Exception reporting
Produce exception reports to identify activities that are different from the standard, normal or expected process and should be further investigated.
This control targets both internal and external fraud risks.
Examples
Examples of this control include:
- unusually high payments
- large salary changes
- unusually high programme payments
- excessive ordering of assets
- employees who have made more expense claims than usual in a month
- prices that do not match market variations
- payments or claims repeatedly just below reporting thresholds
- claims that exceed a set frequency or threshold.
Risks from control gap
A lack of exception reporting can lead to:
- disorganised or inconsistent practices and decision making
- less transparency of actions and outcomes
- poor management of fraud and corruption risks
- less action and accountability to prevent, detect and respond to fraud and corruption
- fraud or corrupt activity going unnoticed or unchallenged.
Assessing effectiveness
Methods to evaluate the effectiveness of this control include:
- confirming that the exception tolerances or parameters are appropriate
- confirming that the exception parameters or thresholds are not widely known
- confirming that exception reports are produced and used, and that the process is adequate
- confirming that exception reports go to the most appropriate team or employee for review
- walking through processes with employees while they review reports and respond to anomalies
- reviewing a sample of reports to see if they are clear, relevant to the user and would help to detect fraud
- reviewing statistics related to reports, e.g. the quantity and frequency of exceptions that are reported
- reviewing who has access to exception reports
- confirming that someone cannot manipulate exception reports or the data they are based on.
Complementary controls
Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:
Related fraudster personas
Types of behaviour this control is designed to mitigate:
The deceiver
|
The enabler
|
The exploiter
|
The fabricator
|
Download the complete fraud control catalogue
Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.
More information
- Emergency relief programmes can be an attractive target for fraudsters – address the fraud risk before an emergency occurs
- Find out more about the seven common personas that fraudsters use when committing financial crimes
- Carry out a fraud risk scan to identify potential areas of fraud risk within your organisation
- See what tailored services the Counter Fraud Centre offers to help safeguard public funds and uphold trust in government institutions