Specific and consistent processes

This control targets both internal and external fraud risks.

Examples

Examples of this control include:

all updates to provider bank accounts are processed using a designated system
all assets are requested through a specific process or form
all supplier onboarding requests follow the approved procurement process
all expense claims are lodged using the designated expense management system
all grant applications are completed using the official application form
all payroll adjustments are entered and approved through the payroll system only.

Not using a specific form, process or system to manage requests or claims can lead to:

disorganised practices
inconsistent decision making
less transparency and ability to track decisions and past processes
weaknesses in other fraud controls
fraudsters deliberately using confusion and deception to exploit dysfunctional or inconsistent processes.

Methods to evaluate the effectiveness of this control include:

analysing completed requests and claims to confirm the specific form, process or system was used on all occasions
reviewing a sample of completed requests and claims to confirm the specific form, process or system was used on all occasions
undertaking testing or a process walkthrough to confirm that processes cannot be circumvented
reviewing procedures or guidance to confirm they clearly specify the form, process or system to be used
confirming forms, processes or systems are always available
asking employees about the forms, processes or systems to make sure they have a consistent understanding
confirming that someone cannot get past the requirement to use a specific form, process or system, even when subject to pressure or coercion.

Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:

Types of behaviour this control is designed to mitigate:

Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.