Duplicates are prevented, identified and corrected
Duplicate requests, claims or records are prevented, identified and corrected.
Some examples of this type of countermeasure include:
- Duplicate claims are identified and denied.
- Potential duplicate invoices from vendors are flagged and reviewed.
- Staff are required to undertake thorough searches of existing customer records to avoid creating duplicate records.
- Systems are interrogated to identify potential duplicate provider records, which are then reviewed and corrected.
Purpose of this countermeasure
Someone could submit duplicate requests or claims or use duplicate records/identities to commit fraud.
Acting dishonestly or providing false or misleading statements or information to commit fraud are offences under the Criminal Code Act 1995.
Allowing duplicate requests, claims or records can lead to:
- fraudulent payments,
- disorganised, inconsistent practices and decision-making, and
- other control weaknesses, such as less effective fraud detection.
This type of control is supported by:
- Procedural instructions or guidance
- A specific form, process or system must be used
- Evidence must be provided to confirm identity
- Identity is authenticated for each interaction
- Mandatory information is required to complete the request or claim
- Prompts and alerts
- Information is verified
- Internal escalation procedures
- Data matching
- Data protected from manipulation or misuse
- System testing
- Quality assurance checks
- Exception reporting
How do I know if my countermeasures are effective?
You can apply the following methods to measure the effectiveness of these types of countermeasures:
- Confirm that clear and consistent processes exist for preventing, identifying and correcting duplicates.
- Analyse data to confirm duplicates are being properly identified and corrected.
- Consult subject matter experts on processes.
- System or process walkthrough – have staff show you the process for managing duplicates.
- Review a sample of documentation to confirm compliance with policies and processes.
- Review who has access to review and correct duplicates.
- Check if and how duplicates are reported.