Fraud investigation policy
Investigate fraud in line with your organisation’s investigation policy.
This control targets both internal and external fraud risks.
Examples
Examples of this control include:
- documenting the responsibilities and procedures to be followed when fraud is suspected
- creating governance and oversight of cases referred for criminal investigation, prosecution or disciplinary action.
Risks from control gap
Conducting investigations without having a fraud investigation policy can lead to:
- reduced effectiveness of investigations
- poor response times
- contamination and/or loss of evidence
- reduced likelihood of prosecutions
- individuals being encouraged to commit fraud if they think the chance of a successful prosecution is low
- suspects and/or innocent third parties being unfairly treated.
Assessing effectiveness
Methods to evaluate the effectiveness of this control include:
- confirming that the investigation policy conforms with best practice, is subject to periodic review and was followed for completed investigations
- confirming that investigations were completed by qualified persons
- confirming that processes were in place to identify and manage potential bias and conflicts of interest, and ensuring investigators were resilient to corrupting influences
- confirming that investigation actions, findings and subsequent decisions were within the defined scope and accurately recorded
- confirming that chain of custody and evidence handling requirements were followed for the storage, access and management of evidence
- confirming that investigation outcomes were appropriately escalated, including referral to law enforcement
- confirming that investigators and those who review investigation reports receive regular training on the policy
- testing and confirming personal and sensitive information gathered during an investigation is appropriately stored to protect confidentiality and privacy
- analysing investigations data to determine patterns, e.g. the number of cases referred for investigations compared to the allegations received.
Complementary controls
Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:
Related fraudster personas
Types of behaviour this control is designed to mitigate:
The corrupt
|
The deceiver
|
The enabler
|
The exploiter
|
The fabricator
|
The impersonator
|
The organised
|
Download the complete fraud control catalogue
Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.
More information
- Learn what gaps and weaknesses to watch out for in contracting and supplier management processes
- Assess your organisation’s fraud exposure and weaknesses to inform an effective fraud prevention programme
- Find out more about the fraud triangle framework of pressure, rationalisation and opportunity
- See what the Counter Fraud Centre offers public sector organisations to help build their counter fraud capability