Conduct quality assurance checks
Summary
Conduct quality assurance activities to confirm that processes are being followed correctly and to a high standard.
Why this countermeasure matters
Lack of quality assurance checks can lead to:
- high levels of non-compliance or errors due to inconsistent and unclear processes, rules and decision-making
- staff being less deterred from committing fraud
- less transparency over the actions and decisions of staff and third parties
- poor management of performance, decision-making and risk
- fraud or corrupt activity going unnoticed or unchallenged
- unknown and unaddressed systemic fraud or corruption.
How to put this countermeasure in place
Some ways to implement this countermeasure include conducting quality assurance by:
- selecting random pieces of work to quality check, such as 2% of processed claims or decisions
- having an independent person quality check high-risk activities, such as changes to vendor records, on all occasions
- having the procurement team quality check purchase orders above $10,000 before they go to the spending approver.
How to measure this countermeasure's effectiveness
Measure the effectiveness of this countermeasure by using the following methods:
- Compare processes with quality assurance policies and standards.
- Check critical processes.
- Analyse data related to quality checks and measure results against Key Performance Indicators.
- Review the quality checking process to determine if checks would identify fraud.
- Walk through the process with staff to see what elements they check.
- Conduct interviews, workshops or surveys with staff who complete checks to measure their understanding of the fraud control policies in place.
- Confirm there is an independent review for high risk activities, such as reviews by staff in other locations.
- Identify the percentage of claims quality checked and determine if it differs between new and competent staff.
Related countermeasures
This type of control is supported by:
Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.
Make sure a manager, independent person or expert oversees actions and decisions. Involving multiple people in actions and decisions increases transparency and reduces the opportunity for fraud.
Provide staff with adequate training to increase likelihood that correct and consistent processes and decisions will be applied.
Rotate staff and contractors in and out of roles to avoid familiarity. Staff and contractors can become too familiar with processes, customers or vendors, which can lead to insider threats.
Develop clear instructions and guidance for activities and processes, such as instructions for collecting the right information to verify eligibility or entitlements, procedures to help staff apply consistent and correct processes and guidance to help staff make correct and ethical decisions.
Clearly document decision-makers using delegations, authorisations and instructions. Clearly defined decision-making powers increase transparency and reduce the opportunity for fraud and corruption.
Make sure requests or claims use a specific form, process or system for consistency.
Randomly allocate requests or claims to staff for processing. This removes the option for staff to select which claims to process.
Verify any requests or claim information you receive with an independent and credible source.
Separate duties by allocating tasks and associated privileges for a business process to multiple staff. This is very important in areas such as payroll, finance, procurement, contract management and human resources. Systems help to enforce the strong separation of duties. This is also known as segregation of duties.
Use system workflows to make sure all requests, claims or activities are approved only by the appropriate decision-maker.
Put protections in place to prevent data from being manipulated or misused.
Train and support staff to identify red flags to detect fraud, know what to do if they suspect fraud and know how to report it. Fraudsters can take advantage if staff and contractors are not aware of what constitutes fraud and corruption.
Put in place processes for staff or external parties to lodge tip-offs or Public Interest Disclosures.
Establish exception reports to identify activities that are different from the standard, normal, or expected process and should be further investigated.
Internal or external audits or reviews evaluate the process, purpose and outcome of activities. Clients, public officials or contractors can take advantage of weaknesses in government programs and systems to commit fraud, act corruptly, and avoid exposure.
Automatically notify clients or staff about high-risk events or transactions. This can alert them to potential fraud and avoid delays in investigating and responding to fraud.