Governance and oversight
Establish governance and oversight mechanisms to oversee critical decisions and risks.
This control targets internal fraud risks.
Examples
Examples of this control include:
- programme or project reporting requirements and governance arrangements to ensure transparency and accountability
- executive boards and committees overseeing operations and making decisions
- defined accountabilities, responsibilities and reporting lines for programme or project performance and risk
- risk management plans and regular risk reporting
- assurance processes, e.g. pressure testing to assess the effectiveness of controls
- having processes in place to report internal and external framework and standards breaches
- frameworks that incentivise finding and reporting fraud or error.
Risks from control gap
A lack of good governance and oversight can:
- lead to dysfunctional and unclear processes
- cloud the visibility of fraud and corruption risks
- limit the ability to prevent, detect and respond to fraud and corruption
- enable employees or contractors to misuse their position of trust to commit fraud or corruption without being detected
- expose employees or contractors to coercion, where they may be pressured or intimidated into committing fraud for the benefit of another.
Assessing effectiveness
Methods to evaluate the effectiveness of this control include:
- reviewing governance structures to confirm that there are clear reporting lines and accountability for programme or project performance and risk
- confirming that executive oversight exists for critical processes and decision making
- confirming that risk management plans or fraud risk assessments have been completed, and that they are monitored and reported to appropriate managers
- confirming that identified fraud risks have an accountable person assigned to them
- identifying how governance structure requirements and responsibilities are communicated
- undertaking an employee survey that includes questions on reporting requirements and executive oversight
- performing comparative analysis against similar programmes and policies.
Complementary controls
Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:
Related fraudster personas
Types of behaviour this control is designed to mitigate:
The enabler
|
The exploiter
|
The organised
|
Download the complete fraud control catalogue
Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.
More information
- Carry out a fraud risk scan to identify potential areas of fraud risk within your organisation
- Register for a range of workshops and webinars, free for public sector employees
- Find out more about what the Counter Fraud Centre has to offer public sector organisations to build their counter fraud capability
- Take our online learning modules to strengthen your fraud awareness