I want to pressure test countermeasures to see if they are effective
What is pressure testing
Pressure testing is a process that helps you apply different testing methods to measure the effectiveness of your countermeasures.
This is more than just checking if countermeasures are in place or that processes are being followed. It involves considering and sometimes applying the common methods used by fraudsters to identify ways to circumvent countermeasures your entity has in place. This helps you find vulnerabilities and challenge assumptions about how fraud is managed within your entity.
Why pressure testing is needed
Research shows that gaps or weaknesses in countermeasures lead to more fraud than any other factor.
If your entity is developing new programs, undergoing a major restructure, or implementing new technologies, then you are particularly vulnerable to losing oversight of risks and weaknesses in your control environments.
Pressure testing is a proactive and proven way of eliminating your blind spots. If you know where your entity is vulnerable you are better informed to prevent fraud or uncover where you are being exploited.
What we mean by ‘testing’ countermeasures
Not all countermeasures are the same and how you test them will always depend on a number of factors. Some different ways to test countermeasures include:
- researching how they work such as through desktop reviews and looking at case studies
- observing how they are applied such as through a process evaluation or workshops with stakeholders
- analysing how they function such as through sample reviews or data analysis
- testing how they operate such as through technical testing or covert testing to breach countermeasures.
The draft Commonwealth Pressure Testing Framework, currently available to Commonwealth entities for review and feedback, provides practical guidance on identifying and testing common types of countermeasures.
Some weaknesses you will likely discover
Some common vulnerabilities you can expect to uncover through pressure testing include:
- a lack of fraud awareness among staff, contractors and suppliers
- staff not completing proper checks or verifying information received
- inadequate decision making and quality assurance processes
- weak technology/system controls
- inadequate detection processes
- a lack of oversight, documentation, reporting or reconciliation.
Pressure testing can provide many other benefits including:
- improving your understanding of different functions, programs and risks within your entity
- assurance that your entity’s fraud risks are being effectively managed
- creating a closer working relationships with your stakeholders
- increased awareness of fraud across your entity
- staff and leaders who acknowledge the risk of fraud and the potential for vulnerabilities
- finding and fixing previously unknown weaknesses in your countermeasures
- maintaining program integrity through organisational change
- aligning your counter fraud assurance approach with others across the Commonwealth.
Tips for getting started
There are a number of things you can do to get prepared for pressure testing:
- Undertake fraud risk assessments. These will help you identify fraud risks and the countermeasures that your entity has in place.
- Identify who should conduct pressure testing within your entity. For example, this can be your fraud control, audit or governance area.
- Obtain appropriate authority and approvals to start pressure testing – this may include approval for an initial work plan.
- Use the processes and templates developed our Centre to record and report actions, decisions, risks and outcomes.
- Start small. Once you have embedded the process in your entity you can invest more resources and build your capability.
- Conduct targeted pressure tests on your most critical countermeasures first.
- Start by using simple methods to test countermeasures. As your skills develop you may wish to do more complex testing and use more advanced methods.
- Work with others across your entity. Close engagement with other staff is the most essential component of pressure testing.
- Use our other resources, such as the Fraudster Personas and common countermeasures.
Connect with us to find out more
We are running pilots with Commonwealth entities to develop the Commonwealth Pressure Testing Framework.
We have also created a range of templates and guides for starting and conducting pressure testing.
Contact us if you would like more information about pressure testing or would like to review the draft Framework.