ebook img

Australian Taxation Office Internal Fraud Control Arrangements PDF

133 Pages·2000·0.39 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Australian Taxation Office Internal Fraud Control Arrangements

T h e A u d i t o r - G e n e r a l Audit Report No.16 2000–2001 Performance Audit Australian Taxation Office Internal Fraud Control Arrangements Australian Taxation Office A u s t r a l i a n N a t i o n a l A u d i t O f f i c e © Commonwealth of Australia 2000 ISSN 1036-7632 ISBN 0 642 44220 7 This work is copyright. Apart from any use as permitted under the Copyright Act 1968, no part may be reproduced by any process without prior written permission from the Commonwealth, available from AusInfo. Requests and inquiries concerning reproduction and rights should be addressed to: The Manager, Legislative Services, AusInfo GPO Box 1920 Canberra ACT 2601 or by email: [email protected] 2 Australian Taxation Office Internal Fraud Control Arrangements Canberra ACT 29 November 2000 Dear Madam President Dear Mr Speaker The Australian National Audit Office has undertaken a performance audit in the Australian Taxation Office in accordance with the authority contained in the Auditor-General Act 1997. I present this report of this audit, and the accompanying brochure, to the Parliament. The report is titled Australian Taxation Office Internal Fraud Control Arrangements. Following its tabling in Parliament, the report will be placed on the Australian National Audit Office’s Homepage— http://www.anao.gov.au. Yours sincerely P. J. Barrett Auditor-General The Honourable the President of the Senate The Honourable the Speaker of the House of Representatives Parliament House Canberra ACT 3 AUDITING FOR AUSTRALIA The Auditor-General is head of the Australian National Audit Office. The ANAO assists the Auditor-General to carry out his duties under the Auditor- General Act 1997 to undertake performance audits and financial statement audits of Commonwealth public sector bodies and to provide independent reports and advice for the Parliament, the Government and the community. The aim is to improve Commonwealth public sector administration and accountability. Auditor-General reports are available from Government Info Shops. Recent titles are shown at the back of this report. For further information contact: The Publications Manager Australian National Audit Office GPO Box 707 Canberra ACT 2601 Telephone (02) 6203 7505 Fax (02) 6203 7798 Email [email protected] ANAO audit reports and information about the ANAO are available at our internet address: http://www.anao.gov.au Audit Team Medha Kelshiker Jon Hansen Peter White 4 Australian Taxation Office Internal Fraud Control Arrangements Contents Abbreviations/Glossary 7 Summary and Recommendations Summary 13 Background 13 Audit approach 14 Conclusion 15 Key Findings 17 Fraud control corporate governance mechanisms 17 Fraud prevention 19 Information technology systems 20 Fraud detection 23 Fraud investigation 23 Recommendations 25 Audit Findings and Conclusions 1. Introduction 31 Fraud prevention and control within the Commonwealth public sector 31 Australian Taxation Office 34 Audit objective and methodology 38 Report structure 40 2. Fraud Control Corporate Governance Mechanisms 42 Introduction 42 ATO fraud control policy 42 Organisational arrangements for internal fraud 43 Planning for effective fraud control 47 ATO performance assessment framework—internal fraud control 55 Conclusion 59 3. Fraud Prevention 61 Introduction 61 ATO fraud prevention strategy 62 Other fraud prevention initiatives 68 Other better practice 69 ATO Business Line fraud prevention practice 70 Conclusion 73 4. ATO Information Technology 74 Introduction 74 The ATO’s information technology and security environment 76 IT access control 80 Pro-active IT controls—logging access of staff to ATO IT systems 88 Conclusion 91 5 5. Fraud Detection 93 Introduction 93 ATO pro-active fraud detection activities 94 Coordination between the Fraud Prevention and Control Section and ATO Internal Audit 96 Conclusion 98 6. Fraud Investigation 99 Introduction 99 Fraud investigations guidelines 102 Reporting and recording allegations 102 The Case Management System 103 Effectiveness of fraud investigations 106 Prosecution and other remedies 111 Conclusion 113 Appendices Appendix 1: Relevant reports on fraud control arrangements 117 Appendix 2: Functions of the ATO Integrity Advisory Committee 118 Appendix 3: ATO fraud risk assessment methodology 119 Appendix 4: Materials provided to ATO staff as part of the ATO’s Fraud Awareness Program 121 Appendix 5: ATO information technology environment 122 Appendix 6: ATO Secrecy Legislation and Information Technology Security Policy 124 Appendix 7: Senate Economics References Committee Inquiry into the Operation of the Australian Taxation Office, 6 August 1998 127 Appendix 8: Results of Fraud Prevention and Control Section Cases for 1999–2000 128 Index 129 Series Titles 131 Better Practice Guides 133 6 Australian Taxation Office Internal Fraud Control Arrangements Abbreviations/Glossary ABCI Australian Bureau of Criminal Intelligence ACS Australian Customs Service AFP Australian Federal Police AIC Australian Institute of Criminology AMT Access Management Team. A group within the ATO IT Security Section responsible for the coordination, training and support of the Workplace Access Administrators. ANAO Australian National Audit Office APS Australian Public Service ATO Australian Taxation Office ATO Extra ATO’s weekly internal publication CAATS Computer Assisted Audit Techniques CD-ROM Compact Disc-Read Only Memory. A form of optical storage, which exploits digital coding of information and laser technology to provide fast and flexible searching of large volumes of data. CLEB Commonwealth Law Enforcement Board CMS Fraud Prevention Case Management System. A computer-based system to facilitate better administrative management of fraud investigations. Certificate of Compliance A process involving a detailed assessment of both internal and external risks that may impact on a new ATO financial system. Once the risk assessment process has been completed, appropriate controls are installed and a Certificate of Compliance is issued for the new system. CEI Chief Executive Instruction CPSU Commonwealth Public Sector Union DPP Commonwealth Director of Public Prosecutions 7 Firecall To facilitate the smooth operation of ATO IT systems it is necessary at times for ATO IT systems staff to make direct changes to the ATO’s mainframe and Wide Area Network environments to correct system errors. To enable staff to perform these ‘quick fixes’ and to gain the necessary, direct access to production data in the mainframe environment, the ATO has a special access authority known as Firecall, which bypasses regular security controls. Firewall A firewall is a server that is used as a barrier to control the flow of traffic between networks (this can be either internal or external traffic). A firewall works by applying filtering techniques to block selected transactions (generally based on the entities security policies). FMA Act Financial Management and Accountability Act 1997 FP&C Fraud Prevention and Control GST Goods and Services Tax HOTSA Health of the System Assessment. ATO’s formal risk management process, which forms part of its strategic planning framework, and which has been undertaken on an annual basis across all ATO Business Lines since 1994–95. HRMIS Human Resources Management Information System IAB Internal Assurance Branch IAC Integrity Advisory Committee ICAC Independent Commission Against Corruption IFAC International Federation of Accountants ISA International Standard of Auditing IT Information Technology Legacy System An older system that must be maintained for some time before being gradually rebuilt and replaced. LAN Local Area Network. A collection of computers, terminals, printers and other computing devices that are connected through cable over relatively short distances (usually within a single building or office). MoU Memorandum of Understanding 8 Australian Taxation Office Internal Fraud Control Arrangements MOSC Management of Serious Crime Program OCT Official Conduct Team Operating Extensive and complex set of programs that manages System the operation of a computer and the applications that run on it, such as word processing on personal computers or processing of tax returns on mainframes. PBR Private Binding Ruling RACF Resource Access Control Facility. The ATO facility used to control user access to the ATO mainframe environment. RTA New South Wales Roads and Traffic Authority UNIX An Information Technology operating system Unauthorised (to information) Access official information which is not access based on a legitimate need to know, sanctioned by government policy or agency direction, or an entitlement under legislation. WAN Wide Area Network. A collection of computers, terminals, printers and other computing devices that are connected over large distances (ie. metropolitan, intercity, national and international). In the ATO, WAN enables communication between ATO offices. It is also referred by ATO as the TAXLAN. Through it, the ATO accesses various mainframe programs and provides desktop applications to enable ATO officers to perform their duties. WAA Workplace Access Administrators. WAAs control the access of users to ATO IT mainframe systems. They have access privileges that allows them to grant user access to particular ‘IT groups’ and reset passwords. Windows NT An Information Technology operating system 9 10 Australian Taxation Office Internal Fraud Control Arrangements

Description:
performance audit in the Australian Taxation Office in accordance A contractor is responsible for providing and maintaining WAN software and hardware. The It provides security by preventing an accidental intruder, hacker, or.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.