| Tolerance Level | LOW | MODERATE | SUBSTANTIAL | SEVERE | CRITICAL |
|---|---|---|---|---|---|
| Occurrence is highly unlikely | Occurrence is possible but not likely | Occurrence is likely | Occurrence is highly likely | Occurrence is highly likely in the near future | |
| Strategic Risk Areas | |||||
| Inability to Proactively Fight Fraud | Current CFA model geared towards reactive and does not have proactive intelligence or counter fraud function. | ||||
| Resources | Aging workforce/ finance limitation/ difficulties recruiting to specialist roles/ impact of transformation & evolutionary changes on organisation. | ||||
| Cyber Risk (Internal) | Maintaining IT infrastructure, resources, resilience/ identify, plan combat issues raised by cloud migration/ effect on access, performance, ability to operate and provide counter fraud services to the sector. | ||||
| Cyber Enabled Fraud | Growing use of technology to commit and/ support the commission of fraud offences/ increased vulnerability of growing fraud type and the ability of the sector to respond/ recognise the ways in which technology is increasingly being used | ||||
| Inability to Deliver Strategic Objectives | Changes in NHS & counter fraud landscape/ impact of the Health & Social Care Bill/ powers to deal with combined budget fraud losses/ emerging stakeholder engagement requirements/ post COVID-19 impact. | ||||
