Require a specific form, process or system to be used

Type of countermeasure

This is a prevention countermeasure. Prevention countermeasures are the most common and cost effective way to stop fraud. They prevent or limit the size of the fraud risk by reducing the likelihood and consequences of fraud.

decorative prevention countermeasures

Summary

Make sure requests or claims use a specific form, process or system for consistency.

Why this countermeasure matters

Not using a specific form, process or system to manage requests or claims can lead to:

  • disorganised practices
  • inconsistent decision-making
  • less transparency and ability to track decisions and past processes
  • weaknesses in other countermeasures
  • fraudsters deliberately using confusion and deception to exploit dysfunctional processes.

How to put this countermeasure in place

Some ways to implement this countermeasure include requiring:

  • all program claims to be made using a specific form
  • all overtime claims to be processed through the HR system
  • all updates to provider bank accounts to be processed using the provider portal
  • all assets to be requested through a specific process or form
  • a plagiarism check to be completed using a specified process and/or tool
  • an integrity review to be completed for all research reports before publishing, using a specific process and system.

How to measure this countermeasure's effectiveness

Measure the effectiveness of this countermeasure by using the following methods:

  • Analyse completed requests and claims to confirm the specific form, process or system was used on all occasions.
  • Review forms and processes to see if they conform to national guidelines and frameworks.
  • Review a sample of completed requests and claims to confirm the specific form, process or system was used on all occasions.
  • Undertake testing or a process walk-through to confirm that processes cannot be worked around.
  • Review procedures or guidance to confirm they clearly specify the form, process or system to be used.
  • Confirm forms, processes or systems are always available.
  • Ask staff about the forms, processes or systems to make sure they have a consistent understanding.
  • Confirm that someone cannot get past the requirement to use a specific form, process or system even when subject to pressure or coercion.

Related countermeasures

This type of countermeasure is supported by:

Create procedural instructions or guidance

Develop clear instructions and guidance for activities and processes, such as instructions for collecting the right information to verify eligibility or entitlements, procedures to help staff apply consistent and correct processes and guidance to help staff make correct and ethical decisions.

Set up internal escalation procedures

Escalate non-standard requests or claims for further review or scrutiny. Non-standard requests or claims might include those that are late, do not meet normal conditions, include evidence that is difficult to verify (such as from overseas) or are for amounts that are higher than normal.

Set up user permissions

Limit and control functionality within systems with user permissions. Assign permissions to users based on specific business needs, such as making high-risk functions limited to specialised users. The Protective Security Policy Framework sets out the government protective security policies that support this countermeasure.

Set up privileged access restrictions and monitoring

Limit and monitor privileged system accesses (those that allow staff, contractors and providers to perform special functions or override system and application controls). The Protective Security Policy Framework outlines the government protective security requirements to safeguard information from cyber threats, including to restrict administrative privileges.

Report on activities

Prepare summary reports on activities for clients, managers or responsible staff.

Establish exception reporting

Establish exception reports to identify activities that are different from the standard, normal, or expected process and should be further investigated.

Conduct internal or external audits or reviews

Internal or external audits or reviews evaluate the process, purpose and outcome of activities. Clients, public officials or contractors can take advantage of weaknesses in government programs and systems to commit fraud, act corruptly, and avoid exposure.

Related Fraudster Personas

This countermeasure helps prevent, detect or respond to the following Fraudster Personas:

The Reckless

The Reckless acts without care, responsibility or regard to the consequences of their actions by disregarding requirements, procedures, warnings or directions to gain personal benefits.

The Fabricator

The Fabricator invents or produces something that is false to dishonestly gain personal benefits.

The Impersonator

The Impersonator pretends they are another person or entity to dishonestly gain personal benefits.

The Deceiver

The Deceiver makes others believe something that is not true to dishonestly gain personal benefits.

Was this page helpful?