Requests or claims must meet specific eligibility requirements
Requests or claims are limited by eligibility requirements. Only eligible requests or claims are approved.
NB: This may also include confirming if staff have a business need to access a system or information.
Some examples of this type of countermeasure include:
- Income requirements, e.g. a claimant's assessable taxable income must be below $60,000.
- Age requirements, e.g. programme recipients must be over the age of 67.
- Residency requirements, e.g. programme payments are only available to Australian residents.
- Geographical requirements, e.g. programme recipients must reside in a particular location.
- Qualification requirements, e.g. potential vendors must possess appropriate licences.
- Preconditions, e.g. staff cannot be issued with a building pass prior to the completion of an entry level check.
Purpose of this countermeasure
Someone can provide false information or evidence to support a request or claim, or fail to disclose information that would affect their entitlement.
Acting dishonestly or providing false or misleading statements or information to commit fraud are offences under the Criminal Code Act 1995.
Failing to specify clear eligibility requirements, or not verifying a person's eligibility for a request or claim can lead to fraudsters:
- exploiting weaknesses to receive payments or services they are not entitled to, or
- accessing information or systems without a business need.
This type of control is supported by:
- Legislation and Policy
- Procedural instructions or guidance
- Staff are trained to apply correct processes and decisions
- A specific form, process or system must be used
- Evidence must be provided to confirm identity
- Identity is authenticated for each interaction
- Mandatory information is required to complete the request or claim
- Prompts and alerts
- Internal escalation procedures
- Information is verified
- Data matching
- Duplicates are prevented, identified and corrected
- Data analytics
- Quality assurance checks
- Requests, claims or activities are approved by the appropriate decision-maker
- Internal or external audits or reviews
How do I know if my countermeasures are effective?
You can apply the following methods to measure the effectiveness of these types of countermeasures:
- Review the policies and procedures to confirm eligibility.
- Confirm the existence of reference and guidance material.
- Confirm processes are consistently applied.
- Review a sample of completed requests or claims to confirm correct eligibility determinations were made.
- Review Random Sample Survey statistics and findings to analyse error trends.
- Undertake quantitative analysis of debts or other retrospective variations caused by ineligibility; e.g. how many subsequent reviews result in a reversal of the original eligibility decision?
- Ask staff about the eligibility requirements to ensure they have a consistent and correct understanding.
- Undertake testing or a process walk-through to confirm that eligibility determinations cannot be manipulated or bypassed (even when pressure or coercion is applied).
- Identify how eligibility requirements are communicated to staff, customers or third parties.
- Review the training staff receive to ensure it includes information about eligibility requirements.
- Review approvals process and ensure there is a segregation of duties, if required.