Escalation procedures
Escalate non-standard requests or claims for further review or scrutiny.
This control targets both internal and external fraud risks.
Examples
Examples of this control include:
- having an escalation point, e.g. a policy team or helpdesk, for more complex requests or claims
- escalating claims that exceed a certain monetary threshold for further scrutiny
- having a separate policy team review and action complex, uncommon or late claims.
Risks from control gap
A lack of internal processes to escalate non-standard requests or claims can lead to:
- disorganised or inconsistent practices and decision making
- fraudsters using confusion and deception to exploit processes
- fraudsters receiving payments or services they are not entitled to
- fraudsters accessing information or systems without a business need
- fraudsters providing false or misleading information or evidence to support a request or claim
- fraudsters concealing information that would affect their entitlement.
Assessing effectiveness
Methods to evaluate the effectiveness of this control include:
- reviewing the policies and procedures for escalating requests or claims
- confirming non-standard requests and claims are escalated to someone with sufficient delegation, independence or expertise
- confirming escalation processes are consistently applied
- analysing statistics of non-standard requests or claims to discover what percentage of claims fall in this category and if it aligns with the number of escalations
- reviewing a sample of non-standard requests or claims to confirm correct escalation processes were followed
- asking employees about internal escalation processes to make sure they have a consistent and correct understanding
- identifying how escalation requirements are communicated to employees
- confirming that someone cannot bypass escalation processes or systems, even when subject to pressure or coercion
- reviewing the training employees receive to make sure it includes information about escalation procedures.
Complementary controls
Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:
Related fraudster personas
Types of behaviour this control is designed to mitigate:
The corrupt
|
The deceiver
|
The enabler
|
The exploiter
|
The fabricator
|
Download the complete fraud control catalogue
Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.
More information
- Learn the red flags of mandate fraud, like grooming or manipulation, urgent change requests and emails from unknown senders
- Find out more about what the Counter Fraud Centre offers public sector organisations to help build their counter fraud capability
- Learn how employees, contractors, vendors or business partners can harm an organisation from within
- Find out more about the real impacts of public sector fraud, beyond just financial