systems for those involved in fraud control (3 agencies—9%); and
  • regular reviews of fraud prevention policies and procedures (17 agencies—50%).

It should be noted that seven of the 34 responding agencies (8% of the total sample) reported that no further training was required.

In the 2009–10 survey of Commonwealth agencies, agencies were asked to include alleged incidents of fraud—either discovered by the agency or allegations of fraudulent behaviour reported to the agency. Agencies were asked to use the definition of fraud contained in the Commonwealth Fraud Control Guidelines 2002: dishonestly obtaining a benefit by deception or other means, including:

  • theft;
  • obtaining property, financial advantage or any other benefit by deception;
  • causing a loss, or avoiding or creating a liability by deception;
  • providing false or misleading information to the Commonwealth, or failing to provide information where there is an obligation to do so;
  • making, using, or possessing forged or falsified documents;
  • bribery, corruption, or abuse of office;
  • unlawful use of Commonwealth computers, vehicles, telephones and other property or services;
  • relevant bankruptcy offences; and
  • any offences of a like nature to those listed above.

In responding to the survey, agencies contributed information on incidents of fraud allegedly perpetrated internally (by public servants and contractors engaged by the government) and externally (by members of the public). Questions relating to incidents of internal fraud and external fraud were separated to allow for analysis of different risk factors and methodologies associated with the two classes of perpetrator.

The survey was designed to maximise information available on actual fraud types and methods. As such, agencies were asked to report a single incident in multiple categories, where applicable, which meant that for some of the data reported, the total number of responses exceeded the total number of incidents owing to some individual incidents entailing multiple types of fraud or methods. For each table, the total number of responses is indicated.

Agency information

Of the 152 agencies whose responses were analysed, most were governed by the FMA Act (see Figure 1). The proportion of agencies governed by these two Acts was the same in 2009–10 as in 2008–09 (FMA Act=68%, n=103 and CAC Act at least 50%=32%, n=49). There was only an increase of two FMA Act agencies and one CAC Act agency in 2009–10.

Figure 1: Respondents by type of agency governance (number and percentage of agencies)

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Fraud control

Nearly all agencies (88%, n=133) indicated that they had completed a fraud risk assessment within the previous two financial years, with 62 percent (n=94) undertaking a risk assessment in 2009–10. Only two percent of respondents (n=3) indicated that they had never conducted a fraud risk assessment, although they might have undertaken general risk assessments not specifically related to fraud (Table 2). According to the Guidelines, risk assessments are required to be completed every two years. On the basis of the specific responses given, there was a slight decline in the number of agencies undertaking risk assessments in 2009–10 compared with 2008–09. According to the Ernst & Young’s global fraud survey (2010), which covers both the private and public sectors, only six percent of Australian respondents had never undertaken a fraud risk assessment, far better than the global average of 15 percent.

Table 2: Date of most recent fraud risk assessment (2008–09 and 2009–10)
Period 2009–10 survey 2008–09 survey
n % n %
Current financial year 94 62 95 64
Previous financial year 39 26 41 28
Two years ago 10 7 4 3
More than two years ago 6 4 6 4
Never had a fraud risk assessment 3 2 3 2
Total 152 100 149 100

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Similarly, nearly all agencies (88%, n=134) had completed a fraud control plan within the previous two financial years, with 56 percent (n=85) completing a plan in 2009–10. Two percent of responding agencies (n=3) had never completed a fraud control plan (Table 3).

Table 3: Date of most recent fraud control plan (2008–09 and 2009–10)
2009–10 survey 2008–09 survey
n % n %
Current financial year 85 56 93 62
Previous financial year 49 32 39 26
Two years ago 10 7 8 5
More than two years ago 5 3 7 5
Never had a fraud control plan 3 2 2 1
Total 152 100 149 100

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Revisions to the survey instrument in 2011 will clarify the type of risk assessments and plans agencies use and will enable agencies that embed their fraud prevention policies and activities in more general agency-wide risk management arrangements to report this fact clearly.

Fraud incidents

A fraud incident, for the purposes of the survey, was defined as:

‘All counts alleged against a single accused person during one investigation and might comprise a number of counts of offences that are actually prosecuted. An incident may take place on a single date, or over a period of time.’

The survey divided fraud into two distinct categories—internal fraud and external fraud. Internal fraud was defined as ‘any incident of suspected fraud allegedly committed by an employee or contractor of the agency’. External fraud was defined as ‘any incident of suspected fraud allegedly committed against the agency by a person other than an employee or contractor of the agency’.

Agency reporting of fraud incidents

A similar percentage of agencies reported experiencing at least one incident of fraud in 2009–10 as in 2008–09 (n=61 of 152 respondents, 40% in 2009–10 compared with n=58 of 149 respondents, 39% in 2008–09). Of the 152 agencies that responded to the 2009–10 survey, 47 (31%) indicated that they had experienced at least one incident of internal fraud during this time. Of these, 37 were FMA Act agencies and 10 were CAC Act bodies (Figure 2).

Figure 2: Fraud experience by type of agency governance (percentage of agencies)

In relation to external fraud, 51 (34%) agencies reported experiencing at least one incident of external fraud during 2009–10; 40 were FMA Act agencies and 11 were CAC Act bodies (Figure 2). The number of agencies reporting external fraud increased by four percent between the 2008–09 (n=45, 30%) and the 2009–10 reporting periods. That more fraud was reported by FMA Act agencies than CAC Act agencies may be because CAC Act agencies tended to be smaller government bodies dealing with smaller sums of money, thus making them less attractive to external and internal fraud offenders. Other explanations might relate to differences in counting rules within agencies. Larger agencies may also have specialised fraud sections with enhanced detection and investigation capabilities.

Incidents of fraud

The total number of fraud incidents reported for 2009–10 was 705,942. This represented a 12 percent reduction in the number of incidents reported in 2008–09, which totalled 800,698 incidents. Analysis showed that 90 percent of the frauds reported in 2008–09 were reported by one large agency, which experienced nearly 720,000 incidents of external fraud. In 2009–10 this large agency reported 104,175 fewer fraud incidents than in 2008–09 (719,326 incidents in 2008–09 and 615,151 in 2009–10, a reduction of 14.5%). In 2009–10, however, the fraud counting rules within this agency changed, which could have contributed to the large reduction in the number of incidents reported. Two other agencies reported substantial reductions in frauds experienced—one from 1,491 incidents in 2008–09 to 1,240 in 2009–10 (17% reduction), and the other from 921 in 2008–09 to 646 in 2009–10 (30% reduction).

Other agencies reported more fraud incidents than in the preceding year. One agency’s experience of fraud increased by 41 percent from 2,594 incidents in 2008–09 to 3,659 in 2009–10, while another reported an increase in fraud incidents of 178 percent from 197 in 2008–09 to 547 in 2009–10 (11% increase). Factors that could be responsible for these large changes may be changes in reporting practices. For example, some agencies may include allegations of non-compliance with regulatory measures in their reporting of fraud. The survey in 2010–11 asks agencies to identify non-compliance separately from actual fraud, thus clarifying this aspect of the survey. Other changes in reporting practices may include significant changes to agencies’ roles, structures or functions, or agencies taking on new programs or service delivery functions. Alternatively, human or system error may have contributed to the changes detected. Further in-depth analysis with the agencies would be required to explore each of these factors.

Twenty-four percent of responding agencies experienced both internal and external incidents in 2009–10, representing a one percent increase from the 2008–09 findings. Agencies that experienced one type of fraud (either internal or external) were significantly more likely to also experience the other type (χ2=62.3, df=1 p<0.001). Cramér’s V of 0.64 indicated that there was a strong level of association between these two variables. Table 4 shows the number of agencies that experienced each type of fraud in 2009–10.

Table 4: Agency experience of fraud incidents, by type of perpetrator (number of agencies)
Any external incident
Any internal incident No Yes Total
No 91 14 105
Yes 10 37 47
Total 101 51 152

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Agency size and fraud

In 2009–10, agencies reported having between no staff and 81,366 full-time equivalent (FTE) employees (including ongoing staff, non-ongoing and other staffing categories). Fifteen agencies reported having between one and 10 employees, seven agencies either had zero employees or did not respond. Some agencies reported zero staff if they were managed by larger agencies and therefore did not have any specific staff operating within that agency.

Agency size was found to be statistically related to agency experience of fraud. Agencies were grouped into three categories according to size: up to 500 employees, 501 to 1000, and more than 1000. It was found that the group with up to 500 employees was significantly less likely to have reported incidents of fraud in 2009–10 compared with the other two groups (Figure 3). In contrast, the category of agencies with more than 1,000 employees was significantly more likely to have experienced fraud (n=31, 94%, df=2, χ2 =66.0, p<0.001). Cramér’s V of 0.66 indicated that there was a strong association between the size of the agency and reported incidents of fraud. Furthermore, only 8 (5%) agencies that reported having more than 500 employees did not report any fraud incidents. These findings indicate that smaller agencies were less likely to report having experienced fraud incidents than agencies with more than 500 employees.

Figure 3: Incidence of fraud, by agency size (percentage of agencies)

a: employees included both permanent and employees on a non-ongoing contract; 62 agencies experienced fraud with six reported having zero staff

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Agency fraud control sections

Information was also gathered on the size and composition of fraud control sections within agencies and how this related to fraud experiences. Fifty-three percent of respondents indicated they had at least a part-time employee in their agency dedicated to fraud control, which represented a large reduction from 2008–09 when 62 percent of respondents reported having at least one employee dedicated to fraud control.

Overall, it was found that agencies with a dedicated fraud control section were significantly (χ2 =29.9, df=1, p<0.0001, Cramér’s V of 0.44—indicating a low level of association) more likely to have reported fraud incidents than those without such a section. This finding, however, differed depending on whether internal or external fraud was involved. Table 5 shows that a higher percentage of agencies that reported experiencing external fraud had a fraud control section than agencies experiencing internal fraud. The level of association between the variables of experience of fraud and presence of a fraud control section was generally weak, as indicated by the Cramér V figure showing a higher level of association as it approaches 1.0.

Table 5: Experience of fraud by agencies with a fraud control section (% of agencies)
Internal External Any
Yes (Fraud control section) 47* 52** 60***
No (No fraud control section) 53 48 40
All 100 100 100

*(χ2=20.8, df=1, p<0.0001, Cramér’s V = 0.37)

** (Χ2=26.0, df=2, p<0.0001), Cramér’s V = 0.41)

*** (Χ2=29.9, df=1, p<0.0001), Cramér’s V = 0.44)

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Another factor considered was the size of the agencies that had a fraud control section, as agency size has been shown as an important factor in reported victimisation, with larger agencies more likely to report experiencing fraud. Larger agencies (over 1,000 employees), which represented only 22 percent of all agencies, were more likely to have a fraud section (88%). This was slightly fewer than in 2008–09 (93%).Those agencies with fewer than 500 employees were least likely to have a dedicated fraud section (41%). This was lower than in 2008–09, when 50 percent of such agencies had a dedicated fraud section.

Internal fraud

Respondents were asked to report on two aspects of internal fraud incidents—the ‘focus’ or the benefit that was being sought and the ‘method’ used to carry out the alleged activity. It was anticipated that by collecting data in both ways the survey would highlight the types of fraud that affected agencies as well as the methods being used. This information could then be used to create better fraud prevention strategies across all Australian Government agencies.

Focus of internal fraud incidents

The five categories of focus were equipment, entitlements, information, financial benefits, and ‘other’ for any incidents relating to a benefit that did not fall into one of the four defined subcategories.

If a respondent agency answered ‘yes’ to experiencing any incidents relating to a category of fraudulent benefit, that agency was required to specify what the incident had involved. For example, if an agency stated that it had experienced fraud focused on ‘entitlements’, it was then asked about whether the fraud involved false travel claims or payroll fraud etc. Within each subcategory there was also an option to state that the nature of the specific incident could not be determined. This was used in cases in which it was known that an incident of that general category had occurred, but there was insufficient information to define the exact nature of the fraud.

The survey assessed both the number of agencies affected by each fraud category and the total number of incidents reported, regardless of how many agencies reported them. From previous results, it was expected that there would be a difference in the distribution of fraud types by size of problem. That is, the type of fraud experienced by those reporting large numbers of incidents was expected to differ from those reporting fewer incidents. In total, 31 percent of agencies (n=47) experienced at least one internal fraud incident in 2009–10. The largest proportion of agencies (n=30, 20%) reported fraud that involved obtaining ‘financial benefits’ followed by fraud focused on obtaining ‘equipment’ (n=27, 18%), ‘entitlements’ (n=25, 16%), ‘information’ (n=22, 14%) and ‘other’ (n=5, 3%). See Figure 4.

Figure 4: Agency experience of internal fraud, by focus (% of agencies)

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

For the various types of internal fraud focus, it was found that ‘leave and related entitlements’ was the type of fraud that affected the greatest number of agencies (n=19), followed by ‘misuse of government equipment’ (n=15) (see Table 6). Interestingly, ‘misuse of government equipment’ was a new category for 2009–10 and was shown to be an area of concern. In the ‘other’ category, one agency reported internal fraud involving ‘assisting customers to circumvent controls’ in 293 cases, while another agency reported 20 incidents relating to ‘damage of government property’.

Table 6: Internal fraud, by focus of incident (number of agencies and incidents)
Focus of fraud Agencies Mean Total incidents
Equipment
Theft of telecommunications or computer equipment (not including mobile devices) 13 6 72
Theft of other government equipment 7 11 76
Theft of consumable stock (office related) 5 1 5
Theft of consumable stock (other) 5 5 26
Misuse of government equipment 15 8 118
Unable to be determined 1 1 1
Other equipment 4 1 5
Entitlements
Expenses (other than travel) 5 1 5
Travel claims 11 2 27
Payroll fraud 7 4 25
Leave and related entitlements 19 6 119
Unable to be determined 1 2 2
Other entitlements 5 64 320
Information
Obtaining or using information without authorisation (excluding personal information) 10 11 110
Obtaining or using personal information without authorisation 8 109 869
Providing false or misleading information, or failing to provide information when required to do so 12 6 75
Use of agency logo or name without authorisation 6 2 13
Misuse of agency intellectual property 5 1 5
Unable to be determined 1 2 2
Other information 2 3 6
Financial benefits
Obtaining cash/currency without permission (including theft of petty cash) 13 5 63
Misuse or theft of government credit cards, travel cards or other cash cards 14 6 90
Misuse or theft of Cabcharge 9 5 43
Theft of property other than cash 7 4 28
Procurement offences 5 2 11
Bankruptcy offences (including hiding or disposing of assets) 0 0 0
Falsification of document in order to gain financial benefit 12 5 63
Unable to be determined 0 0 0
Other financial benefits 4 4 14

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Although fraud focusing on obtaining ‘financial benefits’ was the category of internal fraud experienced by the greatest number of agencies (n=30, 20%), fraud focused on ‘information’ was the most frequently reported type of internal fraud (n=1,080, 36%), (Figure 5). Fraud relating to ‘obtaining or using personal information without authorisation’ accounted for 29 percent of all internal fraud reports (n=869 out of 3,001 reported incidents).

Figure 5: Internal fraud by focus of incident (% of incidents)

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Methods of committing internal fraud

In addition to collecting information on types of alleged fraud, the survey examined the methods used to carry out internal fraud. The data from questions about fraud methods were analysed by counting the number of agencies affected by a particular type of fraud method as well as the methods used in most incidents. Fraud involving the ‘misuse of documents’ affected the largest proportion of agencies, with 16 percent (n=24) of agencies reporting each of these activities (Figure 6).

Figure 6: Internal fraud, by method of commission (% of agencies)

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

The category with the highest number of incidents that employed particular fraud methods, as was the case in the 2008–09 survey, was ‘accessing information or programs via a computer without authorisation’ (n=1,011). The number of reported incidents in this category, however, was much smaller than in 2008–09 (n=1,816). ‘Failure to disclose/abuse of a conflict of interest’ ranked second in frequency of reported incidents (n=342). The largest number of agencies (n=16) experienced ‘creating and/or using a false or altered agency document’, followed by ‘creating and/or using a false or altered document (not belonging to the agency)’ (n=14) (Table 7).

Table 7: Internal fraud, by method of commission (number of agencies and incidents)
Method type Agencies Meana Total incidents
Misuse of information technologies
Accessing information or programs via a computer without authorisation 8 150 1,011
Copying or altering data or programs without authorisation 7 5 34
Misuse of email 8 4 35
Manipulation of a computerised accounting system 4 1 4
Insertion of malicious code 0 0 0
Interference with computer networks 1 6 6
Unable to be determined 0 0 0
Other misuse of IT 6 6 34
Misuse of identity
Creating and/or using a fictitious identity 1 1 1
Use of another employee’s or contractor’s identity without their knowledge 2 2 3
Fraudulently using another person’s identity with their permission 2 2 3
Unauthorised use of another person’s password, PIN, or access pass 3 2 5
Unauthorised use of another person’s Tax File Number or Australian Business Number 0 0 0
Unable to be determined 1 1 1
Other misuse of ID 2 1 2
Misuse of documents
Creating and/or using a false or altered agency document 16 8 125
Creating and/or using a false or altered document (not belonging to the agency) 14 3 38
Dishonestly concealing documents 0 0 0
Failing to provide documents when required to do so 2 24 48
Unable to be determined 2 16 32
Other misuse of documents 4 3 11
Corruption
Bribery of an employee 3 16 48
Accepting kickbacks or gratuities 6 2 9
Failure to disclose/abuse of a conflict of interest 11 31 342
Collusion or conspiracy 4 6 23
Abuse of power 13 3 45
Unable to be determined 3 31 92
Other corruption 2 122 243

a: Mean per agency with an incident

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Losses and recoveries

Losses

Due to the separation of fraud types and methods in the survey design, estimates of the total losses sustained by agencies from all reported incidents of fraud were not requested. Instead, questions were intended to produce an estimate of loss for each fraud category. A general indication of total loss can be obtained by adding the total losses for each category, although there is a possibility of some double counting where agencies report losses attributable to an incident that involved two types of fraud. Such instances are likely to be few, so the total losses provide a good indication of overall dollars lost by agencies.

In 2009–10, the 3,001 incidents of internal fraud reported by 47 agencies involved a total of $2,039,162, or a mean of $680 lost per incident. However, only 53 percent of agencies that experienced an internal fraud incident specified a loss, which means that the total presented is a significant under-estimate. In 2008–09, there was a mean loss of $551 per incident of internal fraud—60 percent of agencies that experienced internal fraud specified a loss.

The difficulties in calculating fraud losses are well known and were outlined in the introduction to this report. For the purposes of this survey, fraud losses were defined as:

The amount, in whole dollars, thought to have been lost to the agency from fraud incidents, prior to the recovery of any funds, and excluding the costs of detection, investigation or prosecution.

Not all agencies that experienced internal fraud reported a financial loss as a result of the incident(s). While 31 percent (n=47) of agencies experienced internal fraud, only 16 percent of all agencies (n=25), or 53 percent of agencies that experienced an internal fraud incident, specified a loss from internal fraud. Further, 34 percent (n=16) of those that experienced internal fraud were unable to calculate their losses or were unwilling to report such losses.

Figure 7: Agency experience of internal fraud, by focus of incident and reported losses (% of agencies and value)

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

The internal fraud type that resulted in the largest financial loss to Australian Government agencies was ‘fraud relating to entitlements’, with over $1.2m dollars lost in this way (Table 8). This type of fraud resulted in a loss for nine percent of all agencies (n=14), with an average loss of more than $91,000 for each agency affected. The financial losses experienced as a result of internal fraud in 2009–10 differed somewhat from the findings in 2008–09. The number of agencies affected was similar across the different methods of commission, although the total loss for ‘financial benefits fraud’ was less in 2009–10 at $375,853 than the $684,663 reported in 2008–09. Financial losses due to ‘corruption’ increased from nil in 2008–09 to $3,800 in 2009–10.

Table 8: Internal fraud losses by focus of incident (number and value)
Type Agencies (n) Mean ($)a Total ($)
Equipment 11 32,896 356,353
Entitlements 14 91,577 1,282,076
Information 1 800 800
Financial Benefits 17 22,109 375,853
Corruption 2 1,900 3,800
Other frauds 2 10,140 20,280

a: mean number of agencies with an incident

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

The total amount lost for each fraud type against the percentage of agencies that experienced internal fraud incidents is presented in Figure 6. With the exception of ‘fraud relating to entitlements’ there was no relationship between the number of agencies reporting incidents and the amount lost for each fraud type.

It is important to note that fraud incidents can have a non-financial impact on agencies, and a small financial loss can be associated with a significant non-financial impact. In total, 23 agencies reported a loss from internal fraud that could not be quantified (Table 9). Taking into account the difficulties associated with calculating fraud losses, it is clear that the figures of estimated loss in this report considerably underestimate the actual internal fraud losses incurred by Australian Government agencies in 2009–10.

Table 9: Internal fraud losses that could not be quantified, by method of commission (number and % of agencies)
Fraud type Agencies (n) Agencies (%)
Equipment 5 3
Entitlements 4 3
Information 4 3
Financial benefits 4 3
Corruption 3 2
Other frauds 3 2

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Recoveries

Only 32 percent (n=15) of agencies that experienced internal fraud recovered money from these incidents. The amounts recovered by agencies were diverse, ranging from a minimum of $230 through to a maximum of $359,310. Agencies most commonly recovered losses through administrative remedies. No agencies used civil action to recover losses during 2009–10.

In relation to methods of committing fraud and recoveries, ‘entitlement fraud’ represented the category with the largest amount recovered—in excess of $330,000. This was followed by ‘financial benefits fraud’ with recoveries of more than $240,000 (Table 10). The amount recovered in cases involving ‘entitlement fraud’ ranged from $215 to $225,489. In all, $599,350 was recovered from incidents of internal fraud.

Table 10: Internal fraud recoveries, by focus of incident and recovery type (number of agencies and value)a
Fraud type Criminal Civil Administrative remedy Other Total
Equipment
Amount recovered ($) 6,368 0 9,075 4,800 20,243
Agencies (n) 1 0 3 2 6
Entitlements
Amount recovered ($) 5,250 0 308,167 18,597 332,014
Agencies (n) 1 0 9 3 13
Information
Amount recovered ($) 0 0 0 800 800
Agencies (n) 0 0 0 1 1
Financial benefits
Amount recovered ($) 163,234 0 59,278 18,094 240,606
Agencies (n) 2 0 7 4 13
Corruption
Amount recovered ($) 0 0 0 800 800
Agencies (n) 0 0 0 1 1
Other frauds
Amount recovered ($) 943 0 3,458 486 4,887
Agencies (n) 1 0 2 1 4

a: agencies reported recovering money using more than one method per category

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Suspects

Ninety-four percent (n=44) of agencies that experienced an internal fraud incident identified at least one suspect. Fraud relating to ‘financial benefits’ was the type of fraud for which the largest number of agencies identified suspects (n=25). However, the fraud type that generated the most suspects was ‘fraud related to information’, with 961 suspects identified by 21 agencies (Table 11).

Table 11: Internal fraud suspects, by focus of incident (number of agencies and suspects)
Type Agencies that identified suspects Mean suspects Total suspects
Equipment 21 10 207
Entitlements 24 17 406
Information 21 57 961
Financial benefits 25 9 218
Corruption 13 50 650
Other 13 30 390

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

As individuals suspected of internal fraud were, by definition, employees of the agency, information on their job role was gathered, together with the duration of their employments in some cases (Table 12). However, this information was not always collected by agencies due to limitations in record keeping. Of the 2,832 internal fraud suspects, information on job role and duration of employment was reported for only 2,001 (71%). Of those cases in which duration of employment and position could be determined, most suspects were in junior or non-management roles (n=426); suspects from executive/senior management levels were comparatively rare (n=22). This contrasts with the results of recent fraud surveys where managerial employees were most likely to be the perpetrators who caused the largest financial losses through fraud, especially in the public sector. For example, KPMG (2010) found that in the public sector organisations surveyed, 85 percent of losses suffered were caused by managers, while the largest proportion of incidents was committed by non-managerial employees (62%). It should be noted that the results of KPMG’s survey related to proved incidents of fraud, unlike the present survey which included alleged and substantiated incidents.

Table 12: Suspects’ duration of employment and current job role (number of suspects)
Position Less than 1 year 1–<3 years 3–<6 years 6–<9 years More than 9 years Unknown Total
Junior non-management 17 124 77 53 73 82 426
Management 1 16 12 13 54 13 109
Executive/senior management 1 0 1 2 10 8 22
Other 0 1 0 0 1 22 24
Unknown 67 311 163 146 368 365 1,420
Total 86 452 253 214 506 490 2,001

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Where the duration of employment was known, but not the position held, suspects were most likely to have been employed for more than nine years (n=368), followed by employment from between one and three years (n=311). In total, across all positions, junior non-management staff employed from between one and three years at the responding agency represented the greatest number of suspects (n=124, or 27 percent of the 456 suspects whose current job role and duration of employment was specified). Eighteen percent (n=365) of the employees suspected of internal fraud were unable to be identified by position or duration of employment. Such missing data was less than half the size of what was reported in 2008–09 (n=1,491, 47%), possibly indicating improvement in data collection in agencies. Overall, the reported data relating to suspects of internal fraud were consistent with the findings in 2008–09.

Fraud detection and investigation

Alongside fraud incident data, information was also gathered on the ways in which internal fraud was both detected and investigated. Agencies provided information on the detection of 2,481 internal fraud incidents. The ‘internal controls/audit/investigation’ method of detection was frequently used (n=22 agencies), producing the highest total number of incidents detected (n=1,275). This category of detection had the highest mean detection rate of 58 incidents detected per agency.

Detection by ‘staff member/colleagues’ was the most common form of discovery identified by 36 agencies, although it had a much lower mean of 13 incidents detected per agency using this method.

Detection by ‘external whistleblower/informant (not anonymous)’—informants outside the agency who reported their suspicions in the public interest—was another common method of detection, resulting in 592 identified incidents and a mean of 33 incidents per agency (Table 13).

Table 13: Internal fraud detection methods (number of agencies and incidents)
Method of detection Agencies Meana Total incidents detected
Internal controls/audit/investigation 22 58 1,275
Staff member/colleague discovered/reported 36 13 453
Anonymous whistleblower/informant 13 5 70
External audit/investigation 5 4 18
Notification by police or other law enforcement agencies/investigations 7 4 29
External whistleblower/informant (not anonymous) 18 33 592
Credit card issuer 1 1 1
Media 2 2 3
Offender self-reported 3 7 20
Unable to be determined 4 2 7
Other 2 7 13
Total 2,481

a: mean of agencies that detected an incident

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Agencies provided information about the investigation of 2,633 internal fraud incidents. The overwhelming majority of internal fraud incidents were investigated by the agency that experienced the fraud (Table 14). This was true for the number of agencies (89%) as well as for the number of incidents investigated (97%). The total number of incidents investigated was slightly higher than the number of incidents detected, which may be due to agencies investigating possible cases of non-compliance and determining that fraud was not evident.

Table 14: Method used to investigate internal fraud incidents (number of agencies and investigations)
Manner investigated Agencies Meana Total investigations
Agency investigation only—no external investigation 42 61 2,553
External investigator 7 1 10
Australian Federal Police 8 3 20
State or territory police 9 3 24
Credit card issuer 2 2 3
Media 1 1 1
Another agency 6 3 18
Other 3 1 4
Total 2,633

a: mean of agencies that detected an incident

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Referrals for police investigation and prosecution

The number of agencies that reported referring internal fraud incidents to the AFP, state and territory police and the CDPP was small (Table 15). In 2009–10, agencies referred a total of 94 incidents involving internal fraud for police investigation or prosecution by the Commonwealth Director of Public Prosecutions (CDPP). Of these, agencies referred 34 internal fraud incidents to the Australian Federal Police (AFP) and a further 25 internal fraud incidents to state and territory police. Agencies also referred 35 internal fraud incidents to the CDPP in 2009–10. This indicates that the agency involved investigated the majority of its fraud incidents, rather than involving police and prosecutors. This is in accordance with the Commonwealth Fraud Control Guidelines 2002, which require agencies to have primary responsibility for fraud investigation. Relatively small numbers of incidents were also referred to the CDPP for prosecution. It appears that internal frauds involving ‘entitlements’ were most likely to result in referral to the CDPP in 2009–10.

External fraud

As previously noted, external fraud was defined as ‘any incident of suspected fraud allegedly committed against the agency by a person other than an employee or contractor of the agency’. Where appropriate, agencies were able to record one incident in multiple categories of fraud type. As was the case for internal fraud, the survey questions about external fraud incidents were presented in two sections—the first concerning the ‘focus’ or benefit to be obtained and the second concerning the ‘method’ that was used to carry out the incident.

Focus of external fraud incidents

External fraud types were grouped into five categories—equipment, entitlements, financial benefits, information and other. ‘Other’ was for any incidents relating to a benefit that did not fall into one of the other four identified categories.

If a respondent agency answered ‘yes’ to experiencing any incidents relating to a category of fraud benefit, it was required to specify what the incident involved. For example, if an agency stated that it had experienced fraud focused on ‘entitlements’, it was then asked whether the fraud related to housing, social security etc. Within each fraud category, there was also an option to state that the specific fraud focus was ‘unable to be determined’. This was used in cases in which it was known that an incident of that general category had occurred, but there was insufficient information to define the exact nature of the fraud.

The survey also counted the number of agencies affected by each fraud type and the total number of incidents reported regardless of how many agencies reported them. Based on the findings of the 2008–09 survey, it was expected that there would be a difference between the fraud types that affected most agencies and those that generated the largest number of incidents.

Thirty-four percent (n=51) of the total number of agencies providing usable data reported having experienced some kind of fraud perpetrated by an external entity—that is, a person not employed by the agency. The fraud categories that affected most agencies were ‘financial benefits’ (21% n=32) and ‘equipment’ (16%, n=24), (Figure 8).

Figure 8: External fraud, by focus of incident (% of agencies)

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Although the number of agencies that experienced internal and external fraud was quite similar (n=47 and n=51 respectively), the number of actual incidents experienced was considerably higher in the case of external fraud. It was also evident that the external fraud types that produced the largest number of incidents were experienced by only a small proportion of agencies. Overwhelmingly, ‘misusing or claiming benefits without entitlement relating to social security’ produced the highest number of incidents (n=613,527), although only three agencies reported experiencing this type of external fraud. Compared with 2008–09, the incidence of social security related fraud was less in 2009–10. Further investigations with one of the agencies in question, revealed that this was largely due to a change in counting rules within that agency, which was responsible for reporting 99 percent of these types of incidents (n= 717,414 in 2008–09; n=613,527 in 2009–10).

When looking at other specific fraud types, agencies were most likely to experience ‘theft of telecommunications or computer equipment’ (n=18), ‘providing false or misleading information, or failing to provide information when required to do so’ (n=13), or ‘fictitious claims/forgery’ (n=13) (Table 16).

Table 16: External fraud, by focus of incident (number of agencies and incidents)
Fraud type Agencies Mean incidentsa Total incidents
Equipment
Theft of telecommunications or computer equipment (including mobile devices) 18 727 13,083
Theft of other government equipment 11 2 26
Theft of consumable stock (office-related) 4 2 6
Theft of consumable stock (other) 2 2 3
Misuse of government equipment 3 8 24
Unable to be determined 0 0 0
Other 4 162 648
Entitlements
Misusing or claiming benefits without entitlement relating to housing 0 0 0
Misusing or claiming benefits without entitlement relating to social security 3 204,509 613,527
Misusing or claiming benefits without entitlement relating to health benefits 2 562 1,123
Misusing or claiming benefits without entitlement relating to visa/citizenship 2 33,151 66,302
Misusing, evading or claiming benefits without entitlement relating to child support 1 464 464
Revenue fraud 4 167 669
Customs and excise fraud (evading excise) 1 563 563
Unable to be determined 3 1,335 4,006
Other (combined) 11 521 5,733
Information
Obtaining or using information without authorisation (excluding personal information) 5 2 9
Providing false or misleading information, or failing to provide information when required to do so 13 147 1,913
Obtaining or using personal information without authorisation 3 154 461
Use of agency logo or name without authorisation 6 2 12
Misuse of agency intellectual property 1 1 1
Unable to be determined 2 234 468
Other Information 2 8 16
Financial benefits
Obtaining cash/currency without permission (including theft of petty cash) 6 4 21
Misuse or theft of government credit cards, travel cards or other cash cards 8 10 76
Theft of misuse of cabcharge 9 3 25
Theft of property other than cash 6 3 17
Procurement offences 1 20 20
Fictitious claims/forgery 13 7 85
Unable to be determined 2 12 23
Other 13 499 6,485
Other frauds
Other (combined) 17 564 4,004

a: mean calculated on agencies that reported an incident

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

In the ‘other frauds’ category, agencies reported a range of fraudulent activities including, but not limited to, community protection matters (n=2,536); non-payment of national park entry fees (n=640); illegal importation (n=13); illegal foreign fishing vessels operating in Australian waters (n=23); plagiarism (n=27); and cheating in examinations (n=6).

Methods used in external fraud incidents

With respect to the methods used to commit external fraud, it was found that fraud involving the ‘misuse of documents’ affected the largest proportion of agencies—17 percent of all agencies reported this method of fraud (Figure 9). A similar finding was reported in 2008–09, where ‘misuse of documents’ was the most common method identified, although this was slightly less in 2009–10 than in 2008–09 (21%). In contrast to internal fraud, external fraud incidents involving the ‘misuse of IT’ and ‘corruption’ were comparatively rare (both 7%), with ‘misuse of identification’ more common (11%).

Figure 9: External fraud, by method of commission (% of agencies)

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

The specific method of external fraud experienced by the greatest number of agencies was ‘creating and/or using a false or altered document (not belonging to the agency)’ (n=16); 666 incidents were reported where this method of fraud was used (Table 17). The largest number of incidents were recorded in relation to ‘failing to provide documents when required to do so’ (n=7,573), which was experienced by seven agencies. This was followed by ‘unauthorised use of another person’s tax file number or Australian business number’ (n=2,859), which involved just two agencies. Compared with ‘misuse of IT’ in connection with internal fraud, external fraud incidents involving the ‘misuse of IT’ were rare, with only four agencies reporting external fraud occurring through information having been accessed via a computer without authorisation. One agency reported interfering with computer networks in relation to six incidents of internal fraud (see Table 7).

Table 17: External fraud, by method of commission (number of agencies and incidents)
Method type Agencies Meana Total incidentsb
Misuse of information technologies
Accessing information or programs via a computer without authorisation 4 115 460
Copying or altering data or programs without authorisation 1 2 2
Manipulation of a computerised accounting system 1 1 1
Insertion of malicious code 0 0 0
Interference with computer networks 2 4 7
Unable to be determined 0 0 0
Other misuse of IT 5 2 8
Misuse of identify
Creating and/or using a fictitious identity/forgery 10 15 153
Use of an employee’s or contractor’s identity without their knowledge 4 1 5
Fraudulently using another person’s identity with their permission 0 0 0
Unauthorised use of another person’s password, PIN, or access pass 0 0 0
Unauthorised use of another person’s tax file number or Australian Business Number 2 1,430 2,859
Unable to be determined 2 4,356 8,711
Other misuse of ID 5 2 8
Misuse of documents
Creating and/or using a false or altered agency document 13 7 96
Creating and/or using a false or altered document (not belonging to the agency) 16 42 666
Dishonestly concealing documents 0 0 0
Failing to provide documents when required to do so 7 1,082 7,573
Unable to be determined 7 3,303 23,123
Other misuse of documents 9 19 170
Corruption
Bribery of an employee 1 42 42
Accepting kickbacks or gratuities 2 2 4
Failure to disclose/abuse of a conflict of interest 4 3 11
Collusion conspiracy 4 5 19
Abuse of power 3 14 43
Unable to be determined 3 7 22
Other corruption 2 1 2
Other methods
Other 40 43,537 608,704

a: mean calculated on agencies that reported an incident

b: respondents were able to provide multiple responses, hence the absence of column totals

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Losses and recoveries

Losses

Owing to the separation of fraud types and methods in the survey design, estimates of the total losses sustained by agencies with respect to external fraud were not collected from respondents. Instead, questions were intended to produce an estimate of loss for each fraud category. As was the case when reporting on internal fraud losses, a general indication of total loss can be obtained by adding the total losses for each category, although there is a possibility of some double counting where agencies report losses attributable to an incident that involved two types of method. In 2009–10, the 702,941 incidents of external fraud reported by 51 agencies involved a total loss of $495,534,658. However, only 65 percent of agencies that experienced an external fraud incident specified a loss.

As in the case of internal fraud, fraud losses from external fraud were defined as:

the amount, in whole dollars, thought to have been lost to the agency from fraud incidents, prior to the recovery of any funds, and excluding the costs of detection, investigation or prosecution.

Not all agencies that experienced external fraud reported a loss. While 34 percent (n=51) of all agencies experienced an external fraud incident, only 22 percent (n=33) reported a loss from external fraud (or 65 percent of agencies that experienced an external fraud).

The total estimated losses due to external fraud in 2009–10, were close to $496m, which represented a 17 percent reduction ($105m) from the losses reported in 2008–09. The external fraud type that resulted in the largest financial loss to agencies was fraud relating to ‘entitlements’, costing agencies nearly $488m in 2009–10 (see Table 18). ‘Financial benefits fraud’ affected the greatest number of agencies that experienced an external fraud incident (35%, n=18), which is fairly consistent with the reported figures for 2008–09; however, the total amount lost was approximately $14.5m less than was reported in 2008–09.

Table 18: External fraud losses, by focus of incident (number of agencies and value)
Fraud type Agencies (n) Mean ($)a Total lost ($)b
Equipment 16 13,586 217,370
Entitlements 8 60,948,151 487,585,211
Information 1 572,018 572,018
Financial benefits 18 348,654 6,275,774
Corruption 2 441,503 883,005
Other frauds 2 640 1,280

a: mean calculated on agencies that reported an incident

b: respondents were able to provide multiple responses, hence the absence of column totals

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Fraud in relation to ‘equipment’ showed a marked decrease compared with 2008–09, decreasing from $1,429,052 in 2008–09, to $217,370 in 2009–10. The greatest area of decrease between 2008–09 and 2009–10, however, concerned fraud relating to ‘financial benefits’. Losses totalling $20,800,000 were reported in 2008–09, down to only $6,274,774 in 2009–10. This is most likely due to the impact of changes in counting rules adopted by the relevant agency. Losses due to ‘information’ fraud increased from no losses reported in 2008–09 to $572,018 in 2009–10, although this involved only one agency that suffered a large loss as a result of the fraud incident.

The amount lost for each fraud type for the number of agencies that experienced external fraud incidents is presented in Figure 10. Without exception across all fraud types, there was a substantial difference between the number of agencies that reported incidents and the amount lost for each fraud type. While there were a relatively small number of agencies that suffered fraud incidents relating to ‘entitlements’ compared with ‘financial benefits’, the amount lost due to ‘entitlement fraud’ was considerably more than losses caused by ‘financial benefit fraud’ and each of the other fraud types. It is important to note, however, that the impact of fraud incidents could affect agencies in non-financial ways and a small financial loss, as seen in the case of corruption and fraud relating to information, might not necessarily mean that the fraud had not had a significant effect on the victimised agency.

Figure 10: Agency experience of external fraud, by focus of incident and reported losses (% of agencies and value)

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Owing to the inherent difficulties associated with calculating fraud losses, agencies were given the option of specifying losses that they were unable to quantify. In total, 37 agencies reported suffering a loss from external fraud that could not be quantified (Table 19). Given the difficulties of calculating losses and the fact that 19 agencies identified losses that could not be quantified, it is likely that the figures of estimated loss in this report underestimate the external fraud losses incurred by Australian Government agencies in 2009–10.

Table 19: External fraud losses that could not be quantified, by focus of incident (number and % of agencies)
Fraud type Agencies (n) Agencies (%)
Equipment 7 5
Entitlements 5 3
Information 8 5
Financial benefits 10 7
Corruption 3 2
Other frauds 4 3

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Recoveries

In 2009–10, 43 percent of agencies that experienced external fraud were able to recover money (n=22). The amount of money recovered by agencies from external fraud varied, with amounts ranging from $83 to more than $86m for one agency alone. The total recovered was approximately $196m (Table 20). Recovery for fraud relating to ‘financial benefits’ was the most common fraud type that led to recovery of funds (n=18), with the use of ‘administrative remedies’ the most common method used to recover funds (n=18). The largest total recoveries were made using administrative methods—internal procedures not involving civil or criminal action—in connection with fraud relating to ‘entitlements’ (over $86m), involving five agencies. In 2008–09 no financial losses involving ‘entitlements’ were recovered using criminal prosecution or civil remedies, while in 2009–10 two agencies recovered almost $150,000 through criminal prosecution and another agency recovered over $3,000 through civil remedies. The total amount recovered for ‘other’ through ‘other’ means of recovery was almost $86.6m. This compares to $30m in the same category for 2008–09, showing a considerable increase (Table 20).

Table 20: External fraud recoveries, by focus of incident and method of recovery (number of agencies and value)a
Fraud type Criminal Civil Administrative remedy Other Total
Equipment
Amount recovered ($) 0 0 21,640 0 21,640
Agencies (n) 0 0 1 0 1
Entitlements
Amount recovered ($) 149,421 3,373 86,814,519 0 86,967,313
Agencies (n) 2 1 5 0 8
Information
Amount recovered ($) 0 0 126,600 79,278 205,878
Agencies (n) 0 0 2 1 3
Financial benefits
Amount recovered ($) 408,660 200 11,661,031 128,519 12,198,410
Agencies (n) 5 1 8 4 18
Corruption
Amount recovered ($) 522 0 0 81,246 81,768
Agencies (n) 1 0 0 1 2
Other frauds
Amount recovered ($) 10,096,025 0 9,460 86,555,653 96,661,138
Agencies (n) 1 0 2 1 4

a: agencies could recover money through more than one method per category of fraud

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Suspects

Eighty-eight percent of agencies that experienced an incident of external fraud identified at least one suspect, a slightly lower proportion than in 2008–09 (96%). Suspects were identified by 26 agencies with respect to fraud relating to ‘financial benefits’ followed by individuals suspected of fraud involving ‘equipment’, in which 18 agencies identified suspects. The largest number of suspects was identified for external fraud incidents that related to ‘entitlements’ (n=691,111), which was consistent with the high number of incidents for this type of fraud (Table 21). The number of agencies that identified suspects by the various fraud types was fairly consistent with findings from 2008–09, despite the substantial change in the number of incidents between the two years.

Table 21: External fraud, by focus of incident (number of agencies and suspects)
Type Agencies Mean suspectsa Total suspects
Equipment 18 5 85
Entitlements 13 53,162 691,111
Information 15 155 2,319
Financial benefits 26 243 6,308
Corruption 4 12 49
Other frauds 12 356 4266

a: mean calculated on agencies with a suspect

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

As external fraud is committed by members of the public, data on the employment background of suspects would not necessarily be collected by agencies. Accordingly, information on this variable was not included in the survey. Further research, perhaps undertaken through the analysis of prosecution files, would be required to obtain this information, although this would be a limited data source given the large number of matters dealt with by other means.

Fraud detection and investigation

In addition to fraud incident data, information was gathered on the ways in which external fraud was both detected and investigated. Agencies provided information on the detection of 703,424 external fraud incidents. It was found that most agencies detected external fraud through ‘internal controls/audit/investigation’ (n=33); this method was also responsible for detecting the greatest number of fraud incidents (n=596,094, see Table 22).

Table 22: External fraud detection methods (number of agencies and incidents)
Method of detection Agencies Meana Total incidents detectedb
Internal controls/audit/investigation 33 18,063 596,094
Staff member/colleague discovered 29 1,344 38,974
Anonymous whistleblower/informant 3 4 12
External audit/investigation 5 173 863
Notification by police or other law enforcement agencies/investigations 8 88 705
External whistleblower/informant (not anonymous) 21 2,189 45,972
Media 5 2 8
Accused self-reported 4 1,408 5,631
Unable to be determined 3 937 2,811
Other frauds 5 1,235 12,354

a: mean calculated on agencies that detected an incident

b: respondents were able to provide multiple responses, hence the absence of column totals

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Although only four accused perpetrators were ‘self-reported’, this led to the detection of the highest average of fraud incidents. It was reported that one of the accused had committed virtually all of the 5,631 self-reported incidents, committing 5,627 fraud incidents before self-reporting.

Comparing 2008–09 with 2009–10 findings, there was a decline in the number of incidents detected by ‘internal controls/audit/investigation’ (from 730,145 to 596,094) and those incidents detected by ‘external anonymous whistleblower/informant’ (from 71,559 to 45,972). Both of these changes were probably due to the change in fraud reporting and counting practices adopted by two large agencies that relied on these two methods to control fraud and non-compliance risks. There has also been a rise in the incidents detected by ‘other’ methods (from 190 to 12,354).

Respondents provided information about the manner in which 665,846 incidents of external fraud were investigated in 2009–10. As was the case with investigating internal fraud incidents, the agency involved investigated the clear majority of these incidents (Table 23). This was true with respect to both the number of agencies that reported external fraud (73%) and the number of incidents involved (99%). Compared with 2008–09, fewer external fraud incidents were investigated by the Australian Federal Police (79 incidents in 2008–09 compared with 59 incidents in 2009–10) and/or state or territory police (52 incidents in 2008–09 compared with 37 incidents in 2009–10). The total number of incidents investigated was fewer than the number of incidents detected. This was probably because, although some incidents were detected, not all were necessarily investigated. Further qualitative research would be required to confirm this.

Table 23: Methods used to investigate external fraud incidents (number of agencies and incidents)
Method of investigation Agencies Meana Total
Agency investigation only—no external investigation 37 17,835 659,899
External investigator 4 65 261
Australian Federal Police 17 3 59
State or territory police 16 2 37
Media 0 0 0
Another agency 11 17 182
Other 11 492 5,408
Total 665,846

a: mean calculated on agencies that investigated an incident

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Referrals for police investigation and prosecution

The number of agencies referring external fraud incidents to the AFP, state and territory police and the CDPP was small, as was the case with internal fraud incidents (Table 24). In 2009–10, agencies referred a total of 5,428 incidents involving external fraud for police investigation or prosecution by the CDPP. Of these, agencies referred 134 incidents to the AFP, a further 101 to state and territory police and 5,193 incidents to the CDPP.

Table 24: Number of external fraud referrals, by focus of incident (number of agencies and incidents)
Focus AFP State and territory police CDPP
Equipment
Agencies 4 11 0
Referrals 6 36 0
Entitlements
Agencies 4 4 7
Referrals 35 7 4,665
Information
Agencies 6 1 1
Referrals 9 2 4
Financial benefits
Agencies 9 9 8
Referrals 18 15 28
Other frauds
Agencies 5 4 5
Referrals 66 41 496

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

Frauds targeting ‘entitlements’ were most often referred for police or prosecution activity (n=4,707), followed by ‘other’ fraud types (n=603), although this was still a small proportion of the total number of these incidents. The referrals reported in 2009–10 showed a general decrease in all categories compared with 2008–09. The greatest decline from 2008–09 to 2009–10 was in the number of referrals to the AFP for frauds relating to ‘entitlements’ (from n=67 to n=35 respectively); however, the number of referring agencies remained the same (n=4). Also, the number of referrals to the CDPP for fraud relating to ‘information’ also decreased between 2008–09 and 2009–10 (from 20 to 4 referrals). Referral rates, of course, are influenced by a variety of factors, including the initial detection of incidents, adequacy of evidence and ability of policing and prosecution agencies to deal with matters.

Training and fraud

In the 2009–10 survey, agencies were asked to specify the employee resources that they devoted to fraud control. Specifically, agencies were asked to report the number of staff they employed in each section on fraud control and the number of staff in these sections that had a fraud control qualification. A qualification could be in the form of a certificate or diploma in fraud investigation or some aspect of fraud control. It was found that the largest number of employees within fraud control sections of agencies worked on investigations and that those working in investigations had formal qualifications more often than those working in fraud prevention (93% compared with 15% respectively) (Table 25).

Table 25: Qualifications of agency fraud control staff (number and % of staff)
Fraud prevention Fraud investigation Fraud other
Employees in fraud section (n) 680 1,126 1,620
Employees with a qualification (n) 101 1,044 125
Fraud section employees with a qualification (%) 15 93 8

Source: Commonwealth fraud survey 2009–10 data [AIC computer file]

From 2008–09 to 2009–10, the number of dedicated fraud section employees increased in ‘prevention’, from 454 to 680. There was also an increase in staff assigned to ‘other’ categories, from 442 to 1,620. In contrast, the number of dedicated fraud section employees in ‘investigation’ decreased by almost half, from 2,062 in 2008–09 to 1,126 in 2009–10.

With the substantial increase in fraud prevention staff, the proportion of fraud prevention staff with a relevant qualification, as a percentage of total fraud staff, decreased from 19 percent to 15 percent between 2008–09 and 2009–10. However, there was a substantial increase in the percentage of staff with qualifications out of total fraud staff between 2008–09 and 2009–10, from 30 percent to 43 percent respectively in connection with ‘investigation’ activities. There was a slight decrease in qualifications from 10 percent to 8 percent for staff working in ‘other’ fraud control activities. The quadrupling of staff numbers assigned to work in this area over the same period should be noted.

Fraud training

The 2002 Guidelines dictate the levels of training required for staff in the areas of fraud control, and current Fraud against the Commonwealth survey findings indicated that agencies were generally favourable to the idea of regular and mandatory training of staff in those matters. However, there were concerns raised about consistency and standards among the current training courses available. Agencies suggested there was a need for more structured training courses, standardised training across APS agencies and for increased information to be available to agencies to use when selecting courses. To facilitate the provision of staff training, some agencies have suggested that advice should also be sought from external professional companies that deal with fraud and risk management to enhance APS-wide training.

Thirty-four agencies responded to a question concerning the need for further improvement in opportunities for staff training in the area of fraud control. Their responses were classified into five general areas (agencies sometimes provided suggestions in more than one category):

  • staff to complete a tertiary certificate or diploma in governance in fraud control and/or investigations (11 agencies—32%);
  • APS-wide short course training on fraud awareness to be provided by the Australian Government instead of external providers on fraud and risk management (22 agencies—64%);
  • in-house fraud and ethics training with additional information on the intranet as a reference point (25 agencies—74%);
  • more informal mentoring and buddy systems for those involved in fraud control (3 agencies—9%); and
  • regular reviews of fraud prevention policies and procedures (17 agencies—50%).

It should be noted that seven of the 34 responding agencies (8% of the total sample) reported that no further training was required.