Fraud is costing local government millions of dollars but it is difficult to know the full extent thanks to “unreliable” record-keeping, argues a Queensland auditor-general’s report tabled in parliament last week.
The investigation found that councils not only have poor fraud prevention and detection systems, but that a lack of coordinated or centralised reporting meant that recorded incidents differed between individual councils and the Crime and Corruption Commission.
Surveying a range of local government areas across the state, the Queensland Auditor’s Office discovered that 65% (or 43 of 66 respondent councils) do not have a fraud or corruption control plan or similar document, meaning “that most councils in Queensland have no overarching plan for preventing, detecting and responding to fraud,” said the report. Of those that do have a fraud or corruption control plan, around half had failed to implement it properly or were not maintaining their fraud risk management as an ongoing governance activity.
The councils surveyed told the QAO they had detected 324 cases of alleged and confirmed fraud between 1 July 2009 and November 2014, involving $8.6 million. Of the 194 confirmed cases, 18 (9.3%) were greater than $10,000; two alleged fraud cases were more than one million dollars. 42% of the alleged and confirmed frauds reported to the QAO came from one, unnamed council, which has been referred to the Crime and Corruption Commission.
But when the QAO compared these data with those of the Crime and Corruption Commission, they found significant discrepancies between the records of councils and the CCC. Whereas only 28 councils reported to the auditor that they had been a victim of alleged or confirmed fraud in the last five years, CCC records showed they had received fraud allegations for 67 councils during that period. In addition, 14 of the 44 councils surveyed who indicated they had not been a victim of fraud in the last five years had in fact had allegations of fraud substantiated by the CCC.
Of the 44 councils who advised they had no confirmed fraud cases in the last five years, the QAO identified 14 that had had one or more substantiated fraud allegations. Nine of these 14 councils did not have a system to manage information gathered about fraud — while the five councils that did have a system to record fraud did not use it well, as they had no record of the CCC substantiated frauds.
But Local Government Association of Queensland CEO Greg Hallam emphasised that the total value of alleged and proven fraud over the five-year period was $8.6 million, “against the backdrop of some $36 billion of total expenditure by local governments in this period.
“We believe systems councils have in place are largely working in that confirmed fraud cases were detected and dealt with,” he said.
“Risk management strategies, increased internal audit function requirements, registers of interest, and disclosure of conflicts of interest and material personal interests, with significant penalties for breaches, are all means by which fraud can be limited and controlled.”
Some councils also under-reported fraud to the CCC — six councils reported more cases of alleged and confirmed fraud to the QAO than the number of cases the CCC had records of alleged fraud on. In particular, there were two large councils who each failed to report 39 and 40 cases to the CCC. The QAO warned that this demonstrated a shortfall in councils complying with the law:
“This indicates the total amount lost to fraud is much higher than what was reported to us through our survey. The disparity in records also indicates to us that councils are not complying fully with their legal obligations to report suspected and proven losses from frauds.
“… There are different legislative frameworks for fraud reporting to different integrity agencies, but there is no consistent and uniform reporting approach. Each agency receiving this information records and categorises fraud information differently. Therefore, no one agency in Queensland has a complete picture of the incidence of fraud in the local government sector.”
Recognising councils’ poor track-record of documentation in this area, the auditor recommends the Department of Infrastructure, Local Government and Planning pursue reforms requiring loss as a result of fraud to be reportable to the auditor-general and to the Minister responsible for local government, and that councils keep written records of alleged and proven losses arising from fraud.
Apart from the inherent desirability of preventing fraud and corruption, the auditor recommends that councils focus on prevention because history demonstrates that money taken is usually very difficult to retrieve:
“Our survey data shows that once a fraud occurs, there is little recovery action; and that where recovery is initiated, the funds recouped are minimal. Based on our analysis of 14 councils who were victims of fraud over a four-year period, councils recovered less than 10% of the amount they lost through fraud; and it cost them almost three times as much to recover than what they lost through the fraud.
“This amount could be greater still because half of those councils did not track or know what it cost them to recover their fraud losses. Because councils’ attempts to recover funds lost through fraudulent activity is often unsuccessful and can cost more to recover than the original amount lost, councils need to consider the benefits of a preventative approach to fraud management against the costs incurred in trying to recover fraud.”
The report also points out that councils do not appear to be aware that standard channels for uncovering fraud do not appear to be very effective compared to tip-offs and whistleblowers:
“We found a significant discrepancy between the methods councils say they use to detect fraud, and the methods they actually used to detect fraud. They say they rely primarily on internal audit and external audit to detect fraud. However, in 57 fraud cases we reviewed, internal audit helped to detect only four of those cases. The majority were detected through tip-offs and public interest disclosures. This shows that the fraud detection techniques they purport to rely most upon are not as effective as other mechanisms. More generally, this reactive approach to fraud detection also means they are less likely to detect fraud early. The later it is detected, often the more difficult it is to recover any losses.”