Mandatory information
Require mandatory information to be collected to support claims or requests.
This control targets external fraud risks.
Examples
Examples of this control include:
- mandatory fields to be completed for online claim forms
- applicants providing income and asset statements with their claim
- vendors providing business details, e.g. their New Zealand Business Number
- service providers, grant recipients or vendors to provide business details, e.g. their New Zealand Business Number, business address, email address, phone number, authorised contact and associates
- requiring supporting evidence to be submitted with claims.
Risks from control gap
Not collecting mandatory information to support claims or requests can lead to:
- manual follow-up and processing increasing the opportunities for omissions and errors
- fraudsters deliberately making false claims by omitting relevant information
- fraudsters receiving payments or services they are not entitled to
- fraudsters concealing information that would affect their entitlement to funding or services.
Assessing effectiveness
Methods to evaluate the effectiveness of this control include:
- confirming the existence of reference and guidance material that clearly outlines what information is required
- confirming mandatory information is consistently obtained
- reviewing a sample of completed requests or transactions to confirm all mandatory information was provided
- asking employees about the mandatory requirements to make sure they have a consistent and correct understanding
- undertaking fraud control testing or a process walkthrough to confirm that mandatory information must be provided, even when pressure or coercion is applied
- identifying how mandatory requirements are communicated to employees, clients and third parties
- reviewing the training employees receive to make sure it includes information about collecting and using mandatory information
- reviewing approvals processes and make sure mandatory information is checked.
Complementary controls
Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:
Related fraudster personas
Types of behaviour this control is designed to mitigate:
The deceiver
|
The fabricator
|
The impersonator
|
The organised
|
Download the complete fraud control catalogue
Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.
More information
- Conduct pressure testing to identify and reduce fraud and corruption vulnerabilities in your organisation
- Find out more about the fraud triangle framework of pressure, rationalisation and opportunity
- Gain insights into employees' perceptions of your organisation's fraud exposure and fraud management actions
- Complete our online learning modules to strengthen your fraud awareness