A lack of adequate resourcing has hindered the prevention of fraud in federal departments and agencies, according to a new report by the Australian Institute of Criminology.
The statistical report released on Tuesday explored the findings of the most recent annual census of fraud against 157 participating commonwealth entities, and the measures taken to prevent fraud.
At June 30 2019, the Australian Federal Police was investigating 105 fraud matters worth more than $1.2 billion, the report found, while the Commonwealth Director of Public Prosecutions prosecuted 717 fraud matters and obtained 590 convictions in 2018–19.
That year, 6759 investigations were finalised by 44 agencies, but there were no fraud investigations finalised in the non-financial services or the administration of grants sectors.
Of the 1356 investigations involving internal fraud completed in 2018–19, only 57% substantiated the fraud. While the same percentage was true for external fraud investigations, there was a significantly higher number of cases of external fraud (5404).
Money lost to external fraud up by 73%
An estimated 8% of departmental resourcing could potentially have been affected by fraud, equating to $1.7b of the $22.4b total resourcing of the responding agencies, the report found.
There was a total of $360,881,084 estimated losses by fraud during 2018–19. Where fraud was substantiated, the total loss for that year was almost $150m.
Between 2017–18 and 2018–19, the amount lost to external fraud increased by 73%, which the report put down to multiple factors, including increased detection and recognition of fraud losses, and increased total attempts at external fraud. The amount lost to internal fraud, on the other hand, actually dropped by 59%.
Less money lost through internal fraud was recovered in 2018–19 ($1,319,818), than in the previous year ($2,004,367).
The largest amount recovered by a single agency in 2018–19 was $804,165, through unknown methods. Where the method of recovery was known — through insurance payments — it was $455,450, followed by administrative action ($179,727), and criminal court proceedings ($56,076).
For cases of external fraud in 2018–19, the method which recovered the most money was “reimbursement from a financial institution”, accounting for $3,526,779 of the total $53,442,893 recovered. One entity reported recovering more than $49m, but it didn’t reveal how.
Fewer fraud control staff
Under the Commonwealth Fraud Control Framework, entities must conduct fraud risk assessments at least every two years. For 2018–19, 138 respondents (90%) said their entity had finalised a risk assessment in the current year or the year before.
There were 4802 employees in 151 entities (97%) whose role included some aspect of fraud control in 2018–19.
However, when entities were asked about employees whose role was solely in fraud control, the numbers “declined substantially”, the report noted. Only 22 agencies had at least one staff member who worked solely in a fraud capacity, and it was predominantly large entities that employed staff in dedicated fraud-related positions.
The report found that between 2017–18 and 2018–19, the number of staff focused solely on fraud control dropped from 1873 to 646.
Respondents said effective methods for preventing fraud included training on “how to spot fraud”, resourcing, a positive culture, data analytics, and fraud reporting mechanisms.
One helpful method was “empowering staff to report fraud as their responsibility”, the report noted.
“One entity reported that it had a quarterly review of its fraud risk environment; another increased the visibility of the fraud team in the organisation,” it said.
“Respondents provided comments around adequate staffing levels, separation of duties and hiring new staff in fraud-specific roles … Another example concerned monthly audits by senior personnel, to assess whether individuals had the resources they required or had access to resources they no longer required.”
Meanwhile, 48 respondents described things that hindered their entity’s ability to prevent fraud, including a lack of training for staff who worked outside of main offices.
“The lack of appropriate training meant that some entities had decentralised knowledge bases,” the report noted.
“Lack of adequate resourcing was also a factor that hindered the prevention of fraud. Within this theme, eight entities mentioned lack of staff to manage fraud control, recruitment taking too long, and training staff.”
There were also knowledge gaps and resourcing constraints due to staff turnover, and a negative culture proved harmful.
“Another resourcing concern was that the limited number of staff meant that their time was dedicated towards responding to incidents, rather than engaging in proactive measures and development to prevent fraud,” the report said.
“Other hindrances included Legislative constraints and cultural inability to share information within the Commonwealth, a culture where individuals ignored policies and procedures and had low morale, and a lack of data analytics.”
Agency information primary target
While the most common way to detect fraud over the last three years has been data analytics, there has been a decrease in the total number of internal frauds detected via data analytics, with a drop of almost half between 2016–17 and 2017–18.
Apart from types of internal fraud listed as “other”, most of the complete investigations into internal fraud involved fraud that targeted information held by entities (442 investigations in 2018–19). However, this was approximately 33% lower than in the previous year. The target involving the largest number of entities was “employee benefits”, with 12 entities having finalised 143 investigations of that type of fraud.
External fraud mostly targeted “benefits” in 2018-19, followed by “financial fraud”.
Internal frauds were committed in four main ways, the report found, including misuse of information and communications technology, asset misappropriation, misuse of personal information, and misuse of documents. These methods were also used to commit external fraud, but respondents indicated “other” ways were more common.