Part 4: Fraud reported to the Office of the Auditor-General by Appointed Auditor

Fraud awareness, prevention, and detection in the public sector.

In this Part, we present a summary of the incidents of fraud that our Appointed Auditors have reported to us during 2009 and 2010. As part of their professional obligations, our Appointed Auditors are required to inform us of any incidents of fraud in a public entity that they audit.

Although it is important to be clear that we cannot know the full extent of fraud in the public sector, our work in collating the reported incidents of fraud gives us an indication of the fraud risks in the public sector.

The two most frequent types of fraud reported to us are similar to the types of fraud that respondents to our survey were aware of. However, conflicts of interest and misappropriation of funds feature highly in the types of fraud that are reported to us but not in our survey results.

For schools, the most frequent type of fraud was misappropriation of funds followed by payroll fraud. For Crown entities, the most frequent type of fraud was fraudulent expense claims. For council-controlled organisations, it was theft of cash. The type of fraud most frequently experienced by tertiary education institutions involved a conflict of interest.

The main reason that frauds reported to us were committed was that internal control policies and procedures were not followed. This finding was similar to our survey findings, although to a lesser extent. A key risk factor in fraud reported to us is the amount of trust that is placed on an individual.

Reported reasons why fraud is committed

There is a variety of reasons why frauds are committed in schools, with the most common reason being too much trust placed on an individual. This is followed by lack of segregation of duties.

For Crown entities, tertiary education institutions, and council-controlled organisations, the main reason the fraud was committed was because internal control policies and procedures were not followed.

How fraud was detected

For all the public entity types, internal control systems were the most successful method in detecting fraud. This is the same finding as our survey results. Changes of duties or personnel helped detect fraud in schools and Crown entities. However, fraud reported to us was also detected by changes of duties or personnel, by external audit, or by chance. These three methods of detection did not feature highly in our survey results.

Our survey finding that only 39% of incidents of fraud are reported to the relevant law enforcement agency is consistent with what public entities have told Appointed Auditors. Some additional outcomes of the fraud incidents that are reported to us include private agreements between the entity and the perpetrator and some frauds that are still under investigation. These outcomes were not apparent in our survey. In some instances, we do not know whether the incident of fraud reported to us was reported to the appropriate law enforcement agency.

Share knowledge about fraud risks

All of us who work in the public sector need to recognise that "doing the right thing" does not mean keeping quiet about suspected or detected fraud in an effort to be fair to the person or people suspected of fraud.

The public sector is entrusted with public money, so entities need to be aware of:

  • maintaining the highest possible standards of honesty and integrity;
  • the importance of transparency and accountability for the use of public funds; and
  • the risk of perception that something has been "swept under the carpet".

"Doing the right thing" means speaking up. A suspected or detected fraud means that controls are working or that staff know what to look for and the environment supports them speaking up about any suspicions, or both.

A fraud presents the opportunity to share information so we can all learn from each other's experiences – and tighten our controls where we need to. Through speaking up and sharing information, we consider that the public sector will get better at recognising risks, and preventing and detecting fraud. This should help to reduce the losses suffered by the public sector through fraud.

Fraud awareness, prevention, and detection are the responsibility of each entity's governing body and its management. However, everyone working in the public sector has a part to play in protecting our public entities and public resources. Preventing fraud means focusing on fraud risks. We can learn just as much, if not more, about these risks from our detected frauds as we can from the smaller number of cases that are reported.

Public entities have been asked to take the simple step of informing their auditor quickly when they suspect that fraud has been committed. Although auditors are not responsible for detecting fraud, as part of our audit work we discuss fraud risks and fraud prevention activity with public entities to share information on trends and good practice.

Using the information that auditors receive from public entities, we will continue to regularly update and share information about the fraud incidents advised to us. Agencies and others who are interested will be able to see which sorts of controls or procedures are working to identify potential fraud in workplaces similar to theirs. The cumulative effect of this co-operation and sharing will be stronger controls, and our efforts to keep our public sector clean will be greatly aided.

page top