Detection methods

4.1 No matter how effective a system of preventative controls and processes may be, it cannot provide absolute assurance against the risk of fraud and corruption. Therefore, it is imperative that adequate fraud and corruption detection mechanisms are in place.435

4.2 Detection measures work in tandem with preventative measures as the former informs the refinements required in the other. It is important to note that neither prevention nor detection measures can remain static if they are to be effective as those who seek to commit fraud and corruption will, in response to refinements, adapt their approach in an effort to remain unnoticed. Accordingly, identifying and addressing weaknesses in the fraud and corruption control environment is an ongoing task.

Stakeholder concerns

4.3 Many stakeholders sought assurance around the effectiveness of the ATO's processes to detect internal fraud and misconduct. Some have highlighted the changing workforce environment in the ATO and, in particular, the risks associated with the increase in the number of contractors and casual staff. Whilst some stakeholders were of the view that the ATO has processes in place for detecting unauthorised access to taxpayer information, the ability of the ATO to identify instances where an officer has inappropriately accessed taxpayer records at the request of another officer (by proxy) was questioned.

4.4 In submissions to the review, some ATO officers also indicated that the lack of anonymity in reporting inappropriate behaviour or misconduct, as well as fear of reprisal actions may discourage reporting of potential misconduct.

Relevant information

4.5 As mentioned earlier, the FPII unit is responsible for implementing measures which effectively prevent, detect and respond to internal fraud and corruption. It develops a biennial program of work, in consultation with the ARC and senior executives436, which includes fraud and corruption risk assessment reviews, awareness activities, intelligence work and analytics.

4.6 The FPII unit's priorities for the 2016–18 period focuses on the following fraud and corruption risks:

  • 'The information we hold' [and where that data is aggregated an additional risk regarding 'big data'437] – The ATO has a significant amount of sensitive and personal information. Unauthorised or inappropriate access to that information can compromise the integrity of the taxation and superannuation systems, and undermine public trust. The move to online access, as well as the capacity to aggregate and manipulate large amounts of data through system development, heightens the potential risks.
  • 'Our changing workforce' – Our workforce mix is changing, with more externally engaged employees performing ATO functions. The need for specialist skills subject to labour market pressure, and the need to deploy additional resources quickly, can impact usual employment process. As well, employees are performing more work remotely, using a range of mobile technology to access ATO information systems, and there are fewer restrictions on things like wireless connectivity in the workplace. Employees also utilise cloud systems to share, store and transfer information.
  • 'The integrity of our resources' – A cultural shift to a less rigid and defined rules based environment, with an associated focus on trust and empowerment, creates potential risks in how ATO assets and resources might be used. This includes both physical and financial assets.438

4.7 FPII fraud and corruption risk assessments and reviews seek to identify improvement opportunities or instances where the ATO's controls and processes may need to be reinforced. Over the 2016–18 period, the FPII unit had planned to conduct a total of 25 such risk assessment reviews.439

4.8 The FPII unit also works with the IA unit and relevant business lines in conducting risk assessment reviews and may seek assistance from external service providers if required.440 Upon the completion of these reviews, the FPII unit develops action plans with the relevant business lines to address and monitor risks that were identified.441 The results of these reviews are provided to the ARC on a quarterly basis. Between 1 January 2014 and 31 March 2017, the FPII unit had provided the results of 38 such reviews to the ARC.442

4.9 The events connected to Operation Elbrus had required the FPII unit to reschedule parts of its program of reviews and a number of FPII staff were involved in responding to issues relating to those events. Furthermore, following investigations connected to those events, the FPII unit brought forward the commencement of its planned risk assessment review of conflicts of interest which had been scheduled for later. As mentioned earlier, the latter review resulted in the ATO September 2017 Report.

4.10 In addition to the risk assessment reviews, the FPII unit works directly with other business lines in designing controls and detection processes to ensure that potentially fraudulent or inappropriate activities are addressed. For example, the FPII unit assisted the Service Delivery business line to test a business assurance process, the Post Event Control Framework which is designed to identify unusual or high risk transactions. This process identified 28 different scenarios and activities which would be unusual for an ATO officer to undertake. Analysis of the process, which is conducted by the business line on a monthly basis, was provided to the FPII unit who undertook social network data matching and data scans to identify potential relationships between ATO officers and identified taxpayer accounts that were involved in the unusual activity.443

4.11 The FPII unit also conducts regular data scans on ATO officer activities that leave electronic footprints on the ATO's systems. Scans can be used to detect inappropriate behaviours such as the misuse of fleet vehicles, time sheet fraud and unauthorised access to taxpayer information.444 The parameters of these scans may be adjusted to the identified level of risks and used to compare with other sources of information to identify trends or patterns for further review.445

4.12 Before examining FPII's unauthorised access scans, it is necessary to understand how employees leave an electronic footprint when accessing ATO systems and the restrictions placed on such employee access.

4.13 Access to the ATO's internal software platform is restricted to ATO employees who are allocated a unique User Identifier (User ID). The User ID together with a password provide access to ATO systems but also allow the ATO to track such access. For example, when officers are prosecuted for unlawful access to taxpayer records446, the audit logs of that User ID's access are relied upon in evidence.

4.14 The User ID is also used as a preventative measure and restricts employees' access to the applications and records that are needed by those employees to conduct their work. The applications and records that an ATO employee is authorised to access are recorded against the User ID as 'access attributes'. Approval to apply an access attribute to a User ID is given by the relevant manager in the business area, as they confirm that the employee with that User ID needs such access to perform their duties. The person who grants such access on the system is usually a person with a network assistance role (either in that business area or in the IT area) and, depending on the type of access attribute which is sought, may be restricted to a 'named' person.

4.15 The records of all ATO audit work as well as many other types of ATO work, such as advice work, are accessible via an application called Siebel. Siebel itself is integrated with other ATO systems to provide a 'whole of client view' for ATO employees, which they may use to search information and record activities. For example, an officer may search for a taxpayer's case file and identify the range of interactions that the taxpayer has had with the ATO over the years, subject to any restrictions placed on the records and the employee's access attributes.

4.16 In certain circumstances, the ATO may restrict access to a particular taxpayer's identity and/or any ATO activity that is linked to a taxpayer (called a 'case'). For example, employees cannot access another ATO employee's tax records unless, they have a 'Restricted Access Client' attribute attached to their User ID.

4.17 Before February 2018, FPII unauthorised access scans were conducted on a quarterly basis by analysing audit logs of employees' accesses.447 For example, scans can be used to identify access to publicly known personalities or taxpayers who have a social or family connection with ATO officers. The FPII unit would examine these potential unauthorised accesses to determine appropriate treatment actions which would be discussed in the next section. Records of unauthorised accesses are also used to identify areas within the ATO where unethical behaviour may be more prevalent.448 The quarterly unauthorised access scans conducted over the period February – April 2017 identified 64 cases for potential investigation.449

4.18 In addition to the quarterly scan, the FPII unit ran a targeted scan on casual staff as the engagement of such staff had been identified as a potential risk area. The nature of their transient position raises a risk that they may be less likely to fully adopt the ATO's code of conduct and APS Values. This targeted scan was conducted over a period of 30 months. Casual staff accounted for approximately 12 per cent of the ATO's total workforce over the period of the scan. The scan identified 51 instances of potential unauthorised access which were investigated by the FPII unit, of which 19 were substantiated, five were unsubstantiated and 27 were still being investigated at the time the report was submitted to the ARC on 13 June 2017.450

4.19 The case study below demonstrates how the FPII unit utilises scans to detect unauthorised access to taxpayer information. Unauthorised access investigations account for approximately 65 per cent of the substantiated FPII investigations.451

FPII case study 1

The FPII unit conducted data scans to examine if any employees of a particular office had accessed the personal information of any taxpayers with whom they had a personal relationship. The scan identified an employee who had accessed the accounts of several taxpayers who had previously shared the same address as the employee. A separate scan identified the employee as also having accessed the taxation records of several high profile identities linked to Australian cricket.

The FPII unit conducted data scans to examine if any employees of a particular office had accessed the personal information of any taxpayers with whom they had a personal relationship. The scan identified an employee who had accessed the accounts of several taxpayers who had previously shared the same address as the employee. A separate scan identified the employee as also having accessed the taxation records of several high profile identities linked to Australian cricket.

Although the employee later admitted to the unauthorised accesses, they stated that they had not discussed the financial position of the accessed taxpayers with any other person and that they were sorry for their actions. However, the FPII unit had also detected over 700 additional unauthorised accesses that could be linked to the employee. Soon after, the employee resigned from the ATO.

Due to the number of accesses identified by the FPII unit, the matter was referred to the CDPP who proceeded with a prosecution. The employee entered a plea of guilty and was sentenced to a term of good behaviour for a period of two years.

Source: ATO

Referrals received by FPII

4.20 Allegations of fraud and serious misconduct ('referrals') are a key source of information for the FPII unit and serve as an important detection mechanism. Referrals may be made by members of the public, government and law enforcement agencies as well as ATO officers.452 Referrals may also be received from other ATO business lines and other teams within the FPII unit.

4.21 Table 4.1 below sets out the different ways in which referrals were received in the 2015–16 and 2016–17 financial years respectively.453

Table 4.1: Number of referrals received by FPII, by channel and financial year

Year Phone E-mail Anonymous
fraud form
Letter Public Interest Disclosure Internally
2015–16 11 323 6 6 14 54 414
2016–17 13 266 11 1 19 156 466

Source: ATO

4.22 As indicated by Table 4.1 above, the FPII unit may receive referrals via the telephone, e-mail, via the ATO's anonymous form, by post, through the PID scheme and those which are internally generated by the FPII unit through its scans. The majority of the referrals made to the FPII unit were received by e-mail, which accounts for 57 per cent of all referrals received in the 2016–17 financial year, compared with 78 per cent in the 2015–16 financial year.454

4.23 Since June 2008, ATO officers are able to lodge a referral to the FPII unit via the anonymous form that is located on the ATO intranet.455 In order to use the form, ATO officers must be logged onto the ATO's systems using their unique User ID. The ATO has advised that whilst ATO officers are required to be logged onto the ATO's systems to submit the form, the form has been designed such that the identity of the sender is not traceable. During the 2016–17 financial year, 11 of the 466 referrals received by FPII were made by ATO officers using the anonymous fraud form, compared to six out of 414 referrals in the 2015–16 financial year.456

4.24 In relation to referrals by ATO officers more generally, results from the ATO's Fraud and Corruption Control Survey in 2016 indicates that seven per cent of the 5,084 survey participants would not report fraud or corruption if they had witnessed it.457

4.25 As mentioned earlier, scans conducted by the FPII unit may also result in internal referrals for potential investigation. These scans have resulted in a marked increase in the number of reviews generated, from 54 in the 2015–16 financial year to 156 in the 2016–17 financial year.

4.26 1.20 FPII's Intelligence team is responsible for acknowledging and considering all referrals.458 This team also provides all referrals to FPII's Tasking and Coordination Committee (TACC) which comprises representatives from each of the areas within the FPII unit.459 The TACC meets daily to consider referrals received by FPII to determine what action will be taken in relation to the referral, including:

  • taking no further action and allocating the matter to the Intelligence and Fraud Detection team to retain the referral for intelligence purposes and to manage closure of the matter;
  • forwarding the referral to another ATO area for their action, for example, to the ATOP business line if the allegations concern a potential disciplinary issue;
  • allocating the matter to a member of the Intelligence team to conduct a 'preliminary intelligence assessment' for further consideration; or
  • commencing an investigation and allocating the matter to the FPII Investigations team, particularly for more serious allegations.460

2017 Corruption Risk Review

4.27 Following a Parliamentary Joint Committee's recommendation in 2016 for the ATO to assess its corruption risk profile461 and the events connected with Operation Elbrus, the ATO contracted Professor David Lacey and Mrs Jane Bailey462 (the reviewers) to evaluate the current areas of corruption risk for the ATO and to identify potential areas of emerging risk to inform future risk mitigation strategies (2017 Corruption Risk Review).463

4.28 The reviewers assessed that 'the focus on corruption prevention, detection and response is a high priority for the ATO' and that whilst the FPII unit is a 'key pillar within the ATO's corruption resistance framework', there was a tendency of business lines to defer ownership of the corruption risk to FPII or committees rather than take shared ownership of the active monitoring of controls and staff behaviours.464

4.29 It was noted that whilst the ATO placed the majority of its 'corruption risk efforts towards acts that involve the unauthorised access of taxation information', there are other risk areas, such as unauthorised access to non-tax related information, which require further attention.465

4.30 The reviewers observed that there was not strong evidence of a granular understanding of the corruption risks within each business line. In their view, such a granular understanding would improve the business line control environment and enhance broader business line ownership of corruption risks and their treatments. In order to obtain this granular understanding, they suggested that each business line, independent of each other, identify the decisions made and information held, within that business line, which would be of value to an external corrupting influence. With respect to those decisions and information, business lines were to determine the corrupt acts that had historically been detected and may be anticipated given the emerging areas of corruption risk.466

IGT observations

4.31 There are challenges in detecting internal fraud risks particularly as the perpetrators are likely to be well-acquainted with ATO processes and controls and make every effort to remain unnoticed.

4.32 There are also broader environmental factors and emerging trends which may impact on the ATO's efforts to detect internal fraud risks. Some of the emerging trends may not be tax-related or even confined to Australia, especially with the increasing interconnectivity in the digital environment. For example, technology now allows people to operate as anonymous vendors with little chance of detection when using black hat software, the darknet467 and particular types of cryptocurrency468. If such anonymity was combined with knowledge of weaknesses in the ATO's system controls, fraud and corruption risks would be dramatically increased. External systems that are connected to ATO systems pose a particular risk of unauthorised access to taxpayer data.

4.33 The above issue may also intersect with national security risks if foreign state-sponsored actors attempt to scan the systems' environment of the ATO on whom the federal and state governments rely for funding in excess of $420 billion.469 Such attempts appear more likely given recent events both in Australia and overseas.470 Accordingly, the ATO should liaise with the Australian intelligence community to anticipate such a risk and learn from countermeasures that revenue authorities in comparable jurisdictions may have taken against such threats.

Identifying fraud and corruption risk

4.34 The ATO has received advice in the 2017 Corruption Risk Review that, in the IGT's view, if followed, should improve its capability to systematically define its fraud and corruption risks in greater detail as well as encouraging shared ownership across the agency in detecting and treating those risks. As the ATO is in the process of developing its new Fraud and Corruption Control Plan for the next two years, there is opportunity for the ATO to apply such advice.

4.35 In the IGT's view, in identifying fraud and corruption, each business line should describe the details of each potential fraud and corruption event having regard to the following:

  • data which has a corruption value471 such as taxpayer and non-taxpayer (e.g. compliance thresholds) information and knowledge relating to discretionary decision-making authority;
  • collusion of ATO officers with external parties such as criminal entrepreneurs, organised criminal networks and foreign state-sponsored influencers; and
  • actions that may be part of a broader arrangement or series of events which may not be visible to the business line that is identifying the risks, for example, an action that appears to a business line to be an isolated event and may remain invisible unless viewed by the ATO, or relevant government agencies, as a series of actions collectively.

4.36 To carry out the above, informal and interactive discussions may need to be held with relevant staff to ensure that potential fraud and corruption events have been identified with full knowledge of business processes, information holdings and the broader range of methods that external corrupting influences may employ. Such a systematic approach should lead to questioning of existing safeguards and identifying areas requiring improvement.

4.37 The external reviewers had commented favourably on the ATO's identification of broader emerging themes that are set out in its Fraud and Corruption Control Plan. The ATO's detection activities were found to be strongly focused 'on the unauthorised access of tax information'.472 Closer examination of the FPII unit's planned program of work supports this observation with both types of FPII's scans directed at the risk of unauthorised access. Furthermore, a greater proportion of FPII's planned reviews focus on unauthorised access, disclosure and misuse of taxpayer information473 rather than other risks including those relating to discretionary decision-making and disclosure of non-taxpayer sensitive information.

4.38 Whilst the emphasis on unauthorised access is expected due to the ATO's substantial taxpayer information holdings, detection activities may need a broader focus particularly in the light of emerging risks or threats. In the long term, the identification of risks through the systematic approach outlined above would help to create a stronger link between FPII's detection measures and the risks arising in each business line. In the interim, however, exploratory work could be conducted to determine if there would be benefit in strengthening the existing safeguards which are aimed at addressing the risk of ATO officers and externals working in concert to exploit the ATO's non-taxpayer information holdings and discretionary decision-making.

Analysing past events

4.39 Analysis of past events may assist in identifying opportunities to strengthen existing controls and processes. Such analysis may also identify perpetrator's motivating factors which could be useful in designing preventative strategies.

4.40 Following the events connected with Operation Elbrus, the ATO reflected on its overall corruption risk profile and conducted reviews of key controls regarding conflicts of interest and security clearance processes. Such work is to be commended and can be augmented by further analysis of events, recording all findings and resulting actions in one central library as a means of maintaining corporate history that may prove useful in the future.

4.41 For example, following the events connected with Operation Elbrus, a retrospective analysis of the events leading up to and after the raids would have identified a number of key issues for further inquiry and analysis, including:

  • what the alleged syndicate members knew of ATO and ASIC operations as well as liquidators and how that information had been obtained;
  • how the alleged syndicate members exploited particular weaknesses arising from the interaction of tax, credit, corporation and insolvency laws474 and how they are administered; and
  • whether loyalty to particular personalities override a culture that upholds integrity and professional standards.

4.42 Many of the above issues are not unique to the events connected with Operation Elbrus and some have persisted for many years and are common with those faced in the bottom of the harbour schemes of the 1970–80s.

4.43 The ATO already carries out some retrospective analysis of relevant events. For example, the FPII unit's work with the OBA report retrospectively analyses aggregated data from many cases to develop hypotheses which can then be tested.

4.44 In the IGT's view, the ATO should, as a routine business process, retrospectively analyse the facts and events surrounding any significant internal fraud case that may arise. Such analysis should consider why existing controls did not work and the nature of staff action or inaction as well as consideration of any relevant non-tax elements.

Unauthorised access by proxy

4.45 Detection activities do not operate in isolation. For example, the ATO's unauthorised access scans identify ATO officers who have inappropriately accessed taxpayer information for further investigation based on their User ID. It is more difficult to identify circumstances in which an authorised ATO officer accessed information at the request of another ATO officer who is not so authorised (unauthorised access by proxy). In these circumstances the only visible electronic footprint is that of the authorised officer and adherence to ATO's staff instructions is paramount. The instruction states that information should only be accessed on a strict 'need to know basis'.475 In the IGT's view the risks of unauthorised access by proxy may be addressed by requiring requests associated with such access to be made in writing outlining the justification for the request. These requests should be accessible to FPII investigators examining potential unauthorised access.

Referrals to the FPII unit

4.46 It is important that ATO officers are encouraged to report suspected misconduct, are taken seriously and are protected from reprisal action. Providing feedback to the person making the allegation and demonstrating that action was taken in response to allegations is crucial to ensure that staff appreciate that any allegation is taken seriously.476

4.47 During the review, some ATO officers had expressed concerns to the IGT that they may be discouraged from reporting suspicions of fraud or misconduct due to a lack of clarity about the relevant processes as well as concerns about confidentiality and fear of reprisal action. The number of referrals received by the FPII unit through the anonymous fraud alert form reflects such concerns. The total numbers of such referrals for the 2015–16 and 2016–17 financial years were six and 11 respectively. As mentioned earlier, officers must log on to the ATO system to make these referrals although the ATO has assured them that their identity would not be traceable.

4.48 The above concerns could be contrasted with the result of the 2016 ATO Fraud and Corruption Control Survey in which only seven per cent of the 5,084 survey participants said that they would not report fraud or corruption if they witnessed it.477 In any event, it is open to ATO officers to set up an external e-mail address and lodge an anonymous referral to FPII's e-mail address which is available externally.

4.49 It is noted, however, that FPII's acknowledgement of anonymous referrals does not include a reference number for subsequent contact with FPII investigators.478 The IGT considers that the FPII unit could consider providing such a reference number where acknowledging anonymous referrals as it may be difficult to link future communications to the same case.

Recommendation 4.1

The IGT recommends the ATO improve its ability to detect internal fraud and corruption by such means as:

  1. acting on the advice it received in its 2017 Corruption Risk Review, including requiring each business line to describe, in detail, potential fraud and corruption events in their area;
  2. retrospectively analysing events surrounding any significant internal fraud case and recording all findings and resulting actions in one central library for future use; and
  3. contemporaneous recording of officers' requests to access information about a particular taxpayer and ensuring availability of such records to its Fraud Prevention and Internal Investigations Unit.


  1. Agree
  2. Work is already underway to implement a new enterprise fraud and corruption risk register and the ATO will continue to refine our fraud control strategies.

  3. Agree
  4. Significant fraud event profiles, to an extent, are already provided in our Organisational Behavioural Assessment and annual reporting. The ATO will draw fraud event profiles from these reports and other intelligence to form a central register.

  5. Disagree
  6. The ATO already requires our staff to use Siebel as a contemporaneous record of taxpayer requests, including action, interaction or decisions directed by ATO staff. An 'audit trail' captures such requests and Fraud Prevention and Internal Investigations interrogate this system as part of the investigation process. All ATO staff are required to make notes and follow the processes outlined in the Records Management Chief Executive Instruction and the 'Guidelines for effective notes in compliance' document.

FPII investigations of internal fraud

4.50 An organisation's fraud investigations and responses are key elements of the overall fraud control framework and 'provide Australian Government agencies and external stakeholders with reasonable assurance that perpetrators of fraud are identified and appropriate remedies are consistently applied'.479

Stakeholder concerns

4.51 Stakeholders have raised a number of concerns about the adequacy of the ATO's investigations and treatment of allegations of fraud, corruption and misconduct. They considered that there was a general reluctance by the ATO to investigate complaints about management and believed that referrals made to the FPII unit were either ignored or resulted in investigations being finalised without further action.

4.52 Stakeholders have also observed that the ATO may not take disciplinary action even when misconduct had been proven. Similarly, there were concerns that, where inappropriate behaviour was identified, the treatment action taken by the ATO was inadequate or disproportionate to the seriousness of the breach, signalling to the rest of the organisation that there are no consequences for misconduct.

4.53 The FPII unit's investigation methods were also questioned and it was queried whether investigations complied with the relevant government quality standards. In addition, there are concerns about whether the ATO has an effective complaints handling process for concerns raised in relation to the manner in which FPII conducts investigations.

Relevant materials


4.54 The Fraud Guidance states that in conducting investigations, Commonwealth agencies must comply with the Prosecution Policy of the Commonwealth, the Freedom of Information Act 1982, the Privacy Act 1988, Part 1C of the Crimes Act 1914, the Commonwealth Protective Security Policy Framework as well as other applicable laws.480 Under the Fraud Guidance, agencies are responsible for investigating routine or minor instances of fraud481, that is, instances of fraud which on initial assessment by the agency would not be accepted by the AFP under its CCPM.482 The conduct of a fraud investigation allows agencies to gather evidence in relation to specific fraud allegations to determine the relevant facts and to assist in deciding whether further action, if any, is required.483

4.55 Furthermore, the AGIS contains minimum standards for conducting investigations by Commonwealth agencies including a requirement for relevant investigators to have a Certificate IV in 'Government (investigation)' or equivalent qualification as a minimum, otherwise, they must be supervised by an appropriately qualified investigator.484 All members of the FPII Investigations team have completed the relevant Certificate IV as well as other relevant courses including those delivered by Commonwealth agencies such as the AFP.485

4.56 The responsibility for investigating allegations of fraud or misconduct within the ATO resides with the FPII Investigations team. FPII's roles and responsibilities in relation to the investigation of suspected internal fraud are set out in CEI 2014/05/08 'Internal Fraud'. This document also outlines the obligations for ATO officers in preventing, detecting and reporting fraud as well as assisting FPII investigators in preparing witness statements or attending court proceedings.486

4.57 The investigations undertaken by the FPII Investigations team, particularly the processes and actions taken in response to allegations of fraud or misconduct are based on the principles and requirements set out in the AGIS and the Fraud Policy, which were updated in August 2011 and August 2016 respectively.487

4.58 The ATO also recently updated its FPII Investigation Standards488 and FPII Investigations Reference Manual (FPII Reference Manual)489 which set out the manner in which investigations are expected to be conducted by its investigations team to ensure compliance with obligations and government standards.490 As part of their role, the FPII Investigations team conducts investigations and prepares evidence briefs for criminal prosecution.

4.59 All allegations and relevant documentation about fraud or misconduct are recorded in the FPII case management systems. ATO officers and members of the public who lodge fraud or misconduct allegations can expect to receive acknowledgement within five business days of it being lodged with FPII and receive updates on the progress of their allegation at six week intervals, subject to secrecy and privacy law constraints.491

4.60 The allegations of fraud and misconduct are reviewed in accordance with FPII's Case Evaluation Model to determine whether they will be accepted for further investigation. Generally, an allegation will not be accepted for further investigation if insufficient information has been provided, the matter raised in the allegation has previously been investigated or it is more appropriate for another area within the ATO or an external organisation to consider.492

4.61 When a case is referred to the Investigations team following the TACC, it is assessed to ensure that it is prioritised in accordance with a number of risk factors which include, the nature of the allegation, sensitivity, aggravating circumstances, the manner in which the person in question is employed as well as overall complexity of the matter. Other factors which may affect the level of priority for an investigation include the impact on resources, need for SES officer or external direction, materiality of the impact on both internal or external matters and any ongoing court proceedings.493 The FPII Investigations team undertakes further assessment of the allegations based on their potential impact on the ATO and its stakeholders to assist it in allocating its resources and determining investigation timeframes.

4.62 Allegations which have the potential to impact on the ATO's reputation, relate to the public interest or are expected to result in prosecution action, are reported to the FPII Director of Investigations and FPII Assistant Commissioner who may notify other relevant areas within the ATO, including the media relations team, if required.494

4.63 When an ATO officer is subject to an FPII investigation, they are required to be informed no later than 11 working days of an allegation being made about them, except where doing so may cause them undue distress or potentially compromise the investigation.495

4.64 During an FPII investigation, managers are required to allow officers who are subject to allegations to participate in interviews with FPII investigators or obtain other support services to assist them through the investigation.496 FPII investigators will also inform the officer's manager of the outcome of their investigation upon completion. FPII investigators are also responsible for ensuring that the subject of an investigation is regularly informed about the general progress of an investigation.

4.65 In determining the manner in which an investigation is conducted, FPII investigators are expected to consider the nature of the allegation, the type of evidence which could be relevant and the appropriate means to obtain and test that evidence. They often make requests to the ATO's Forensics and Investigations team to obtain access to relevant electronic data on the ATO's systems, for example copies of e-mails and documents stored on ATO officers' personal drives and internet history use.

4.66 If more intrusive evidence gathering is required to be undertaken, FPII investigators must first obtain approval from the FPII Director of Investigations. The Director is responsible for maintaining records of such requests and FPII investigators are required to document the details of such activities. Indeed, all documents and evidence received by the FPII unit during an investigation are required to be recorded, labelled and uploaded to the FPII's electronic case management system pursuant to CEI 2014/01/01 Records Management. 497 It should also be noted that any interviews should be recorded pursuant to section 23V of the Crimes Act 1914.

4.67 Documents obtained as part of an investigation are referred to as 'exhibits' which are required to be handled according to FPII evidence handling procedures as well as other law enforcement agency, CDDP and legislative requirements for the collection and securing of evidence. The responsibility for organising and regularly auditing the register resides with the FPII Director of Investigations.498

4.68 If evidence found during an investigation supports an allegation about an officer, the FPII investigator will inform the officer about the allegation in writing and provide them with the opportunity to respond. However, this opportunity will not be provided if the FPII investigator considers that prior notice may prejudice the investigation, for example, risk the destruction of evidence.499

4.69 All FPII investigators are required to discuss and obtain approval for all critical decisions which occur during an investigation and ensure that these interactions are recorded in the case file. The electronic case files and records of evidence obtained during an investigation will be reviewed by the FPII Director of Investigations as part of the quality assurance processes before finalising a case.500

4.70 An example of how the ATO gathers evidence and uses computer forensics data in its investigation of alleged fraud or misconduct is outlined in the case study below. It demonstrates how the investigation may identify further instances of inappropriate behaviour and how the FPII unit may refer matters to other areas or agencies to progress the matter further.

FPII case study 2

In 2015, the ATO received an anonymous complaint about an ATO officer who was alleged to have engaged in long term fraud. The matter was referred to FPII investigators who requested and reviewed electronic data on the ATO's systems. Throughout the course of this review, a number of documents were discovered which raised concerns that the officer was potentially engaged in fraudulent activity. This in turn resulted in a further investigation of the matter.


With assistance from the ATO's Forensics and Investigations team, FPII investigators were able to access all of the documents on the officer's personal drive, including those which were password protected. Evidence contained within these documents implied that the officer had fabricated the existence of a senior ATO officer and impersonated that officer for personal gain, using the alias to make several travel, luxury hire car and accommodation bookings. It also appeared that the officer had impersonated an operative from another Commonwealth agency.

Evidence contained in the officer's personal drive also indicated that the officer had engaged in other fraudulent conduct. This included the electronic modification of a legitimate medical certificate for the purpose of claiming sick leave for a period where the employee was travelling overseas as well as the creation of falsified ATO payslips.

After the evidence was presented to the employee, the officer did not respond to the allegation but instead elected to receive legal advice. While this occurred, the officer was suspended from ATO duties. The ATO officer, after receiving legal advice, declined to participate in a formal interview and did not otherwise respond to these allegations. The officer resigned from the ATO soon after.


The ATO considered the behaviour to be sufficiently serious to warrant referring the case to the CDPP, however, the CDPP declined to prosecute on public interest grounds.

Source: ATO

4.71 In circumstances where allegations or complaints are raised about a member of the FPII unit or the manner in which they are conducting an investigation, the matter will be escalated to the FPII Assistant Commissioner for action. Similarly when an allegation is raised about an SES officer, it will be escalated by the FPII Assistant Commissioner who will subsequently notify the Second Commissioner of the Law Design and Practice Group.501

Statistical information on FPII investigations

4.72 In response to the IGT's request, the ATO has provided statistical information about FPII investigations. The tables below provide details about investigations conducted in the 2015–16 and 2016–17 financial years, focussing on the outcome of the investigations and the seniority of the officer investigated.

4.73 Table 4.2 provides details about the findings of FPII's investigations for the 2015–16 and 2016–17 financial years. The majority of referrals received by the FPII unit result in the commencement of an investigation with only five percent not proceeding due to insufficient information. Table 4.2 also shows that less than 50 per cent of completed investigations result in no findings due to insufficient evidence. In cases where the allegation is substantiated, the majority are referred to the ATOP business line for action. There are very few investigations (approximately one per cent) in which the FPII unit considers that the actions of an ATO officer warrant a referral to a law enforcement or other government agency for criminal proceedings.

Table 4.2: FPII investigations: outcomes

Incapable of determination No further action Allegation unsubstantiated Allegation substantiated
Outcome 2015–16 2016–17 2015–16 2016–17 2015–16 2016–17 2015–16 2016–17
Insufficient evidence / No evidence to substantiate allegation 14 5 42 22 161 147
Advice provided to informant 1 6
ATOP Integrity Check 65 21 20
Unauthorised access warning letter sent 9 38
Manager notified/taking action 1 2 2 14 17 13
Referred to other area for action (ATOP, IT security, TERC) 9 6 1 7 6
Referred to ATOP for potential action 64 54
Employee resigned before action taken 2 3 13 28
Referred to law enforcement agency/other agency 3 2
Uncategorised (a) 6
TOTAL 17 7 117 55 167 181 113 147

Source: ATO
Note (a): At the end of the 2016–17 financial year, there were also 76 open cases.

4.74 Historically, unauthorised access has been one of the key focus areas for the FPII unit. Table 4.3 shows a breakdown of all substantiated FPII cases. Unauthorised access is the largest category accounting for 53 per cent and 65 per cent of all cases in the 2015–16 and 2016–17 financial years respectively.502 As a point of contrast, substantiated cases primarily about conflicts of interest and abuse of position are very few in both financial years. The remainder of substantiated cases relate to departmental types of misconduct such as misuse of IT facilities and administrative issues which would be expected to be identified in other organisations.

Table 4.3: FPII investigations: substantiated allegations, by category

Category of allegation 2015–16 2016–17 (a)
Abuse of position 3 1
Conflict of interest 2 6
Corruption 0 0
Fraud - administration 5 7
Fraud - revenue 0 2
Misuse of ATO facilities 2 4
Misuse of IT facilities 11 9
Release of information 4 3
Unauthorised access 60 95
Other (b) 26 20
TOTAL 113 147

Source: ATO
Note (a): Figures provided for the 2016–17 financial year includes cases which were not finalised as at 30 June 2017 but were concluded before 31 July 2017.
Note (b): The category of 'Other' relates to cases that are difficult to define or fall outside the jurisdiction of FPII. For example, criminal activity outside the workplace, threatening behaviour or matters being dealt with by law enforcement. This also includes referrals for integrity checks.

4.75 Table 4.4 indicates that over 80 per cent of the substantiated cases relate to actions of ATO officers at APS levels 1 to 6. Contractors account for 13 per cent of substantiated cases and ATO officers holding EL positions account for five per cent of these cases.

Table 4.4: FPII investigations: substantiated allegations, by APS level

APS level 2015–16 2016–17 (a)
APS1 12 51
APS2 11 12
APS3 28 22
APS4 21 13
APS5 5 9
APS6 14 14
EL1 9 5
EL2 4 2
SES 0 0
UNKNOWN (b) 1* 0
TOTAL 113 147

Source: ATO
Note (a): Figures provided for the 2016–17 financial year includes cases which were not finalised as at 30 June 2017 but were concluded before 31 July 2017.
Note (b): Unknown – referred to an impersonation of an ATO employee.


4.76 Once an FPII investigator has examined the allegation of fraud or misconduct, obtained the relevant supporting evidence and considered any response from the subject of an investigation, they are required to determine whether further action is required. Where the allegation is found to be unsubstantiated, they may consider that no further action is required. However, where the allegation is substantiated, they will recommend to the FPII Director to take one of the following three actions.

4.77 Firstly, where the misconduct is considered to be minor in nature, the matter may be referred to the manager of the officer who was the subject of the investigation or to other areas in the ATO for their information, for example IT Security to alert them to potential systems vulnerabilities that were uncovered in the investigation.

4.78 Secondly, where the conduct is suspected of breaching the APS Code of Conduct, FPII investigators may refer the matter to the Conduct Performance and Probationary Support (CPPS) area within the ATOP business line and provide them with a copy of the investigation report.503 The FPII investigator may also be tasked with providing a briefing, outlining the facts of the investigation to the CPPS area.

4.79 It is important to note that in such cases the FPII investigator only recommends that a matter should be referred to the CPPS area and does not comment on how the matter should proceed or what sanctions are to be applied. It is the CPPS area's role to determine whether a breach of the APS Code of Conduct has occurred and, if so, what disciplinary sanction should be imposed.504

4.80 In determining any misconduct sanctions that should be imposed, the CPPS area consults with the relevant business areas in the ATO505 including the director of the ATO officer in question. Sanctions may include reassigning duties or suspension from employment based on the procedures set out in the ATO's 'Practitioners guide to managing suspected misconduct in the ATO'.506 Table 4.5 below outlines the range of misconduct sanctions applied by the CPPS area on substantiated cases.

Table 4.5: FPII investigations, by disciplinary sanction applied

Disciplinary sanction applied in case 2015–16 2016–17 (a)
Terminated 15 10
Resigned 12 11
Reprimand + reduction of APS level 1 0
Reprimand + 10% salary reduction 2 0
Reprimand + 5.0 – 9.9% salary reduction 10 0
Reprimand + 0.0 - 4.9% salary reduction 1 0
Reprimand + fine (<=2.0% of salary) 2 3
Formal counselling 3 9
Informal counselling 7 6
Reprimand only 1 0
No further action taken 9 9
Case ongoing 1 6
TOTAL 64 54

Source: ATO
Note (a): Figures provided for the 2016–17 financial year includes cases which were not finalised as at 30 June 2017 but were concluded before 31 July 2017.

4.81 Table 4.5 indicates that approximately 40 per cent of misconduct sanctions resulted in the termination or resignation of the ATO officer in question. There has been an increase in the use of formal counselling as one of the misconduct sanctions — from five per cent in the 2015–16 financial year to 17 per cent in 2016–17. Counselling, both formal and informal, accounts for less than 30 per cent of misconduct sanctions in the 2016–17 financial year. One of the other misconduct sanctions available is a reprimand and/or a fine. The fine can be a fixed sum, ranging from $100–$500, a percentage of the ATO officer's salary, ranging from 0.5–10 per cent, or a reduction in APS level.

4.82 As noted in the above Table 4.5, in some instances the CPPS area may consider that no further action is necessary. Table 4.6 below provides a breakdown of the reasons for not taking further action.

Table 4.6: FPII investigations referred to CPPS: Reasons for no further action being taken by CPPS

Year Subject unable to be identified Subject left ATO Breach not proven Assessed by CPPS that no formal action needed Refer back to manager for action TOTAL
2015‑16 0 2 1 6 0 9
2016‑17 1 1 1 4 2 9

Source: ATO

4.83 Lastly, in some instances, FPII investigators may consider that the evidence and findings uncovered during an investigation may warrant referral to the AFP or another agency. Referrals to the AFP may become necessary where there are serious criminal allegations and the scope of investigation requires the exercise of the AFP's legislative powers such as telephone interception and search warrants. FPII investigators may also seek AFP assistance to execute search warrants and obtain evidence which will involve collaborative operations during the course of an investigation. Referrals to the AFP occur through an agreement established between the two agencies, with the decision to refer matters being based on discussions with the FPII Director of Investigations and the FPII Assistant Commissioner.507

4.84 Where FPII investigators consider that their findings and evidence suggest a potential breach of criminal law, they may be required to make a referral to the CDPP. As noted in Chapter 1, the CDPP is responsible for prosecuting offences against Commonwealth laws as well as recovering the proceeds of crime and enforcing civil remedies where appropriate. Depending on the nature of the issue and with prior approval from the FPII Director of Investigations, the FPII investigator may seek legal advice from the ATO General Counsel and the Australian Government Solicitor to refer the matter to the CDPP. Such referrals are documented under a memorandum of understanding.508

4.85 If it is determined that a referral to the CDPP is appropriate, the FPII investigator is responsible for the overall management and preparation of evidence for briefs in relation to criminal offences. All briefs for criminal prosecution and other referrals to the CDPP are prepared in accordance with the CDPP Guidelines and Directions509 manual and provided to the FPII Director of Investigations for approval.510 It is important to note that the CDPP ultimately decides whether a matter will be prosecuted in accordance with the Prosecution Policy of the Commonwealth.511

4.86 When determining whether a matter will be prosecuted, the CDPP considers various factors512 with particular focus on the availability and effectiveness of any alternatives to prosecution, with the APS misconduct process being an example of an effective alternative. However, FPII investigators may consider that referral to the CDPP is not appropriate having regard to the circumstances of a case. In such cases, FPII investigators must prepare a written minute outlining the reasons for their decisions and provide it to the Director of Investigations for approval.513

4.87 In addition to undertaking investigations in relation to specific allegations of fraud or misconduct, FPII investigators may identify deficiencies in controls and circumstances where management action or inaction is identified as contributing to the conduct of the officer under investigation. These matters are referred to the relevant business line within the ATO for their review and consideration.

4.88 In all of the above circumstances and in cases where it is determined that no further action is required due to an allegation being unsubstantiated, the FPII investigator will notify the person who raised the allegation and the officer, who is the subject of investigation, of the outcome within five business days of the matter being finalised.514

Quality assurance and reporting

4.89 In circumstances where an investigation exceeds 90 days, it will be subject to review by the FPII Director of Investigations to determine whether any action is required to facilitate a timely resolution. This would involve evaluating the merits of continuing or closing the investigation and ensuring that timely resolution has remained a priority.515

4.90 At the end of all investigations, FPII investigators are required to prepare a 'Closure Report' minute for the FPII Director of Investigations' approval. The latter should explain the significant findings which resulted in their decision, including why certain lines of inquiry were not followed if they were reasonably obvious in the circumstances.516

4.91 It is important to note that only the FPII Director of Investigations can approve the closure of a case on the FPII case management system.517 Prior to closing a case, the FPII Director of Investigations must be satisfied that the investigation has met the AGIS and that any deficiencies which are identified are recorded and brought to the attention of the FPII Assistant Commissioner for appropriate action.518 The FPII Director of Investigations must ensure that they maintain records about the closure of a case and document whether it was subject to quality assurance review by a peer. These records are maintained on the FPII share drive and may be subject to quality assurance review by external parties.519

4.92 The FPII Reference Manual indicates that the accountability and quality assurance of its investigation practices should be based on AFP quality assurance reviews and feedback from the CDPP during prosecution referral processes as well as through FPII management and peer reviews.520 The FPII unit has also made preliminary enquiries to have the ATO's General Counsel or independently contracted private legal practitioners from a Commonwealth Government panel to conduct quality assurance reviews on its investigations.521 The FPII Assistant Commissioner is expected to select a number of investigations each year and conduct quality assurance on them and report the outcomes to the ARC.522

4.93 In addition, the FPII Assistant Commissioner is also required to provide monthly reports to the Deputy Commissioner of ATOC and quarterly reports to the ARC about the ongoing progress of its investigations to provide insight into its management of the investigation function. The FPII Assistant Commissioner will also be provided with briefing reports which are likely to draw media attention, raise issues of public or political sensitivity or pose a reputational risk to the ATO prior to critical case milestones such as the execution of search warrants, court proceedings or media communication.523

IGT observations

4.94 The FPII Investigation Standards and Reference Manual, which are based on the AGIS, require the ATO processes for carrying out internal fraud investigations to be thorough and well-documented. Such processes aim to ensure allegations of internal fraud and misconduct are appropriately considered and investigated to a minimum standard. It should be noted that both documents have been recently updated and some of the processes and procedures are still to be fully put into practice.

4.95 In conducting this review, the IGT requested a list of all 2,829 allegations received by the FPII unit between 2009 and 2017. The IGT subsequently selected a sample of these cases and examined the relevant material. The cases were selected based on a combination of areas raised in stakeholder submissions to this review, for example, abuse of position, conflicts of interest and unauthorised access, as well as cases which were referred to the CDPP and those which resulted in fraud allegations being substantiated. The sample placed greater emphasis on more recent cases although some older cases were also selected to assist in comparing previous and current procedures and approaches.

4.96 The above sample cases were subsequently reviewed to assist the IGT to gain a greater understanding of FPII investigative practices and to determine the extent to which the procedures and guidelines in the FPII Investigation Standards and Reference Manual were applied. Consideration was also given to whether there was evidence of bias and the manner in which interviews were conducted and recorded. In addition, the IGT examined the overall level of supervision and guidance provided to FPII investigators, the application of quality assurance processes, whether officers, who were subject of an allegation, were afforded procedural fairness and whether the investigators had engaged law enforcement agencies appropriately.

4.97 Upon reviewing the sample of cases, the IGT found that almost half of the cases in the sample did not contain all relevant records on the case file. Apart from these record-keeping omissions, there was no evidence to suggest any further non-compliance with the FPII Investigations Standards and Reference Manual. For example, where allegations were raised, FPII investigators considered the allegations and in the majority of circumstances sought to obtain further information and conducted additional research before determining whether further action was required. Following this, the FPII investigators documented the facts of the case and provided their reasons for conducting a more comprehensive investigation. They then referred the matter to another area within the ATO or to another Commonwealth agency or took no further action as appropriate.

4.98 The IGT also found that, in cases involving more complex issues or requiring referral to other Commonwealth agencies, the FPII investigators had sought advice and approval from the FPII Director of Investigations and the FPII Assistant Commissioner where appropriate. Throughout most of their investigations, the FPII investigators proactively communicated with the relevant parties where required, including contacting the person who had made the allegation to obtain further information, the officer who was the subject of the investigation, the latter's manager as well as potential witnesses.

4.99 It is important to note that while the FPII Investigations team is responsible for investigating the factual basis for any allegations, they do not recommend or impose any disciplinary actions. Such actions are determined by the relevant officer's manager where the conduct was minor in nature, by the CPPS area where the APS Code of Conduct is breached or by AFP or CDPP where more serious criminal allegations are at play.

4.100 Separating the investigation process from determining any resulting disciplinary action is consistent with the relevant Australian Standard.524 Accordingly, the IGT is of the view that it would be prudent to periodically check the appropriateness of disciplinary actions imposed particularly where they are determined within the officer's business line or the latter are involved in making such determinations.

4.101 It would also be prudent for the ATO to undertake periodic reviews of the quality of FPII investigations to assure itself and the community that it complies with the AGIS. In particular, requirement 3.7 of the AGIS specifies that the AFP is responsible for conducting quality assurance reviews of criminal investigations and that those relating to non-criminal investigations are to be conducted by another agency with the necessary skills and capacity. The AGIS also states that the outcomes of the quality assurance reviews are to be provided to the Chief Executive Officer (CEO) of the agency and the results, including an analysis of best practices and identified deficiencies are to be provided to the AIC.525

4.102 The FPII unit has outlined the manner in which it expects to provide internal and external quality assurance of its Investigation Standards in its Reference Manual. In conducting this review, the IGT review team requested that the ATO provide all examples of internal and external quality assurance activities which had been undertaken in relation to FPII investigations. As a result of this request, FPII provided copies of three external quality assurance reports which demonstrate that quality assurance reviews were conducted. Two of these reviews were conducted by the AFP for the 1998–99 financial year and Blackburn Chambers in the 2008–09 financial year respectively.

4.103 The IGT has also observed that the third external quality assurance review, conducted on FPII investigations after the introduction of requirement 3.7 of the AGIS, was undertaken by the Department of Foreign Affairs and Trade. There has not been such an external quality assurance review since 2012. However, the ATO has provided evidence which indicates that it has recently made preliminary enquiries with an independent external law firm to conduct these reviews. Where the ATO commissions a private sector organisation to conduct such a review for a fee, perceptions of lack of independence may arise. Another government agency could undertake the task, however, there may still be perceptions of bias as both agencies are under the umbrella of the APS.

4.104 In the IGT's view, the ATO should engage externals to conduct an annual quality assurance review process for FPII investigations and publish the results of such reviews. Another option would be for the ATO to conduct such reviews more frequently. For example, selecting investigations for external quality assurance reviews on a monthly basis would provide the ATO with more timely feedback and allow refinements as required.

4.105 It should also be noted that the FPII unit has not yet implemented the annual quality assurance review process which is to be conducted by the FPII Assistant Commissioner. The IGT believes these reviews should commence as soon as practicable, particularly in the light of the current lack of external review. In this respect, it would be reasonable to expect that the FPII unit would engage with other Commonwealth agencies with similar experiences, challenges as well as fraud and corruption risk profiles.

4.106 It is also important to provide assurance about the conduct of FPII investigations particularly where they were initiated as a result of concerns raised by ATO officers or by the broader community. At present, only high-level information is provided on the ATO's intranet. Whilst it is understandable that it would be inappropriate to disclose investigation methodologies, other information, such as procedural safeguards and timeframes within which certain actions may be taken, could be shared. Provision of the latter information would engender confidence both for those raising concerns as well as ATO officers who are the subject of investigations.

4.107 ATO officers, who are the subject of FPII investigations and are dissatisfied with the manner in which it was conducted, can provide the FPII unit with valuable feedback. Procedures to handle complaints regarding the conduct of such investigations are required by the AGIS526, however, at present, the ATO does not have such procedures. Under the ATO's current procedures, if the subject of an FPII investigation wishes to lodge a complaint about the investigation process, the matter is referred directly to the FPII Assistant Commissioner in the first instance.

4.108 The absence of an independent formal complaints handling process may expose the FPII unit to perceptions of a general reluctance to investigate complaints about its own staff. Implementing a well-documented and transparent complaints handling process would assist the FPII unit in demonstrating that all complaints are treated seriously and are acted on in a comprehensive and timely manner in accordance with requirement 1.9 of the AGIS. Furthermore, such a process would provide timely insights into the broader issues which may not otherwise be identified through internal or external quality assurance processes. Accordingly, the IGT is of the view that the ATO should implement such a complaints handling process and inform staff about their right to have their concerns considered by, for example, publishing information about how to lodge a complaint about an FPII investigation on its 'what you can expect from us' page on its intranet.

Recommendation 4.2

The IGT recommends that, with respect to its internal fraud investigations, the ATO:

  1. periodically review the appropriateness of sanctions imposed;
  2. conduct appropriate and periodic external and internal quality assurance reviews and publish the results of such reviews;
  3. provide more public information about the investigation process such as timeframes and procedural safeguards; and
  4. develop a formal complaints handling process as well as inform its staff about the process and how such complaints may be lodged.


  1. Agree
  2. Agree
  3. Annual quality assurance has already been incorporated into the Fraud Prevention and Internal Investigations Standard. The ATO will publish results commensurate with the audience and balance transparency with investigative integrity and privacy.

  4. Agree
  5. The ATO will include, in our internal communications, material which outlines the standards for internal investigations.

  6. Agree

435 Above n 61, pp 53 and 57.

436 ATO, 'ATO Office Minute, FPII Risk Review Activity' (Internal ATO document, 6 June 2017) p 1.

437 ATO, 'ATO Fraud and Corruption Control Forward Work Plan 2016–18' (Internal ATO document, 2017) p 2.

438 Above n 86, pp 4–5.

439 Above n 437, pp 2–3.

440 Above n 436, p 1.

441 Above n 437, p 3.

442 Above n 436, p 1.

443 ATO, 'Fraud Detection' (Internal ATO document, undated) p 8.

444 ATO, 'Fraud Detection Strategy 2017–18' (Internal ATO document, undated).

445 ATO, 'ATO Office Minute – Unauthorised Access Data Probes Minute' (Internal ATO document, 4 November 2016).

446 Taxation Administration Act 1953 s 8XA.

447 Above n 444.

448 Above n 443, p 4.

449 Above n 444.

450 ATO, 'Fraud and Corruption Control Unauthorised Access Scan - Casual Staff' (Internal ATO document, submitted to ARC 13 June 2017).

451 ATO, 'Internal Investigation Analysis 2009–2017' (Internal ATO document, undated).

452 ATO, 'Intelligence Team Manual' (Internal ATO document, undated).

453 Above n 285.

454 ibid.

455 ATO, 'FPII Reference Manual' (Internal ATO document, undated).

456 Above n 285.

457 Above n 290.

458 Above n 452, p 3.

459 Above n 455, p 16.

460 Above n 452, pp 5–6.

461 Above n 17, paras [4.26]–[4.28].

462 ATO, 'Dot point briefing on the Parliamentary Joint Committee Inquiry into the Jurisdiction of the Australian Commissioner for Law Enforcement Integrity' (Internal ATO document, July 2017).

463 Above n 10, pp 2–4.

464 ibid., p 8.

465 ibid., pp 4 and 10.

466 ibid., p 5.

467 See, The Guardian, 'The Medicare machine: patient details of any Australian for sale on the darknet', The Guardian 4 July 2017, <>.

468 For example, cryptocurrency that obscures who sent or received the coins, such as those currencies using the CryptoNote application layer protocol.

469 See, Australian Cyber Security Centre, 2017 Threat Report (2017) pp 16, 52 and 59.

470 See for example, US Department of Homeland Security, 'Joint Statement from the Department Of Homeland Security and Office of the Director of National Intelligence on Election Security', 7 October 2016, <>; ABC News (online), 'Government computer networks breached in cyber attacks as experts warn of espionage threat', 29 August 2016 <>.

471 Corruption value refers to the value of decisions, information and services provided by an organisation which may be exploited: above n 10, p 6.

472 Above n 10, p 12.

473 Above n 437, p 2.

474 The Government's announcement regarding measures to address phoenix arrangements will change the control environment regarding these. See the Hon. Kelly O'Dwyer, MP, Minister for Revenue and Financial Services, A comprehensive package of reforms to address illegal phoenixing (Media Release, 12 September 2017).

475 Above n 82.

476 Audit Office of New South Wales, Fraud Control Improvement Kit 2015 (2015) p 14.

477 Above n 290.

478 Above n 452.

479 Above n 61, p 63.

480 Above n 21, p C18.

481 ibid., pp 16–17.

482 AFP, The Case Categorisation and Prioritisation Model (2016) p 2.

483 Above n 61, p 63.

484 AGD, Australian Government Investigation Standards (2011) pp 1–2.

485 ATO, 'FPII Staff Qualifications as at October 2017' (Internal ATO document, October 2017).

486 Above n 455, p 13.

487 ibid., p 6.

488 ATO, 'Investigation Standards' (Internal ATO document, undated).

489 Above n 455.

490 Above n 488, p 1.

491 Above n 455, pp 17 and 32.

492 ATO, 'Case Evaluation Model' (Internal ATO document, undated) p 1.

493 ibid., p 2.

494 Above n 455, p 29.

495 ibid., p 20.

496 ibid., p 21.

497 ibid., pp 18 and 25–26.

498 ibid., pp 28–29.

499 ibid., p 20.

500 ibid., p 19.

501 ibid., p 29.

502 ATO, 'FPII Referrals IGT 2009–Current Data' (Internal ATO document, 2017).

503 Above n 455, pp 31–32.

504 ibid., p 32.

505 ibid., p 22.

506 ibid.

507 ibid., pp 10 and 14.

508 ibid., p 10.

509 CDPP, Guidelines and Directions Manual – Policy framework for the conduct of prosecutions (2012).

510 Above n 455, p 30.

511 Above n 70.

512 ibid.

513 Above n 455, p 31.

514 ibid., p 32.

515 Above n 488, para [3.4].

516 Above n 455, p 34.

517 ibid., p 33.

518 Note that another FPII Director may do so in certain circumstances: above n 488, para [3.4].

519 Above n 455, pp 34–35.

520 ibid., p 20.

521 Ashurst, 'Quality Assurance and Strategic Review Australian Taxation Office Fraud Prevention and Internal Investigations', report to the ATO (2017).

522 Above n 488, para [3.4].

523 ibid., para [3.5].

524 Above n 84, para [5.5.3].

525 Above n 484, p 12.

526 ibid., p 3 requirement 1.9.