Eligibility requirements
Have clear and specific eligibility requirements and only approve requests or claims that meet the criteria.
This control targets internal fraud risks.
Examples
Examples of this control include:
- income tests or requirements, e.g. a claimant's taxable income or business turnover must be below $100,000
- age requirements, e.g. programme recipients must be over the age of 67 years
- residency requirements, e.g. programme payments are only available to New Zealand residents
- geographical requirements, e.g. programme recipients must reside in a particular location
- qualification requirements, e.g. potential vendors must possess appropriate licences
- preconditions, e.g. employees cannot be issued with a building pass prior to the completion of an entry-level check
- expenditure requirements, e.g. expenditure on a project must be above/below $100,000
- quantitative requirements, e.g. claimants can only claim for a certain number of hours or people
- eligibility requirements to fast track or provide additional scrutiny for claims, e.g. a family claiming for more than five children is required to undergo additional checks.
Risks from control gap
Failing to specify clear eligibility requirements or verify a person’s eligibility for a request or claim can lead to:
- fraudsters exploiting weaknesses to receive payments or services they are not entitled to
- fraudsters accessing information or systems without a business need
- fraudsters providing false information or evidence to support a request or claim
- fraudsters hiding information that would affect their entitlement
- reduced ability to adequately investigate and respond to fraud and corruption.
Assessing effectiveness
Methods to evaluate the effectiveness of this control include:
- reviewing a sample of completed requests or claims to confirm that correct eligibility determinations are being made
- reviewing approval processes to see if there is a segregation of duties
- calculating how many reviews result in a reversal of the original eligibility decision
- confirming that employees receive training about eligibility requirements
- confirming that employees have access to reference materials that set out required standards for eligibility requirements
- confirming that employees understand what the eligibility criteria are and how to apply them consistently
- undertaking testing or a process walkthrough to confirm that eligibility determinations cannot be manipulated or bypassed, even when pressure or coercion is applied.
Complementary controls
Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:
Related fraudster personas
Types of behaviour this control is designed to mitigate:
The deceiver
|
The enabler
|
The exploiter
|
Download the complete fraud control catalogue
Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.
More information
- Assess your organisation’s fraud exposure and weaknesses to inform an effective fraud prevention programme
- See examples of effective, low-cost counter fraud messaging your organisation can use
- Find out more about the seven common personas that fraudsters use when committing financial crimes
- Learn how employees perceive your organisation’s fraud control activities