The Reckless

Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.

Develop clear instructions and guidance for activities and processes, such as instructions for collecting the right information to verify eligibility or entitlements, procedures to help staff apply consistent and correct processes and guidance to help staff make correct and ethical decisions.

Clearly document decision-makers using delegations, authorisations and instructions. Clearly defined decision-making powers increase transparency and reduce the opportunity for fraud and corruption.

Help and support to customers, staff and third parties to help them follow correct processes and encourage them to comply with rules and processes and meet expectations.

Provide staff with adequate training to increase likelihood that correct and consistent processes and decisions will be applied.

Use declarations or acknowledgments to both communicate and confirm that a person understands their obligations and the consequences for non-compliance. The declaration could be written or verbal, and should encourage compliance and deter fraud.

Make sure requests or claims use a specific form, process or system for consistency.

Limit and control functionality within systems with user permissions. Assign permissions to users based on specific business needs, such as making high-risk functions limited to specialised users. The Protective Security Policy Framework sets out the government protective security policies that support this countermeasure.

Clear eligibility requirements and only approve requests or claims that meet the criteria. This can include internal requests for staff access to systems or information.

Apply limits on requests, claims or processes, such as maximum claim amounts or time periods. Enforce these limits using IT system controls.

Set up system prompts and alerts to warn users when information is inconsistent or irregular, which either requires acceptance or denies further actions.

Require clients, staff and third parties to have ongoing compliance, performance and contract reviews.

Change management processes make sure that changes do not create risks or weaken existing countermeasures.

Personal and government information is highly sought after by fraudsters and organised criminals. The way data is collected and stored can also change the scale and impact of a potential breach. To better protect personal information, the minimal data required for a transaction should be collected, used and retained. Make sure sensitive or official information cannot leave your entity's network without authority or detection.

Conduct quality assurance activities to confirm that processes are being followed correctly and to a high standard and/or that material or goods are what they are claimed to be. Quality assurance checks not only improve processing standards, they can also detect potentially fraudulent activity and are a significant deterrent to fraud.

These are penalties for customers, staff or third parties that commit fraud or do not comply with rules, processes and expectations.