Quality assurance checks
Individual activities are quality checked to confirm correctness.
Quality assurance checks not only improve processing standards, they can also detect fraudulent activity and are a significant deterrent to fraud.
Some examples of this type of countermeasure include:
- A random selection of work (e.g. 2% of processed claims) is subject to a quality check.
- Higher-risk activities are subject to quality checks on all occasions.
- Purchased orders above $10,000 are quality checked by a procurement team prior going to the spending approver.
Purpose of this countermeasure
A staff member can abuse their position of trust to process fraudulent requests or claims for themselves or another person. A staff member can also be coerced to process a fraudulent request or claim for another person or entity, e.g. pressured to pay a fraudulent invoice.
Acting dishonestly or influencing a Commonwealth public official to commit fraud are offences under the Criminal Code Act 1995.
Trusting staff to follow procedures and make correct decisions without quality checks can lead to:
- dysfunctional and obscure processes, and
- poor management of performance, decision-making and risk.
This can also lead to more errors, which fraudsters can then exploit. Staff will also be less deterred from committing deliberate acts of fraud.
This type of control is supported by:
- Governance, accountability and oversight
- Managerial, independent or expert oversight
- Staff are trained to apply correct processes and decisions
- Staff and contractor rotation
- Procedural instructions or guidance
- Decision-making powers are clearly defined
- A specific form, process or system must be used
- Requests or claims are randomly allocated for processing
- Information is verified
- Segregation of duties are applied
- Requests, claims or activities are approved by the appropriate decision-maker
- Data protected from manipulation or misuse
- Staff are trained and supported to identify and report fraud and corruption
- Tip-offs and Public Interest Disclosures
- Exception reporting
- Internal or external audits or reviews
- Automatic notification of high-risk activities and transactions
How do I know if my countermeasures are effective?
You can apply the following methods to measure the effectiveness of these types of countermeasures:
- Compare processes with Quality Assurance policies and standards.
- Confirm that critical processes are checked.
- Analyse data related to quality checks. Measure results against KPIs.
- Review the quality checking process to determine if checks would identify fraud (they might not check the right things).
- Process walk through – sit with a checker to see what they check.
- Conduct interviews, workshops or surveys with staff who complete checks to measure their understanding and thoughts about fraud control policies.
- Confirm there is an independent review for high risk activities, e.g. by staff in other locations
- Identify the percentage of claims quality checked. Does this differ for competent staff?