Accurate information collection

Collect accurate and relevant information to help process claims; make decisions; check, verify and analyse data; and investigate potential fraud.

This control targets both internal and external fraud risks.

Examples

Examples of this control include: 

  • putting systems in place to independently check and verify the accuracy of data
  • having clear and relevant categories of data to be collected that can be matched with relevant stakeholders
  • having systems in place to confirm the identity of individuals providing data
  • having clear, simple and secure processes for clients and stakeholders to update their data.

Risks from control gap

Providing services or funding to someone without collecting accurate and relevant data or information can lead to fraudsters:

  • impersonating clients or third parties to receive fraudulent payments or gain access to information
  • providing false or misleading information to support a request or claim
  • using stolen identity documents to support a request or claim
  • obtaining benefits or services they are not entitled to
  • benefiting from incorrect decisions or payments. 

Assessing effectiveness

Methods to evaluate the effectiveness of this control include:

  • reviewing data collection controls and policies to see if they conform to national guidelines and frameworks, e.g. New Zealand data and information management principles and the Privacy Act 2020
  • reviewing the rationale for information collection to confirm that data requirements are appropriate, proportionate and aligned with information available from authoritative public sources, e.g. New Zealand Companies Office 
  • confirming the existence of reference and guidance material
  • confirming processes are consistently applied across all systems, platforms and communication methods
  • reviewing a sample of completed transactions to confirm correct processes were undertaken
  • asking employees about data collection to make sure they have a consistent and correct understanding
  • undertaking control testing or a process walkthrough to confirm there is no way around processes
  • identifying how the requirement to collect accurate and relevant data is communicated to employees
  • identifying whether a lack of accurate or relevant data hinders claims or data matching
  • reviewing identified cases of fraud involving exploitation of inaccurate data or a lack of relevant data.

Complementary controls

Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:

Related fraudster personas

Types of behaviour this control is designed to mitigate:

The corrupt

The deceiver

The enabler

The exploiter

The impersonator

The organised

Download the complete fraud control catalogue

Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.

Download PDF