Accurate information collection
Collect accurate and relevant information to help process claims; make decisions; check, verify and analyse data; and investigate potential fraud.
This control targets both internal and external fraud risks.
Examples
Examples of this control include:
- putting systems in place to independently check and verify the accuracy of data
- having clear and relevant categories of data to be collected that can be matched with relevant stakeholders
- having systems in place to confirm the identity of individuals providing data
- having clear, simple and secure processes for clients and stakeholders to update their data.
Risks from control gap
Providing services or funding to someone without collecting accurate and relevant data or information can lead to fraudsters:
- impersonating clients or third parties to receive fraudulent payments or gain access to information
- providing false or misleading information to support a request or claim
- using stolen identity documents to support a request or claim
- obtaining benefits or services they are not entitled to
- benefiting from incorrect decisions or payments.
Assessing effectiveness
Methods to evaluate the effectiveness of this control include:
- reviewing data collection controls and policies to see if they conform to national guidelines and frameworks, e.g. New Zealand data and information management principles and the Privacy Act 2020
- reviewing the rationale for information collection to confirm that data requirements are appropriate, proportionate and aligned with information available from authoritative public sources, e.g. New Zealand Companies Office
- confirming the existence of reference and guidance material
- confirming processes are consistently applied across all systems, platforms and communication methods
- reviewing a sample of completed transactions to confirm correct processes were undertaken
- asking employees about data collection to make sure they have a consistent and correct understanding
- undertaking control testing or a process walkthrough to confirm there is no way around processes
- identifying how the requirement to collect accurate and relevant data is communicated to employees
- identifying whether a lack of accurate or relevant data hinders claims or data matching
- reviewing identified cases of fraud involving exploitation of inaccurate data or a lack of relevant data.
Complementary controls
Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:
Related fraudster personas
Types of behaviour this control is designed to mitigate:
The corrupt |
The deceiver |
The enabler |
The exploiter |
The impersonator |
The organised |
Download the complete fraud control catalogue
Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.
More information
- Learn how to reduce the risk of fraud and corruption in procurement
- Emergency relief programmes can be an attractive target for fraudsters – address the fraud risk before an emergency occurs
- Understand the wider impacts of public sector fraud, beyond just financial
- See what tailored services the Counter Fraud Centre offers to help safeguard public funds and uphold trust in government institutions