Fraud controls

Implementing effective controls to reduce the risk of fraud and corruption is the foundation of fraud prevention. Organisations are encouraged to put in place controls that help minimise opportunities to commit fraud, maximise detection and support an effective response when fraud occurs.

Reduce the risk of fraud

Fraud is when someone deliberately deceives others, often hiding what they are doing, to gain an advantage or benefit or cause loss to another.

No system of controls or countermeasures can eliminate fraud; however, well designed and effective controls can help to deter and detect fraudulent activity and support a timely and appropriate response when it occurs. An organisation’s mitigation practices will depend on its specific risk exposure, operating environment and tolerance for risk. 

Build an effective culture

A robust fraud and corruption control environment is comprehensive, transparent and actively maintained. There is no single solution to managing fraud and corruption risks, and processes need to continually adapt to effectively mitigate rapidly evolving threats. 

Put a range of controls in place

Organisations can considerably reduce and manage the risk of fraud and corruption occurring by implementing a range of capability, prevention, detection and response controls. These categories of controls are interlinked, and each one plays a significant role in managing fraud risks.

These controls are a practical starting point to help organisations strengthen their fraud and corruption control environment in a way that is proportionate to their risk profile.

The controls are available online as an interactive index[EW1.1], making it easy for users to explore complementary controls and related fraudster personas, and as a downloadable PDF for those who want the full list of controls in one document.

Unsure where to start?

Effective counter fraud relies on a deliberate, risk-based approach that directs resources to the areas of greatest vulnerability. 

All controls will have a cost – financial, staff time or operational complexity – so start by identifying high-risk processes, activities or transactions, and prioritise controls that will have the greatest impact in reducing those risks. This ensures that limited resources are directed where they matter most. 

As an organisation’s understanding of fraud risks develops, controls can be expanded, refined, or rebalanced to remain effective and proportionate over time.

Explore the controls by category

The controls are organised alphabetically within each category. They can be read in any order, as the organisation’s control environment evolves.

  • Capability controls guide expected behaviours and determine organisational culture around fraud. These controls provide clarity and direction for employees

    Capability controls

  • Prevention controls are the most common and cost-effective interventions, reducing the likelihood of fraud occurring by limiting opportunities for fraudsters

    Prevention controls

  • Detection controls support the timely identification of fraud, enabling organisations to disrupt activity and reduce the impact of it occurring

    Detection controls

  • Response controls are activated after fraud has occurred to contain further harm. These controls include investigation, prosecution, disciplinary action and recovery activities

    Response controls

Download the complete fraud control catalogue

Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.

Download PDF

Acknowledgement

This resource was previously referred to as countermeasure guidance. In earlier materials, countermeasures refer to what are now called fraud controls.

Where relevant, content has been adapted for the New Zealand context from the Commonwealth Fraud Prevention Centre’s Fraud Control Catalogue(external link).

More information

Back to top