NSW agencies are failing to tackle internal fraud, with insufficient use of data mining techniques, warns a November report by the auditor-general, Margaret Crawford.
The perpetuators of fraud in government are not being fully monitored, with financial losses on the rise, according to a report released by the NSW auditor-general, Margaret Crawford.
This “Special Fraud Survey” report, released in November, has warned that agencies remain passive about their fraud-detection strategies.
Public sector governance and risk management also comes under the spotlight at the Annual FST Government NSW conference being held 17th May in Sydney.
Information gathered for the Auditor-General’s report tracked activities during 2015 and early 2016. More than 100 agencies’ fraud control strategies came under scrutiny.
Among the findings, eighty per cent, or 382 frauds, were less than $10,000. Twenty-four frauds were each more than $100,000. The largest frauds occurred in procurement, followed by identity fraud.
Agencies acknowledged the primary reason was that staff felt they would not get caught. This was followed by those not following policies or internal controls.
Despite continued concerns, thirty-three per cent did not have a fraud control plan. Of those that did, 36 per cent had not reviewed their plan in the last two years. Thirty-four per cent had not updated their fraud control plan following a review of the risks.
Data mining takes back-seat
Moreover, only 45 per cent had leveraged data mining to complement fraud detection capability.
Sophisticated data mining tools identify possible fraud. This has included checking for duplicate payments, multiple vendor names, and splitting invoices into smaller amounts to avoid further authorisation and cover-up procurement fraud.
Unlike some other jurisdictions, NSW did not have a comprehensive whole-of-government approach to fraud control. The latest survey, including those in 2004, 2009 and 2012, had highlighted weaknesses involving agencies’ fraud controls.
Agencies were at greatest risk from internal staff rather than external perpetrators. More than 90 per cent of involved an internal employee or contractor.
The typical profile of a perpetuator was male, over 40 and in a non-managerial role.
Most agencies had a code of conduct. But only a third required staff to regularly attest they knew and understood these programs.
Moreover, while a high proportion maintained a conflict of interest policy, less than half required staff to complete annual declarations.
Almost half of the agencies did not require staff to confirm any secondary employment every two years.
This routine reporting would help detect conflicts of interest, or other misuse of information and resources.