Random allocation

This control targets both internal and external fraud risks. 

Examples

Examples of this control include:

• automatic push allocation in case management systems  
• workflow-driven blind allocation where employees must take the oldest task in the queue first
• automating email or chat distribution rather than employees selecting emails from a shared inbox 
• supervisors reviewing and assigning tasks via a team meeting or in a shared tracker.

Risks from control gap 

Allowing employees to choose which requests or claims to process can lead to:

• employees deliberately processing fraudulent requests or claims
• employees being coerced to process fraudulent requests or claims by others.

Assessing effectiveness

Methods to evaluate the effectiveness of this control include:

• confirming random allocation processes are always applied
• reviewing workload management specifications and system requirements
• reviewing reports of work allocation, e.g. by location and user identification
• undertaking fraud control testing or a process walkthrough to confirm that allocation processes cannot be circumvented, even when pressure or coercion is applied
• reviewing approvals processes and making sure there is a segregation of duties
• confirming monitoring and reporting processes exist for allocation and confirming this would identify abnormal processing patterns.

Related fraudster personas

Types of behaviour this control is designed to mitigate:

More information

• See what bespoke fraud prevention support services the Counter Fraud Centre could offer your public sector organisation
• Find out more about the fraud triangle framework of pressure, rationalisation and opportunity
• Assess your organisation’s fraud exposure and weaknesses to inform an effective fraud prevention programme
• Carry out a fraud risk scan to identify potential areas of fraud risk within your organisation