Require mandatory information
Make sure forms or system controls require mandatory information to support claims or requests.
Why this countermeasure matters
Not collecting mandatory information to support claims or requests may lead to:
- manual follow-up and processing
- increased opportunities for omissions and errors
- fraudsters deliberately making false claims by omitting relevant information
- fraudsters receiving payments or services they are not entitled to
- fraudsters accessing information or systems without a business need
- fraudsters providing false information or evidence to support a request or claim
- fraudsters concealing information that would affect their entitlement.
How you might apply this countermeasure
Some ways to implement this countermeasure include requiring:
- mandatory fields to be completed on online claim forms
- applicants to provide income and asset statements with their claim
- providers to provide business details such as their ABN
- service providers, grant recipients or vendors to provide business details such as their ABN, ANZSIC code, business address, email address, phone number, authorised contact and associates. Note: you can verify these details using ABR Explorer
- supporting evidence to be attached with the claim.
How to check if your countermeasures are effective
Here are some ways to measure the effectiveness of this type of countermeasure:
- review policies and procedures to see if they conform to national guidelines and frameworks
- confirm the existence of reference and guidance material
- confirm mandatory information is consistently obtained
- review a sample of completed requests/transactions to confirm all mandatory information was provided
- ask staff about the mandatory requirements to make sure they have a consistent and correct understanding
- undertake pressure testing or a process walk-through to confirm that mandatory information must be provided even when pressure or coercion is applied
- identify how mandatory requirements are communicated to staff, clients and third parties
- review the training staff receive to make sure it includes information about collecting and using mandatory information
- review approvals processes and make sure mandatory information is checked.
This type of countermeasure is supported by: