Integrity checks and suitability assessments
Assess and confirm the integrity and suitability of new employees, contractors or third parties.
This control targets internal fraud risks.
Examples
Examples of this control include:
- pre-employment checks, e.g. criminal record and credit checks for all new employees, contractors or third parties
- robust reference checking processes
- trial periods for all new employees, contractors or third parties
- requiring all employees, including contractors, to have and maintain the appropriate security clearance for designated roles, in accordance with the Protective Security Requirements
- ongoing checks after onboarding employees or clients
- verifying that businesses have a valid New Zealand Business Number and confirming their details, e.g. by searching the Companies Register website.
- checks in accordance with the Protective Security Requirements.
Risks from control gap
Ineffective integrity checks and suitability assessments can lead to:
- organisations hiring employees, contractors or third parties who lack integrity and go on to create insider threats or contribute to a dysfunctional organisational culture
- costly frauds and reputational damage
- employees, contractors or third parties abusing their position of trust to commit fraud or act corruptly
- employees, contractors or third parties being coerced to commit fraud for the benefit of another person or organisation.
Assessing effectiveness
Methods to evaluate the effectiveness of this control include:
- reviewing the integrity checks process for new employees, contractors, vendors or providers
- reviewing the process for ongoing suitability assessments throughout the employment or engagement period of employees, contractors or third parties
- reviewing suitability assessment processes to confirm that they align with the Protective Security Requirements
- identifying whether there is a high number of contracts that are terminated during or after an initial trial period, which may indicate that the initial screening process or suitability assessment is not operating effectively
- analysing data from integrity checks and suitability assessments and confirming that these are always completed
- undertaking an employee survey that includes questions on awareness of integrity issues and how to report them
- identifying positions that require a security clearance and confirming that each employee has the required clearance.
Complementary controls
Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:
Related fraudster personas
Types of behaviour this control is designed to mitigate:
The corrupt
|
The deceiver
|
The organised
|
Download the complete fraud control catalogue
Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.
More information
- Register for counter fraud workshops and webinars, free for public sector employees
- Minimise the opportunities for fraudsters to exploit your government-funded initiative
- Find out more about the seven common personas that fraudsters use when committing financial crimes
- Learn the red flags of mandate fraud, like grooming or manipulation, urgent change requests and emails from unknown senders