The question this answers:
Where are the vulnerabilities in our grant program, and how likely is someone to exploit them?
What the problem looks like without a program-specific fraud and corruption risk assessment
Your grant program has controls. Applicants must provide an ABN. Staff must check eligibility. Payments require sign-off.
But no one has mapped where the actual risks are. No one has asked: What would fraud look like in this grant program? Where are the points someone could exploit? What’s the likelihood? What’s the consequence if it happens?
Then someone submits applications under multiple ABNs for the same project. Or inflates quotes from related suppliers. Or claims acquittal for work never done. And you discover your controls weren’t designed to catch it.
You had controls. You didn’t have a risk assessment.
What I deliver is
A documented assessment that identifies fraud and corruption risks specific to your program. Not a generic template. A tailored analysis based on how your program actually works.
For each risk, the assessment includes:
- Risk description: What could happen, specifically
- Vulnerability: Where in the grant program the risk exists
- Likelihood: How probable, given current controls
- Consequence: What happens if it occurs (financial, reputational, political)
- Current controls: What’s already in place
- Residual risk: What remains after controls
- Recommended treatments: What else should be done
Delivered as a document you can use for internal governance, brief executives, or provide to audit.
What good looks like vs what bad looks like
Bad: A risk register that says “Fraud risk: Medium. Control: Staff check applications.”
This tells you nothing useful. What kind of fraud? Where in the process? How would staff detect it?
Good:
| Risk | Vulnerability | Likelihood | Consequence | Current control | Residual risk | Treatment |
|---|---|---|---|---|---|---|
| Duplicate applications under different ABNs | No automated check for duplicate projects across applications | Medium | Moderate (funding wasted; reputational damage) | Manual review by assessors | Medium | Implement ABN cross-check at triage; require declaration of related applications |
| Inflated quotes from related parties | No requirement to declare supplier relationships | Medium | High (overpayment; audit finding) | Acquittal review | High | Require conflict of interest declaration for suppliers over $5K; spot-check quotes |
| Fabricated acquittal evidence | Reliance on self-reported outcomes; limited verification | Low | High (program integrity; ministerial exposure) | Desktop acquittal review | Medium | Introduce random site visits for grants over $50K; require third-party verification for key claims |
Now you can see where the risks are, how serious they are, and what to do about them.
Why it matters
Fraud doesn’t announce itself. It exploits gaps, usually gaps no one thought to look for.
A grant program-specific risk assessment forces you to think like someone trying to exploit the system. It identifies vulnerabilities before they’re tested. And it gives you a basis for designing controls that actually address the risks, not just tick compliance boxes.
When something goes wrong, the first question will be: did you assess the risks? This document is your answer.
Other Fraud, Risk & Probity Deliverables
Are your grant program integrity controls mapped to real risks? → A control architecture where every identified risk has a defined control, a named owner, and a monitoring mechanism. Gaps are visible by design. Accountability is structural, not assumed.
Would your grant decisions stand up to a probity complaint? → Probity architecture built into panel and decision-making processes. Conflict management, confidentiality, and conduct requirements are designed into how decisions are made, not issued as guidance that people are expected to read and follow independently.
