Skip to main content

Set up evidence and document capture and storage processes

Type of countermeasure

This is a response countermeasure. Response countermeasures respond to fraud after it has occurred. They help to reduce the consequences or disrupt further consequences.

Summary

Capture documents and other evidence for requests, claims and activities to detect, analyse, investigate and disrupt fraudulent activity. This control is supported by the National Archives of Australia’s Information Management Standards and the Protective Security Policy Framework.

Why this countermeasure matters

The prosecution must prove every element of an offence beyond reasonable doubt to convict someone. Poor or no capture and storage of documents and evidence may lead to:

  • difficultly in detecting, analysing, investigating and disrupting fraudulent activity
  • briefs of evidence being rejected by the Commonwealth Director of Public Prosecutions.

How to put this countermeasure in place

Some ways to implement this countermeasure include setting up evidence and document capture and storage processes like:

  • storing all claim forms on a system
  • scanning and uploading all evidence for a claim into a system
  • documenting decisions on a system before processing the activity
  • keeping all procurement decisions and documentation on file.

How to measure this countermeasure's effectiveness

Measure the effectiveness of this countermeasure by using the following methods:

  • Confirm the capture and storage of documents and evidence is in compliance with the National Archives of Australia’s Information Management Standards. In particular:
    • Principle 4: Business information is suitably stored and preserved.
    • Principle 7: Business information is saved in systems where it can be appropriately managed.
    • Principle 8: Business information is available for use and reuse.
  • Confirm the capture and storage of documents and evidence is in compliance with the Australian Government Investigations Standards and other national guidelines or frameworks.
  • Consult with investigators about what evidence is required.
  • Confirm that enough evidence is captured to support an investigation.
  • Check the method of storage is automatic and reliable.
  • Check staff instructions are clearly documented and followed if processes are manual.
  • Confirm that documents are stored securely – test this if required.
  • Confirm that evidence is available to investigators.
  • Review who has access to documents.
  • Check if documents can be altered and if the original is retained.
  • Confirm that audit logging applies to all access/updates to documentation.
  • Confirm that documents are retained as per the relevant Records Authority.
  • Confirm that you can access evidence held by another party if using coercive powers.

Related countermeasures

This type of countermeasure is supported by:

Develop clear instructions and guidance for activities and processes, such as instructions for collecting the right information to verify eligibility or entitlements, procedures to help staff apply consistent and correct processes and guidance to help staff make correct and ethical decisions.

Make sure to confirm the identity (an attribute or set of attributes that uniquely describe a subject within a given context) of the person making the request or claim using evidence.

Audit logging is system-generated audit trails of staff, client or third party interactions that help with fraud investigations.

Related Fraudster Personas

Was this page helpful?