Clear and specific eligibility requirements
Summary
Have clear and specific eligibility requirements and only approve requests or claims that meet the criteria. This can include internal requests for staff access to systems or information.
Why this countermeasure matters
A lack of clear eligibility requirements or not verifying eligibility can lead to fraudsters:
- exploiting weaknesses to receive payments or services they are not entitled to
- accessing information or systems without a business need
- providing false information or evidence to support a request or claim
- hiding information that would affect their entitlement.
How you might apply this countermeasure
Some ways to implement this countermeasure include:
- income tests, such as a claimant's assessable taxable income must be below a certain amount
- age requirements, such as program recipients must be over the age of 67
- residency requirements, such as program payments are only available to Australian residents
- geographical requirements, such as program recipients must reside in a particular location
- qualification requirements, such as potential vendors must possess appropriate licences
- preconditions, such as staff requests for access to a building cannot be issued unless an entry level check is completed
- expenditure requirements, such as expenditure on a project must be below a certain amount.
- quantitative requirements, such as claimants can only claim for a certain number of hours, or for a certain number of people.
How to check if your countermeasures are effective
Here are some ways to measure the effectiveness of this type of countermeasure:
- review the policies and procedures to confirm eligibility.
- confirm the existence of reference and guidance material.
- confirm processes are consistently applied.
- review a sample of completed requests or claims to confirm correct eligibility decisions were made.
- undertake analysis of debts raised or cancellations caused by ineligibility, for example, how many subsequent reviews result in a reversal of the original eligibility decision?
- ask staff about the eligibility requirements to make sure they have a consistent and correct understanding.
- undertake testing or a process walk-through to confirm that eligibility decisions cannot be manipulated or bypassed even when pressure or coercion is applied.
- identify how eligibility requirements are communicated to staff, clients or third parties.
- review the training staff receive to make sure it includes information about eligibility requirements.
Related countermeasures
This type of countermeasure is supported by:
Make sure requests or claims use a specific form, process or system for consistency.
Confirm the identity or attribute of the individual.
Evidence of identity should be collected and verified using policies, rules, processes and systems to make sure only known, authorised identities can gain access to information stored in networks and systems.
Authenticate customer or third-party identities during each interaction to confirm the person owns the identity record they are trying to access.
Make sure forms or system controls require mandatory information to support claims or requests.
Verify any requests or claim information you receive with an independent and credible source.
Have processes in place to prevent, identify and correct duplicate records, identities, requests or claims.
Related Fraudster Personas
This countermeasure helps prevent, detect or respond to the following Fraudster Personas:
