Mandatory information is required to complete the request or claim
Forms or system controls require mandatory information to support claim/request.
Some examples of this type of countermeasure include:
- Mandatory fields on online claim forms.
- Applicants must provide income and asset statements with their claim.
- Providers must provide business details such as their ABN.
- Supporting evidence must be attached with the claim.
Purpose of this countermeasure
Someone can provide false information or evidence to support a request or claim, or fail to disclose information that would affect their entitlement.
Acting dishonestly or providing false or misleading statements or information to commit fraud are offences under the Criminal Code Act 1995.
Allowing someone to submit a claim or request without providing all the required information can lead to manual follow-up and processing, and increase the opportunity for omissions and errors.
Fraudsters can deliberately use confusion and deception to exploit these weaknesses to:
- receive payments or services they are not entitled to, or
- access information or systems without a business need.
This type of control is supported by:
- Procedural instructions or guidance
- A specific form, process or system must be used
- Requests or claims must meet specific eligibility requirements
- Prompts and alerts
- Internal escalation procedures
- Information is verified
- Data matching
- Data analytics
- Quality assurance checks
- Internal or external audits or reviews
How do I know if my countermeasures are effective?
You can apply the following methods to measure the effectiveness of these types of countermeasures:
- Review policies and procedures for obtaining mandatory information.
- Confirm the existence of reference and guidance material.
- Confirm mandatory information is consistently obtained.
- Review a sample of completed requests/transactions to confirm all mandatory information was provided.
- Ask staff about the mandatory requirements to ensure they have a consistent and correct understanding.
- Undertake vulnerability testing or a process walk-through to confirm that mandatory information must be provided (even when pressure or coercion is applied).
- Identify how mandatory requirements are communicated to staff, customers and third parties.
- Review the training staff receive to ensure it includes information about collecting and using mandatory information.
- Review approvals process and ensure mandatory information is checked.