Australian Institute of Criminology

Skip to content

Executive summary

Summary of findings

Experience of fraud

  • Over the last three financial years, 2010–11 to 2012–13, the percentage of Commonwealth entities experiencing fraud has remained relatively stable, varying from 40 percent in 2010–11 and in 2012–13, to 43 percent in 2011–12. This stability related to the proportion of entities experiencing both suspected internal, as well as external fraud incidents.
  • Each year, entities with more than 1,000 staff experienced more fraud than smaller entities with 500 or fewer staff. The lowest numbers of suspected fraud incidents were experienced by medium-sized entities with between 501 and 1,000 staff. The relationship between entity size and experience of fraud accords with similar findings of business fraud victimisation surveys generally and is explained by the increased opportunities for fraud that arise in large organisations and the larger sums of money with which they deal.

Extent of fraud

  • Over the three years, 265,866 incidents of suspected fraud were reported by Commonwealth entities.
  • There has been a general decline in the number of incidents of suspected internal fraud—from 3,828 in 2010–11 to 2,296 in 2011–12, to 1,685 in 2012–13, representing a 56 percent decline over these three years. This was due to a large reduction in fraud incidents detected by a small cohort of entities, rather than across all Commonwealth entities.
  • Each year, substantially greater numbers of external fraud incidents were detected than suspected internal fraud incidents. In 2012–13 for example, 133,969 incidents of external fraud were detected, as opposed to 1,685 incidents of internal fraud. Owing to different counting rules being adopted by respondents over the three years, there have been large fluctuations in reporting suspected external fraud, extending from 87,207 in 2010–11 and 36,759 in 2011–12, to the much higher figure of 133,969 in 2012–13. These changes are influenced more by different reporting practices than the underlying incidence of external fraud.
  • In addition to these suspected incidents, which related solely either to internal or external fraud, a small number of incidents involved collusion between those working within entities and people outside (61 incidents over the 3 years). The number of these incidents involving collusion has also fluctuated greatly annually.
  • A 60 percent reduction was found in the number of internal fraud suspects over the three year period. However, the ratio of incidents to suspects remained constant, with 1.2 incidents per suspect reported in 2010–11 and 1.3 incidents per suspect in both 2011–12 and 2012–13.

How fraud was committed

  • Respondents were asked to indicate two main aspects of how the fraud incidents they detected had been committed—their ‘focus’ (the target of the alleged fraudulent activity, or the benefit to be derived from the suspected illegal conduct) and the ‘method’ used to carry out the alleged activity (such as misuse of technology, information, identity etc).

Internal fraud

  • The largest number of entities reported suspected internal fraud incidents involving financial benefits (such as obtaining cash without permission, misuse of government credit cards etc), with almost one-quarter of respondents reporting this type of internal fraud incident each year. This type of fraud also accounted for the largest financial losses. In terms of number of incidents, internal financial benefit fraud decreased over the three years from 522 incidents in 2010–11 to 397 incidents in 2012–13.
  • In relation to the methods by which internal fraud incidents had allegedly been committed, a decrease was found in the percentage of entities reporting misuse of information and communications technology (ICT), corruption and ‘other’ types of method, while misuse of identity and documents increased over the three years. In terms of the number of internal fraud incidents, however, the trends were different. Over the three years, the number of incidents of internal fraud committed by misuse of ICT and other methods declined, while the number of incidents of misuse of identity and documents, and corruption increased. In each year, the method of committing internal fraud that was most prevalent involved ‘accessing information or programs via a computer without authorisation’, although this showed a decline over time.

External fraud

  • Fraud involving financial benefits was the most frequently reported category of external fraud over the three years, with the proportion of entities experiencing such frauds increasing from 18 percent in 2010–11 to 21 percent in 2012–13.
  • The largest number of external fraud incidents related to government entitlements, with a large increase in 2011–12 of 170,756 incidents, followed by a decline to 90,773 incidents in 2012–13. This type of fraud most often involved three main types—revenue fraud, visa/citizenship fraud and social security fraud.
  • In terms of the methods of committing external fraud, the largest percentage of entities reported experiencing misuse of documents, while only five percent of entities reported corruption in 2010–11 and 2011–12, decreasing to just four percent in 2012–13. Over the three years, however, the number of incidents of fraud-related corruption increased substantially from 37 incidents in 2010–11 to 163 in 2012–13. By way of contrast, the number of incidents of fraud involving misuse of ICT declined from 56 in 2010–11 to 19 in 2012–13. In relation to fraud involving the misuse of identity, both the proportion of entities affected and the number of incidents remained relatively stable over the three years. In 2010–11, for example, respondents reported 17,152 incidents involving allegations of identity misuse, which decreased by one percent to 16,967 in 2012–13.

Cost of fraud

  • The total reported cost of fraud each year is likely to be an under-estimate of actual losses incurred for a number of reasons.
    • The research findings are limited to cases of suspected fraud that were detected or reported to entities and so no indication is available of the cost of fraud cases that have not been identified.
    • A number of entities failed to participate in the census. Each year, on average, 18 percent of those invited to participate failed to do so and, arguably, some of those would have experienced either internal or external fraud.
    • Some types of fraud cannot be quantified in dollar terms, and fraud can entail many consequential financial impacts that are also difficult, or impossible to quantify. In addition, where investigations have not been finalised, the amount lost often may still to be determined. Accordingly, the present research was only able to provide an estimate of the cost of fraud to the Commonwealth based on what entities indicated in their responses to the questionnaire.
    • Not all respondents were able to quantify the value of the losses experienced. Indeed, only 49 out of 61 entities (80%) that experienced an incident of any type of fraud were able to quantify the value of the loss in 2010-11. This compared with 44 out of 67 (66%) in 2011-12 and 51 out of 64 (80%) in 2012-13 that were able to quantify financial losses
  • The present study asked respondents to indicate the total amount thought to have been lost from fraud incidents, prior to the recovery of any funds and excluding the costs of detection, investigation or prosecution. The responses indicated estimated losses at the time of reporting, as opposed to final losses determined once investigations or litigation had concluded. Separate questions enquired about amounts recovered.
  • For the three years in question, entities reported fraud losses of approximately $530m, increasing from $119m in 2010–11 to $204m in 2011–12, to $207m in 2012–13. This represented an increase in cost of 74 percent over the three years.
  • As a proportion of the total, internal fraud accounted for 1.7 percent of total reported fraud losses, or $9.1m. External fraud cost $521m over the three years.
  • Over the three years, both internal fraud and external fraud losses increased, with internal fraud losses increasing by 14 percent between 2010–11 and 2012–13 and external fraud losses increasing by 75 percent over the same period. These increases were due, in the main, to changes in the number of external fraud incidents detected each year.
  • In 2010–11, entities reported internal fraud losses of $2,998,810 compared with $116,148,022 for external fraud incidents. In 2011–12, the amount lost through internal fraud was lower at $2,690,087, although the amount lost through external fraud rose substantially to $201,724,438. For 2012–13, the financial losses experienced by entities were higher for both internal fraud ($3,426,546) and for external fraud ($203,270,364).
  • Generally, the financial cost of fraud reflected the incidence of cases in terms of fraud typologies, with the highest losses falling into the category of financial benefits fraud such as misuse of government credit cards (internal fraud) or fraud relating to other allowances or benefits (external fraud). Losses in this category increased markedly in 2012–13.
  • Entities were also asked to indicate how much had been recovered using various methods of recovery. The results reflected amounts recovered during the financial year in question and did not necessarily relate to amounts recovered in respect of fraud incidents that were reported during that same year. For the three years, $3m was recovered in respect of internal fraud and $53m in respect of external fraud, totalling $56m for the three years, with the vast majority using administrative methods of recovery, as opposed to recovery through criminal or civil proceedings.

How fraud was detected

  • Over the three years, internal and external fraud was increasingly detected through internal controls such as auditing or internal investigation. Larger numbers of incidents were detected through ‘other’ means such as ‘tip lines’ both within and outside entities. Detection of suspected incidents by staff within entities was also prevalent.
  • External whistleblowers were responsible for detecting larger numbers of external fraud incidents than internal incidents, although external whistleblower detections of both types of fraud decreased substantially over the three years.
  • Anonymous whistleblowers within entities were most often involved in reporting internal as opposed to external fraud detection.
  • As might be expected, entities that had a dedicated fraud control section were more likely to report fraud incidents than entities without such a section. In general, it was the largest entities that had fraud control sections and these tended to be the same entities that managed, distributed or allocated the largest amounts of government funding, increasing their vulnerability to fraud.

Internal investigations

  • The Commonwealth Fraud Control Guidelines (AGD 2011) required entities to investigate routine or minor instances of fraud, including disciplinary matters, themselves. As a result, more than 90 percent of both internal and external fraud incidents were investigated by the entity that experienced the suspected fraud.
  • Respondents indicated the number of staff employed within their fraud control sections and the extent to which they held formal fraud-related qualifications. The largest numbers of staff worked in fraud investigations, as opposed to fraud prevention or other policy-related activities, and the number of investigation staff has increased each year from 1,165 in 2010-11 to 2,089 in 2012-13. However, the percentage of staff working in fraud investigation with fraud qualifications has declined from 81 percent in 2010-11 to 54 percent in 2012-13. In the case of fraud prevention staff, numbers have been less than half of those working in fraud investigation, while the percentage of fraud prevention staff with fraud qualifications has remained stable over the three years. These changes could be due to fraud control staff having their duties re-assigned from ‘other’ functions to ‘prevention’ and ‘investigation’, as there has been little change in the total number of fraud control staff over the three years.

Police investigations

  • Over the three years, less than 4 percent of internal fraud incidents detected were referred to police or other organisations for investigation (297 incidents referred), with less than 2 percent of external fraud incidents referred on (5,344 incidents). More internal fraud allegations were referred to the AFP or CDPP for criminal action than to state or territory police, while more external fraud allegations were referred to state and territory police rather than the AFP.
  • Over the three years, the AFP accepted 198 referrals and declined 55. Accepted referrals have increased during these years from 61 in 2010-11 to 65 in 2011-12 to 72 in 2012-13.

Prosecution of fraud

  • Over the three years, 4,685 fraud-type cases were referred to the Office of the Commonwealth Director of Public Prosecutions (CDPP) for prosecution, the majority being direct referrals rather than via law enforcement agencies. The cases involved 6,146 defendants, as some cases had more than one defendant who was prosecuted.
  • Over the three years, both the number of cases referred to the CDPP and the number of defendants prosecuted declined each year.
  • The total amount initially charged in fraud-type prosecutions was $78m in 2010-11, compared with $30m in 2011-12 and $37m in 2012-13.
  • In each year, the most frequently imposed sentence for proved fraud offences was a recognizance order which was the most serious sentence given in approximately one third of cases each year. Other defendants received non-custodial sentences, including fully suspended terms of imprisonment, used in 23 percent of cases on average each year, and community service orders in 20 percent of cases. Fines were imposed as the most serious sentence in 10 percent of cases on average each year. The use of custodial sentences increased over the three years, from 9 percent of cases in 2010-11 to 13 percent in 2012-13.

Fraud prevention and control

  • Over the three years, there has been a decline in the percentage of entities that reported having a dedicated fraud control section to deal with prevention, investigation and control of fraud risk—from 40 percent in 2010–11 to 35 percent in 2012–13. However, the number of staff employed in fraud control activities has increased overall from 3,097 in 2010–11 to 3,160 in 2012–13.
  • Under the Commonwealth Fraud Control Guidelines (AGD 2011), a fraud risk assessment is required to be undertaken every two years. Over the three years examined, the percentage of entities complying with this has increased from 88 percent in 2010–11 to 94 percent in 2012–13. Each year, however, a small number of entities reported never having had a fraud risk assessment, doubling from two in 2010–11 to four in 2012–13. Four entities did not respond to this question.
  • A high proportion of entities also reported having completed a fraud control plan within the preceding two financial years, increasing from 89 percent in 2010–11 to 94 percent in 2012–13. Again, a very small number reported never having had a fraud control plan (2 in 2011–12 and 1 in 2012–13).
  • Of those entities that had never prepared a fraud control plan or ever undertaken a fraud risk assessment, only one reported having experienced fraud during the three years in question. The absence of a fraud control plan and risk assessment was due to the entity having been newly established and still completing its fraud control measures at the time of reporting to the Australian Institute of Criminology (AIC).
  • In relation to training in fraud control, respondents increasingly felt that an online course should be implemented, while in 2012–13, 18 percent favoured whole-of-government training as opposed to training within individual entities.
  • Finally, respondents indicated use of a wide range of best-practice fraud prevention approaches, the most frequently indicated type being the employment of entity-wide fraud awareness training.

Fraud risks for the Commonwealth

  • In the Commonwealth, opportunities to behave dishonesty arise for both public servants and consultants working for the government, as well as for members of the public who have dealings with the government, such as when obtaining benefits or paying taxes. Other risks concern the provision of government services, such as aid and grants and fraud in connection with procurement activities.
  • The principal fraud risks to address, in relation to internal fraud, relate to the need to continue to review and strengthen internal controls, recruitment practices and risk management generally. In relation to external fraud, risks to manage are connected with the provision of new benefits, the introduction of new taxes, procurement practices, government-funded programs and the use of consultants.
  • An area of emerging risk that is apparent from the current research concerns corruption and collusion between external actors and those working within government. It was found that both the number and cost of collusion-related fraud has increased over the last three years, although relatively small numbers of incidents were involved.
  • Fraud involving Commonwealth grant monies and aid programs are also areas of ongoing risk, particularly in view of the large amounts of money provided by the government each year for these purposes. Respondents were, however, only invited to report on grant-related fraud specifically in 2012–13

How the information was gathered

  • Each year, Commonwealth entities are asked to complete an online questionnaire that asks about their experience of fraud incidents and how they managed and responded to risks of fraud taking place.
  • Under the Commonwealth Fraud Control Guidelines (AGD 2011: 7), fraud against the Commonwealth was defined as ‘dishonestly obtaining a benefit, or causing a loss, by deception or other means’. For present purposes, the AIC asked entities to provide information about all suspected incidents of fraud against the Commonwealth alleged against those employed by government entities, including staff and contractors (internal fraud), and also alleged against those who do not work for the government but who may be seeking to claim government benefits or to obtain some other financial advantage dishonestly (external fraud). Incidents of non-compliance with laws and government requirements that did not disclose evidence of suspected dishonesty were not examined in this study, as these could simply entail misunderstandings or confusion as to rules, without a potential for fraudulent conduct to be established. Instances of undetected fraud were also unable to be assessed.
  • Information was provided by 154 entities in 2010–11, 157 (155 responses included in analysis) in 2011–12 and 163 (162 responses included in analysis) in 2012–13. Each year, this represents over 80 percent of those invited to participate responding to the census, with the response rate increasing annually.
  • Respondents were asked to provide information by completing a secure, online questionnaire that recorded results anonymously (without naming individual entities), as the aim was to canvass the experience of fraud across the government as a whole, rather than by identifying what each individual entity had experienced.
  • Further information on the investigation and prosecution of fraud incidents within the Commonwealth was also provided by the AFP and the CDPP for matters handled within each year (regardless of when they were committed).