Compliance, performance and contract reviews
Require clients, staff and third parties to have ongoing compliance, performance and contract reviews.
Why this countermeasure matters
Lack of ongoing compliance, performance and contract reviews may lead to clients, staff and third parties:
- acting dishonestly or without care once a benefit, grant or contract has been awarded
- providing false information about their ongoing work performance or the delivery of contract obligations
- failing to disclose changes in circumstances that might affect their ongoing entitlement to a benefit or payment
- failing to disclose changes that may affect their ability to meet contract conditions
- retaining access to systems or information when it is no longer required.
How you might apply this countermeasure
Some ways to implement this countermeasure include:
- undertaking regular compliance checks with providers and clients
- reassessing the suitability of service providers, contractors or vendors
- regularly reviewing system accesses to confirm users still require the access
- only allowing clients to continue to receive payments if they meet monthly participation requirements
- regularly reviewing and monitoring staff performance
- regularly reviewing contract performance to make sure requirements are being met.
How to check if your countermeasures are effective
Here are some ways to measure the effectiveness of this type of countermeasure:
- analyse completed reviews to confirm these are undertaken regularly as required
- review a sample of completed requests/claims to confirm reviews are undertaken with appropriate attention to detail
- review procedures or guidance to confirm it clearly specifies how reviews are undertaken
- confirm reviews are consistently undertaken
- ask staff about the review processes or systems to make sure they have a correct understanding
- analyse statistics and reports on staff performance reviews
- identify how ongoing compliance, performance and contract requirements are communicated to staff, customers and third parties
- confirm that someone cannot bypass review requirements even when applying pressure or coercion.
Match data with the authoritative source and verify relevant details or supporting evidence. Services such as the Identity Matching Service can be used to verify identity credentials back to the authoritative source when the information is an Australian or state and territory government issued identity credential. This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.
Make sure requests or claims use a specific form, process or system for consistency.
Clear eligibility requirements and only approve requests or claims that meet the criteria. This can include internal requests for staff access to systems or information.
Develop contractual clauses to help prevent, detect and respond to fraud or non-compliance.
Whole-of-Government policies require us to have a high level of confidence in data when providing government services and payments. Create policies, rules, processes and systems to collect accurate and relevant data to help: • process claims • make decisions • check and verify data • analyse data to detect fraud • investigate potential fraud • define new indicators of fraud.