Randomly allocate requests or claims to staff for processing. This removes the option for staff to select which claims to process.
Why this countermeasure matters
Allowing staff to 'cherry-pick' which requests or claims to process themselves increases the risk of:
- staff deliberately processing fraudulent requests or claims
- staff being coerced to process fraudulent requests or claims by others.
How you might apply this countermeasure
One way to implement this countermeasure includes making sure systems or processes randomly allocate work to processing staff.
How to check if your countermeasures are effective
Here are some ways to measure the effectiveness of this type of countermeasure:
- confirm random allocation processes are always applied
- review workload management specifications and system requirements
- review reports of work allocation, such as by location and staff user ID
- undertake pressure testing or a process walk-through to confirm that allocation processes cannot be ignored even when pressure or coercion is applied
- review approvals process and make sure there is a separation of duties
- confirm monitoring and reporting processes exist for allocation, and confirm this would identify abnormal processing patterns.
This type of countermeasure is supported by: