Standard
Track updates
AS 8001:2021
[Current]Fraud and corruption control
Provides minimum requirements and additional guidance for organizations wishing to develop, implement and maintain an effective fraud and corruption control system. Keywords: fraud corruption control
Published: 11/06/2021
Pages: 54
Table of contents
Cited references
Content history
Table of contents
Header
About this publication
Preface
Introduction
1 Scope and general
1.1 Scope
1.2 Application
1.3 Normative references
1.4 Terms and definitions
2 Foundations for fraud and corruption control
2.1 General
2.2 Governing body
2.3Top management
2.4 Specialist fraud and corruption control resourcing
2.4.1 Specialist fraud and corruption control function
2.4.2 Appointment of an ISMS professional
2.4.3 Collaboration with other risk management resources
2.4.4 Leveraging organizational fraud and corruption control resources
2.5 Line management
2.6 Business unit accountability for fraud and corruption control
2.7 Awareness raising of fraud and corruption risk
2.7.1 General
2.7.2 Matters to be covered in a fraud and corruption awareness raising program
2.8 Fraud and corruption risk management
2.9 External environment scan
2.10 Developing and implementing a fraud and corruption control system (FCCS)
2.10.1 General
2.10.2 Developing a fraud and corruption control system
2.10.3 Documenting the fraud and corruption control system (FCCS)
2.10.4 Promoting the fraud and corruption control system
2.10.5 Monitoring and maintaining a fraud and corruption control system
2.10.6 Factors to be considered in reviewing a fraud and corruption control system
2.11 Leveraging the internal audit function in fraud and corruption control
2.11.1 General
2.11.2 The role of the internal audit function in assessing fraud and corruption risk
2.12 Leveraging the external audit function in fraud and corruption control
2.13 Information Security Management system (ISMS)
2.14 Record keeping and confidentiality of information
3 Preventing fraud and corruption
3.1 General
3.2 Promoting a sound integrity framework
3.2.1 Structure and policy elements of an integrity framework
3.2.2 Actions to support an integrity framework
3.3 Managing conflicts of interest
3.4 Managing risks connected to gifts, hospitality, donations and similar benefits
3.5 Internal controls and the internal control environment
3.5.1 The role of internal controls in fraud and corruption prevention
3.5.2 Implementing and maintaining an internal control system that will be effective in preventing fraud and corruption
3.5.3 Pressure testing the internal control system
3.6 Managing performance-based targets
3.7 Workforce screening
3.7.1 Implementing a robust workforce screening program
3.7.2 Developing a workforce screening policy
3.8 Screening and ongoing management of business associates
3.8.1 General
3.8.2Verification of business associates
3.8.3 Enquiries to be undertaken regarding the integrity of business associates
3.8.4 Managing the risk of fraud and corruption by business associates
3.9 Preventing technology-enabled fraud
3.10 Physical security and asset management
4 Detecting fraud and corruption
4.1 General
4.2 Post-transactional review
4.3 Analysis of management accounting reports
4.4 Identification of early warning signs
4.5 Data analytics
4.6 Fraud and corruption reporting channels
4.7 Whistleblower management system
4.8 Leveraging relationships with business associates and other external parties
4.9 Complaint management
4.10 Exit interviews
5 Responding to fraud and corruption events
5.1 General
5.2 Immediate action on discovery of a fraud or corruption event
5.2.1 Immediate actions in response to discovery of fraud or corruption
5.2.2 Digital evidence first response
5.3 Investigation of a detected fraud or corruption event
5.3.1 General
5.3.2 The role of the investigator
5.3.3 Expertise of the investigator
5.3.4 Safety of investigators
5.3.5 Investigation principles
5.3.6 Capturing, analysing and managing digital evidence
5.3.7 Handling evidence other than digital evidence
5.3.8 Investigation planning
5.3.9 Record keeping
5.3.10 Consideration of grievances
5.4 Disciplinary procedures
5.4.1 General
5.4.2 Implementing a disciplinary procedures policy
5.4.3 Separation of investigation and determination processes
5.5 Crisis management following discovery of a fraud or corruption event
5.6 Internal reporting and escalation
5.6.1 Collating information in relation to fraud and corruption events
5.6.2 Fraud and corruption event register
5.6.3 Analysis and reporting of fraud and corruption events
5.7 External reporting
5.7.1 General
5.7.2 Cooperation with law enforcement agencies
5.7.3 Format for reports to law enforcement agencies
5.8 Recovery of stolen funds or property
5.9 Responding to fraud and corruption events involving business associates
5.10 Insuring against fraud events
5.11 Assessing internal controls, systems and processes post-detection of a fraud or corruption event
5.12 Third parties
5.12.1 Impact of fraud on third parties
5.12.2 Notification of third parties
5.13 Disruption of fraud and corruption
Appendix A
A.1 Fraud in Australia
A.2 Corruption in Australia
A.3 References
Appendix B
B.1 General
B.2 Examples of internal fraud
B.3 Examples of external fraud
B.4 Examples of corruption (other than bribery)
Appendix C
Bibliography
Cited references in this standard
NIST SP 800
Computer Security Incident Handling Guide
[Current]
Information technology — Security techniques — Information security management systems — Requirements
$219.67
AUD
Inclusive of GST
Available formats
Web Reader
Licence:
1 user
Total
$219.67
