Set up evidence and document capture and storage processes
Summary
Capture documents and other evidence for requests, claims and activities to detect, analyse, investigate and disrupt fraudulent activity. This control is supported by the National Archives of Australia’s Information Management Standards and the Protective Security Policy Framework.
Why this countermeasure matters
The prosecution must prove every element of an offence beyond reasonable doubt to convict someone. Poor or no capture and storage of documents and evidence may lead to:
- difficultly in detecting, analysing, investigating and disrupting fraudulent activity
- briefs of evidence being rejected by the Commonwealth Director of Public Prosecutions.
How to put this countermeasure in place
Some ways to implement this countermeasure include setting up evidence and document capture and storage processes like:
- storing all claim forms on a system
- scanning and uploading all evidence for a claim into a system
- documenting decisions on a system before processing the activity
- keeping all procurement decisions and documentation on file.
How to measure this countermeasure's effectiveness
Measure the effectiveness of this countermeasure by using the following methods:
- Confirm the capture and storage of documents and evidence is in compliance with the National Archives of Australia’s Information Management Standards. In particular:
- Principle 4: Business information is suitably stored and preserved.
- Principle 7: Business information is saved in systems where it can be appropriately managed.
- Principle 8: Business information is available for use and reuse.
- Confirm the capture and storage of documents and evidence is in compliance with the Australian Government Investigations Standards and other national guidelines or frameworks.
- Consult with investigators about what evidence is required.
- Confirm that enough evidence is captured to support an investigation.
- Check the method of storage is automatic and reliable.
- Check staff instructions are clearly documented and followed if processes are manual.
- Confirm that documents are stored securely – test this if required.
- Confirm that evidence is available to investigators.
- Review who has access to documents.
- Check if documents can be altered and if the original is retained.
- Confirm that audit logging applies to all access/updates to documentation.
- Confirm that documents are retained as per the relevant Records Authority.
- Confirm that you can access evidence held by another party if using coercive powers.
Related countermeasures
This type of countermeasure is supported by:
Make sure a manager, independent person or expert oversees actions and decisions. Multiple people being involved in actions and decisions increases transparency and reduces the opportunity for fraud.
Develop clear instructions and guidance for activities and processes, such as instructions for collecting the right information to verify eligibility or entitlements, procedures to help staff apply consistent and correct processes and guidance to help staff make correct and ethical decisions.
Make sure requests or claims use a specific form, process or system for consistency.
Make sure to confirm the identity (an attribute or set of attributes that uniquely describe a subject within a given context) of the person making the request or claim using evidence.
Authenticate client or third party identities during each interaction to confirm the person owns the record they are trying to access.
Make sure forms or system controls require mandatory information to support claims or requests.
Put protections in place to prevent data from being manipulated or misused.
Audit logging is system-generated audit trails of staff, client or third party interactions that help with fraud investigations.