Require a specific form, process or system to be used
Make sure requests or claims use a specific form, process or system for consistency.
Why this countermeasure matters
Not using a specific form, process or system to manage requests or claims can lead to:
- disorganised practices
- inconsistent decision-making
- less transparency and ability to track decisions and past processes
- weaknesses in other countermeasures
- fraudsters deliberately using confusion and deception to exploit dysfunctional processes.
How to put this countermeasure in place
Some ways to implement this countermeasure include requiring:
- all program claims to be made using a specific form
- all overtime claims to be processed through the HR system
- all updates to provider bank accounts to be processed using the provider portal
- all assets to be requested through a specific process or form.
How to measure this countermeasure's effectiveness
Measure the effectiveness of this countermeasure by using the following methods:
- Analyse completed requests and claims to confirm the specific form, process or system was used on all occasions.
- Review forms and processes to see if they conform to national guidelines and frameworks.
- Review a sample of completed requests and claims to confirm the specific form, process or system was used on all occasions.
- Undertake testing or a process walk-through to confirm that processes cannot be worked around.
- Review procedures or guidance to confirm they clearly specify the form, process or system to be used.
- Confirm forms, processes or systems are always available.
- Ask staff about the forms, processes or systems to make sure they have a consistent understanding.
- Confirm that someone cannot get past the requirement to use a specific form, process or system even when subject to pressure or coercion.
This type of countermeasure is supported by: