New commonwealth fraud and corruption control framework: what you need to know

The Minister for Finance and the Attorney-General announced the new Commonwealth Fraud and Corruption Control Framework (the Framework), which will come into effect on 1 July 2024. Amendments to the overarching Public Governance, Performance and Accountability (PGPA) Rule 2014 (the Fraud Rule) include a new specific focus on corruption, creating a binding instrument for all PGPA Act entities from 1 July 2024.

In this article, BDO’s Forensic Services experts summarise the key elements of the new Framework, and what this means for Australian Commonwealth Government entities.

The Framework overview 

The revised Framework builds on the existing PGPA requirements and consists of three integrated parts, which we explore below. 

New clauses in the Framework require commonwealth entities to:

  • Ensure they have officials who are responsible for managing risks of fraud and corruption relating to the entity
  • Have appropriate governance structures and processes in place to effectively oversee and manage risks of fraud and corruption 
  • Periodically review the effectiveness of their entity's fraud and corruption controls.

Part One: Fraud and corruption rule (the Rule)

From 1 July 2024, all PGPA Act entities will have to meet the requirements of the Rule. The accountable authority of a Commonwealth entity (e.g., the Secretary of the Department) must take measures to prevent, detect and respond to fraud and corruption, including: 

  • Conducting regular fraud and corruption risk assessments or when there is a substantial change in an entity’s structure, functions, or activities
  • Developing and updating control plans to deal with the identified fraud and corruption risks
  • Performing periodic effective reviews of fraud and corruption controls
  • Ensuring there are effective governance structures to oversee fraud and corruption risks
  • Putting in place awareness, education, and prevention measures for staff and major activities
  • Having mechanisms for detecting, investigating, recording, and reporting incidents.

Part Two: Fraud and corruption policy (the Policy)

The Policy builds on the Rule, and while it is binding on all Non-Corporate Commonwealth Entities (NCCEs) from 1 July 2024, it is only suggested for Corporate Commonwealth Entities (CCE) and Commonwealth Companies. The Policy includes mandatory actions but allows some flexibility and proportionality in their application. Some of the more significant additions include: 

  • Assessing enterprise fraud and corruption risks at least every two years, and more frequently for higher-risk areas and activities
  • Documenting roles and responsibilities for fraud and corruption management, governance (including the accountable authority, and senior executives), with a focus on prevention
  • Promoting a culture of integrity through mandatory awareness and training initiatives for officials, contractors, consultants, and third-party service providers
  • Implementing active detection and reporting mechanisms for suspected fraud
  • Ensuring investigations meet the Australian Government Investigation Standard (AGIS)
  • Creating response and investigation arrangements, including reporting to relevant external entities, including the AFP, National Anti-Corruption Commission, and Commonwealth Director of Public Prosecutions (as required).

Part Three: Fraud and corruption guidance 

The Attorney-General's Department is currently reviewing feedback on its Draft Resource Management Guide (RMG) 201, Preventing, detecting, and dealing with fraud and corruption. It is due to be released in early 2024, along with other supporting resources and a series of training events for the new requirements.

How BDO can support you 

Whether your entity already complies with the current Framework, is preparing for mandatory requirements of the new Framework, or is just beginning its fraud and corruption control journey, BDO can support you to ensure your approach meets your obligations and expected standards to protect your entity’s integrity. 

Our Forensic and Integrity services include:

Gap analysis

Conducting an independent evaluation of your entity’s approach against the Framework to identify gaps between current and desired states to help prioritise corrective actions. 

Fraud and Corruption Framework Design

Developing strategic, operational and governance arrangements for your entity’s Framework, including a practical roadmap for implementation. 

Risk assessment

Delivering fraud and corruption risk assessments at enterprise, divisional, program or activity level to help you identify, analyse, evaluate, and treat your fraud and corruption risks. 

Control plans

Developing a control plan that targets your specific fraud and corruption risks and provides a program for periodic review of control effectiveness.

Education, awareness, and prevention strategies

Delivering training sessions for your staff, contractors, consultants, and third-party service providers. 

Data analytics and detection

Designing proportionate approaches and mechanisms to target fraud and corruption risk areas efficiently and effectively. 

Pressure testing controls

Conducting activities consistent with actual fraud and corruption incidents to determine if existing internal controls are operating as intended. 

Contact Us 

Understand what this means for your organisation and navigate the changes effectively with our expertise. Contact a member of the BDO Forensic Services team for personalized guidance on safeguarding your entity's integrity.