Fraud and corruption controls are critical to safeguarding the finances, assets, and benefits of Australian Government entities.  Protecting resources available for delivering government program and policy objectives supports public trust in government.

As stewards of public funds, services, programs and resources, government officials are required to implement a system of strong fraud and corruption controls to assist them in promptly identifying and addressing misconduct. The controls adopted by each entity should be proportionate to its individual fraud and corruption risk profile, and encompass appropriate prevention, detection, investigation, referral and reporting mechanisms.

Commonwealth Fraud and Corruption Control Framework 2024

The Commonwealth Fraud and Corruption Control Framework 2024 (2024 Framework) sets out the Australian Government’s control requirements.  It supersedes and expands on the Commonwealth Fraud Control Framework 2017 (2017 Framework), capturing amendments to section 10 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule). The amendments include the addition of corruption and the types of requirements for Commonwealth entities to prevent, detect and respond to both fraud and corruption.

The 2024 Framework defines fraud as dishonestly obtaining (including attempting to obtain) a gain or benefit, or causing a loss or risk of loss, by deception or other means. Fraud includes ‘internal fraud’, which occurs where fraud against an entity is committed by its officials. It also includes ‘external fraud’, which is committed against a Commonwealth entity by external parties (including members of the public and those not engaged by a Commonwealth entity). In the 2024 Framework, corruption is defined broadly consistently with the National Anti-Corruption Commission Act 2022 (NACC Act) as any conduct that does or could compromise the integrity, accountability, or probity of public administration,  and includes:

• any conduct of any person (whether or not a staff member of a Commonwealth agency ) that adversely affects, or that could adversely affect, either directly or indirectly:
  • the honest or impartial exercise of any staff member’s powers as a staff member of a Commonwealth agency; or
  • the honest or impartial performance of any public official’s functions or duties as a public official;
• any conduct of a staff member of a Commonwealth agency that constitutes or involves a breach of public trust;
• any conduct of a staff member of a Commonwealth agency that constitutes, involves or is engaged in for the purpose of abuse of the person’s office;
• any conduct of a staff member of a Commonwealth agency, or former staff member of a Commonwealth agency, that constitutes or involves the misuse of information or documents acquired in the person’s capacity as a staff member of a Commonwealth agency.

Three tiers of the Commonwealth Fraud and Corruption Control Framework 2024

Fraud and corruption across the public sector

International estimates are that 3% to 5.95% of government expenditure worldwide could be lost to fraud and error.  Non-financial losses are also incurred. Because fraud and corruption are difficult to detect and quantify, the scale and cost to the Australian Government and society is often underestimated.

Australian Institute of Criminology statistics on fraud

The Australian Institute of Criminology  (AIC) conducts an annual census on fraud against the Commonwealth to assist the Australian Government in managing the risk of fraud.  The findings of the 2023–24 census (published in July 2025) included:

• most responding Australian Government entities reported themselves to be fully compliant with the Fraud Rule;
• there were 288,808 allegations of fraud, of which 95% related to external fraud; and
• 32% of the responding entities had not tested the effectiveness of their fraud controls within the last two years.

The principal targets of substantiated internal fraud were program information, program payments and corporate funds. The principal target of substantiated external fraud was program payments.

National Anti-Corruption Commission statistics on corruption

In 2024, the NACC conducted the inaugural Commonwealth Integrity Survey, which received 58,309 survey responses from across 171 Commonwealth public sector agencies. Some significant findings were that 96% of employees were confident in their ability to identify corruption within their area of responsibility, and 79% of respondents had faith in the integrity of their agency.

The main domains in which the NACC is seeing both the perception and the actuality of corrupt conduct are procurement and recruitment, promotion and entitlements. 

The predominant mechanisms of corruption are nepotism and cronyism (the preferring of family, friends and associates), and the misuse of official information to gain an advantage. Further, much of what the NACC sees occurs at the interface of the public and private sectors. 

ANAO audit findings on fraud and corruption

In 2024–25, the Auditor-General presented four performance audit reports to the Parliament that examined the effectiveness of fraud and corruption control arrangements in four Australian Government entities. The first three reports focused on fraud control arrangements in 2022–23 and 2023–24, including compliance with the 2017 Framework and readiness to implement the 2024 Framework (which came into effect on 1 July 2024). The final report included examining compliance with the 2024 Framework.

• Auditor-General Report No. 7 of 2024–25 Fraud Control Arrangements in the Department of Health and Aged Care;
• Auditor-General Report No. 9 of 2024–25 Fraud Control Arrangements in the National Health and Medical Research Council;
• Auditor-General Report No. 10 of 2024–25 Fraud Control Arrangements in the Australian Skills Quality Authority; and
• Auditor-General Report No. 45 of 2024–25 Fraud and Corruption Control Arrangements in Creative Australia.

The four reports made 20 recommendations. Most of these recommendations related to revising fraud policies and plans (20%), testing the effectiveness of fraud controls (20%), improving capability (15%), and conducting fraud risk assessments (15%).

The ANAO audits the annual financial statements of Australian Government entities to provide independent assurance to the Parliament that the statements are reliable, having been prepared in accordance with Public Governance, Performance and Accountability Act 2013 (PGPA Act). Fraud and corruption arrangements were examined in Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2025. The report indicated that Commonwealth entities were largely compliant with the 2024 Framework and that they would benefit from establishing formal referral processes to the NACC.

Set out below are seven lessons aimed at improving prevention, detection and correction of fraud and corruption in Australian Government entities, based on insights drawn from recent ANAO audits.

The further reading section provides links to relevant resources from the ANAO, AIC, Attorney-General’s Department (Commonwealth Fraud Prevention Centre), Department of Finance, NACC and additional Insights products.

The Commonwealth Fraud Prevention Centre notes that entities should establish feedback loops to inform fraud and corruption risk assessments. Building risk assessment outcomes into fraud and corruption control plans creates a meaningful feedback mechanism. It avoids a passive ‘review, treat and forget’ approach that leaves the entity still vulnerable to risk.

Entities should seek to specifically assess fraud and corruption as an important component of enterprise risk assessments and program risk assessments. For more information and guidance on fraud and corruption risk assessments and control plans, see the Commonwealth Fraud Prevention Centre’s Information Sheet - Element 1: Fraud and corruption risk assessments and Information Sheet - Element 2: Fraud and corruption control plans.

In alignment with the Fraud and Corruption Rule, corruption was added to the Fraud and Corruption Policy (formerly the Fraud Policy). The policy requires entities to have fraud and corruption control plans that are documented and implemented to address fraud and corruption risks and are periodically reviewed and monitored to ensure the plans remain relevant and proportionate to identified fraud and corruption risks. Additionally, entities should:

• have governance structures and processes in place to effectively oversee and manage fraud and corruption risks;
• identify officials who are responsible for managing fraud and corruption risks; and
• keep records identifying those structures, processes and officials, and keep the records up to date.

When the 2024 Framework was introduced, entities needed to consider how corruption could be addressed in their internal policies, risk assessments (including at the enterprise level), accountable authority instructions, finance business rules, mandatory training modules, intranet content, and other artefacts. Resources that entities may refer to include the:

• Fraud and Corruption Control Capability Self-Assessment Tool — this tool and related questionnaire help officials self-assess their organisational capability to manage corruption and fraud risks.
• Guide to incorporating corruption control into risk management frameworks — this guide provides practical strategies for overseeing and managing corruption risks in a consistent and coordinated manner.
• Commonwealth Integrity Maturity Framework — provides information to support entities to design, implement and review the effectiveness of their integrity frameworks so that they are tailored to the entity’s risk profile, size and context. The Framework is a set of eight Integrity Principles, each accompanied by a four-level maturity scale that allows entities to undertake a self-assessment of their integrity maturity.

Updating plans and related documentation to include the word ‘corruption’ is not sufficient. Entities should thoughtfully consider the impacts of the addition of corruption in the context of their entity’s business, including what actions staff will take to prevent, detect and deal with specific corruption risks, as well as fraud. Although some circumstances will constitute both fraud and corruption, particularly in the context of internal fraud, not all fraud is corrupt conduct, and not all corrupt conduct is fraud.

For more information about governance structures and processes entities should put in place to oversee and manage fraud and corruption risks, see the Commonwealth Fraud Prevention Centre’s Information Sheet - Element 4: Governance and oversight.

ANAO audits have identified that some entities may focus on internal fraud in their planning, with minimal consideration of external fraud. External fraud can be committed by taxpayers, recipients of government services, service providers, grant recipients, other members of the public or organised criminal groups. This leaves entities vulnerable to risks that could have been mitigated.

External fraud matters may be addressed by:

• identifying and including external fraud matters, in addition to internal matters, in entity fraud and corruption control plans and relevant policies;
• assigning an external fraud risk owner who is responsible for reporting to the entity’s audit and risk committee on the entity’s management of its external fraud risks;
• selecting at-risk program areas or business lines each quarter (or other suitable timeframe) to self-assess compliance with obligations to manage external fraud;
• setting up a system for receiving fraud referrals and tip-offs on the entity’s website (including from the public and other entities);
• requiring staff to categorise and record fraud matters as internal or external in registers and case management systems; and
• mandating the reporting of all suspected external fraud to the entity (including incidents associated with grant recipients).

Further related resources are available through the Commonwealth Fraud Prevention Centre, including the Centre’s Grants Administration Counter Fraud Toolkit and Controlling Fraud and Corruption Risk Leading Practice Guide. There are also further resources available to help entities prevent fraud and corruption risks associated with contractors, consultants and third-party service providers in the Centre’s Information Sheet - Element 5: Preventing fraud and corruption.

In developing a roadmap for appropriate handling of suspected fraud and corruption, entities may refer to the eight policy elements of the 2024 Framework. Entities may also give consideration to the eight integrity principles of the Commonwealth Integrity Maturity Framework and undertake a self-assessment. The roadmap should guide staff on decision-making (including ensuring suspected fraud and corruption issues are appropriately handled, instead of regarded as non-compliance), documenting decisions made and compliance with legal advice. Further, the roadmap should be fit for purpose, considering the entity’s unique operating environment, with sufficient resourcing considered for pursuing investigations. The roadmap must be consistent with whole of government guidance, including the Australian Government Investigations Standard.

The roadmap should set out when and where to refer and report suspected fraud and corruption. Referrals and reporting are integral to establishing investigative pathways and strengthening trust and transparency that fraud and corruption are being identified and handled appropriately. Alleged fraud or corruption should be reported to the appropriate authority.

• Under the Fraud and Corruption Policy, non-corporate Commonwealth entities must report potential serious or complex fraud to the Australian Federal Police.
• Under the NACC Act, agency heads and public interest disclosure officers of Commonwealth agencies and Intelligence agencies have mandatory obligations to refer suspected serious or systemic corrupt conduct to the NACC. The National Anti-Corruption Commissioner has issued guidance on what constitutes serious or systemic corrupt conduct.
• With the exception of matters that are accepted for investigation by the Australian Federal Police or the NACC, an entity is responsible for investigating or responding to suspected instances of fraud and corruption relating to the entity. Entities may outsource these investigations. For more information on conducting government investigations, see the Australian Government Investigations Standard.
• Fraud and corruption matters that the accountable authority considers to be significant must be reported to an entity’s minister in accordance with section 19 of the PGPA Act. Subject to any non-disclosure obligations, matters concerning significant non-compliance with finance law reported to an entity’s minister are required to be reported to the Minister for Finance (for more information and guidance, see RMG 214 – Notification of significant non-compliance with the finance law and see section 19 of the PGPA Act for exceptions to reporting requirements). Further, entities should regularly update responsible governance committees (including audit and risk committees), senior executives and relevant business areas.

Further guidance on managing suspected fraud and corruption incidents and mandatory reporting and referrals is available in the Commonwealth Fraud Prevention Centre’s Information Sheet - Element 7: Investigation and other responses.

Officials newly appointed to a role that involves primarily engaging in fraud and corruption control activities should receive training as soon as practicable. Until then, they must be supervised appropriately, ideally by a staff member who has undergone fraud and corruption control training themselves.

Key outcomes of training and qualifications include:

• understanding the fraud and corruption landscape and the wider context, including relevant legislation;
• understanding different types of fraud and corruption, as well as causes and motivators;
• recognising opportunities to develop controls, policies or processes to mitigate the probability, frequency, duration and impacts of fraud and corruption; and
• collaborating with others to design, implement and review controls.

The 2022 Australian Government Investigations Standard requires officials who investigate fraud and corruption to obtain a vocational and educational training qualification or equivalent. Australian recognised qualifications are:

• Certificate IV in Government Investigations (foundational — prerequisite for supervisory qualifications);
• Diploma of Government Investigations (supervisory); or
• Advanced Diploma of Government Investigations (extension supervisory).

More information on training and qualifications is available on the Commonwealth Fraud Prevention Centre’s website, including information about their Counter Fraud Practitioner Training Program.

Testing the effectiveness of controls is a new requirement of the 2024 Framework (it was a suggestion only in the 2017 Framework). Entities should conduct periodic reviews of controls and may prioritise reviewing controls related to the entity’s highest risk activities, functions and programs. When selecting which controls to test, entities may consider:

• the critical nature of the control;
• the risk appetite and tolerance of the entity; and
• recent changes to the internal or external operating environment of the entity.

As a result of a review, fraud and corruption risk assessments should be updated as needed. Additionally, any risk treatments that the entity decides to apply must be included in their fraud and corruption control plans. For more information and guidance on effective controls testing, see RMG 211 – Implementing the Commonwealth Risk Management Policy – Element 5: Control Effectiveness and the Commonwealth Fraud Prevention Centre’s Information Sheet - Element 3: Reviewing control effectiveness.

For support in testing the effectiveness of fraud and corruption controls, entities may refer to the following resources published by the Attorney-General’s Department:

• International Public Sector Fraud Forum Fraud Control Testing Framework;
• How to Start Fraud Control Testing Guide; and
• Handbook of Fraud Control Testing Methods.

Controls testing has the additional benefit of raising staff awareness of fraud and corruption, which contributes to a culture of integrity.

Fraud and corruption control plans should state what registers and case management systems the entity will use to capture potential fraud and corruption. Risks identified through fraud and corruption risk assessments form the basis for ensuring that selected registers and case management systems are sufficiently aligned to accountabilities. This supports entities in recording and addressing all instances of suspected fraud and corruption. Mechanisms to support this may include:

• having registers and case management systems that enable categorisation of instances of potential fraud and corruption by program and/or division;
• documenting procedures that require staff to link potential fraud and corruption matters with programs and/or divisions; and
• training staff in recording and reporting suspected fraud and corruption.

Further guidance on how to record and report suspected fraud and corruption can be found in the Commonwealth Fraud Prevention Centre’s Information Sheet - Element 8: Recording and reporting fraud and corruption.

Practical steps entities can take to quantify estimated fraud and corruption losses include:

• ensure that case management systems have data fields for the estimated amount of potential loss for each matter;
• require or encourage those recording fraud and corruption matters in case management systems to estimate losses, including non-financial losses;
• provide staff with guidance on estimating potential cost, such as multiplying the likelihood of a risk occurring with the estimated cost of impacts (e.g., direct losses, investigation costs, and remediation); and
• report estimated losses and recoveries to relevant governance committees and in the AIC’s fraud and corruption census.

The International Public Sector Fraud Forum Fraud Loss Measurement Framework provides entities with further guidance on estimating the costs of fraud and error.

Further information about the non-financial impacts of fraud and corruption is available in the International Public Sector Fraud Forum’s Guide to Understanding the Total Impact of Fraud.

Collection of good data on corruption is enhanced by participation in public sector-wide surveys, such as the annual APS Employee Census and the biennial Commonwealth Integrity Survey. The Commonwealth Integrity Survey helps the NACC to understand and measure observations and trends relating to integrity and corruption within agencies and across a diverse workforce. The NACC and agencies can use survey data to identify potential areas of corruption risk and inform anti-corruption strategies and corruption prevention and education initiatives. This helps better protect individuals and agencies from corruption.

ANAO links

• Audit Committee Chairs Forum — Friday 6 December 2024 | Australian National Audit Office (ANAO)
• Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2024 | Australian National Audit Office (ANAO)
• Fraud Control Arrangements in the Australian Skills Quality Authority | Australian National Audit Office (ANAO)
• Fraud and Corruption Control Arrangements in Creative Australia | Australian National Audit Office (ANAO)
• Fraud Control Arrangements in the Department of Health and Aged Care | Australian National Audit Office (ANAO)
• Fraud Control Arrangements in the National Health and Medical Research Council | Australian National Audit Office (ANAO)
• Interim Report on Key Financial Controls of Major Entities | Australian National Audit Office (ANAO)

External links

Australian Institute of Criminology

• Community perceptions of corruption by public officials | Australian Institute of Criminology
• Fraud and its relationship to pandemics and economic crises: From Spanish flu to COVID-19 | Australian Institute of Criminology
• Understanding and responding to serious and organised crime involvement in public sector corruption | Australian Institute of Criminology

Attorney-General’s Department — Commonwealth Fraud Prevention Centre

• Commonwealth Fraud and Corruption Control Framework 2024 | Commonwealth Fraud Prevention Centre
• Understand the framework | Commonwealth Fraud Prevention Centre
• Information Sheet Element 1 – Fraud and Corruption Risk Assessments | Commonwealth Fraud Prevention Centre
• Information Sheet Element 2 – Fraud and Corruption Control Plans | Commonwealth Fraud Prevention Centre
• Information Sheet Element 3 – Reviewing control effectiveness | Commonwealth Fraud Prevention Centre
• Information Sheet Element 4 – Governance and oversight | Commonwealth Fraud Prevention Centre
• Information Sheet Element 5 – Preventing fraud and corruption | Commonwealth Fraud Prevention Centre
• Information Sheet Element 6 – Detecting fraud and corruption | Commonwealth Fraud Prevention Centre
• Information Sheet Element 7 – Investigation and other responses | Commonwealth Fraud Prevention Centre
• Information Sheet Element 8 – Recording and reporting fraud and corruption | Commonwealth Fraud Prevention Centre
• Fraud and Corruption Capability Self Assessment Tool | Commonwealth Fraud Prevention Centre
• Control fraud and corruption risk | Commonwealth Fraud Prevention Centre
• Guide to incorporating corruption control into risk management frameworks | Commonwealth Fraud Prevention Centre
• Grants Administration Counter Fraud Toolkit | Commonwealth Fraud Prevention Centre
• IPSFF Fraud Loss Measurement Framework | Commonwealth Fraud Prevention Centre
• Prevent fraud and corruption in grants administration | Commonwealth Fraud Prevention Centre

Department of Finance

• RMG 211 – Implementing the Commonwealth Risk Management Policy - Element 5: Control Effectiveness | Department of Finance
• Notification of significant non-compliance with the finance law (RMG 214) | Department of Finance

National Anti-Corruption Commission

• The National Anti-Corruption Commission | National Anti-Corruption Commission (NACC)
• National Anti-Corruption Commission Act 2022 - Federal Register of Legislation
• Commonwealth Integrity Maturity Framework | National Anti-Corruption Commission (NACC)
• Report corrupt conduct | National Anti-Corruption Commission (NACC)
• What is corrupt conduct | National Anti-Corruption Commission (NACC)
• What is serious or systemic corrupt conduct? | National Anti-Corruption Commission (NACC)
• Mandatory referrals | National Anti-Corruption Commission (NACC)

Other

• Australian Government Investigations Standard | Australian Federal Police International Public Sector Fraud Forum guidance - Fraud Loss Measurement Framework - GOV.UK
• PSPF Annual Release | Protective Security Policy Framework
• Public Governance, Performance and Accountability Rule 2014 - Federal Register of Legislation