5. Definition of Fraud

In accordance with the Framework, fraud against the department is defined as:

“Dishonestly obtaining a benefit, or causing a loss, by deception or other means”.

The Fraud Guidance sets out a range of activities which fall broadly under the definition of fraud. Fraud can be committed by staff (internal fraud) or by persons external to the department (external fraud). It may also be committed jointly between an employee and outside party. Offences of fraud against the Commonwealth may be prosecuted under a number of different Commonwealth laws.

Examples of the types of conduct that would fall within the department’s definition of fraud include (but are not limited to):

  • theft
  • accounting fraud (false invoices, misappropriation etc.)
  • unlawful use of, or obtaining property, equipment, material or services
  • causing a loss, or avoiding and/or creating a liability
  • providing false or misleading information to the Commonwealth, or failing to provide it when there is an obligation to do so
  • misuse of Commonwealth assets, equipment or facilities
  • making, or using false, forged or falsified documents, and
  • wrongfully using Commonwealth information or intellectual property.

A benefit is not restricted to monetary or material benefits, and can be either tangible or intangible, including the unauthorised provision of access to, or disclosure of, information. Fraud against the Commonwealth can take many forms and may target:

  • revenue (e.g. income tax, GST fraud, customs duties)
  • property (e.g. cash, computers, other portable and attractive items, stationery)
  • information and intelligence (e.g. personal information or classified material)
  • programme funding and grants
  • entitlements (e.g. expenses, leave travel, travel allowances, attendance records)
  • facilities (e.g. unauthorised use of vehicles, information technology and telecommunication systems), and
  • money or property held in trust or confiscated.

5.1 Definition of Corruption

AS/NZ 8001:2008 – Fraud and Corruption Control, defines corruption as:

“Dishonest activity in which a director, executive , manager, employee or contractor of an entity acts contrary to the interest of the entity and abuses his/ her position of trust in order to achieve some personal gain or advantage for him or herself for another person or entity”.

Complex fraud, which may also constitute corrupt conduct, can include instances where an employee of group of employees are targeted and succumb to exploitation by external parties, or initiate the misconduct.

The department must be alert to the risk of complex fraud involving collusion between agency employees and external parties.

5.2 Foregin Bribery

The Australian Government Policy on foreign bribery states:

“Australia has a zero tolerance approach to foreign bribery and corruption. Australia works actively with foreign governments to stamp out bribery, and strongly discourages companies from making facilitation payments.

The Australian Government supports ethical business practices, and the prosecution of those who engage in illegal practices. This helps to improve Australia’s investment opportunities overseas and is an important aspect of Australia’s global reputation.

Foreign bribery undermines the reputation of all Australian businesses and impacts negatively on business and government relations.”

5.3 Insider Threat

Staff should be aware of the trusted insider threat. Trusted insiders are potential, current or former employees or contractors who have legitimate access to information, techniques, technology, assets or premises.

Trusted insiders can intentionally or unknowingly assist external parties in conducting activities against the organisation or can commit malicious acts for self-interest. There is no one type of trusted insider. However, there are broadly two categories of trusted insiders who pose a threat:

  • The unintentional insider: unintentional insiders are trusted employees or contractors who inadvertently expose, or make vulnerable to loss or exploitation, privileged information, techniques, technology, assets or premises. Inadvertent actions include poor security practices, such as leaving IT systems unattended and failure to secure sensitive documents, and unwitting unauthorised disclosure to a third party.
  • The malicious insider: malicious insiders are trusted employees and contractors who deliberately and willfully breach their duty to maintain the security of privileged information, techniques, technology, assets or premises.

Staff should be aware that due to the nature of some of the classified information they have access to that they may be a target for organised crime groups or foreign intelligence services.

When travelling overseas on official business, department staff may find themselves contacted by foreign officials. These approaches may be subtle at first as they first attempt to gain your trust and build up a relationship over a period of time before asking you for bits of information or favours.

The department has a requirement where you need to report suspicious, ongoing, unusual or persistent contact with foreign officials, other foreign nationals and anyone suspected of being involved in organised crime. If you aren’t sure whether or not to report a particular interaction ask for advice from the security services team.

Early reporting of any suspicious contacts is the best way to protect yourself from any potential future compromising situation.

For advice or if you notice or suspect any unusual activity please contact Security Services:

  • Lodge a request with Security Services
  • Phone 02 6213 7007 or 1800 000 384
  • Email the Agency Security Adviser
  • Phone 02 6102 8179.

5.4 Cyber and Digital Awareness

All employees and guests of the Department have a shared responsibility for ensuring good security practices. There is a critical need to protect our ICT facilities and resources, and to retain confidence of our stakeholders and clients who entrust sensitive information to the Department. This includes against the risk of Fraud, which is defined earlier in this Plan in regards to individuals or groups dishonestly obtaining a benefit, or causing a loss, but deception or other means. These can take place in many forms, including Phishing attacks; malware and viruses; Identity Theft; blackmail and money laundering.

The Department faces numerous threat sources that can be involved in Fraud including (but are not limited to):

  • Nation States
    • Foreign Intelligence Services (FIS);
    • Politically Motivated Nationalist Groups;
  • Malicious Individuals
    • Motivated by Freedom of Information;
    • Hacktivists;
    • Insider Threats;
  • Organised Crime
    • Motivated by financial reward.

These threat sources all have numerous different attack vectors of varying complexity and success rates. These groups will record all information that they are able to retrieve, from all sources they are able to find, so that they can increase the likelihood of a successful attack on the Department. To help mitigate these risks, it is recommended that staff adhere to the following controls:

  • Staff should be aware that all information they post online (publically and privately) is in the public domain, and could be used to attempt to socially engineer individuals;
  • Staff must maintain separate business and personal social media profiles;
  • Staff must only post Departmental information online that has been approved by the Department for release into the public domain;
  • Should staff believe that they have had an interaction with a 3rd party via email that is intending on defrauding the Department (with a malicious URL or attachment), they must notify the ICT security team via email to itsa@industry.gov.au;
  • Should staff believe that they have witnessed an attempt (failed or successful) to misuse the Departments resources, they must notify the ICT security team via email to itsa@industry.gov.au;
  • Additional information around the Departments social media policy is available on the intranet.
Share this Page