Integrity checks and suitability assessments
Assess the integrity of new employees, contractors or third parties such as by having entry level checks, probationary periods, suitability assessments or security vetting.
Why this countermeasure matters
Fraud is committed by individuals, not organisations. Fraud can be carried out or facilitated by:
- individuals delivering a service on behalf of government
- employees operating within a service provider
- owners or directors who run a service provider
- corrupted officials within government.
How you might apply this countermeasure
Some ways to implement this countermeasure include:
- implementing practices in accordance with Policy 12 of the PSPF
- conducting entry checks, police checks and/or ‘fit and proper person’ tests for all new staff and contractors
- undertaking suitability assessments of all vendors or service providers
- having probationary periods for all new staff, contractors, vendors or providers
- requiring staff and contractors to have and maintain security clearances for designated roles.
- ongoing checks after onboarding staff of clients
- verifying the identity for new staff, clients, and third parties (e.g. using the DVS or FVS)
- verifying that businesses have a valid ABN and correct details (e.g. using ABN lookup or ABR explorer)
- verifying directors and beneficial owners of businesses (e.g. using the ASIC register, ABR explorer of data mining and company look up services).
How to check if your countermeasures are effective
Here are some ways to measure the effectiveness of this type of countermeasure:
- refer to Policy 12 of the PSPF Eligibility and Suitability of Personnel
- review the process for undertaking integrity checks or suitability assessments for new staff, contractors, vendors or providers as required by Policy 12 and 13 of the PSPF
- analyse data on integrity checks or suitability assessments and confirm these are always completed
- review completion rates of induction training
- review probation results
- review cases of fraud and non-compliance to determine why integrity checks and suitability assessments did not work in those circumstances
- undertake a staff census and particularly ask questions relevant to staff integrity and performance management
- review APSC Census Results if you are Commonwealth entity
- review positions that require a security clearance and confirm staff and contractors have the required clearance
- where available, analyse data related to the Australian Government Security Vetting Agency declarations/notifications.
Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.
Collaborate with strategic partners such as other government entities, committees, working groups and taskforces. This allows you to share capability, information and intelligence and to prevent and disrupt fraud.
Legislation and policy can help prevent, detect and respond to fraud, such as by outlining clear rules, regulations and criteria, allowing entities to collect, use and disclose information and allowing entities to enforce penalties and recover fraud losses.
Whole-of-Government policies require us to have a high level of confidence in data when providing government services and payments. Create policies, rules, processes and systems to collect accurate and relevant data to help: • process claims • make decisions • check and verify data • analyse data to detect fraud • investigate potential fraud • define new indicators of fraud.
Make sure requests or claims use a specific form, process or system for consistency.
Clear eligibility requirements and only approve requests or claims that meet the criteria. This can include internal requests for staff access to systems or information.
Confirm the identity or attribute of the individual. Evidence of identity should be collected and verified using policies, rules, processes and systems to make sure only known, authorised identities can gain access to information stored in networks and systems. This control is supported by the National Identity Proofing Guidelines and the Trusted Digital Identity Framework.
Make sure forms or system controls require mandatory information to support claims or requests.
Verify any requests or claim information you receive with an independent and credible source.
Require clients, staff and third parties to have ongoing compliance, performance and contract reviews.
Coordinate disruption activities across multiple programs or entities to strengthen processes and identify serious and organised criminals targeting multiple programs. It can also include referrals to law enforcement agencies for those groups that reach the threshold for complex criminal investigations.
These are processes for ending an individual’s or entity’s engagement or involvement with an organisation or program.