Automatic data matching

This control targets both internal and external fraud risks.

Examples

Examples of this control include:

comparing claim or recipient data in a batch file with a corresponding data file
populating claim data automatically by using a data link
matching programme participants by sharing data files between organisations.

Not matching data with another source can lead to:

the inability to obtain or verify information
false information being used to support a request or claim
changes or information that would affect entitlements not being disclosed
changes in circumstances being missed
individuals providing false information to support a request or claim
individuals failing to disclose changes or information that would affect their entitlement.

Methods to evaluate the effectiveness of this control include:

consulting subject matter experts about the data matching process
reviewing the accuracy of the data match by doing quantitative analysis, e.g. the percentage of successful matches
undertaking quantitative analysis to determine the reliability of the data match, e.g. the data is reliable or trustworthy
reviewing the usefulness of the data match by doing qualitative analysis of the data and measuring its impact on data matching
confirming that data matching is working correctly by comparing a sample of completed requests or claims to the data matching information
confirming that the original data sources are impartial, reliable and trustworthy
confirming that data matching is used to support decision making by doing a process walkthrough
confirming data matching is always on and available
confirming that employees cannot bypass data matching, even when subject to pressure or coercion.

Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:

Types of behaviour this control is designed to mitigate:

Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.