Conduct quality assurance checks

Type of countermeasure

This is a detection countermeasure. Detection countermeasures can help to identify when fraud has occurred. They can help disrupt additional fraud and reduce the consequences.

Summary

Conduct quality assurance activities to confirm that processes are being followed correctly and to a high standard.

Why this countermeasure matters

Lack of quality assurance checks can lead to:

high levels of non-compliance or errors due to inconsistent and unclear processes, rules and decision-making
staff being less deterred from committing fraud
less transparency over the actions and decisions of staff and third parties
poor management of performance, decision-making and risk
fraud or corrupt activity going unnoticed or unchallenged
unknown and unaddressed systemic fraud or corruption.

How to put this countermeasure in place

Some ways to implement this countermeasure include conducting quality assurance by:

selecting random pieces of work to quality check, such as 2% of processed claims or decisions
having an independent person quality check high-risk activities, such as changes to vendor records, on all occasions
having the procurement team quality check purchase orders above $10,000 before they go to the spending approver.

How to measure this countermeasure's effectiveness

Measure the effectiveness of this countermeasure by using the following methods:

Compare processes with quality assurance policies and standards.
Check critical processes.
Analyse data related to quality checks and measure results against Key Performance Indicators.
Review the quality checking process to determine if checks would identify fraud.
Walk through the process with staff to see what elements they check.
Conduct interviews, workshops or surveys with staff who complete checks to measure their understanding of the fraud control policies in place.
Confirm there is an independent review for high risk activities, such as reviews by staff in other locations.
Identify the percentage of claims quality checked and determine if it differs between new and competent staff.

Related countermeasures

This type of control is supported by:

Establish governance, accountability and oversight

Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.

Make sure there is managerial, independent or expert oversight

Make sure a manager, independent person or expert oversees actions and decisions. Involving multiple people in actions and decisions increases transparency and reduces the opportunity for fraud.

Train staff to apply correct processes and decisions

Provide staff with adequate training to increase likelihood that correct and consistent processes and decisions will be applied.

Rotate staff and contractors

Rotate staff and contractors in and out of roles to avoid familiarity. Staff and contractors can become too familiar with processes, customers or vendors, which can lead to insider threats.

Create procedural instructions or guidance

Develop clear instructions and guidance for activities and processes, such as instructions for collecting the right information to verify eligibility or entitlements, procedures to help staff apply consistent and correct processes and guidance to help staff make correct and ethical decisions.

Clearly define decision-making powers

Clearly document decision-makers using delegations, authorisations and instructions. Clearly defined decision-making powers increase transparency and reduce the opportunity for fraud and corruption.

Require a specific form, process or system to be used

Make sure requests or claims use a specific form, process or system for consistency.

Requests or claims are randomly allocated for processing

Randomly allocate requests or claims to staff for processing. This removes the option for staff to select which claims to process.

Verify information you receive

Verify any requests or claim information you receive with an independent and credible source.

Divide duties between staff

Separate duties by allocating tasks and associated privileges for a business process to multiple staff. This is very important in areas such as payroll, finance, procurement, contract management and human resources. Systems help to enforce the strong separation of duties. This is also known as segregation of duties.

Make sure only the appropriate decision-maker can approve requests, claims or activities

Use system workflows to make sure all requests, claims or activities are approved only by the appropriate decision-maker.

Protect your data from manipulation or misuse

Put protections in place to prevent data from being manipulated or misused.

Train and support staff to identify and report fraud and corruption

Train and support staff to identify red flags to detect fraud, know what to do if they suspect fraud and know how to report it. Fraudsters can take advantage if staff and contractors are not aware of what constitutes fraud and corruption.

Support staff to lodge tip-offs and Public Interest Disclosures

Put in place processes for staff or external parties to lodge tip-offs or Public Interest Disclosures.

Establish exception reporting

Establish exception reports to identify activities that are different from the standard, normal, or expected process and should be further investigated.

Conduct internal or external audits or reviews

Internal or external audits or reviews evaluate the process, purpose and outcome of activities. Clients, public officials or contractors can take advantage of weaknesses in government programs and systems to commit fraud, act corruptly, and avoid exposure.

Set up automatic notifications of high-risk events and transactions

Automatically notify clients or staff about high-risk events or transactions. This can alert them to potential fraud and avoid delays in investigating and responding to fraud.