Managerial or independent oversight

Involve more senior or independent personnel in actions, approvals and decisions to increase transparency and reduce the opportunity for fraud.

This control targets internal fraud risks.

Examples

Examples of this control include:

a manager overseeing employee activities, e.g. work output, timesheets and travel
a probity advisor reviewing and signing off procurement milestones
a contract manager overseeing contract requirements, e.g. reporting on software development milestones
a security advisor overseeing physical security arrangements.

Little or no managerial or independent oversight over employee actions and decisions can:

lead to dysfunctional, inconsistent or obscure processes
cloud transparency and visibility of fraud and corruption risks
reduce accountability needed to prevent, detect and respond to fraud and corruption.

Methods to evaluate the effectiveness of this control include:

confirming the existence of processes to support transparent actions and decision making
confirming that managerial or independent oversight exists for critical actions or decisions
reviewing a sample of decisions to confirm managerial or independent advice was obtained
reviewing workflows to ensure the involvement or oversight of a manager or independent person
reviewing the workload to determine if oversight mechanisms can reasonably keep pace with the volume of actions and decisions
reviewing reporting and reconciliation processes
undertaking an employee survey that includes questions on the adequacy of supervisor oversight.

Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:

Types of behaviour this control is designed to mitigate:

Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.