Enforce ongoing compliance, performance and contract reviews
Require clients, staff and third parties to have ongoing compliance, performance and contract reviews.
Why this countermeasure matters
Lack of ongoing compliance, performance and contract reviews may lead to clients, staff and third parties:
- acting dishonestly or without care once a benefit, grant or contract has been awarded
- providing false information about their ongoing work performance or the delivery of contract obligations
- failing to disclose changes in circumstances that might affect their ongoing entitlement to a benefit or payment
- failing to disclose changes that may affect their ability to meet contract conditions
- retaining access to systems or information when it is no longer required.
How to put this countermeasure in place
Some ways to implement this countermeasure include:
- undertaking regular compliance checks with providers and clients
- reassessing the suitability of service providers, contractors or vendors
- regularly reviewing system accesses to confirm users still require the access
- only allowing clients to continue to receive payments if they meet monthly participation requirements
- regularly reviewing and monitoring staff performance
- regularly reviewing contract performance to make sure requirements are being met.
How to measure this countermeasure's effectiveness
Measure the effectiveness of this type of countermeasure by using the following methods:
- Analyse completed reviews to confirm these are undertaken regularly as required.
- Review a sample of completed requests/claims to confirm reviews are undertaken with appropriate attention to detail.
- Review procedures or guidance to confirm it clearly specifies how reviews are undertaken.
- Confirm reviews are consistently undertaken.
- Ask staff about the review processes or systems to make sure they have a correct understanding.
- Analyse statistics and reports on staff performance reviews.
- Identify how ongoing compliance, performance and contract requirements are communicated to staff, customers and third parties.
- Confirm that someone cannot bypass review requirements even when applying pressure or coercion.
Legislation and policy can help prevent, detect and respond to fraud, such as by outlining clear rules, regulations and criteria, allowing entities to collect, use and disclose information and allowing entities to enforce penalties and recover fraud losses.
Develop clear instructions and guidance for activities and processes, such as instructions for collecting the right information to verify eligibility or entitlements, procedures to help staff apply consistent and correct processes and guidance to help staff make correct and ethical decisions.
Provide staff with adequate training to increase likelihood that correct and consistent processes and decisions will be applied.
Make sure requests or claims use a specific form, process or system for consistency.
Authenticate client or third party identities during each interaction to confirm the person owns the record they are trying to access.
Have clear and specific eligibility requirements and only approve requests or claims that meet the criteria. This can include internal requests for staff access to systems or information.
Make sure forms or system controls require mandatory information to support claims or requests.
Set up system prompts and alerts to warn users when information is inconsistent or irregular, which either requires acceptance or denies further actions.
Escalate non-standard requests or claims for further review or scrutiny. Non-standard requests or claims might include those that are late, do not meet normal conditions, include evidence that is difficult to verify (such as from overseas) or are for amounts that are higher than normal.
Verify any requests or claim information you receive with an independent and credible source.
Automatically match data with another internal or external source to obtain or verify relevant details or supporting evidence. This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.
Put protections in place to prevent data from being manipulated or misused.
Collect and analyse data to improve processes and controls, increase payment accuracy and find and prevent non-compliance, fraud and corruption.
Conduct quality assurance activities to confirm that processes are being followed correctly and to a high standard.
Use system workflows to make sure all requests, claims or activities are approved only by the appropriate decision-maker.
Internal or external audits or reviews evaluate the process, purpose and outcome of activities. Clients, public officials or contractors can take advantage of weaknesses in government programs and systems to commit fraud, act corruptly, and avoid exposure.