Left column


Billions of pounds of taxpayers’ money is lost every year through fraud. To put this money to its proper use, in the report Eliminating Public Sector Fraud, the government identified the need to adopt a zero tolerance culture and a coordinated approach to tackling fraud. But fraud is complex and many organisations lack the required […]


Lessons in fraud prevention, detection and recovery

Posted on July 13, 2017 by

Loss of moneyBillions of pounds of taxpayers’ money is lost every year through fraud. To put this money to its proper use, in the report Eliminating Public Sector Fraud, the government identified the need to adopt a zero tolerance culture and a coordinated approach to tackling fraud. But fraud is complex and many organisations lack the required skills, making it even more important that public sector organisations collaborate, innovate and share lessons. Our recent Investigation into Department for International Development’s approach to tackling fraud has lessons for all organisations seeking to tackle fraud, as well as exploring some of the challenges in delivering international aid.

Following our publication of a Fraud landscape review last year, my colleagues Ee-Ling Then and Richard Baynham blogged on ways of Confronting fraud and error head-on. Their post summarises an approach to managing fraud and error and sets out lessons to be learnt from our work in these fields in HM Revenue and Customs (HMRC) and the Department for Work and Pensions (DWP), detailed in our Fraud and Error Stocktake report. Although HMRC and DWP have to deal with the majority of the public sector fraud by value, fraud is substantial in many other public sector organisations and minimising the fraudulent loss of public funds should be a priority for all.

International aid brings some unique challenges. Nevertheless, much can be learnt from the approach to tackling fraud taken by the Department for International Development (DFID).

A global challenge

Fragile statesEvery organisation has its own fraud risks and a key part of establishing an effective strategy is to develop a deep understanding of the causes of fraud. In DFID’s case, the risk of fraud is heightened by: the high proportion of aid delivered via partner organisations; the prevalence of poverty and perceived corruption in many of the recipient countries; and the difficulty in many fragile and conflict-affected countries to get access on the ground to where aid is being spent, which adds to the challenge of holding partner organisations to account for the risks to expenditure from fraud.

Tackling fraud in the delivery of international aid has become even more important for DFID over recent years for two reasons:

FirstIn 2015 the government enshrined in law a commitment to spending 0.7% of the UK’s gross national income on overseas aid. This decision has been a high profile and somewhat controversial one, putting more pressure on the government to ensure the money is spent well. In 2015, ODA expenditure was £12.1 billion, of which DFID was responsible for £9.9 billion. We report on the target in our imminent report Managing the Official Development Assistance target – a report on progress.

The 2015 Strategic Defence and Security Review committed DFID to spend at least half of its budget in ‘fragile states and regions’ for the remainder of the Parliament (African fragile states shown above in map from the Independent Commission for Aid Impact). As we found in our investigation, 15 of the 32 countries where DFID concentrates its funding fall into the lower quartile of Transparency International’s Corruption Perceptions Index, meaning that DFID is often operating in countries where the perceived risk of corruption is high.

A better approach

DFID developed an improved approach to tackling fraud following a 2011 report by the Independent Commission for Aid Impact, which made recommendations for improving the way DFID addressed the risks to UK aid funds from fraud and corruption. In response, DFID implemented the following key changes:

ProcessesStrategy documents have been produced on anti-corruption and on counter-fraud, supplemented by anti-corruption strategies for the individual countries in which DFID operates.

Awareness raisingAwareness raising initiatives have been conducted, including: an annual ‘fraud awareness week’ for DFID staff, and sessions and events for staff based overseas and for delivery partners.

Process integrationFraud management processes are integrated in all stages of the DFID project cycle, including as part of due diligence when projects are set up and in the monitoring of delivery partners.

Business educationGuidance for those responsible for managing projects and programmes has been revised, including production of a ‘smart guide’ on fraud.

Standardised processesTraining includes mandatory training for all staff on fraud and on risk and control, with more in-depth training for those needing expertise, and the inclusion of fraud sessions in finance and procurement training.

Our investigation looked at DFID’s revised approach to counter fraud in five main areas. Some key findings, good practice and lessons are summarised below.
Fraud management


As our Fraud landscape review found, many public sector organisations take a reactive, rather than preventative, approach to managing fraud. Resources tend to be focused on investigating fraud after the event, rather than minimising its prevalence by addressing fraud risk when designing new programmes or policies.

By contrast, DFID has a well-established counter-fraud strategy. It uses the “three lines of defence” approach (widely endorsed, including by the Institute for Internal Auditors) to countering fraud. Under this model, different parts of the organisation share responsibilities for addressing fraud risks.

First line: Frontline staff, responsible for managing projects and programmes “on the ground”, are responsible for identifying fraud risks when setting up programmes and designing the right control, assurance and monitoring arrangements.

Second line: DFID’s control and assurance team set the policy, processes and direction and provide support for the frontline staff, including training on fraud, risk and control. DFID’s staff follow a project life cycle when setting up and running programmes, and this includes consideration of the risk of aid being “diverted” at all stages. Specific guidance is available on counter fraud.

Third line: The internal audit counter-fraud team, part of DFID’s internal audit department, investigates all allegations of fraud, and monitors and reports on DFID’s overall fraud case load.


DFID runs awareness-raising and training activities for staff, suppliers and delivery partners to encourage them to report suspicions about spending within its programmes. In addition, the majority of DFID’s contracts and grant agreements with suppliers now include fraud reporting as a mandatory requirement.

Other organisations make use of more predictive techniques to identify proactively where fraud may be occurring, for example analysing financial data and transactions for possible suspicious activity. This is more difficult for DFID, as its work doesn’t generate large volumes of data for individual transactions and some of the countries in which DFID operates still rely on paper records. However, DFID is looking into using analytical techniques in areas such as payroll and procurement.

DFID also faces the challenge of detecting fraud where it has less direct control over its expenditure. This is particularly the case with the 55% of its expenditure that it gives to multilateral bodies, such as the UN or World Bank, and especially where that is then given to implementing partners, over whose activities DFID has no access rights. In these cases, DFID must rely on these bodies’ systems for identifying and reporting fraud, and on its own assessment of the effectiveness of the organisations’ anti-fraud measures. This is difficult and fraud levels may well be under-reported as a result.


DFID’s counter-fraud team assesses each allegation of fraud or suspicious activity using a triage system and assigns a priority level (1 to 4) based on the value of the potential loss, the potential damage to DFID’s reputation or impact on the delivery of aid. The counter-fraud team either carry out their own investigation, or provide support and oversight to fraud investigations carried out by delivery partners. In priority level 4 cases, no investigation is needed, but the team will provide advice on controls.

Thanks to the improved processes, the investigation caseload has quadrupled over the last five years. To handle the increased workload, the size of the team has been increased and the team is able to access additional resources from within DFID’s fraud liaison network (a network of staff trained in counter-fraud) or from external providers.

Where delivery partners have reported potential frauds, DFID expects them to carry out their own investigation to the required standards. DFID’s counter-fraud team assesses whether the organisation has the capability to carry out a robust investigation and provides support and oversight – or plays a more active role, even taking over the investigation, if needed.

Interestingly, our investigation found (1) that reported fraud levels are lower than other public and private sector organisations that don’t spend money overseas; and (2) that there was no clear correlation between perceived corruption levels and the numbers of fraud case DFID reported in individual countries.

Recover and sanctionRecovery and sanctions

DFID focuses on recovering as much money as possible where fraud has been committed and has a good record in this area, recovering around two-thirds of its potential fraud losses since 2003, as shown in the chart (taken from Figure 10 of our Investigation).

DFID losses from fraudDFID prefers to work with partners to recover funds through negotiation. However, it has more punitive options available, and the decision about the appropriate course of action is made on a case-by-case basis. Available sanctions include:

  • dismissal of individual staff members;
  • pausing funding for programmes until investigations are complete and funds recovered;
  • terminating programmes early or decide not to renew agreements; and
  • taking individuals to court if this is judged a proportionate course of action.

DFID does not, however, make its actions public, primarily because it wishes to protect the identities of those who have made the allegations of fraud. This contrasts to the approach taken by some other organisations, which choose to publish this information, in part to improve transparency and show that they take a robust approach, and in part to act as a deterrent for others.

Report and learn lessonsReporting and lesson-learning

DFID reports fraud information internally to its audit committee; conducts reviews and lessons learned exercises on particular countries and programmes, where relevant; and reports to the fraud team in the Cabinet Office on a quarterly basis. Lessons identified are used across the organisation, for example by policy teams, and fraud case examples are used in training materials. DFID also shares knowledge with other organisations by participating in relevant cross-government and other working groups.

However, DFID reports only limited details of its fraud cases externally, making it difficult for the taxpayer to know whether it’s doing a good job on tackling fraud. By contrast, the charity Plan International, for example, provides a quarterly update on its fraud cases detailing the date, location, allegation, resolution, net loss to Plan International, lessons learned and actions taken to recover funds or sanction those responsible. Although there is no standardised fraud reporting format at present, it is good practice to disclose serious control issues in governance statements and entities have to disclose losses in the accounts.

The NAO has provided a framework for managing fraud and error, summarised in our previous post, Confronting fraud and error head-on, and we are is developing a Factsheet for Audit and Risk Committees on counter fraud standards. We have also produced several reports covering fraud and error, which can be found on our Fraud, error and debt management web-page, and will continue to focus on this crucially important issue in future reports.

We welcome your views and invite you to contact us if you would like to discuss any aspect of fraud and error or DFID’s work.

Alison Taylor
About the author: Alison Taylor is an Audit Principal working on value-for-money audits of the Department for International Development. She has over 10 years’ experience of leading NAO value-for-money studies in the defence, transport, home affairs and justice and international development sectors.
Expertise on fraud has also been provided by Claire Rollo, the NAO’s Director responsible for our work on fraud and error in DWP and HMRC benefits and credits.


Share this article on social media:


3 responses to “Lessons in fraud prevention, detection and recovery”

  1. Corrie Newell says:

    I whistleblew through my employer South Cambridgeshire District Council in December 2013, was removed from my job in January 2014, and I then followed it through internal and external audits, and various of the organisations set up to tackle fraud, including Action Fraud. Each time it started with an acknowledgement that there was reason to follow it up and each time it was then suppressed. The system of letting organisations police themselves hasn’t worked.

  2. Jack says:


  3. Thanks for sharing such a great blog. Very helpful. Keep on posting.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Right column

  • About the NAO blog

    Our experts share their views about issues and common challenges facing government, what public sector leaders should look out for and how organisations have addressed issues. Our posts draw together threads from across our reports, share secrets spilled in events and reveal our experts’ expectations for the future.

    We encourage comments that support the exchange of ideas for improvement, but ask that those posting are respectful of others.

  • Sign up for automatic feeds

    Sign up to receive email alerts:

    RSS IconSubscribe in an RSS Reader