The Serious Fraud Office’s 2025 pilot report documented 446 internal fraud and corruption cases across six public sector agencies in 15 months. The report explicitly states these figures are an undercount due to inadequate controls. Extrapolating the 0.45% to 5.6% international loss rate to New Zealand’s 2025 budget yields a potential exposure of $823 million to $10.24 billion annually. Concurrently, the IPCA’s November 2025 report exposed a six-year systemic cover-up within police leadership, characterised by “inaction and an unquestioning acceptance” of a flawed narrative. This is not isolated. A Ministerial Advisory Group report from May 2025 concluded that corruption and insider threats are increasing, with parts of the system falling behind.
The Risk
The financial exposure is quantifiable. The governance failure is not. Under the Companies Act 1993, directors have a duty to exercise reasonable care, diligence, and skill. A demonstrable pattern of under-reporting, as evidenced across multiple agencies, creates a clear audit trail of systemic failure. This may indicate a breach of that duty. The IPCA’s findings of a “massive failure of leadership” provide a precedent for how personal inaction is scrutinised. Directors may be personally liable if they fail to ensure robust systems for detecting and reporting fraud. The liability is not just for the stolen funds, but for the reputational capital eroded by the cover-up. The cost of silence is a compound interest liability.
The Control
Treat fraud detection as a critical financial control. Move beyond policy documents to implement forensic data analytics that actively hunt for anomalies in procurement, payroll, and vendor payments. Mandate independent, external audits of whistleblower and incident reporting systems to verify their efficacy and independence from management influence. The board must demand a quantified risk assessment: what is our organisation’s specific exposure based on our expenditure profile, and what percentage of that figure are our current controls designed to detect?
The Challenge
These are the critical questions you should be raising at the board table:
| Based on our annual expenditure, what is the mathematically modelled range of our potential financial exposure to internal fraud, and what is the detection rate of our current controls? | |
| Show me the independent audit trail that proves our incident reporting system is free from management suppression and that 100% of allegations are logged and investigated. | |
| What is the quantifiable gap between the fraud risks identified in our last three risk registers and the specific, budgeted controls subsequently implemented to close them? |