Reconcile records to make sure that 2 sets of records (usually the balances of 2 accounts) match. Reconciling records and accounts can detect if something is different from what is standard, normal, or expected, which may indicate fraud.
Why this countermeasure matters
Lack of record and account reconciliation may led to:
- fraudsters feeling more confident their actions will not be detected
- high levels of non-compliance or errors due to inconsistent and unclear processes, rules and decision-making
- less transparency over the actions and decisions of staff and third parties
- fraud or corrupt activity going unnoticed or unchallenged.
How to put this countermeasure in place
Some ways to implement this countermeasure include reconciling records by comparing:
- travel approvals each month with the trips booked using a travel vendor
- credit card expenses with receipts
- overtime budgets against spending
- assets ordered versus assets received.
How to measure this countermeasure's effectiveness
Measure the effectiveness of this countermeasure by applying the following methods:
- Confirm that the reconciliation is segregated from the processing. Make sure that one staff member cannot process and reconcile the same activity.
- Review who has access to complete reconciliations.
- Walk through the process with a staff member while they complete a reconciliation.
- Confirm a consistent reconciliation process exists.
- Confirm that records cannot be manipulated.
- Review the process to determine if it would identify different methods of fraud.
- Conduct interviews, workshops or surveys with staff who complete reconciliations to measure their understanding and thoughts about fraud control policies.
- Check if and how reconciliation results are reported.
This type of countermeasure is supported by:
Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.
Make sure a manager, independent person or expert oversees actions and decisions. Involving multiple people in actions and decisions increases transparency and reduces the opportunity for fraud.
Provide staff with adequate training to increase likelihood that correct and consistent processes and decisions will be applied.
Rotate staff and contractors in and out of roles to avoid familiarity. Staff and contractors can become too familiar with processes, customers or vendors, which can lead to insider threats.
Require and support staff and third parties to self-disclose gifts, benefits, incidents, mistakes and real or perceived conflicts of interest.
Make sure requests or claims use a specific form, process or system for consistency.
Verify any requests or claim information you receive with an independent and credible source.
Have processes in place to prevent, identify and correct duplicate records, identities, requests or claims.
Separate duties by allocating tasks and associated privileges for a business process to multiple staff. This is very important in areas such as payroll, finance, procurement, contract management and human resources. Systems help to enforce the strong separation of duties. This is also known as segregation of duties.
Use system workflows to make sure all requests, claims or activities are approved only by the appropriate decision-maker.
Automatically match data with another internal or external source to obtain or verify relevant details or supporting evidence. This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.
Put protections in place to prevent data from being manipulated or misused.
Train and support staff to identify red flags to detect fraud, know what to do if they suspect fraud and know how to report it. Fraudsters can take advantage if staff and contractors are not aware of what constitutes fraud and corruption.
Put in place processes for staff or external parties to lodge tip-offs or Public Interest Disclosures.
Internal or external audits or reviews evaluate the process, purpose and outcome of activities. Clients, public officials or contractors can take advantage of weaknesses in government programs and systems to commit fraud, act corruptly, and avoid exposure.
Capture documents and other evidence for requests, claims and activities to detect, analyse, investigate and disrupt fraudulent activity.