Prevention countermeasures
A range of prevention countermeasures can be put in place to significantly reduce the risk of fraud and corruption occurring. These controls can be applied or adapted to suit the organisation’s fraud exposure and risk tolerance.
Effective prevention countermeasures
Access controls
Limit access to systems, data, information, physical documents, offices and assets. For example, approve an employee request before providing access to internal systems.
Automatic prompts and alerts
Set up system prompts and alerts to warn users when information is inconsistent or irregular. For example, require employees or applicants to confirm the accuracy of the information provided if it appears the information may contain errors.
Eligibility requirements
Have clear and specific eligibility requirements and only approve requests or claims that meet the criteria. For example, ensure that potential vendors have the appropriate qualifications and licences.
Fraud awareness training
Train and support employees to identify fraud red flags, so they know what to do and how to report any suspected fraud. For example, provide annual, targeted training that is relevant to specific roles.
Identify verification
Authenticate client or third-party identities during each engagement. This involves testing the credentials supplied by the person making the claim, for example, using RealMe to confirm a person’s identity online.
Integrity checks and suitability assessments
Assess and confirm the integrity and suitability of new employees, contractors or third parties. For example, carry out ongoing checks after onboarding employees or suppliers.
Limit access to sensitive information
Control access to sensitive information and records. For example, restrict and monitor access to records of high-profile individuals or commercial in-confidence information.
Parameters and limits
Apply restrictions or limits to requests, claims or processes such as maximum claim amounts or time periods. Enforce these limits using IT systems controls.
Procedural instructions or guidance
Provide employees with clear, well documented processes and guidance related to activities or procedures. For example, provide instructions on how to collect the essential information to verify eligibility or entitlements.
Protect data from manipulation
Put protections in place to prevent data from being manipulated or misused. For example, ensure that data entered directly into a system cannot be manually altered.
Segregation of duties
Distribute tasks and associated privileges for a specific process among multiple users. For example, the same employee should not make, approve and reconcile credit card payments.
Other countermeasures
Alongside prevention countermeasures, three other countermeasure categories are typically needed for an effective counter fraud control plan. The categories are interlinked, and each plays a significant role in managing fraud risks.
-
Guide expected behaviours and determine organisational culture around fraud, so employees know what to look out for and what to do should they suspect fraud
-
Identify when fraud has occurred, then disrupt it and reduce the impacts
-
Carry out investigation, prosecution, disciplinary and recovery activities to reduce or disrupt additional impacts if fraud has occurred
Download the full guide
Download the full guide for in-depth information on prevention countermeasures, including examples of how the countermeasure can be implemented, related fraudster personas and suggested measurements to test countermeasure effectiveness.
More information
- Minimise the opportunities for fraudsters to exploit your government-funded initiative
- Conduct pressure testing to identify and reduce fraud and corruption vulnerabilities in your organisation
- Find out more about what the Counter Fraud Centre has to offer public sector organisations to build their counter fraud capability
- Read case studies about New Zealand organisations that have been victims of fraud