Have clear and specific eligibility requirements
Summary
Have clear and specific eligibility requirements and only approve requests or claims that meet the criteria. This can include internal requests for staff access to systems or information.
Why this countermeasure matters
A lack of clear eligibility requirements or not verifying eligibility can lead to fraudsters:
- exploiting weaknesses to receive payments or services they are not entitled to
- accessing information or systems without a business need
- providing false information or evidence to support a request or claim
- hiding information that would affect their entitlement.
How to put this countermeasure in place
Some ways to implement this countermeasure include making sure there are:
- income tests, such as a claimant's assessable taxable income must be below $60,000
- age requirements, such as program recipients must be over the age of 67
- residency requirements, such as program payments are only available to Australian residents
- geographical requirements, such as program recipients must reside in a particular location
- qualification requirements, such as potential vendors must possess appropriate licences
- preconditions, such as staff requests for access to a building cannot be issued unless an entry level check is completed.
How to measure this countermeasure's effectiveness
Measure the effectiveness of this countermeasure using the following methods:
- Review the policies and procedures to confirm eligibility.
- Confirm the existence of reference and guidance material.
- Confirm processes are consistently applied.
- Review a sample of completed requests or claims to confirm correct eligibility decisions were made.
- Undertake analysis of debts raised or cancellations caused by ineligibility, for example, how many subsequent reviews result in a reversal of the original eligibility decision?
- Ask staff about the eligibility requirements to make sure they have a consistent and correct understanding.
- Undertake testing or a process walk-through to confirm that eligibility decisions cannot be manipulated or bypassed even when pressure or coercion is applied.
- Identify how eligibility requirements are communicated to staff, clients or third parties.
- Review the training staff receive to make sure it includes information about eligibility requirements.
Related countermeasures
This type of countermeasure is supported by:
Legislation and policy can help prevent, detect and respond to fraud, such as by outlining clear rules, regulations and criteria, allowing entities to collect, use and disclose information and allowing entities to enforce penalties and recover fraud losses.
Develop clear instructions and guidance for activities and processes, such as instructions for collecting the right information to verify eligibility or entitlements, procedures to help staff apply consistent and correct processes and guidance to help staff make correct and ethical decisions.
Provide staff with adequate training to increase likelihood that correct and consistent processes and decisions will be applied.
Make sure requests or claims use a specific form, process or system for consistency.
Make sure to confirm the identity (an attribute or set of attributes that uniquely describe a subject within a given context) of the person making the request or claim using evidence.
Authenticate client or third party identities during each interaction to confirm the person owns the record they are trying to access.
Make sure forms or system controls require mandatory information to support claims or requests.
Set up system prompts and alerts to warn users when information is inconsistent or irregular, which either requires acceptance or denies further actions.
Escalate non-standard requests or claims for further review or scrutiny. Non-standard requests or claims might include those that are late, do not meet normal conditions, include evidence that is difficult to verify (such as from overseas) or are for amounts that are higher than normal.
Verify any requests or claim information you receive with an independent and credible source.
Automatically match data with another internal or external source to obtain or verify relevant details or supporting evidence. This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.
Have processes in place to prevent, identify and correct duplicate records, identities, requests or claims.
Collect and analyse data to improve processes and controls, increase payment accuracy and find and prevent non-compliance, fraud and corruption.
Conduct quality assurance activities to confirm that processes are being followed correctly and to a high standard.
Use system workflows to make sure all requests, claims or activities are approved only by the appropriate decision-maker.
Internal or external audits or reviews evaluate the process, purpose and outcome of activities. Clients, public officials or contractors can take advantage of weaknesses in government programs and systems to commit fraud, act corruptly, and avoid exposure.