Evidence and document capture and storage
Capture documents and other evidence to detect, analyse, investigate and disrupt fraudulent activity.
This control is supported by the information and records management standard and the Public Records Act 2005.
This control targets both internal and external fraud risks.
Examples
Examples of this control include:
- storing all claims forms on a secure system
- scanning and uploading all evidence for a claim into a secure system
- documenting decisions on a secure system before processing the request or claim
- keeping all procurement decisions and documentation on file.
Risks from control gap
Poor or absent capture and storage of documents and evidence can lead to:
- difficulty in detecting, analysing, investigating and disrupting fraudulent activity
- failure of criminal, civil or administrative actions due to inadmissible evidence
- inability to share information with other organisations
- information being improperly accessed or released.
Assessing effectiveness
Methods to evaluate the effectiveness of this control include:
- confirming that the capture and storage of documents and evidence follow the information and records management standard
- confirming that investigators understand what the evidence requirements are and that they have access to evidence
- confirming that evidence is sufficiently captured by investigators to support an investigation
- confirming that storage of evidence is automatic and reliable
- confirming that employees understand the processes for storing documents and chain of custody of evidence
- confirming that access to documents is restricted to those who need it for business purposes
- confirming that documents cannot be altered and that the original is retained
- confirming that audit logging is automatically generated when accessing or updating documentation
- confirming that investigators can access evidence held by another party, if required.
Complementary controls
Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:
Related fraudster personas
Types of behaviour this control is designed to mitigate:
The corrupt
|
The enabler
|
The fabricator
|
The organised
|
Download the complete fraud control catalogue
Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.
More information
- Explore our free online tools to help strengthen your organisation’s fraud and corruption controls
- Register for counter fraud workshops and webinars, free for public sector employees
- Assess your organisation’s fraud exposure and weaknesses to inform an effective fraud prevention programme
- Learn how to reduce the risk of fraud and corruption in procurement