Compliance, performance and contract reviews
Require clients, employees and third parties to have ongoing compliance, performance and contract reviews.
This control targets internal fraud risks.
Examples
Examples of this control include:
- undertaking regular compliance checks with providers and clients
- reassessing the suitability of service providers, contractors or vendors
- only allowing clients to continue to receive payments if they meet certain ongoing requirements
- regularly reviewing and monitoring employee performance
- regularly reviewing contract performance to make sure requirements are being met.
Risks from control gap
A lack of ongoing compliance, performance and contract reviews can lead to:
- acting dishonestly or without care once a benefit, grant or contract has been awarded
- providing false information about their ongoing work performance or the delivery of contract obligations
- failing to disclose changes in circumstances that might affect their ongoing entitlement to a benefit or payment
- failing to disclose changes that may affect their ability to meet contract conditions
- retaining access to systems or information when it is no longer required.
Assessing effectiveness
Methods to evaluate the effectiveness of this control include:
- analysing completed reviews to confirm these are undertaken regularly or as required
- reviewing a sample of completed requests or claims to confirm reviews are undertaken with appropriate attention to detail
- reviewing procedures or guidance to confirm they clearly specify how reviews are to be undertaken
- confirming reviews are consistently undertaken
- asking employees about the review processes or systems to make sure they have a correct understanding
- analysing statistics and reports on employee performance reviews
- identifying how ongoing compliance, performance and contract requirements are communicated to employees, customers and third parties
- confirming that someone cannot bypass review requirements, even when under pressure or coercion.
Complementary controls
Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:
Related fraudster personas
Types of behaviour this control is designed to mitigate:
The corrupt
|
The deceiver
|
The enabler
|
Download the complete fraud control catalogue
Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.
More information
- Find out how employees perceive your organisation’s fraud control activities
- Explore examples of effective, low-cost counter fraud messaging your organisation can use
- See what tailored services the Counter Fraud Centre offers to help safeguard public funds and uphold trust in government institutions
- Read case studies about New Zealand organisations that have been victims of fraud