Enforce ongoing compliance, performance and contract reviews

Type of countermeasure

This is a prevention countermeasure. Prevention countermeasures are the most common and cost effective way to stop fraud. They prevent or limit the size of the fraud risk by reducing the likelihood and consequences of fraud.

Summary

Require clients, staff and third parties to have ongoing compliance, performance and contract reviews.

Why this countermeasure matters

Lack of ongoing compliance, performance and contract reviews may lead to clients, staff and third parties:

acting dishonestly or without care once a benefit, grant or contract has been awarded
providing false information about their ongoing work performance or the delivery of contract obligations
failing to disclose changes in circumstances that might affect their ongoing entitlement to a benefit or payment
failing to disclose changes that may affect their ability to meet contract conditions
retaining access to systems or information when it is no longer required.

How to put this countermeasure in place

Some ways to implement this countermeasure include:

undertaking regular compliance checks with providers and clients
reassessing the suitability of service providers, contractors or vendors
regularly reviewing system accesses to confirm users still require the access
only allowing clients to continue to receive payments if they meet monthly participation requirements
regularly reviewing and monitoring staff performance
regularly reviewing contract performance to make sure requirements are being met.

How to measure this countermeasure's effectiveness

Measure the effectiveness of this type of countermeasure by using the following methods:

Analyse completed reviews to confirm these are undertaken regularly as required.
Review a sample of completed requests/claims to confirm reviews are undertaken with appropriate attention to detail.
Review procedures or guidance to confirm it clearly specifies how reviews are undertaken.
Confirm reviews are consistently undertaken.
Ask staff about the review processes or systems to make sure they have a correct understanding.
Analyse statistics and reports on staff performance reviews.
Identify how ongoing compliance, performance and contract requirements are communicated to staff, customers and third parties.
Confirm that someone cannot bypass review requirements even when applying pressure or coercion.

Related countermeasures

Create legislation and policies that help prevent, detect and respond to fraud

Legislation and policy can help prevent, detect and respond to fraud, such as by outlining clear rules, regulations and criteria, allowing entities to collect, use and disclose information and allowing entities to enforce penalties and recover fraud losses.

Create procedural instructions or guidance

Develop clear instructions and guidance for activities and processes, such as instructions for collecting the right information to verify eligibility or entitlements, procedures to help staff apply consistent and correct processes and guidance to help staff make correct and ethical decisions.

Train staff to apply correct processes and decisions

Provide staff with adequate training to increase likelihood that correct and consistent processes and decisions will be applied.

Require a specific form, process or system to be used

Make sure requests or claims use a specific form, process or system for consistency.

Authenticate identity during each interaction

Authenticate client or third party identities during each interaction to confirm the person owns the record they are trying to access.

Have clear and specific eligibility requirements

Have clear and specific eligibility requirements and only approve requests or claims that meet the criteria. This can include internal requests for staff access to systems or information.

Require mandatory information to complete requests or claims

Make sure forms or system controls require mandatory information to support claims or requests.

Set up automatic prompts and alerts

Set up system prompts and alerts to warn users when information is inconsistent or irregular, which either requires acceptance or denies further actions.

Set up internal escalation procedures

Escalate non-standard requests or claims for further review or scrutiny. Non-standard requests or claims might include those that are late, do not meet normal conditions, include evidence that is difficult to verify (such as from overseas) or are for amounts that are higher than normal.

Verify information you receive

Verify any requests or claim information you receive with an independent and credible source.

Match data against similar data points

Automatically match data with another internal or external source to obtain or verify relevant details or supporting evidence. This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.

Protect your data from manipulation or misuse

Put protections in place to prevent data from being manipulated or misused.

Collect and analyse data to find and prevent fraud

Collect and analyse data to improve processes and controls, increase payment accuracy and find and prevent non-compliance, fraud and corruption.

Conduct quality assurance checks

Conduct quality assurance activities to confirm that processes are being followed correctly and to a high standard.

Make sure only the appropriate decision-maker can approve requests, claims or activities

Use system workflows to make sure all requests, claims or activities are approved only by the appropriate decision-maker.

Conduct internal or external audits or reviews

Internal or external audits or reviews evaluate the process, purpose and outcome of activities. Clients, public officials or contractors can take advantage of weaknesses in government programs and systems to commit fraud, act corruptly, and avoid exposure.