Require mandatory information to complete requests or claims
Make sure forms or system controls require mandatory information to support claims or requests.
Why this countermeasure matters
Not collecting mandatory information to support claims or requests may lead to:
- manual follow-up and processing
- increased opportunities for omissions and errors
- fraudsters deliberately making false claims by omitting relevant information
- fraudsters receiving payments or services they are not entitled to
- fraudsters accessing information or systems without a business need
- fraudsters providing false information or evidence to support a request or claim
- fraudsters concealing information that would affect their entitlement.
How to put this countermeasure in place
Some ways to implement this countermeasure include requiring:
- mandatory fields to be completed on online claim forms
- applicants to provide income and asset statements with their claim
- providers to provide business details such as their ABN
- supporting evidence to be attached with the claim.
How to measure this countermeasure's effectiveness
Measure the effectiveness of this countermeasure using the following methods:
- Review policies and procedures to see if they conform to national guidelines and frameworks.
- Confirm the existence of reference and guidance material.
- Confirm mandatory information is consistently obtained.
- Review a sample of completed requests/transactions to confirm all mandatory information was provided.
- Ask staff about the mandatory requirements to make sure they have a consistent and correct understanding.
- Undertake pressure testing or a process walk-through to confirm that mandatory information must be provided even when pressure or coercion is applied.
- Identify how mandatory requirements are communicated to staff, clients and third parties.
- Review the training staff receive to make sure it includes information about collecting and using mandatory information.
- Review approvals processes and make sure mandatory information is checked.
This type of countermeasure is supported by:
Develop clear instructions and guidance for activities and processes, such as instructions for collecting the right information to verify eligibility or entitlements, procedures to help staff apply consistent and correct processes and guidance to help staff make correct and ethical decisions.
Make sure requests or claims use a specific form, process or system for consistency.
Have clear and specific eligibility requirements and only approve requests or claims that meet the criteria. This can include internal requests for staff access to systems or information.
Set up system prompts and alerts to warn users when information is inconsistent or irregular, which either requires acceptance or denies further actions.
Escalate non-standard requests or claims for further review or scrutiny. Non-standard requests or claims might include those that are late, do not meet normal conditions, include evidence that is difficult to verify (such as from overseas) or are for amounts that are higher than normal.
Verify any requests or claim information you receive with an independent and credible source.
Automatically match data with another internal or external source to obtain or verify relevant details or supporting evidence. This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.
Collect and analyse data to improve processes and controls, increase payment accuracy and find and prevent non-compliance, fraud and corruption.
Conduct quality assurance activities to confirm that processes are being followed correctly and to a high standard.
Internal or external audits or reviews evaluate the process, purpose and outcome of activities. Clients, public officials or contractors can take advantage of weaknesses in government programs and systems to commit fraud, act corruptly, and avoid exposure.