Pressure test countermeasures to see if they are effective
On this page
What is pressure testing
Pressure testing is a process that helps you apply different testing methods to measure the effectiveness of your countermeasures.
This is more than just checking if countermeasures are in place or that processes are being followed. It involves considering and sometimes applying the common methods used by fraudsters to find ways around countermeasures your entity has in place. This helps you find vulnerabilities and challenge assumptions about how fraud is managed within your entity.
Why pressure testing is needed
Research shows that gaps or weaknesses in countermeasures lead to more fraud than any other factor.
If your entity is developing new programs, undergoing a major restructure, or implementing new technologies, then you are particularly vulnerable to losing oversight of risks and weaknesses in your control environments.
Pressure testing is a proactive and proven way of eliminating your blind spots. If you know where your entity is vulnerable you are better informed to prevent fraud or uncover where you are being exploited.
Tips for getting started
We have developed the Commonwealth Pressure Testing Framework to help counter fraud specialists, government officials (including policy designers) and senior leaders better understand and conduct pressure testing within their entity. Download the Commonwealth Pressure Testing Framework and How to Start Pressure Testing Guide for more detailed information about pressure testing and how to get started.
There are also a number of other things you can do to get prepared for pressure testing:
- Undertake fraud risk assessments. These will help you identify fraud risks and the countermeasures that your entity has in place.
- Identify who should conduct pressure testing within your entity. For example, this can be your fraud control, audit or governance area.
- Obtain appropriate authority and approvals to start pressure testing – this may include approval for an initial work plan.
- Use the processes and templates developed our Centre to record and report actions, decisions, risks and outcomes.
- Start small. Once you have embedded the process in your entity you can invest more resources and build your capability.
- Conduct targeted pressure tests on your most critical countermeasures first.
- Start by using simple methods to test countermeasures. As your skills develop you may wish to do more complex testing and use more advanced methods.
- Work with others across your entity. Close engagement with other staff is the most essential component of pressure testing.
- Use our other resources, such as the Fraudster Personas and common countermeasures.
What we mean by ‘testing’ countermeasures
Not all countermeasures are the same and how you test them will always depend on a number of factors. Some different ways to test countermeasures include:
- researching how they work such as through desktop reviews and looking at case studies
- observing how they are applied such as through a process evaluation or workshops with stakeholders
- analysing how they function such as through sample reviews or data analysis
- testing how they operate such as through technical testing or covert testing to breach countermeasures.
The Commonwealth Pressure Testing Framework provides practical guidance on identifying and testing common types of countermeasures.
Some weaknesses you will likely discover
Some common vulnerabilities you can expect to uncover through pressure testing include:
- a lack of fraud awareness among staff, contractors and suppliers
- staff not completing proper checks or verifying information received
- inadequate decision making and quality assurance processes
- weak technology/system controls
- inadequate detection processes
- a lack of oversight, documentation, reporting or reconciliation.
Pressure testing can provide many other benefits including:
- improving your understanding of different functions, programs and risks within your entity
- assurance that your entity’s fraud risks are being effectively managed
- creating a closer working relationships with your stakeholders
- increased awareness of fraud across your entity
- staff and leaders who acknowledge the risk of fraud and the potential for vulnerabilities
- finding and fixing previously unknown weaknesses in your countermeasures
- maintaining program integrity through organisational change
- aligning your counter fraud assurance approach with others across the Commonwealth.
Connect with us to find out more
We are running pilots with Commonwealth entities to implement and continue to develop the Commonwealth Pressure Testing Framework.
We have also created a range of templates and guides to help you to start pressure testing in your entity.
Contact us if you would like to find out more about pressure testing.