AUDIENCE EXTERNAL Corruption Prevention Network SUBJECT Fraud Control Planning DATE July 2007 Tax Office Fraud Control Planning: Tools and Techniques PRESENTED BY: Annalissa Hilton Fraud Prevention & Control About the Australian Taxation Office Net revenue collection of 232.6 billion* Operating budget of $2,533.2 million* 21,511 staff nationally* 67 sites across all states and territories* Currently in the midst of a Change Program incorporating a redesign of systems – integrating 120 existing systems into one interface Policy initiatives designed to improve taxpayer interactions [*] These figures have been sourced from the 2005-2006 Commissioner of Taxation Annual Report. TAX OFFICE FRAUD CONTROL PLANNING 2 Fraud in the Australian Taxation Office In the 2005-2006 financial year, we finalised 167 allegations of fraud and serious misconduct by employees. 29 of these cases were found to be substantiated. This included: – two cases of unauthorised access, with one offender receiving community service and the other a fine – two cases of fraud against the revenue, with the severest penalty being four years and seven months imprisonment A further 11 matters are either with the Commonwealth Director of Public Prosecutions or before the courts. [2] These figures have been sourced from the 2005-2006 Commissioner of Taxation Annual Report. TAX OFFICE FRAUD CONTROL PLANNING 3 Our fraud prevention strategy Governance framework Integrity framework Fraud awareness training Security and privacy training Internal investigations Fraud control planning TAX OFFICE FRAUD CONTROL PLANNING 4 Structure of the Fraud Control Plan Business Lines Process Micro Enterprise and Individuals Small and Medium Enterprises Large Business and International Goods and Services Tax Provision of Advice BAS end to end Corporate Risk TAX OFFICE FRAUD CONTROL PLANNING 5 TAX OFFICE FRAUD CONTROL PLANNING 6 TOOLS AND TECHNIQUES TAX OFFICE FRAUD CONTROL PLANNING 7 Use of intelligence Consolidation of intelligence from internal and external sources – – – – – – – Chief Knowledge Officer Internal Audits External Audits Change Program design parameters Previous Fraud Control Plans External agencies Professional bodies Appointment of ‘Fraud Liaison Officers’ TAX OFFICE FRAUD CONTROL PLANNING 8 Health Check Survey With the permission of the Audit Office of New South Wales, we have adapted the Fraud Health Check Survey from the Audit Office of New South Wales Fraud Control Improvement Kit Better Practice Guide to fit the Tax Office. The Tax Office has an electronic system available to deliver the survey to all employees in a BSL and receive anonymous responses. The results are depicted in a dashboard generated using the Excel spreadsheet tool provided by the Audit Office of NSW. The dashboard results are presented in the fraud control plan chapter for that BSL. The survey offers the opportunity to obtain the fraud risk perceptions and any offered comments from all employees within the BSLs. TAX OFFICE FRAUD CONTROL PLANNING 9 Asymmetrically linked assessment methodology The ASLAM methodology considers both threat and risk assessment This concept evolved from ASIO’s T4 threat assessment methodology Allows for forecasting and the identification of environmental factors which can help to indicate a fraud is imminent Allows for better understanding of a perpetrators intent and expectations, therefore allowing us to tailor internal awareness training strategies TAX OFFICE FRAUD CONTROL PLANNING 10 T4 model of threat assessment RISK Threats are generated by threat agents (usually a person or a group). T4 examines the intent and capability of these threat agents. Likelihood Threat Intention Desire + Consequence + Capability + Expectation TAX OFFICE FRAUD CONTROL PLANNING Knowledge + Resources 11 Facilitated workshops and interviews Provisional classification based on intelligence Provides time to robustly assess high risk activities More targeted approach to fraud threats Testing provisional classification of functions TAX OFFICE FRAUD CONTROL PLANNING 12 Control Testing Proactive testing of control effectiveness Three perspectives: – Recommendations reported as ‘implemented’ – Control deficiencies identified through investigations – Hot topics (unauthorised access, proof of identity) Every fraud control plan chapter is accompanied by at LEAST one control test TAX OFFICE FRAUD CONTROL PLANNING 13 Data Mining In 2006, the Reporting, Intelligence and Training team was established Further expand on control testing to include proactive data mining of systems based intelligence Responsible for most assessments within our Corporate Risk Fraud Control Plan Chapter TAX OFFICE FRAUD CONTROL PLANNING 14 Monitoring of recommendations Recommendations are reported quarterly to the Tax Office’s Audit Committee Scrutiny of responses and the endorsement of mitigation strategies rest with the Fraud Prevention Group Reporting feeds back into control testing TAX OFFICE FRAUD CONTROL PLANNING 15 We have learnt that: Facilitated assessment, while time consuming, creates a more consistent overall picture of the threats we face A mixture of individual perspectives and concrete evidence provides a more rounded view of potential fraud threats. Prescriptive process assessments allow for the retention of corporate knowledge TAX OFFICE FRAUD CONTROL PLANNING 16 The future Staffing – Getting the right people and retraining them – Developing in-house training Responding to change Gaining further advantages from the consolidation of intelligence Benchmarking against international revenue agencies – ‘Like’ agencies – Change Program environments – Similar systems TAX OFFICE FRAUD CONTROL PLANNING 17 Contact Annalissa Hilton Fraud Prevention Group Fraud Prevention and Control Australian Taxation Office annalissahilton@ato.gov.au 02 6216 3260 TAX OFFICE FRAUD CONTROL PLANNING 18