Set up internal escalation procedures
Escalate non-standard requests or claims for further review or scrutiny. Non-standard requests or claims might include those that are late, do not meet normal conditions, include evidence that is difficult to verify (such as from overseas) or are for amounts that are higher than normal.
Why this countermeasure matters
A lack of internal processes to escalate non-standard requests or claims can lead to:
- disorganised or inconsistent practices and decision-making
- fraudsters using confusion and deception to exploit processes
- fraudsters receiving payments or services they are not entitled to
- fraudsters accessing information or systems without a business need
- fraudsters providing false or misleading information or evidence to support a request or claim
- fraudsters concealing information that would affect their entitlement.
How to put this countermeasure in place
Some ways to implement this countermeasure include:
- having an escalation point, such as a policy team or ICT helpdesk, for more complex requests or claims
- escalating claims that exceed a certain monetary threshold for further scrutiny
- having a separate policy team review and action complex, uncommon or late claims.
How do I know if my countermeasures are effective?
Measure the effectiveness of this countermeasure by using the following methods:
- Review the policies and procedures for escalating requests or claims.
- Confirm non-standard requests and claims are escalated to someone with sufficient delegation, independence or expertise.
- Confirm escalation processes are consistently applied.
- Analyse statistics of non-standard requests or claims to discover what percentage of claims fall in this category and if it aligns with the number of escalations.
- Review a sample of non-standard requests or claims to confirm correct escalation processes were followed.
- Ask staff about internal escalation processes to make sure they have a consistent and correct understanding.
- Identify how escalation requirements are communicated to staff.
- Confirm that someone cannot bypass escalation processes or systems even when subject to pressure or coercion.
- Review the training staff receive to make sure it includes information about escalation procedures.
This type of countermeasure is supported by: