Trained and qualified employees
Provide employees with task-specific training to ensure that processes are followed and decisions are made correctly and consistently.
This control targets internal fraud risks.
Examples
Examples of this control include:
- all employees completing induction training on fraud prevention
- specific guidance, training and support to employees undertaking specialist processes
- all employees undertaking ethics and code of conduct training
- all employees completing mandatory qualifications and training to perform their duties.
Risks from control gap
Lack of adequate training for employees in how to apply correct processes and make appropriate decisions can lead to:
- frustrated employees, clients or third parties who may become motivated to commit fraud or rationalise fraudulent or corrupt behaviour
- employees acting in an inconsistent way or making errors resulting in higher levels of non-compliance and fraud
- employees not applying processes and controls correctly, e.g. identity authentication, which fraudsters can exploit
- employees not recognising inconsistencies or red flags, e.g. someone providing false or misleading information or evidence to support a request or claim
- poor management of fraud and corruption risks
- employees abusing their positions of trust to commit fraud or act corruptly.
Assessing effectiveness
Methods to evaluate the effectiveness of this control include:
- undertaking a quantitative analysis of staff training completion
- verifying that employees have the necessary qualifications to perform their duties
- analysing programme error rates and complaints
- asking employees about processes or systems to make sure they have received training
- checking that employee training plans and performance agreements clearly show the basic training they must complete
- undertaking an employee survey that includes questions on learning and development.
Complementary controls
Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:
Related fraudster personas
Types of behaviour this control is designed to mitigate:
The deceiver
|
The enabler
|
The exploiter
|
The impersonator
|
Download the complete fraud control catalogue
Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.
More information
- See examples of effective, low-cost counter fraud messaging your organisation can use
- Read case studies about New Zealand organisations that have been victims of fraud
- Learn how to reduce the risk of fraud and corruption in procurement
- Learn the red flags of mandate fraud, like grooming or manipulation, urgent change requests and emails from unknown senders