DoH needs to improve fraud prevention controls — audit

Greater controls are required to prevent fraud occurring within the Department of Health, an internal audit report has found.
Audit of Fraud Convention Controls within the Department of Health, completed in June 2018 by the Department’s Internal Audit Unit, identified the need to make several improvements around controls for the prevention of fraud.

The report identified four “moderate” and two “minor” weaknesses within the Department. “The audit found that the controls in place to prevent errors and fraud occurring need to be strengthened across the Department,” it stated. Four ‘risk areas’ were identified, including “non-compliance” with the accounting unit’s financial procedures, fraud prevention policy and financial controls. An “inadequate management of financial systems and resources” was also noted. Findings were made in relation to changes to supplier bank details, the processing of invoices for payment, payment run processes, financial procedures review, accounting for cash, cheque receipts and duplicate suppliers.

In relation to invoices, the audit revealed “controls to prevent payment of duplicate invoices when received in hard copy or PDF by email should be revised and strengthened” in order to avoid duplicate invoices being put onto systems for payment.
The audit identified 31 duplicate suppliers or instances where the same company had been input twice onto the financial management system out of about 2,200 suppliers.

The duplications arose in situations where “the standard naming convention” was not consistently used.

A process to prevent “supplier duplication” was due to be put in place late last year, according to the report.

A review of controls around the processing of payment invoices, in an audit of 26 invoices, revealed four had no signature giving approval to pay, while another 14 had only one signature approving payment. In another instance, it was found that one invoice was part paid but no credit note was requested for the outstanding amount. On further investigation, it was found the balance had been paid at a later date, but the report noted that “this practice circumvents controls in relation to the processing of invoices and introduces a risk that an incorrect amount may be paid”.