Fraud Control Plan 2011
Managing Fraud Risks in the DFAT Context
The Department's Operating Environment
As of 31 March 2011, the department employed more than 4118 people consisting of 2493 ongoing and non-ongoing staff, and 1625 Locally Engaged Staff (LES). DFAT manages a total of 95 posts in its overseas network. As at 31 March 2011, these posts employed 573 DFAT A-based staff in established positions along with the 1625 DFAT LES.
With such a large network of offices spanning a variety of operating contexts as well as a complex resource and financial management system, the department's risks and vulnerabilities are unique for a Commonwealth department. In particular, the department faces a number of challenges managing fraud risks overseas where language barriers and different legal and cultural environments can heighten the opportunities for fraud and obscure detection.
The Fraud Control Plan 2011 identifies fraud risks in chapters three and four which are the direct responsibility of nominated individual sections and branches within Corporate Management Division, Information Management Division, the Australian Passport Office and Consular, Public Diplomacy and Parliamentary Affairs Division. However, all divisions, State/Territory/Passport Offices and overseas posts may be affected by the fraud risks outlined in chapters three and four, whether financial, ICT or security. It is incumbent, therefore, on all staff to be vigilant in understanding the fraud risks outlined in this Plan, and for managers of divisions, State/Territory/Passport offices and overseas posts to incorporate awareness of these fraud risks (including those that are residual) into their work unit's activities, including where risks involve external clients (e.g. postal services).
The Department's Approach to Fraud Control
Due to the complexity of DFAT's operating environment, the department has constructed a comprehensive three-tiered approach to fraud control. This consists of:
- fraud risk controls (checks, systems controls and audit measures)
- fraud prevention training (through a range of training courses)
- prompt and fair investigation of fraud allegations.
Fraud Risk Controls - Internal Control Processes
Internal control can be explained as a business process that operates as a means to an end and not an end in itself. It extends beyond the tangible examples of business operations, like accounting controls, and covers all aspects of management including:
- leadership and innovation
- strategy and planning processes
- data, information and knowledge
- processes, products and services
- business results.
Internal controls can be either hard or soft and can be applied with either detective or preventative tools. For example:
- a soft control could be the ethical "tone at the top"
- a hard control might be an Financial Management Manual instruction
- a detective control might be the checking of a budget report
- an example of a preventative control might be a financial limit in a financial system for an Approver.
Internal controls can also cover financial information security and structural defences of our systems and networks.
Financial and Information Security
The department recognises that regular accountable document and financial management checks and the accurate assignment of financial delegations, as provided for in its Financial Management Manual, are often the department's first line of defence against fraud. Similarly, the policies and procedures outlined in the department's Security Instructions, and summarised in the Annual Declaration of Information Security, are vital to the safeguarding of official information. These finance and security instructions are available to all staff and are reinforced through targeted training courses.
Structural defences against fraud and security breaches are embedded in the department's computer systems including financial management software, departmental email, cable, passport processing, salary and allowance processing systems. These information management systems provide respectively:
- an effective separation of powers in the performance of financial management functions
- restrictions on access to classified information based on the need-to-know principle
- centralised monitoring, and audit of, financial and security functions across the department's operations in Australia and overseas.
Internal Audit Process
Adherence to departmental policies and practices is maintained by line managers and monitored/assessed through the internal audits by the department's Evaluation and Audit Section. The scope of internal audit encompasses the examination and evaluation of the adequacy, effectiveness and efficiency of the system of internal control and management performance. Internal audit review covers all operational activities of the department. It involves the review of all financial and non-financial operations, either manual or computerised. Internal audit review also extends to management information systems.
Post Liaison Visits (PLVs) by senior management, regular Post and Office Evaluation Reviews (PERs/OERs) and annual Divisional Evaluation Reviews (DERs) are other means by which the department ensures that guidelines are being followed and high ethical standards maintained. Additionally, the Audit and Risk Committee and the CEU work closely together to ensure internal detection, prevention and investigation measures are comprehensive and effective. The two elements of the department also collaborate on emerging issues in the department and liaise on important aspects of investigation findings.
Fraud Prevention Training
Mandatory training for specific roles/jobs ensures the department's fraud prevention and security awareness policies and practices are adhered to and that the information and financial management systems and software are understood and used effectively by staff. The following fraud and security related training courses are currently available:
- overseas financial management policy (includes a section on fraud prevention)
- overseas financial management SAP
- risk management
- introduction to security awareness
- overseas security workshop
- personal security awareness
- post security officer
- SAP training
- PTWS training
- tenders and contracts
- conduct, ethics and fraud workshop (mandatory for all staff to complete at least once every three years)
- overseas passports
- fraud prevention and ethics training courses are also provided to Locally Engaged Staff visiting Australia and for staff at State Offices
- training in the management of locally engaged for SAOs, which includes a section on fraud prevention and dealing with misconduct
- fraud and Ethics course materials including the department's Conduct and Ethics Manual can be downloaded from the Corporate Information Database and the Conduct and Ethics Unit Homepage, enabling overseas posts and State Offices to conduct their own fraud and ethics training courses as required
- Since 2008, the Conduct and Ethics Unit has been conducting tailored training to sections on request. (See Chapter Four)
The CEU investigates allegations of fraud and misconduct fairly and expeditiously in accordance with departmental investigation guidelines and procedures for determining breaches of the APS Code of Conduct, as set out in the Department's Conduct and Ethics manual available to all employees via the Intranet. As required by the Commonwealth Fraud Control Guidelines, the department employs specialist Fraud Investigators who must hold a minimum qualification of Certificate IV in Government Fraud Investigation.
Relevant Documents for Review
The Department's Conduct and Ethics Manual
The Commonwealth Fraud Control Guidelines