Parameters and limits

Apply parameters or limits to requests, claims or processes and enforce these limits using system controls.

This control targets both internal and external fraud risks.

Examples

Examples of this control include:

setting transaction limits for credit cards
enforcing claim limits for programme payments
restricting particular items or payments that can be claimed together
only allowing customers, clients or registered nominees to make changes to bank accounts
restricting payments for programmes so that they are made to New Zealand bank accounts only
requiring the use of approved providers or vendors only.

Not having clear parameters to keep requests, claims or processes within set boundaries can lead to:

disorganised, inconsistent practices and decision making
fraudsters exploiting dysfunctional processes to receive payments or services they are not entitled to
fraudsters receiving payments that are larger than they otherwise would get.

Methods to evaluate the effectiveness of this control include:

confirming that employees understand and know how to use parameters and limits correctly and consistently
reviewing a sample of completed requests or claims to confirm that parameters and limits are being applied effectively
confirming that parameters and limits are used by doing pressure testing or a process walkthrough
confirming that individuals cannot override or bypass parameters and limits, even when pressure or coercion is applied
confirming that reporting or reconciliation processes exist and that claims or requests are within limits.

Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:

Types of behaviour this control is designed to mitigate:

Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.