A guide to the Commonwealth fraud control framework

What is the Fraud and Corruption Control Framework? And what is the Fraud and Corruption Policy?

As part of the Public Governance, Performance and Accountability Act 2013 (PGPA Act), the federal government designed the Commonwealth Fraud and Corruption Control Framework to ensure that Government entities adequately manage their fraud risks. It has three parts, one of which is the Fraud and Corruption Control Policy.

The other two components are:

1. Section 10 of the Public Governance, Performance and Accountability Rule 2014 (a legislative mechanism that makes the PGPA binding for all NCEs)
2. Resource Management Guide 201 (further guidance on preventing and detecting fraud and corruption)

We’ll be focusing on the Fraud and Corruption Control Policy, since these are the standards that organisations need to understand – either as binding requirements or best practices.

What are the requirements in the Fraud and Corruption Policy?

The policy outlines the mechanisms that Government considers necessary for detecting and preventing fraud. These mechanisms aim to protect public resources and improve Government entities’ accountability for their anti-fraud control strategies.

Eight elements make up the policy:

1. Fraud and corruption risk assessments. This element guides how organisations identify, assess and document their exposure.
2. Fraud and corruption control plans. These provide oversight – and documentation – of how organisations plan to manage their fraud risks.
3. Periodic reviews of controls’ effectiveness. The policy requires NCEs to routinely assess how their controls are functioning, especially those that guard high-risk processes or programs.
4. Governance and oversight. As part of their fraud and corruption management, the policy requires organisations to maintain certain governance and oversight structures.
5. Prevention. This element outlines various requirements for preventing fraud, including employee awareness and anti-fraud controls that are built into the design of programs or initiatives.
6. Detection. Organisations need a variety of mechanisms for fraud detection, including reporting channels, automated transaction monitoring, and data matching and analytics.
7. Investigation and other responses. This element covers a wide range of necessary responses, including activities like disciplinary actions and reporting incidents to authorities.
8. Recording and reporting. Organisations need to capture and document all allegations or incidents of fraud, with specific requirements for both internal and external reporting.

How to comply with the Fraud and Corruption Policy

With eight different elements to consider, organisations need multi-faceted, cross-functional management strategies and reporting mechanisms. These tend to demand centralised, automated solutions to keep up with the necessary scale and detail. In other words, look for technology solutions that can help satisfy a variety of the policy’s elements, all while improving efficiency and productivity.

As an example of how the right technology solution can make compliance easier, let’s break down the ways that Eftsure’s payment protection software can help.

Supplier verification and management

Eftsure’s solution helps organisations improve the security and accuracy of supplier verification through various factors, including cross-matching 6 million verified business records in Eftsure’s supplier database. Payment account verification tools and independent verification – performed by trained anti-fraud experts – also help leaders meet policy requirements like governance, prevention, detection, investigation and reporting.

Continuous monitoring and alerts

Eftsure provides real-time vendor and payment alerts throughout the payment lifecycle, ensuring continuous protection of EFT payments and early detection of anomalies. Additional checks at the payment checkpoint prevent fraud and errors during ABA payment file reviews, ERP/Payable System report extracts, or online banking.

Simple ‘traffic light’ style thumb alerts indicate potential fraud in real-time on your online payments screen or payments file in the web portal. Continuous monitoring and alert systems support ongoing vigilance and timely intervention, aligning with policy requirements like risk assessment, prevention, review, detection and reporting.

Risk management

By identifying and mitigating the risk of payment error, fraud and cybercrime through digital verification and payment controls, Eftsure supports the policy’s objective to help organisations manage and reduce their risk of fraud and corruption.

Compliance controls

Eftsure automatically verifies the authenticity of ABNs and checks the status of GST registrations on every payment, reducing the risk of engaging with a non-compliant supplier and ensuring your organisation adheres to regulatory compliance requirements.

Strong internal controls

Eftsure’s comprehensive duty-segregating capabilities ensure that protocols and processes are followed, supporting the Fraud and Corruption Policy – especially components like assessment, review, documentation, prevention and detection. Eftsure’s solution offers a digital interface for managing visibility and tasks, customisable roles and permissions, automated notifications, and approval workflows.

With the flexibility of unlimited users, multi-level approvals, and hierarchical structures, Eftsure makes it easy to build visibility and delegate tasks in line with your existing access policies and user permissions. Setting up access points is easy, reduces the risk of internal fraud and keeps auditors happy.

Comprehensive audit trails

Eftsure ensures compliance with the Fraud and Corruption Policy by automating manual controls and procedures and streamlining your compliance, offering centralised management and monitoring of payment and supplier data. Eftsure also offers features like centralised reporting to reduce audit stress, secure and independent vendor validation, and notifications about inactive or invalid ABN reports.

Additionally, Eftsure provides comprehensive supplier and payment reports along with detailed internal audit trail reports, ensuring thorough documentation and accountability.

Seamless integration

Eftsure’s compatibility with all ERPs and accounting systems enables integration with existing financial systems, ensuring that compliance measures are embedded within everyday processes. This minimises disruptions and delays to everyday workloads and makes it easier to maintain compliance with the policy.

Staff training and awareness

Eftsure often provides training and awareness programs, including webinars, guides, up-to-date content on the latest scam tactics and warning signs of fraud. It gives leaders even more resources for keeping staff informed and for cultivating an overall culture of safety, which is important for meeting requirements in areas like prevention and detection.