Guideline 13. Fraud and error risk management strategy

Submitted by Anonymous (not verified) on

The institution defines a strategy on fraud control and error risk management.

The strategy should include an organizational structure, specialization of roles (e.g. analysis, planning, control in the field), methodologies and procedures. It should balance preventive and corrective approaches, and be based on both intensive use of information and field activities (on-site inspections).

The strategy should focus the means of control on sectors and populations at risk (e.g. building facilities, the self-employed, agriculture, personal services).

Guideline code
CCC_01700
Mechanism
Mechanism
  • External fraud control could include:
    • Organizational structure, fostering specialization on data analysis, control in the field and overall planning;
    • Methodologies and procedures for the main activities, fostering collaboration and synergy between data analysis and field-based tasks. Approaches may range from the more proactive, based on data analysis, to the reactive, based on fraud reports and complaints;
    • Systematic data exchange with other institutions, notably with those providing information about contributors, their economic activities and social security benefits claimed.
  • The management should communicate this strategy internally and externally.
  • Internal fraud control can be based on alternative approaches, such as:
    • Identifying and restricting access to certain records (e.g. of VIPs, government ministers and employees, security service personnel);

    • Random monitoring of employee access to systems to ensure such access is authorized;
    • Identification of patterns which may indicate corrupt activity (e.g. manipulation of data to create false records).
Parent
D. Fraud Control
Structure
Structure
  • The board should issue a policy statement on fraud control within the context of contribution collection and compliance, established on a risk-profiling approach.
  • Preventive and corrective approaches should be balanced, aiming at supporting voluntary compliance and suppressing intentional evasion and fraud.
  • The board should establish units dedicated to fraud and error detection and control, and define the corresponding duties and responsibilities.
  • The strategy should characterize the different types of fraud scenarios that may appear and define specific approaches to address them.
  • The strategy for fraud control should include organizational structure, methodologies and procedures for the main activities, and a performance evaluation method based on key indicators. It should also differentiate treatment of internal and external fraud.
  • The management should establish a unit or internal audit office dedicated to implementing control activities against corruption and fraud, both within the institution and in coordination with external entities.

Tags

Title HTML
Guideline 13. Fraud and error risk management strategy
Type
Guideline_1
Weight
22