Policies
Establish, maintain and communicate clear, enforceable and accessible policies that set expectations for lawful, ethical and transparent behaviour across the organisation.
This control targets both internal and external fraud risks.
Examples
Examples of this control include:
- clear, up-to-date fraud, corruption and integrity policies
- policies governing conflicts of interest, gifts and benefits, hospitality and secondary employment
- clear procurement, contract management and supplier-related policies
- information security, privacy and data handling policies
- user access, system use and cybersecurity policies.
Risks from control gap
Poorly designed or poorly communicated policies can lead to:
- gaps that create opportunities for fraud, corruption or unethical conduct
- inconsistent decision making or unchecked discretionary authority
- employees misunderstanding what is acceptable or prohibited
- individuals exploiting ambiguity to rationalise fraudulent behaviour
- fraudsters taking advantage of loose rules and requirements to commit fraud and avoid exposure or prosecution
- less action and accountability to prevent, detect and respond to fraud and corruption.
Assessing effectiveness
Methods to evaluate the effectiveness of this control include:
- checking whether policies are current, accessible and aligned to legislative and organisational requirements
- analysing completion rates for mandatory training modules linked to key policies
- checking whether employees understand policies through surveys
- monitoring the number and nature of incidents arising from policy breaches
- analysing fraud trends to identify policy gaps.
Complementary controls
Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:
Related fraudster personas
Types of behaviour this control is designed to mitigate:
The corrupt
|
The enabler
|
The exploiter
|
The organised
|
Download the complete fraud control catalogue
Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.
More information
- Gain insights into employees’ perceptions of your organisation’s fraud exposure and fraud management actions
- Complete our online learning modules to strengthen your fraud awareness
- Learn the red flags of mandate fraud, like grooming or manipulation, urgent change requests and emails from unknown senders
- Find out more about what the Counter Fraud Centre offers public sector organisations to help build their counter fraud capability